Copyright and security guide for academic institutions

Policies to curb copyright infringement in university and college settings 

Universities and colleges have a strong interest in addressing the problem of copyright infringement on campus and on their networks. Intellectual property is essential to their mission; if it is not adequately protected, their own works are devalued, as well as the works that they use and teach. Moreover, the institution's bandwidth may be abused and its network resources misused to serve up content to downloaders all over the world. Illegal file-sharing can compromise networks with viruses, spyware and data security threats. It taxes the institution's resources in responding to infringement notices and engaging in disciplinary proceedings. It presents students with the prospect of facing legal action, and in some circumstances can even lead to potential liability for the institution itself.

Educational institutions are ideally placed to shape student attitudes toward copyright. There are a number of steps they can and should take to curb copyright infringement and the associated security problems on their networks. These include education and communication, vigilance in maintaining a safe and legal online environment, and the effective use of technological tools. 

1. EDUCATION/COMMUNICATION 

• Set up an appropriate copyright policy. Staff and students should understand that unauthorised copying and transmission of someone else's music or other works is copyright infringement, which will not be tolerated by the university and carries legal and financial penalties. This is best accomplished through setting a code of conduct and terms and conditions of enrolment. The policy should also illustrate unacceptable behaviour, including illegal file-sharing, and provide details of the penalties imposed both by the university and by the courts. Students should be in no doubt that illegal file-sharing on dorm networks is just as unacceptable as on the university's network.
• Communicate and implement the policy. Institutions can ensure their policy is well communicated to staff and students by taking simple steps, including:
  •  
    • Making the policy prominently available beginning at enrolment, both in print and on websites.
    • Ensuring that staff and students are aware of these terms and sign a document agreeing to them before they are given access to the computer network.
• Sending periodic emails directly from senior staff, with reminders that the university takes copyright infringement very seriously and that failure to comply with its policy will result in penalties.

2. BEST PRACTICE NETWORK SECURITY 

Several key steps are recommended to maintain a safe and legal online environment:

• Check what is on the system and delete clearly infringing material. Many institutions already audit their systems for certain types of copyrighted material, particularly software. Inventories should also include music and other major types of copyrighted works. Commercial recordings of music are virtually never licensed for multiple copying, network storage or internet distribution, except through a recognised, legitimate music service or under an explicit agreement with the owners. 'Private copy', 'academic use', 'fair use', 'evaluation copy' or other such excuses do not permit the storage or transmission of libraries of commercial recordings on academic institutions' systems.
• Control wireless access. Wireless use should be subject to the same policy as any other means of access. Universities should be sure that wireless connections to their network and the internet are secure and encrypted, so that they are not hijacked for illegal purposes. Wireless hub software lets organisations set access codes and the desired level of security and/or encryption.
• Maintain virus and spyware protection. Protective software can screen out rogue files containing viruses, spyware or other damaging material, and should be installed on every computer. All copies of anti-virus and spyware programmes should be run regularly and kept up to date.
• Set firewall rules. Firewalls enforce security policy on traffic flows to and from the external internet, and can be useful tools to restrict excessive bandwidth usage. Particular internet addresses, ports or protocols on which file-sharing or other infringing activity typically occurs can be blocked. Best security practice is to lock down all ports at the firewall that are not specifically needed for authorised internet activity.
• Designate a compliance officer. Someone within each institution should be responsible for ensuring compliance, particularly protecting against copyright theft on its systems. The person needs to be sufficiently senior (such as the IT or finance director) to insist on ongoing compliance with the institution's code of conduct, to remove illicit material promptly and to deal with any notices or disciplinary actions.

3. TECHNOLOGY TO CONTROL FILE-SHARING 

The following new technologies are now commercially available and effective in dealing specifically with illegal file-sharing: 

• Barring use of unauthorised P2P software. Barring unauthorised software installations and file-sharing activity on a university's system is an easy way of reducing copyright and security problems, stopping the vast majority of piracy before it takes place. One network-based system developed by Red Lambda is cGrid (http://redlambda.com/integrity_overview.php), pioneered by the University of Florida. It can be customised to provide selective or complete blocking and also addresses a full range of other security management issues.
• Network filtering. Another option is to install a network filtering system for specific files. Unlicensed copyright sound recordings can be identified within peer-to-peer traffic and individually blocked, while leaving other peer-to-peer traffic unaffected. Sophisticated software that can selectively filter or block copyrighted material as it passes from the internet to an institution's local infrastructure is now available, such as Audible Magic's "Copysense" (http://www.audiblemagic.com). Used in over 60 academic institutions to date, it claims to be able to find a match over 99 per cent of the time with no false positives.
• Traffic shaping. Sometimes known as "throttling", the idea is to put an appliance inline in the network that can selectively slow down all P2P traffic, using "caps" or at peak times. This does not prevent infringement, but if the "slowdown" is implemented aggressively on the upstream side, it can stop files that are being shared on the fast university network from feeding massive off-campus P2P activity. Several companies offer equipment for traffic shaping, including Cisco, Packeteer and Palisade.
• Prevent bandwidth abuse. Network monitoring software, which may be supplied with network equipment, allows institutions to check whether users or devices are hogging bandwidth and may be configured to automatically ban them from a network on a temporary or permanent basis. Technical staff should check traffic 'hot spots' to see if there is a system problem or illegal activity taking place.

Useful Materials 

• IFPI 2007 Copyright and Security Guide for Academic Institutions 

Reproduced with permission from IFPI.