• Print
return to IT Security Office

CONTACT US

Office of Information Technology
CSC Helpdesk: 209.946.7400
helpdesk@pacific.edu
Raymond Great Common Room
Hours: 7:30am - 5:30pm Mon - Fri

HEOA & DMCA Compliance

Copyright

Higher Education Opportunity Act

Congress passed H.R. 4137 legislation labeled the Higher Education Opportunity Act ("HEOA") to reauthorize the Higher Education Act. The President signed this legislation into law on August 14, 2008. The Department of Education finalized the rule on October 29, 2009.

As described in an open memo from EDUCAUSE to Chief Information Officers, "This legislation imposes an array of new federal regulatory and reporting requirements for colleges and universities. Two of these provisions are designed to reduce illegal uploading and downloading of copyrighted works through P2P file sharing on campus networks."

Purpose
The purpose of this document is to list the legislative requirements specific to P2P file sharing and to detail Pacific's plan; the processes and procedures in place at Pacific that address the HEOA P2P requirements.  ISPC reviewed, May 2010.

Legislative Requirements - Federal Register Vol. 74, No. 208, 10/29/2009
The institution must have developed and implemented written plans to effectively combat the unauthorized distribution of copyrighted material by users of the institution's network without unduly interfering with educational and research use of the network.

The plans must include:
1. The use of one or more technology based deterrents. These include:

a. Bandwidth shaping.
b. Traffic monitoring to identify the largest bandwidth users.
c. A vigorous program of accepting and responding to Digital Millennium Copyright Act (DMCA) notices.
d. Variety of commercial products designed to reduce or block illegal file sharing.

2. Mechanisms for educating and informing its community about appropriate versus inappropriate use of copyrighted materials.

Information regarding institutional policies and sanctions related to the unauthorized distribution of copyrighted material must be included in the list of institutional information provided upon request to prospective and enrolled students. This information must contain:

a. A statement that explicitly informs its students that unauthorized distribution of copyrighted material, including unauthorized peer-to-peer file sharing, may subject the students to civil and criminal liabilities.
b. A summary of the penalties for violation of the Federal copyright laws.
c. A description of the institutions policies with respect to unauthorized peer-to-peer file sharing, including disciplinary actions that are taken against students who engage in illegal downloading or unauthorized distribution of copyrighted materials using the institution's information technology system.

3. Procedures for handling unauthorized distribution of copyrighted material, including disciplinary procedures.

4. Procedures for periodically reviewing the effectiveness of the plans to combat the unauthorized distribution of copyrighted materials by users of the institution's network using relevant assessment criteria.

Institutions will, in consultation with the chief technology officer or designated officer of the institution:

1. Periodically review the legal alternatives for downloading or otherwise acquiring copyrighted material.
2. Make available the results of the aforementioned review to its students through a Web site or other means
To the extent practicable, offer legal alternatives for downloading or otherwise acquiring copyrighted material, as determined by the institution.

Pacific's Plan
Requirement: The use of one or more technology based deterrents.

Technology Deterrent Plan
Pacific currently utilizes the following technological deterrents for managing unauthorized P2P file sharing:
1. Bandwidth Shaping - P2P Bandwidth Restricted to:

a. Pacific_guest - P2P blocked
b. PacificNet Wireless/Wired Residential Halls - 4Mbps shared
c. PacificNet Wired - 24Mbps

2. Network Monitoring

a. Top P2P network utilization reports
b. Reports reviewed by the IT Security Office

3. DMCA Notice Response Procedures (see DMCA Response Process section below)

4. Automated detection system for P2P sharing over the Internet of copyrighted materials

a. Designed to:

i. Block illegal P2P file sharing on student accessible networks; and
ii. Educate students regarding University policy and federal regulation and penalties associated with the illegal sharing of copyrighted materials

b. Identify Internet inbound/outbound P2P traffic

Requirement: Mechanisms for educating and informing its community about appropriate versus inappropriate use of copyrighted materials.

Education Plan
Pacific annually distributes and makes available to each new student Tiger Lore Student Handbook, which contains a compendium of relevant University policies. Additionally, Tiger Lore is available on the main web page of Pacific for prospective and currently enrolled students. This publication specifically communicates the sharing of copyrighted material without permission is (pg. 41):

a. Illegal
b. Details the potential criminal and civil penalties associated with copyright violations
c. Against University policy (see Related & Supporting Policies section below)
d. Subject to Pacific's Judicial process with sanctions including, but not limited to; loss of PacificNet access, reconnection fees, other technical costs, and other possible disciplinary sanctioning
e. Continued violations may result in more serious sanctions up to and including, suspension or dismissal

As briefly mentioned in the Technology Deterrent Plan, an automated system for the detection of illegal P2P sharing of copyrighted materials provides the capability to educate and remind students of University policy and federal law at the time of infraction.

Requirement: Procedures for handling unauthorized distribution of copyrighted material.

Pacific's Process for Managing Copyright Infringement:

DMCA Notifications
Reported DMCA violations are researched by the Customer Support Center (CSC) in conjunction with the IT Security Office. This research includes:

a. Log analysis
b. MAC address identification
c. User ID and name identification
d. Switch port/Access point identification
e. Room and network jack identification

Upon user/system identification:

a. Violation report information is logged within the University ticketing system
b. If a student is identified, a Judicial Affairs report is completed and submitted for student notification
c. If faculty/staff related:

i. Human Resources (HR) is notified of policy violation
ii. Supervisor is notified by HR
iii. HR determines disciplinary action taken with Supervisor (see Related & Supporting Policy section for violation of Acceptable Use Policy)

b. Guest wireless offender's MAC addresses are documented and blocked from accessing University resources
c. Repeat offenders are blocked from accessing the network

Automated P2P Detection System Procedures for Students
A graduated response system approved by Judicial Affairs is used to determine appropriate sanctions. Copyrighted materials traversing P2P software protocols are identified by their digital signature and/or file name. Identification triggers one of a possible three differing sanctions:

a. First Offense - Popup window displays violation alert. Students asked to comply with University policies and the Student Code of Conduct. Network activity reset within 15 minutes.
b. Second Offense - Popup window displays violation alert. Students asked to comply with University policies and the Student Code of Conduct. Network activity immediately blocked for one hour.
c. Third Offense - Popup window displays violation alert. Students asked to comply with University policies and the Student Code of Conduct. Network activity immediately blocked for 24 hours. A violation report is sent to Judicial Affairs for disciplinary action.

Requirement: Procedures for periodically reviewing the effectiveness of the plans.

The Office of Information Technology annually publishes to the Office of the Provost and the Office of the President a Record of Evidence (ROE) at the end of each fiscal year. The ROE contains metrics important in assessing the overall performance of the department. Included in the ROE is a metric for DMCA notices received. The effectiveness of this plan should be directly reflected in the decrease or stasis of DMCA notices received. The IT Security Office will add other key metrics that can be obtained from the P2P detection system, such as; annual number of reported violations, number of repeat violations, and network blocks. These metrics would be a key indicator for determining the success of this plan.

Periodic Review Procedure
Upon publication of the ROE, the IT Security Office, in conjunction with Judicial Affairs, will review the plan's effectiveness based upon the metrics contained within the report.

Requirement: Institutions will, in consultation with the chief technology officer or designated officer off the institution:

1. Periodically review the legal alternatives for downloading or otherwise acquiring copyrighted material
2. Make available the results of the aforementioned review to its students through a Web site or other means
3. To the extent practicable, offer legal alternatives for the downloading or otherwise acquiring copyrighted material, as determined by the institution.

Pacific's Legal Alternative Plan
The Pacific Community respects the issues surrounding copyright media and regularly reviews a range of legal alternatives that are available. Pacific's Chief Information Officer, after careful consideration, has determined that current online media stores provide the most appropriate and efficient means of obtaining copyright material. iTunes (and its sister site iTunesU) is one example of an online media store that Pacific already uses as an integral part of its curriculum. Pacific's use of iTunesU allows the Pacific Community to seamlessly transition from searching Pacific's non-copyright material to the abundant amount of copyright material available on iTunes. It is Pacific's position that providing such a seamless transition not only promotes the value of a copyright but also educates the University community on the proper means of obtaining such material.