p2p: dangers, risks & copyright infringement jodi ito information security officer, its...
Post on 21-Dec-2015
217 views
TRANSCRIPT
P2P: Dangers, Risks & Copyright Infringement
Jodi Ito
Information Security Officer, ITS
956-2400
P2P: What is it?
Peer-to-peer filesharing Files are exchanged between individual
computers and users
What’s the problem?
Unknowingly share personal or sensitive information
http://www.cbsnews.com/stories/2005/05/03/eveningnews/main692765.shtml
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9128820
“Attractive” Malware
Imbedded viruses, trojans, other malicious software in P2P files
Problems determining “legitimacy” of files Vulnerable to attacks
Malware may open ports on your firewall Computer may become part of a “botnet”
http://www.us-cert.gov/cas/tips/ST05-007.html
What is Copyright?
http://www.copyright.gov/circs/circ1.html
Copyright is a form of protection provided by the laws of the United States (title 17, U. S. Code) to the authors of “original works of authorship,” including literary, dramatic, musical, artistic, and certain other intellectual works.
Fair Use
From the US Patent & Trade Office http://www.uspto.gov/go/kids/kidantipiracy02.htm
“Limited circumstances under which it may be allowable to reference or sample works without seeking an express release from a copyright holder.”
Fair Use Guidelines
4 factors help determine fair use: The purpose and character of the use, including
whether such use is of a commercial nature or is for nonprofit, educational purposes.
The nature of the copyrighted work. Use of a purely factual work is more likely to be considered fair use than use of someone's creative work.
The amount and substantiality of the portion used in relation to the copyright protected work as a whole.
The effect of the use on the potential market for or value of the copyright protected work.
http://www.copyright.com/ccc/viewPage.do?pageCode=cr10-n#fairuse
Copyright Infringement
http://www.us-cert.gov/cas/tips/ST05-004.html Copyright infringement occurs when you use or
distribute information without permission from the person or organization that owns the legal rights to the information. Including an image or cartoon on your web site or in a document, illegally downloading music, and pirating software are all common copyright violations.
AKA “Piracy”http://www.uspto.gov/go/kids/kidantipiracy04.htm
DMCA
Digital Millennium Copyright Act (1998):http://www.copyright.gov/legislation/dmca.pdf
Determines role, responsibility & liability of ISP (UH is an ISP)
“Safe Harbor” http://www.hawaii.edu/askus/813
US Congressional Actions
Perception: Universities are breeding grounds for illegal downloading
University officials testified at Congressional hearing on June 5, 2007
Universities are the target of a concentrated RIAA focus
Looking to mandate technical solutions to block illegal copyright activities
US Higher Education Act 2008
Every college & university must certify it has: developed plans to effectively combat the
unauthorized distribution of copyrighted materials, including through the use of a variety of technology-based deterrents;
to the extent practicable, offer alternatives to illegal downloading or peer-to-peer distribution of intellectual property
Higher Ed Discussions
EDUCAUSE: Nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology (http:www.educause.edu)
feed://connect.educause.edu/taxonomy/term/630/0/feed “Students Flock to Web Sites Offering Pirated
Textbooks” “How It Does It: The RIAA Explains How It
Catches Alleged Music Pirates”
HEOA: Higher Education Opportunities Act
a.k.a: Higher Education Act Reauthorization, Higher Education Act
Enacted on August 14, 2008 http://www.ed.gov/HEOA Contains language specifically addressing copyright
infringement at HE institutions “technology-based deterrents” Current status: “negotiated rulemaking” Publishing of official rules Nov 2009 Compliance July 2010
New ITS Procedures?
End of 2009: New federal mandates Early 2010: New/modified UH DMCA
procedures Email notifications (uhitc-l listserv) Notifications via Chancellors/Deans/Directors Failure to comply may result in loss of
federal funding!
Current Climate
Culture Attitudes Awareness (or lack thereof) UH “Takedown” notice statistics
2006: 15 2007: 124 including 3 “Preservation Notices”, 2
“Early Settlement Letters” 2008: 396 notices received 2009: 65 to date
2007 vs. 2008DMCA Notices 2007 vs. 2008
13 136
0 0
14
5
1512
7
2217
2431
12
3023 20
1116
72
95
31 31
0
10
20
30
40
50
60
70
80
90
100
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
Month
# of Notices Received
20072008
Industry Notifications
Sent to “dmca-agent” Three Types:
“Takedown” Notice “Preservation” Notice - RIAA “Pre-settlement” Letter - RIAA
Who sends these notices?
Paramount
HBO
Sony Pictures
Business Software Alliance
Entertainment Software Alliance
Hachette Book Company
Activision
NBC Universal
Fox Entertainment
MGM Studios
JK Rowling
Warner Brothers
The Teaching Company
RIAA
What titles are being infringed on?
Entourage
House
The Secret Life of Bees
The Machinist
Chris Brown - Wall To Wall
Watchmen
Mathworks Matlab
Supreme Commander
Dead Like Me: Life After Death
Harry Potter and the Goblet of Fire
Role Models
Maroon 5 - This Love
Forgetting Sarah Marshall
Takedown Notice
Provides: IP Number Date & time of incident Material being infringed upon
ITS Response Block access (IP, username, MAC) Notify network administrator If user is identified, user must sign a “Copyright
Notification” Letter If 2nd offense, grievance will be filed with appropriate
University officials
Preservation Notice
From RIAA Preservation Notice notifies UH of the RIAA’s
intent to subpoena UH for documents for subscriber information associated w/ an IP at a given time
Pre-Settlement Letter
From RIAA Follow-up to the Preservation letter Asks to forward letter to user Evaluating on case-by-case basis UH will NOT provide any information to the
RIAA unless presented with a VALID subpoena
Legal Issues
UH will not provide any information to the RIAA unless presented with a valid subpoena
UH must comply with all legal obligations If a user receives an “early settlement letter”,
matter is between RIAA and user