Re: FW: Notice of Copyright Infringement, Case #: U213042791

[Jarret Cummings <jcummings () EDUCAUSE EDU>]

Hi, All – In addition to the information Greg cites, and kudos again to Greg as well as Steve Worona for their 
extensive work on behalf of the community in this area, the 2008 joint memo from EDUCAUSE, ACE, NASULGC (now APLU), and 
AAU on HEOA peer-to-peer next steps brings together key legislative and related report language 
(http://net.educause.edu/ir/library/pdf/epo0815.pdf), including the following:


·        From the memo: “Report language that accompanies the law explicitly states that technology-based deterrents 
include ‘bandwidth shaping’ and ‘traffic monitoring to identify the largest bandwidth users,’ and indicates that 
certain education and enforcement programs will also qualify. The report language explicitly notes that institutions 
are not required to adopt any particular type of technology-based deterrent, recognizing that even institutions that 
‘prohibit content monitoring’ retain the authority to determine their own plans.”

·        From the conference committee report explaining the intent of the legislation: “The Conferees intend that this 
Section be interpreted to be technology neutral and not imply that any particular technology measures are favored or 
required for inclusion in an institution’s plans. The Conferees intend for each institution to retain the authority to 
determine what its particular plans for compliance with this Section will be, including those that prohibit content 
monitoring.”

It’s also worth noting that the Federal Student Aid Handbook includes a sample statement that many institutions use as 
the vehicle for notifying students of the potential penalties for copyright infringement, as required by the law and 
regulations (https://ifap.ed.gov/fsahandbook/attachments/1213FSAHbkVol2Ch6.pdf, see p. 2-105). - Jarret

_______________________________________________
Jarret S. Cummings
Director of Policy and Government Relations

EDUCAUSE
Uncommon Thinking for the Common Good
direct: 202.331.5372 | main: 202.872.4200 | educause.edu<http://www.educause.edu/>

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg 
Jackson
Sent: Wednesday, June 1, 2016 4:06 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] FW: Notice of Copyright Infringement, Case #: U213042791

On 6/1/2016 9:53 AM, Frank Barton wrote:
Wendell - at least now there is publicly-available, archived proof
that you respond to DMCA takedown notices in a timely fashion!

Having spent several years embedded in this issue, first negotiating what became the ED rules and then persuading key 
entertainment entities to change their approach, I thought it might be useful to reiterate some important points.
Campuses' responsibilities come primarily from

  *   the Digital Millennium Copyright Act (DMCA, under which campuses are "network service providers" governed by some 
special "safe harbor" provisions), and
  *   the so-called "peer to peer" (P2P) provisions of the 2009 Higher Education Opportunity Act (HEOA).
We at EDUCAUSE provided extensive guidance when the latter took effect, and most of that is still available via its 
website (see http://www.educause.edu/blogs/slworona/final-heoa-regulations-issued-p2p-provisions, and links therefrom).

Briefly, to avoid liability for copyright infringement on their networks campuses must take action to ensure that any 
violations brought to the campus's attention are ended (this is the DMCA requirement--more on this below, since the 
details are important).

To avoid any risk to Federal support, campuses also must satisfy three basic policy requirements (these are the 
HEOA-P2P requirements): they must

  *   provide an annual disclosure to students describing copyright law and campus policies related to violating 
copyright law,
  *   have and implement "a plan to "effectively combat" copyright abuse on the campus network using "one or more 
technology-based deterrents", and
  *   offer alternatives to illegal downloading.
The first and third HEOA requirements are easily satisfied through appropriate student orientation material and by 
ensuring that students and others have access to known legitimate sources of music, movies, TV shows, and other online 
materials (there is no requirement that campuses pay for such services).

The second HEOA requirement is murkier. For the most part, campuses satisfy it by implementing firewalls, bandwidth 
shaping, or other technologies that "combat" infringement (which may not be the same as "preventing" it) and/or by 
having policies and procedures to promptly and effectively address DMCA complaints. The most common approach to 
"technology-based deterrents" is configuring campus border firewalls to block BitTorrent and other protocols 
predominantly used by P2P by default (as many campuses do to simply to keep their commodity-bandwidth costs within 
bounds), with exception mechanisms for researchers, system managers, or others who have legitimate need for those 
protocols. There is no formal requirement that campuses do such blocking, however, or buy anti-infringement 
technologies such as Audible Magic; active network management combined with diligent handling of DMCA complaints 
satisfies the HEOA requirements just as well.

In any event, how campuses handle DMCA complaints is important. As others have pointed out, there is no requirement 
that violations be made public, or that alleged violations result in any particular disciplinary outcome. But there are 
very specific requirements DMCA complaints must satisfy, and not all DMCA complaints call for the same action.

  *   Valid DMCA complaints must come from the copyright holder or its legal representative, and must be sent to the 
"DMCA Agent" address registered at the Library of Congress (rather than to a campus's "abuse" or "help" address). MPAA 
and RIAA send out many notices on behalf of their members, some entities such as Fox, NBCUniversal, and Zappa send out 
their own, and some (as the one that Wendell provided) come from lawyers claiming to represent copyright holders.
  *   Those last can be iffy, since there are law firms that go trolling for potential violators and threaten legal 
action if violators do not "settle" by making an online payment--in effect, their business model is to broadcast 
threats to a large audience, and to hope that some recipients pay the "settlement" (which may or may not reach the 
copyright holder). In general, entertainment companies send DMCA complaints in order to end violations, not to raise 
revenue through "settlements". It's always worth scrutinizing "settlement" DMCA notices carefully.
  *   Remember that the campus's obligation is to end the violation, not to collect or encourage "settlements". Except 
in egregious cases, entertainment companies don't seek damages from individual violators (although at one point, years 
ago, they did). What they want these days is for violations to stop, and for violators to not infringe in the future, 
and if they sense that campuses are being helpful by dealing reasonably with violators--as the vast majority of 
campuses do--they're happy.
  *   DMCA complaints must provide sufficient information for the network service provider (that's the campus) to track 
down the violation. That usually means the complaint designates the IP address and precise timestamp where the 
violation was detected. That an IP address was listed in some online index doesn't suffice, and most DMCA complainants 
are careful to confirm that infringing material is actually available rather than just "advertised".
  *   If an IP address doesn't trace to an individual (for example, it's a shared library computer that doesn't 
identify users), or the infringing material appears not to be available as claimed, then a campus can tell the 
complainant that the violation cannot be confirmed (but the campus still must ensure that any infringing material is no 
longer accessible). A touchy issue arises around NAT, especially wireless networks that assign internal addresses 
dynamically but don't keep logs of who had which address when. Carried to an extreme (as was the case for one campus I 
encountered during my time at NBCU), unlogged NAT can make all violators unidentifiable, and copyright holders are not 
amused by this: they see this as a conscious and intentional failure to "effectively combat".
I hope some of this is useful. Also, I've blogged on occasion about this domain, for example in the posts "Story of 
S<http://gjackson.us/ruminations/?p=674>", "Notes From (or is it To?) the Dark 
Side<http://gjackson.us/ruminations/?p=739>", and "Revisiting IT Policy #2: Campus DMCA 
Notices<http://gjackson.us/ruminations/?p=891>", which may provide more context for those interested (or who are 
gluttons for punishment).

In any case, I'd be happy to advise further, privately or publicly,  if that would be useful.
--

________________________________
Greg Jackson
gjackson.us • 1-202-596-9425
________________________________