Plan for Combating Illegal File Sharing at SMU

Executive Summary:

Southern Methodist University’s Computing and Communications Policy prohibits the use of SMU’s information resources, including its network, to engage in copyright infringing activity. SMU uses a multi-phased approach to encourage compliance with this policy.

First, SMU configures its Intrusion Prevention Systems (IPS) to block and/or otherwise disrupt transmissions employing P2P networks and protocols used almost exclusively for illegal file sharing (e.g., Gnutella, LimeWire Ares, eDonkey, etc.). Exceptions can be requested with sufficient justification for the legitimate educational need to access those services.

Second, the University uses a bandwidth management device to prioritize bandwidth utilization on campus. The policy greatly limits the ability of peer to peer networks to function on campus.

Finally, the University quickly responds to legitimate and properly formed notices of copyright infringement. After an investigation has been conducted, network access for users who have been involved in potentially infringing activity is disabled. This policy has the dual role of educating students who may have been involved in illegal file sharing, as well as immediately stopping any potential ongoing infringing activity.

Strategies for Deterring Illegal File Sharing:

SMU’s deterrence plan includes the following educational objective and strategies:

Educational Objective:

Develop and implement proactive outreach and educational programs that increase student, faculty, and staff knowledge and awareness of copyright protections and the penalties attendant to infringement of those copyrights. SMU’s strategies for achieving this objective are below:

  • Provide a Notice to Students every semester via email that outlines federal law, University policy, campus practices, and the potential internal and external sanctions applicable to copyright infringement, including unauthorized P2P file sharing via the campus network.
  • Develop and distribute curricula materials on Copyright Infringement and P2P File Sharing for use by instructors in Freshman Seminar.
  • Prominently include copyright infringement and P2P file sharing presentations and/or materials in SMU’s annual observation of Cyber Security Awareness Month.
  • Post the Notice to Students and other educational materials on the OIT web site and keep the site content up-to-date.
  • To the extent practicable, include a discussion of copyright infringement and the risks of P2P file sharing as a component of every security/privacy related presentation provided by IT Security, including New Student Orientation, Parents Orientation, New Employee Orientation, and annual training workshops offered to the campus community.
  • A comprehensive list of legal sources of copyrighted music and video materials, sources suitable for use as alternatives to illegal file sharing will be published on the SMU web site.

Policy Enforcement Objective:

Maintain and enforce campus copyright policies and procedures in accordance with federal copyright laws and regulations. SMU’s strategies for achieving this objective are below:

  • Maintain and enforce a clause in the campus appropriate use policy prohibiting the unauthorized duplication, use, or distribution of copyrighted digital materials (including software, music, video, graphics, etc.).
  • Document, publicize, and adhere to campus procedures for addressing notices and other communications pursuant to the Digital Millennium Copyright Act (DMCA)
  • Maintain a historical record of policy violators for use in applying corrective action to repeat offenders.
  • Keep all University copyright policies up-to-date with evolving federal regulations.

Technology-based Objective:

Employ technology-based deterrents to combat illegal P2P file sharing in ways that do not unreasonably impede the use of P2P technologies for legitimate University purposes. SMU’s strategies for achieving this objective are below:

  • To the extent practicable, configure the University’s Intrusion Prevention Systems to block and/or otherwise disrupt transmissions employing the P2P networks and protocols that are used almost exclusively for illegal file sharing (e.g., Gnutella, LimeWire, Ares, eDonkey, etc.).
  • To the extent practicable, implement secure solutions/exceptions that facilitate authorized use of P2P technologies.
  • Utilize Network Access Control and Wireless Network Control systems to prevent offending computers from accessing campus network until such time as any allegedly infringing materials are removed or otherwise made unavailable from those systems.
  • Monitor the viability of bandwidth shaping as an effective future alternative mechanism for discouraging illegal P2P file sharing.

DMCA Procedures:

When SMU receives a notice alleging an unauthorized distribution of copyrighted material, it reviews its network activity records to independently validate the legitimacy of the notice. If the notice appears valid, the University suspends the offending computer’s network access until the infringing material is removed or justification for a counter notice is provided. First offenders regain network access once proof of removal is provided and an acknowledgement is signed. Repeat offenders are referred to the Office of Student Conduct and Community Standards for additional sanctions, up to and including expulsion from the University.

The University also notifies the sender of the notice that appropriate removal actions have been taken. The University does not provide any user identifying information to the sender of the notice unless the notice is accompanied or followed by a lawfully issued subpoena.

The Office of Student Conduct and Community Standards will meet with all students who do not comply with the DMCA procedures or who are repeat offenders. These students will be required to watch an 8 minute video on illegal file sharing and will complete a judicial hearing. The Office of Student Conduct will contact OIT when the student has completed the process to restore network access.

Annual Review:

Annually the Information Security Officer (ISO), the Chief Information Officer (CIO), Student Affairs, Human Resources, and the General Counsel will meet to review the effectiveness of the copyright plan. Overall campus awareness, technology changes, bandwidth usage, help desk tickets, and changes in usage patterns are all taken into account. The University will examine the total of all infringement notices and reports received for the prior year. The ISO will be responsible for maintaining monthly metrics on how many notices are received each month. If the metrics suggest that modification to the plan is needed, the policy will be updated by the DMCA review committee, and implemented by OIT, HR, and Student Affairs.