Resistance is Futile

The digital age has made copyright compliance part of IT’s job. How they can adapt and overcome.

GUEST COLUMN | by Ryan Tollofson

CREDIT exindaAs unlikely as it may seem, compliance with state, federal, and local regulations and laws is increasingly becoming part of the IT manager’s job.  For universities in particular, the huge popularity of peer-to-peer sharing and video streaming technologies with students has put campuses across the United States directly in the crosshairs of powerful media lobby groups such as the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA).

The media industry in the United States has successfully lobbied the federal government to enact some of the strongest digital copyright protection legislation in the world, including two that are incredibly relevant to university IT managers:

Penalties for willful copyright infringement are steep, with criminal penalties up to $250,000 per offense and five years in jail, in addition to civil penalties of up to $150,000 per work infringed.

The DMCA provides a mechanism by which copyright holders can request specific identity information from an ISP so that cease and desist notices (called DMCA) notices can be sent to the offending downloader.  Universities must appoint a DMCA Designated Agent to register as an ISP and to protect itself from copyright infringement, and more and more this role is finding its way into the IT department.

DMCA notices can request the university to take several actions, from informing the offender that they are breaking the law, to terminating their network privileges, and even forwarding a subpoena to appear in court. Notices can also ask for the identity of the offender, but this release of information can only be provided with the expressed consent of a student, as outlined in another piece of legislation: The Family Education Rights and Privacy Act.

The bulk of today’s compliance requirements came into effect when HEOA was enacted. Once you get past the legalese, the stipulations of HEOA are two-fold:

  • Draft, maintain, and implement a written plan to effectively combat the unauthorized distribution of copyrighted digital material by users of your network.
  • Periodically review the legal alternatives for downloading copyrighted material, make this information available to students and, to the extent practical, offer legal alternatives via the campus network.

In practice, this boils down to the IT department maintaining a strict acceptable use policy, informing students of the potential legal ramification of piracy and available alternatives, employing one or more technology-based deterrents to the distribution of pirated materials, and responding to DMCA takedown notices. EDUCAUSE maintains an excellent resource with respect to digital copyright compliance, including a list of available legal alternatives.

Technology deterrents are by far the most popular compliance tool and generally include web content filters, traffic monitoring and bandwidth-shaping tools. However, while web content filters can stop explicit ports, they are hard to configure and difficult to maintain.  Using bandwidth-shaping technology to choke peer-to-peer traffic can be implemented broadly across your network at an application-specific level without having to explicitly define a port number.

For compliance, traffic monitoring is your best friend.  With the right tool, you can identify the who, what and where of digital theft, and more easily respond to DMCA notices.

While all of this may not be what you signed up for when you started your career in IT, the compliance burden is not really very different from that at any ISP (which fall under DMCA).  The added planning rules required by HEOA do complicate things, but does not require anything that a prudent IT department would not be doing anyway:

  1. Developing and communicating acceptable use policies
  2. Monitoring what is going over your network at an individual user level
  3. Proactively managing the your network such that inappropriate (i.e., recreational applications) are not hogging your resources, and
  4. Providing value-added services (such as legal video streaming) to the students who live on campus.

In fact, universities have some unique advantages with respect to digital compliance that other organizations do not.  Due to the way that much of the digital content is used on campus (for research or teaching purposes), the fair use exemption means that university IT departments really only have to focus on willful offenders and not the casual user.  Further, HEOA specifically indicates that the copyright infringement plan need not unduly interfere with educational or research use of the network.    So while keeping your network in compliance does require some extra effort and due diligence, it could be much worse!

Ryan Tollofson is director of education marketing at Exinda, which has worked with more than 600 educational institutions around the world get better control over the traffic that is crossing their network. He can be reached at

Leave a Reply