Peer to Peer File Sharing and Copyright Infringement Policy

  1. Overview

    The abuse of network resources to illegally obtain and distribute media or software, through peer to peer (P2P) networks, Usenet, or direct download, is a problem for many institutions of higher education. While The University of Southern Mississippi (Southern Miss) recognizes that there are legitimate uses for the previously mentioned applications, the University also understands that significant risks are implicit in the use of such applications. The Higher Education Opportunities Act of 2008 (HEOA) [34 CFR Section 668], specifically requires Universities to take steps to mitigate illegal downloads and P2P abuse. The university does not seek to ban any method for distributing or acquiring digital media, and will continue to support academic freedom and any technologies that can be used to foster collaboration. However, Southern Miss must also protect its assets and reputation, as well as comply with federal regulations.

  2.  

  3. Purpose

    This policy has been revised in order to limit the exposure of the University to security risks and liabilities associated with the irresponsible use of university resources for illegal file sharing activities and bring Southern Miss into compliance with the HEOA.

     

  4. Scope

    3.1 Resources
    This policy shall apply to all computer workstations, laptops, servers, networked appliances, and any other device if such device is owned by Southern Miss; or any device utilizing University network resources, even if that device is privately owned by an individual or third party.

    3.2 Individuals
    This policy applies to all individuals, regardless of affiliation or status with the University, at such time they are using any resource described under section 3.1.

  5.  

  6. Policy

    4.1 Prohibited Activity
    This policy strictly prohibits, by any method, the distribution, downloading, uploading, or sharing of any material, software, data, document, sound, picture, or any other file that is:

    • Specified as illegal by any federal or state law, statute, proclamation, order, or decree.
    • Copyrighted and not authorized for distribution by the copyright owner.
    • Considered to be proprietary, privileged, private, or otherwise vital to the operation of the university; including, but not limited to, personnel, student, financial, or strategic records and documents, or any material governed by federal and state regulations.
    • Any virus or malicious software for the purpose of deployment or implementation with ill-intent.

    Any P2P activity is strictly forbidden in the cases of:

    • Computer labs.
    • Computer workstations and other network devices readily accessible to multiple users.
    • Computer workstations and other network devices used in daily operation by areas and departments heavily affected by federally mandated regulatory compliance.
    • Laptops, computer workstations, and any other network capable device provided by iTech through equipment services.

    Users of Southern Miss resources may not attempt to circumvent, bypass, defeat, or disrupt any device, method, or technology implemented by the university for the purpose of P2P mitigation.

    Examples of Prohibited activity:

    • Use of a BitTorrent client to download a popular movie currently running in theaters.
    • Downloading a 'cracked' copy of a commercial software title, so that it may be used without the purchase of a valid license.
    • Using any BitTorrent client, Ares Galaxy, or Limewire on a lab workstation.

    4.2 Permitted Activity
    Any P2P activity or network traffic that is not explicitly prohibited by this policy, another University policy, state law, federal law, or any other regulation, is generally permissible.

    Examples of permitted activity:

    • The downloading of music files from a musician's website, where the artist has explicitly given permission to download those files.
    • Use of a BitTorrent client, on a personal laptop, to download a freely available operating system.

    4.3 Rights and Responsibilities
    All individual persons or groups utilizing Southern Miss networks, including but not limited to Southern Miss employees, students, guests, external business entities and non-profit entities, shall bear legal and financial responsibility for events or consequences resulting from their own use of network resources.

    Individual departments, colleges, administrative areas, and other entities must respond in a timely and efficient manner to all inquiries and complaints that arise in regard to this policy.

    iTech and Southern Miss are required by federal law to report certain illegal activities to specified law enforcement agencies without notice to the user or the appropriate department.

    4.4 Technology Mitigation
    iTech has implemented Audible Magic's CopySense Appliance (CSA), designed to mitigate illegal Peer to Peer (P2P) activity. The CSA attempts to:

    • Allow legal P2P traffic.
    • Limit all P2P bandwidth to preserve network usage for business and educational use.
    • Detect and block P2P traffic containing copyrighted material registered with Audible Magic.
    • Detect and block P2P traffic containing suspected copyrighted material.
    • Engage a process known as "Graduated Response". Graduated Response is detailed in Section 6 of this policy.

    4.5 Suggested links to legal sources for digital media
    Please read the disclaimer before proceeding to external links.

    MusicVideo
    Apple iTunesApple iTunes
    Amazon MP3Amazon Video on Demand
    NapsterHulu
  7.  

  8. Privacy

    5.1 Information Collection
    Logs detailing P2P traffic and usage on the Southern Miss network will be collected.

    Logs will contain IP addresses involved in data transfer, direction of transfer (if retrievable), metadata (if retrievable), time, protocol used, and amount of data transferred.

    Logged information will be kept on the appliance for 15 days.

    Aggregate information generated from logged activity will be archived indefinitely.

    5.2 Information Use
    Logs will be subject to periodic review for enforcement of this policy.

    Information collected may be used in aggregate format for reporting purposes.

    Individual usage will not be actively or routinely monitored.

    Logs maybe used to investigate complaints or suspicious traffic patterns.

    Individual colleges, departments, functional or administrative areas, and entities of Southern Miss may request information about P2P usage pertinent to that area. This request may only be made by the dean, chair, department head, manager, or other leadership of the area requesting information.

    iTech will not release any information collected by the appliance to any entity external to Southern Miss unless compelled or obligated by law or court order, subpoena, warrant, or writ; with the exception of Audible Magic Corporation, which will receive data exclusively in aggregate format, with no personal identifying information, for purposes of internal statistical analysis.

  9.  

  10. Enforcement and Penalties

    6.1 University Community
    Any faculty, staff, or student found to have violated this policy may be subject to disciplinary action, up to and including suspension, expulsion, and/or termination of employment in accordance with procedures defined by USM administrative policies stated in the handbook governing that individual.

    6.2 Individuals not affiliated with Southern Miss
    Any external entity, contractor, consultant, or temporary worker found to have violated this policy may be held in breach of contract, and as such, may be subject to grievances or penalties allowed by such contract.

    6.3 Individual Wireless Internet Access Accounts
    Any individual, regardless of their affiliation or status with the University, can have their wireless Internet access permanently suspended for egregious or multiple violations of this policy.

    A notice of alleged copyright violation that complies with the Digital Millennium Copyright Act, will be referred to as a "DMCA notice". DMCA notices received by Southern Miss as a result of abuse while utilizing an individual wireless internet access account will be researched, and if possible matched with the individual responsible for the abuse.

    Students:

    • For the first and second occurrence of one or more DMCA notices received during a 24 hour period, the notice(s) will be forwarded directly to the student along with a reminder of the P2P and Acceptable Use policies.
    • For the third occurrence of a DMCA notice, or multiple DMCA notices received during a 24 hour period, the student's wireless account will be temporarily suspended until that student receives counseling by the Dean of Students.
    • The fourth occurrence of a DMCA notice will result in the student's wireless account being permanently suspended.

    Faculty, Staff and other University employees:

    • For the first occurrence of a single DMCA notice, or multiple DMCA notices received during a 24 hour period, the notice(s) will be forwarded directly to the employee along with a reminder of the P2P and Acceptable Use policies.
    • For the second occurrence of a DMCA notice, or multiple DMCA notices received during a 24 hour period, the notice(s) will be forwarded directly to the employee and the employee's supervisor, along with a reminder of the P2P and Acceptable Use policies.
    • For the third occurrence of a DMCA notice, or multiple DMCA notices received during a 24 hour period, the employee's wireless account will be temporarily suspended pending discussion between the employee's supervisor and the TSO.
    • The fourth occurrence of a DMCA notice, will result in the employee's wireless account being permanently suspended.
      For all Guest/Temporary access:
    • The individual will have their access to the wireless network permanently banned if Southern Miss receives just one DMCA notice linked to the guest's account, or on any other offense of this policy.

    For all non-University business entities:

    • Violations of this policy will be address as described in any contract with that entity, as allowed in this policy, or per resolution agreed, through arbitration, between the office of the CIO and the external entity.

    6.4 Graduated Response
    An automated process, known as "Graduated Response", has been implemented to modify the behavior of Southern Miss network users who abuse P2P.

    • Using IP address as a identifier, the CSA detects illicit activity from a host, disrupts the identified activity, and assigns a point value to the host based on the type of illicit activity engaged.
    • When a threshold of points accrued from illicit activity is exceeded for a specific IP address, that host becomes "Sanctioned". Points are associated with an IP address for a period of 1 week.
    • Sanctioned hosts will have all internet web traffic redirected to a website explaining why the host was sanctioned, information about copyright, the P2P policy, and the Acceptable Use policy.
    • The customer must positively accept the University policies, and at that point will remain sanctioned for a short period of time after accepting the policies. Customers who feel they may have been mistakenly sanctioned may contact the Help Desk, and the sanction can be adjusted or lifted for that customer's IP address.
    • Acknowledgment of the policies does not constitute admission of wrong doing.

    6.5 Appeals
    Faculty, Staff, and Students may appeal a decision to suspend individual wireless Internet access by submitting a written request to infosec@usm.edu. The appeal should include all pertinent facts and information related to the incident or event that lead to the suspension of service. iTech will, re-examine all available information regarding the decision to suspend service and come to a decision. The suspension of a wireless Internet access account can only be appealed once.

    Guest and Temporary users may not appeal to reverse the decision to suspend wireless Internet access.

    In regards to penalties, other than the suspension of wireless Internet access; faculty, staff, and students may appeal disciplinary decisions per the University handbook appropriate for that individual.

    6.6 Legal and Civil penalties
    17 U.S.C. Sec 504 specifies that an person infringing on copyright may be obligated to repay up to $30,000 dollars per work in a civil action, or up to $150,000 per work if it is proven that the copyright infringement was willful.

    18 U.S.C. Sec 2319 makes it a federal crime to infringe copyright when it can be proven that the violation was committed willingly with attempt to profit. An individual convicted of infringing copyright can face up to 10 years of imprisonment, depending on the specifics of the case.

  11.  

  12. Definitions

    1. P2P (peer-to-peer), in the context of this policy, is defined as direct data communication between two or more network capable devices over the Internet or other network, usually for the purpose of sharing any data file (including, but not limited to: music, pictures, video, software, and documents).
    2. P2P network, in the context of this policy, is defined as a collection of distributed network-capable devices participating in P2P activity.
    3. Peer-to-Peer (P2P) application is defined as any application that allows a network-capable device to participate in one or more P2P networks.
    4. Sharing, in the context of this policy, describes the action and activity of making any data file available to one or more P2P networks.
    5. Illegal Downloads are defined as any downloaded file that was obtained in violation of law, or is itself against the law to posses, distribute, duplicate, or create.
    6. Logs are defined as collections of information, typically used to document activity and events.
    7. Uploading describes network trafficking of data files originating from the Southern Miss network and destined for an external network.
    8. Downloading describes network trafficking of data files originating form an external network and destined for the Southern Miss network.
    9. USM/Southern Miss Network and networking resources describe all materials and devices owned by The University of Southern Mississippi and used to provide network connectivity to any network capable device. This includes all jacks, cable, hubs, wireless access points, switches, and routers.
  13.  

  14. Revision History

    1. 11/16/06: Added link to Password policy.
    2. 04/23/08: Modified policies menu.
    3. 07/13/10: Multiple major revisions reflecting compliance with IHL mandate.
    4. 07/16/10: Moved list of recommended links from section 4.2 (Permitted activity) to its own section 4.5
    5. 07/16/10: "DMCA Notice" definition added to 6.3
    6. 07/16/10: Rewrite of penalties in 6.3 to better clarify process
    7. 07/21/10: Capitalized 'The' in occurrences of 'The University of Southern Mississippi'. Minor edit to the list of examples of prohibited activities.