P2P: Dangers, Risks & Copyright Infringement Jodi Ito Information Security Officer, ITS [email protected] 956-2400.

P2P: Dangers, Risks & Copyright Infringement

Jodi Ito

Information Security Officer, ITS

[email protected]

956-2400

P2P: What is it?

Peer-to-peer filesharing Files are exchanged between individual

computers and users

What’s the problem?

Unknowingly share personal or sensitive information

http://www.cbsnews.com/stories/2005/05/03/eveningnews/main692765.shtml

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9128820

“Attractive” Malware

Imbedded viruses, trojans, other malicious software in P2P files

Problems determining “legitimacy” of files Vulnerable to attacks

Malware may open ports on your firewall Computer may become part of a “botnet”

http://www.us-cert.gov/cas/tips/ST05-007.html

The BIGGER Problem!

Used to “share” copyrighted materials “Copyright Infringement”

What is Copyright?

http://www.copyright.gov/circs/circ1.html

Copyright is a form of protection provided by the laws of the United States (title 17, U. S. Code) to the authors of “original works of authorship,” including literary, dramatic, musical, artistic, and certain other intellectual works.

Fair Use

From the US Patent & Trade Office http://www.uspto.gov/go/kids/kidantipiracy02.htm

“Limited circumstances under which it may be allowable to reference or sample works without seeking an express release from a copyright holder.”

Fair Use Guidelines

4 factors help determine fair use: The purpose and character of the use, including

whether such use is of a commercial nature or is for nonprofit, educational purposes.

The nature of the copyrighted work. Use of a purely factual work is more likely to be considered fair use than use of someone's creative work.

The amount and substantiality of the portion used in relation to the copyright protected work as a whole.

The effect of the use on the potential market for or value of the copyright protected work.

http://www.copyright.com/ccc/viewPage.do?pageCode=cr10-n#fairuse

Copyright Infringement

http://www.us-cert.gov/cas/tips/ST05-004.html Copyright infringement occurs when you use or

distribute information without permission from the person or organization that owns the legal rights to the information. Including an image or cartoon on your web site or in a document, illegally downloading music, and pirating software are all common copyright violations.

AKA “Piracy”http://www.uspto.gov/go/kids/kidantipiracy04.htm

DMCA

Digital Millennium Copyright Act (1998):http://www.copyright.gov/legislation/dmca.pdf

Determines role, responsibility & liability of ISP (UH is an ISP)

“Safe Harbor” http://www.hawaii.edu/askus/813

US Congressional Actions

Perception: Universities are breeding grounds for illegal downloading

University officials testified at Congressional hearing on June 5, 2007

Universities are the target of a concentrated RIAA focus

Looking to mandate technical solutions to block illegal copyright activities

US Higher Education Act 2008

Every college & university must certify it has: developed plans to effectively combat the

unauthorized distribution of copyrighted materials, including through the use of a variety of technology-based deterrents;

to the extent practicable, offer alternatives to illegal downloading or peer-to-peer distribution of intellectual property

Higher Ed Discussions

EDUCAUSE: Nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology (http:www.educause.edu)

feed://connect.educause.edu/taxonomy/term/630/0/feed “Students Flock to Web Sites Offering Pirated

Textbooks” “How It Does It: The RIAA Explains How It

Catches Alleged Music Pirates”

HEOA: Higher Education Opportunities Act

a.k.a: Higher Education Act Reauthorization, Higher Education Act

Enacted on August 14, 2008 http://www.ed.gov/HEOA Contains language specifically addressing copyright

infringement at HE institutions “technology-based deterrents” Current status: “negotiated rulemaking” Publishing of official rules Nov 2009 Compliance July 2010

New ITS Procedures?

End of 2009: New federal mandates Early 2010: New/modified UH DMCA

procedures Email notifications (uhitc-l listserv) Notifications via Chancellors/Deans/Directors Failure to comply may result in loss of

federal funding!

Current Climate

Culture Attitudes Awareness (or lack thereof) UH “Takedown” notice statistics

2006: 15 2007: 124 including 3 “Preservation Notices”, 2

“Early Settlement Letters” 2008: 396 notices received 2009: 65 to date

2007 vs. 2008DMCA Notices 2007 vs. 2008

13 136

0 0

14

5

1512

7

2217

2431

12

3023 20

1116

72

95

31 31

0

10

20

30

40

50

60

70

80

90

100

Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec

Month

# of Notices Received

20072008

Industry Notifications

Sent to “dmca-agent” Three Types:

“Takedown” Notice “Preservation” Notice - RIAA “Pre-settlement” Letter - RIAA

Who sends these notices?

Paramount

HBO

Sony Pictures

Business Software Alliance

Entertainment Software Alliance

Hachette Book Company

Activision

NBC Universal

Fox Entertainment

MGM Studios

JK Rowling

Warner Brothers

The Teaching Company

RIAA

What titles are being infringed on?

Entourage

House

The Secret Life of Bees

The Machinist

Chris Brown - Wall To Wall

Watchmen

Mathworks Matlab

Supreme Commander

Dead Like Me: Life After Death

Harry Potter and the Goblet of Fire

Role Models

Maroon 5 - This Love

Forgetting Sarah Marshall

Takedown Notice

Provides: IP Number Date & time of incident Material being infringed upon

ITS Response Block access (IP, username, MAC) Notify network administrator If user is identified, user must sign a “Copyright

Notification” Letter If 2nd offense, grievance will be filed with appropriate

University officials

Preservation Notice

From RIAA Preservation Notice notifies UH of the RIAA’s

intent to subpoena UH for documents for subscriber information associated w/ an IP at a given time

Pre-Settlement Letter

From RIAA Follow-up to the Preservation letter Asks to forward letter to user Evaluating on case-by-case basis UH will NOT provide any information to the

RIAA unless presented with a VALID subpoena

Legal Issues

UH will not provide any information to the RIAA unless presented with a valid subpoena

UH must comply with all legal obligations If a user receives an “early settlement letter”,

matter is between RIAA and user

Questions?

[email protected]

(808) 956-2400