Background Paper for Students Regarding the HEOA and the DMCA:
In the summer of 2008, Congress passed and the President signed H.R. 4137, the Higher Education Opportunity Act (HEOA), a massive piece of legislation that added dozens of new federal requirements for colleges and universities. Several of those requirements are intended to reduce unauthorized duplication and distribution of copyrighted works through peer-to-peer (P2P) file sharing on campus networks. Southern Methodist University is providing you this notice in compliance with sections 485 and 487 of that legislation and you are STRONGLY ADVISED to read it thoroughly and give it careful consideration.
SMU provides wired and wireless networking as well as other information technology resources to help you accomplish your educational goals. By using the SMU network, you agree to abide by the University’s
Computing and Communications Policy
. More specifically (note: A reference to section C might read better than “more specifically.” It just doesn’t flow well to me, particularly when the next sentence starts with “moreover.”), you agree not to use University resources for unauthorized duplication, use, or distribution of copyrighted materials, including music and video files. Moreover, such activity is illegal under the
Digital Millennium Copyright Act
(DMCA) and exposes you to serious civil and criminal penalties. The DMCA is a federal law that criminalizes production and dissemination of technology, devices, and services intended to circumvent copyright protections. In addition, the DMCA heightens the penalties for copyright infringement on the Internet.
Copyright infringement is the act of exercising, without permission or legal authority, one or more of the exclusive rights granted to the copyright owner under section 106 of the Copyright Act (Title 17 of the United States Code). These rights include the right to reproduce or distribute a copyrighted work. In the file-sharing context, downloading or uploading substantial parts of a copyrighted work without authority constitutes an infringement.
Penalties for copyright infringement include civil and criminal penalties. In general, anyone found liable for civil copyright infringement may be ordered to pay either actual damages or "statutory" damages affixed at not less than $750 and not more than $30,000 per work infringed. For "willful" infringement, a court may award up to $150,000 per work infringed. A court can, in its discretion, also assess costs and attorneys' fees. For details, see Title 17, United States Code, Sections 504, 505.
Willful copyright infringement can also result in criminal penalties, including imprisonment of up to five years and fines of up to $250,000 per offense. For more information, please see the Web site of the U.S. Copyright Office at www.copyright.gov, especially their FAQ's at
In December 2008, the Recording Industry Association of America ("RIAA") announced that it was abandoning its longstanding practice of filing law suits against students for infringing copyrights via illegal file sharing. The RIAA had reportedly filed over 17,500 lawsuits through early 2008 (see
). Despite the new moratorium on law suits, the RIAA’s aggressive enforcement campaign continues on other fronts and the University urges all students to refrain from copyright infringing behavior. Note, however, that this does not mean that the RIAA and / or other groups won’t resume filing lawsuits at some point in the future.
Southern Methodist University does not routinely monitor the content of network transmissions except as necessary to identify and repel network attacks, viruses, worms, and other malware. However, many P2P networks are used almost exclusively for illegal file sharing and are also favorite channels for spreading malware due to their popularity and pervasiveness. To mitigate these threats, the University employs various methods to block illegitimate P2P network traffic at the perimeter of its network. Note, however, that these methods are not 100% effective and all P2P traffic is not blocked at all times. Students should assume that P2P file sharing activity on the campus network is visible to the RIAA and other content owners that monitor the Internet for copyright infringement activity.
Copyright Enforcement Activities
The Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA), and other content owners are aggressively trying to stop unauthorized downloading, copying, and sharing of music and video by college students. They monitor the Internet continually to identify Internet Protocol (IP) addresses involved in these activities, but they require assistance from the Internet Service Provider (ISP) to communicate with an alleged infringer. They generally seek the ISP’s help in communicating one or more of the following:
DMCA Takedown Notices
Pre-Litigation Settlement Letters, and
Subpoenas (in connection with lawsuits).
Note that these four communications operate independently and do not necessarily progress from one to another. For example, nothing prevents the initial communication from being a subpoena that seeks the identity of a user connected at a specific IP address at a specific day and time.
DMCA Takedown Notices
When a content owner determines that an IP address has been used to violate its copyright, it sends a Takedown Notice to the applicable Internet Service Provider (ISP) describing the IP address, date, time, and material involved in the alleged infringement. The notice requests that the ISP remove or disable access to the listed material under the terms of the DMCA.
When SMU receives such a Takedown Notice, it reviews its network activity records to independently validate the legitimacy of the complaint. If the complaint appears valid, the University suspends the offending user’s or computer’s network access until the infringing material is removed. First offenders regain network access once proof of removal is provided and an acknowledgement is signed. Repeat offenders are referred to the Dean of Students for additional sanctions, up to and including expulsion from the University.
The University also notifies the sender of the Notice that a) appropriate removal actions have been taken, or b) the allegation could not be validated through network activity records. The University does not provide any user identifying information to the sender of the Notice unless the Notice is accompanied or followed by a lawfully issued subpoena.
Preservation Requests are used to notify the ISP that a subpoena may be served on it seeking identifying information about a network user who has allegedly infringed a content owner’s copyrighted material. Like the Takedown Notice, the Preservation Request identifies an alleged infringer's IP address at the time of the alleged infringement. The Preservation Request asks the ISP to preserve the identifying information for the user connected via that IP address at that time.
SMU’s practice is to first determine if the information provided in the Request may be sufficient to implicate a specific user. If not, the University notifies the requesting party of its inability to comply. If a specific user is implicated, the University preserves the information as requested and forwards the Request to that user via email. The cover email explains the nature of the Request, encourages the user to preserve evidence relating to the claims in the Request, and informs them that they may wish to obtain legal advice before taking any other action. Once again, SMU will not release a user’s identifying information in response to a Preservation Request unless and until the Request is accompanied or followed by a lawfully issued subpoena.
Pre-Litigation Settlement Letters
Prior to abandoning the “sue the customer” strategy, the RIAA’s outside legal counsel sent what were known as "Pre-Litigation Settlement Letters" to many universities and other ISP’s. The Settlement Letter was generally sent to the ISP with a request that it be forwarded to the user of a particular IP address. The Letter alleged that the user of that particular IP address had violated copyright laws and presented an opportunity to settle the claim as early as possible at a "significantly reduced amount" compared to the judgment that a court might impose at the end of a lawsuit. The Letter also informed the user to preserve evidence relating to the claims and instructed the user to retain, and not delete, any peer-to-peer programs.
Should the RIAA or another copyright owner resurrect lawsuits and settlement letters, SMU’s practice is, and has always been, to forward a Settlement Letter along with an explanation to the alleged infringer if the University’s network activity logs can establish the identity of the person at the specified IP address with a reasonable degree of certainty. Because network log data can be unavailable or inconclusive, the University cannot guarantee that all Settlement Letters will be forwarded to alleged infringers. Individuals should not expect to receive such a letter prior to being sued for copyright infringement. (note: Has this always been our practice? I’m surprised to hear it, if so. I thought that Legal was undecided on what we would do about Settlement Letters, but was leaning toward protecting our students. Not to continually use the same example, but the Totally Tasteless complaint contained a Settlement offer, and I do not believe that it was forwarded on to any implicated individual.)
Based on the wording in recent Settlement Letters, recipients must settle within twenty (20) days of the date of the Settlement Letter or face a lawsuit. Recipients are encouraged to seek legal counsel before taking any action.
Lawsuits and Subpoenas
In cases where no settlement is reached, the RIAA and member companies had been filing lawsuits in Federal District Courts. The suits alleged that unnamed students have infringed copyrights by downloading certain information and, for some, distributing the information to others over the Internet. After filing these "John Doe" lawsuits (so named because they name IP addresses rather than people) identifying IP addresses, the companies served subpoenas on universities seeking the identity of the users associated with those IP addresses.
If and when SMU receives such a subpoena, the University first ensures that the subpoena is valid and lawful. If so, and if the information sought in the subpoenas exists, the University is legally required to provide the desired information. While complying with the subpoena, the University notifies the individuals being identified in the subpoena response. The University has heard but cannot confirm that companies first used the subpoenaed information to try to settle the matter with the identified individuals, and if a settlement was not reached, the companies would amend the lawsuits to name the individual students and proceed in court.
Obtaining Legal Advice
Information provided in this notice does NOT constitute legal advice. It is intended for informational and educational purposes only. Every situation is unique and you are encouraged to consult an attorney if you need specific legal advice. Links to legal web sites, such as those provided below, do not constitute an endorsement of any legal services. Neither the downloading of materials nor any communication with respect to this Notice constitutes the formation of an attorney-client relationship. In reading and acting upon this Notice, you acknowledge that nothing in the Notice is intended to or constitutes the practice of law or the giving of legal advice.
Finding an attorney to explain your rights and options:
Subpoena Defense Alliance
State Bar of Texas Lawyer Referral Information Service