IT@Brown: News & Resources

By and for technology-minded folks at Brown

Handling Copyright Complaints in Your Department

Pat Falcon, part of the Information Security Group at CIS, offers these tips on dealing with copyright complaints that may involve employees:

Not all copyright complaints that Brown receives are for students. Occasionally a complaint is traced to a computer being used in a department, and the person responsible could be a staff member, post doc, grad student or anyone else with access to that computer. Since by law (Digital Millennium Copyright Act of 1998, or DMCA), Brown must address copyright complaints promptly [the DMCA states that “Upon receiving proper notification of claimed infringement, the provider must expeditiously take down or block access to the material.”] your department may be asked to assist in this necessary “take down” process.*

If this hasn’t affected you and your department yet, read on for recommendations that could prepare you for the eventuality. If you’ve already dealt with this at some point, consider this post a good review. And it could also serve as a motivator for you to remind members of your department about the hazards of illegal file-sharing (risk of compromise as well as sanctions) so that neither they nor you have to deal with complaints in the first place.

How copyright complaints arrive on your doorstep:

Okay, a little background on the chain of events before you get that CIRT ticket. The copyright owner trolls the internet for instances of its materials being shared, capturing the file name and size, IP address, date/time when found, IP port used and network and protocol used (such as BitTorrent or Gnutella). This information is email to a Brown address that is on file with other DMCA agent information at the US Copyright Office. A CIRT ticket is created for each of these complaints. In the case of students, it is often easy to identify the owner of the IP address as dorm residents must register their computers each year.

However, if CIS discovers that the IP address of someone in a department has been identified in a copyright infringement complaint, they will need to contact the DCC for assistance in determining the owner of the computer where the infringing file resides. Often CIS is able to supply a tap ID to aid in hunting down the file, which by law must be removed promptly.

Once the identity of the owner has been determined, the DCC (or other department representative) will need to:
1. Assist that individual in removing the file(s)
2. Lock down the file-sharing program so it no longer shares through Brown’s network or, better yet, have the program removed entirely, and
3. Notify the person’s supervisor, who ensures that the employee signs a letter saying they are aware of Brown’s computing policies and will refrain from repeating such behavior.

If your department hasn’t been through this process before and developed its own protocol for handling such incidents, you may want to model your practice on the following procedure developed by the Bio Med Computer Services Office, slightly amended here for more general use. Thanks to Cliff Hirschman for sharing it.

It’s important to note that the following will not only help guide you through the process, but could also protect you from possible accusations of removing something inappropriately or otherwise damaging the computer. In addition, it’s important to be quite conservative about what actions are taken in attempting to delete infringing material, as the computer may contain critical or confidential material, like someone’s original research data, and it may even be the user’s personal property.

Recommended procedure when receiving notice of a copyright complaint:

1. Be sure you are wearing a clearly visible Brown ID badge. If possible, bring along a colleague as a witness.

2. Using the IP address, MAC address, and tap number information provided in the ticket, attempt to identify the physical computer. When you have done so, attempt to locate the person responsible for the computer.

3. When you locate the responsible person, show them a copy of the copyright complaint. State the name of the copyrighted material, and when it was downloaded. Ask for permission to search the machine for the material. If they refuse, tell them network access for that machine will be blocked. [NOTE: CIS will NOT automatically filter a computer off the network if it belongs to a department.]

4. Assuming they grant permission, locate and delete the offending files in the presence of the responsible person. Ask them if there is anything else on the computer that may generate a copyright complaint, and delete that too. Ask what peer-to-peer software is running on the computer (usually a BitTorrent client), and delete that.

5. Ask the responsible person whether they acknowledge having done the downloading. (They usually do). If they do not, ask whether they have any idea who may have done it.

6. Get the name, status (grad student, postdoc, staff, etc), and supervisor of the responsible person. Have the supervisor draft a letter of agreement to abide by policy (see the Copyright Letter Template for an example, which can be customized to local needs). Have the employee sign it, then distribute copies as indicated in the form letter. In the event that a student employee is involved, contact CIS (at Copyright@brown.edu) so that the information can be forwarded to the Office of Student Life for any further action.

7. If the computer is in an unattended, locked room, seek assistance from department manager for gaining access. However, simply verify that there is a computer at the tap that the NOC provided. DO NOT access the machine without a responsible person present. Attempt to find out who the responsible person is, and provide this information to the department manager (or equivalent), who will send an email to them. Follow the same procedure if the computer is accessible, but the responsible person is not present.

*For more background see the document “Copyright Infringement Policy: Copyright Law, the Illegal Use of File Sharing Programs, University Policies and Procedures for Handling Violations.”

Written by pfalcon

19 March 2009 at 10:54am