Educause Security Discussion mailing list archives
Re: RIAA Moves Against College-Network Fileswapping
From: Ken Shaurette <Ken.Shaurette () OMNITECHCORP COM>
Date: Fri, 4 Apr 2003 10:16:38 -0600
Sorry, I didn't mean to imply "P2P" was illegal. What I was referring to is the copyright violations, or violations of DMCA, or any other crime that might be getting commited by use of P2P. You have a good point, excellent example on the drug use. If it has anything to do with child pornograhpy as the crime then yes, it is crime not to report it, otherwise I'm not so sure. I think the argument would become that in your drug use example you are not providing the resources to propogate drug use unless you supply the needles, or run the drug house, but if your computer systems are being used as the means to commit the crime, could that be construed different? Probably comes down at some point to the jury determining who has the more convincing, or better lawyer. Ken Information Security Analyst and Security Solutions Manager Omni Tech Corporation (262) 523-3300 x486 -----Original Message----- From: Bruhn, Mark S. [mailto:mbruhn () INDIANA EDU] Sent: Fri 4/4/2003 10:03 AM To: SECURITY () LISTSERV EDUCAUSE EDU Cc: Subject: Re: [SECURITY] RIAA Moves Against College-Network Fileswapping There is an implication here that P2P applications are illegal ("P2P or other violation of copyright laws"), which isn't the case. I assume that's not what you meant. Setting aside our policies and general interest in our resources being used appropriately, is it true that if a student does something illegal and we know about it, are we obligated to report that to law enforcement? We don't have a policy that specifically prohibits ellicit drug use, but we don't have people systematically searching through residence hall rooms searching for drugs (at least we don't). Do we not do this because we are certain this isn't being done on our campuses? -- Mark S. Bruhn, CISSP Chief IT Security and Policy Officer Interim Director, Research and Educational Networking Information Sharing and Analysis Center (ren-isac () iu edu) Office of the Vice President for Information Technology and CIO Indiana University 812-855-0326 Incidents involving IU IT resources: it-incident () iu edu Complaints/kudos about OVPIT/UITS services: itombuds () iu edu -----Original Message----- From: Ken Shaurette [mailto:Ken.Shaurette () OMNITECHCORP COM] Sent: Friday, April 04, 2003 10:53 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] RIAA Moves Against College-Network Fileswapping It is true that you should never have anything written in policy that you cannot or do not intend to enforce even if only with awareness and reminders that it breaks policy. Having a policy and not consistently enforcing it raises penalties of itself and is loosely identified in Federal Sentencing Guidelines. Not having policy does not protect against the law suit. An organization could still be shown negligent if they had P2P or other violation of copyright laws occuring, were aware of it and did nothing to stop or discourage. The act in and of itself is illegal, promoting (or not stopping) when made aware of the violation could be argued by a good lawyer as particpation in the act of committing the crime. Could it also be argued that you should know your network and this type of use is very common so you should have a policy and enforcement measures to discourage? Your organizaiton is providing the resources to commit the crime whether you have policy against it or not. Lending your car to a person you know is planning to use it to rob a bank does not remove you from liability of having particpated in the commision of the robbery. Definition of a jury: 12 men and women who are your peers and determine who has the best lawyer. Ken Information Security Analyst and Security Solutions Manager Omni Tech Corporation (262) 523-3300 x486 -----Original Message----- From: Bruhn, Mark S. [mailto:mbruhn () INDIANA EDU] Sent: Fri 4/4/2003 9:31 AM To: SECURITY () LISTSERV EDUCAUSE EDU Cc: Subject: Re: [SECURITY] RIAA Moves Against College-Network Fileswapping This supports the notion that policies shouldn't be written unless they are necessary for specific situations, and unless the organization has the means and desire to enforce them. This is one of the reasons (though maybe not the most important) we don't have such a policy, and indeed this citation lends add'l credibility to how most of us operate in this area (reactive instead of proactive). M. -- Mark S. Bruhn, CISSP Chief IT Security and Policy Officer Interim Director, Research and Educational Networking Information Sharing and Analysis Center (ren-isac () iu edu) Office of the Vice President for Information Technology and CIO Indiana University 812-855-0326 Incidents involving IU IT resources: it-incident () iu edu Complaints/kudos about OVPIT/UITS services: itombuds () iu edu -----Original Message----- From: Robert Myles [mailto:mylesr () OHSU EDU] Sent: Friday, April 04, 2003 10:23 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] RIAA Moves Against College-Network Fileswapping There is precedence for the suit against the institution, case was settled for 1.5 million last year in the southwest against a company that had a policy against download of MP3's and P2P software, new of a P2P server on their system that they did not get around to shutting down, and were found a fault for not following their own policy. Lawsuits always go for the deep pockets!! Robert Myles, CISSP Information Security Officer Oregon Health & Science University >>> tbm3 () CORNELL EDU 4/4/2003 4:44:03 AM >>> Great question, the answer of which may substantially depend on whether they followed DMCA registration and procedures. Verizon did not, which is why RIAA subpoenaed them for user name. If these schools follow "safe harbor" provisions of the DMCA, they should be immune from contributory copyright liability. And even if they did not, there is language in the DMCA regarding ISPs which should go a long towards protecting them. But still, these are $64,000 questions, becoming more costly by the minute. Tracy At 06:30 AM 4/4/2003 -0600, you wrote: >Do you feel this excludes them from turning a law suit against the college >network operators next? Especially if they feel a college hasn't done >enough to discourage the activity? > >Ken M. Shaurette, CISSP, CISA, CISM, IAM >Omni Tech Corporation, www.omnitechcorp.com >(262) 523-3304 > > -----Original Message----- > From: Tracy Mitrano [mailto:tbm3 () CORNELL EDU] > Sent: Thu 4/3/2003 9:06 PM > To: SECURITY () LISTSERV EDUCAUSE EDU > Cc: > Subject: Re: [SECURITY] RIAA Moves Against College-Network > Fileswapping > > > > Please note, the action is not against network operators, but users, > students. Attached is the RIAA letter concerning this > matter. Tracy Mitrano > > > At 08:56 PM 4/3/2003 -0500, you wrote: > >For those of you that don't read slashdot - > > > >"The RIAA is taking action against college "Napster networks". > It's suing > >four network operators, two at Renssalaer Polytechnic Institute, > one at > >Princeton University, and one at Michigan Technological > University.".. > > > >http://yro.slashdot.org/yro/03/04/03/2312220.shtml?tid=141 > > > >If you have lots of p2p traffic on your network you might want > to touched > >base with your general council, if you haven't already. > > > >Cheers - > > > >********** > >Participation and subscription information for this EDUCAUSE > Discussion > >Group discussion list can be found at > http://www.educause.edu/memdir/cg/. > > ********** > Participation and subscription information for this EDUCAUSE > Discussion Group discussion list can be found at > http://www.educause.edu/memdir/cg/. > ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- Re: RIAA Moves Against College-Network Fileswapping, (continued)
- Re: RIAA Moves Against College-Network Fileswapping David L. Wasley (Apr 03)
- Re: RIAA Moves Against College-Network Fileswapping Michael Sinatra (Apr 03)
- Re: RIAA Moves Against College-Network Fileswapping Ken Shaurette (Apr 04)
- Re: RIAA Moves Against College-Network Fileswapping Schmidt, Eric W (Apr 04)
- Re: RIAA Moves Against College-Network Fileswapping Tracy Mitrano (Apr 04)
- Re: RIAA Moves Against College-Network Fileswapping Ken Shaurette (Apr 04)
- Re: RIAA Moves Against College-Network Fileswapping Robert Myles (Apr 04)
- Re: RIAA Moves Against College-Network Fileswapping Bruhn, Mark S. (Apr 04)
- Re: RIAA Moves Against College-Network Fileswapping Ken Shaurette (Apr 04)
- Re: RIAA Moves Against College-Network Fileswapping Bruhn, Mark S. (Apr 04)
- Re: RIAA Moves Against College-Network Fileswapping Ken Shaurette (Apr 04)
- Re: RIAA Moves Against College-Network Fileswapping Wayne Wilson (Apr 04)
- Re: RIAA Moves Against College-Network Fileswapping Ced Bennett (Apr 04)
- Re: RIAA Moves Against College-Network Fileswapping Allen Chang (Apr 04)
- Re: RIAA Moves Against College-Network Fileswapping Doug Sandford (Apr 04)
- Re: RIAA Moves Against College-Network Fileswapping Dan Updegrove (Apr 05)