Plan to Combat the Illegal Distribution of Copyrighted Materials

Plan to Combat the Illegal Distribution of Copyrighted Materials
Eastern Connecticut State University
Information Technology Department

Introduction:

In accordance with DOE P2P regulation requirements regarding copyright protection, ECSU has created this plan to combat illegal file sharing.

This plan will be reviewed yearly with emphasis on the following:

• New or changed DOE regulations and federal copyright compliance laws
• New technologies available to deter illegal file sharing
• New or changed CSUS and ECSU policies and the Student Conduct Code
• The list of legal download service sites
• Legal methods of Sharing Files

Plan Outline:

1. Semi-Annual Notice to Students and Faculty Regarding Copyright Compliance
   
   Under the direction of the CIO, the Campus Information Security Officer will distribute an email to all students, faculty and staff summarizing the requirements of current copyright law, DOE regulations and University policies. The summary will include notice of available sources for legally downloading copyrighted materials. Links to additional sources of information about file sharing will also be included. This notice will be sent at the start of the fall and spring terms.
    
2. Web Based Compliance Information Available to Students
   
   The semi-annual email will be accessible on the student portal. Additional information about the following compliance topics will also be available on the portal:
   • A description of Peer-2-Peer file sharing technology
   • A statement of how ECSU will process infringement complaints
   • A detailed statement of the federal, state and University penalties for copyright infringement
   • A list of alternatives to illegal file sharing
   • A summary of 'fair use' of copyrighted materials
      
3. Other Campus Sources of Information about Copyright Law and Compliance
   • The University will include information about illegal file sharing in new student orientation programs.
   • The IT help desk and student support center will assist students in their efforts to comply with copyright law and University policies
      
4. Technology Based P2P Deterrents
   
   DOE regulations require that the university use at least one technology based deterrent to Illegal P2P file sharing. This section of the plan documents the deterrent (s) that ECSU is currently using to comply with DOE requirements. Eastern continuously monitors developments in the area of P2P deterrent technology. A formal review of this technology and update of this section of the plan occurs yearly.
   
   Technology Deterrent: Packet Shaping
   
   Current Methodology:
    
   • The packet shaper is regularly updated with known P2P traffic signatures (patterns). It is configured to block all traffic that includes a P2P signature.
   • The packet shaper is also used to block all internet traffic from all computers that have been identified as engaging in illegal file sharing. The Specific MAC and IP address associated with the computer is used to establish a 'rule' prohibiting the shaper from allowing traffic from this source to pass on to the internet.
   • The packet shaper monitors traffic levels from individual sources. Limits have been set to restrict traffic levels far below those typically associated with P2P activity.
   • The compliance document 'How Does Eastern Respond to Copyright Infringement Notices' details the University's response procedures to complaints from sources such as the DMCA.
   
   Planed Changes and Upgrades to Eastern's P2P Deterrent Technology:
    
   • Currently, the task of associating the IP address and time stamp provided by copyright protection organizations with the MAC address of a specific computer and the name of the owner of the computer is very time consuming for Eastern's staff. This inefficiency can be eliminated through the use of identity management software. This software can be used to register a computer for use on Eastern's network capturing the owners name and the MAC address of the unit. Thus, two of the three items in the linked chain would be immediately available to staff through a simple query of the identity management database. ECSU should implement this software as soon as possible.
   • A prerequisite for a useful identity management system and a second major P2P compliance related issue for Eastern is a lack of sufficient IP addresses. The shortage of addresses forces Eastern to use NAT protocol (Network Address Translation). This protocol allows a small number of public IP addresses to be shared by a large number of computers. Eastern must acquire more IP address. If available for use, IPv6 addressing would enable the University to implement an IP addressing scheme that supported an effective identity management system.
      
5. Annual Plan Review
   
   Under the direction of the CIO, the Campus Information Security Officer will conduct an annual review of this plan. Various members of the IT staff and other campus departments will participate in the plan review process.
   
   A draft revision will be reviewed and formally approved in accordance with University procedures.