P2P: Dangers, Risks &
Copyright Infringement
Jodi Ito
Information Security Officer, ITS
[email protected]
956-2400
P2P: What is it?


Peer-to-peer filesharing
Files are exchanged between individual
computers and users
What’s the problem?



Unknowingly share personal or sensitive
information
http://www.cbsnews.com/stories/2005/05/03/
eveningnews/main692765.shtml
http://www.computerworld.com/action/article.
do?command=viewArticleBasic&articleId=91
28820
“Attractive” Malware



Imbedded viruses, trojans, other malicious
software in P2P files
Problems determining “legitimacy” of files
Vulnerable to attacks



Malware may open ports on your firewall
Computer may become part of a “botnet”
http://www.us-cert.gov/cas/tips/ST05007.html
The BIGGER Problem!


Used to “share” copyrighted materials
“Copyright Infringement”
What is Copyright?

http://www.copyright.gov/circs/circ1.html
Copyright is a form of protection provided by
the laws of the United States (title 17, U. S.
Code) to the authors of “original works of
authorship,” including literary, dramatic,
musical, artistic, and certain other intellectual
works.
Fair Use

From the US Patent & Trade Office

http://www.uspto.gov/go/kids/kidantipiracy02.htm
“Limited circumstances under which it may
be allowable to reference or sample works
without seeking an express release from a
copyright holder.”
Fair Use Guidelines

4 factors help determine fair use:




The purpose and character of the use, including whether such
use is of a commercial nature or is for nonprofit, educational
purposes.
The nature of the copyrighted work. Use of a purely factual
work is more likely to be considered fair use than use of
someone's creative work.
The amount and substantiality of the portion used in relation
to the copyright protected work as a whole.
The effect of the use on the potential market for or value of
the copyright protected work.
http://www.copyright.com/ccc/viewPage.do?pageCode=cr10-n#fairuse
Copyright Infringement

http://www.us-cert.gov/cas/tips/ST05-004.html

Copyright infringement occurs when you use or
distribute information without permission from the
person or organization that owns the legal rights to
the information. Including an image or cartoon on
your web site or in a document, illegally
downloading music, and pirating software are all
common copyright violations.
AKA “Piracy”

http://www.uspto.gov/go/kids/kidantipiracy04.htm
DMCA

Digital Millennium Copyright Act (1998):
http://www.copyright.gov/legislation/dmca.pdf



Determines role, responsibility & liability of
ISP (UH is an ISP)
“Safe Harbor”
http://www.hawaii.edu/askus/813
US Congressional Actions




Perception: Universities are breeding
grounds for illegal downloading
University officials testified at Congressional
hearing on June 5, 2007
Universities are the target of a concentrated
RIAA focus
Looking to mandate technical solutions to
block illegal copyright activities
US Higher Education Act 2008

Every college & university must certify it has:


developed plans to effectively combat the
unauthorized distribution of copyrighted materials,
including through the use of a variety of
technology-based deterrents;
to the extent practicable, offer alternatives to
illegal downloading or peer-to-peer distribution of
intellectual property
Higher Ed Discussions

EDUCAUSE: Nonprofit association whose
mission is to advance higher education by
promoting the intelligent use of information
technology (http:www.educause.edu)

feed://connect.educause.edu/taxonomy/term/630/0/feed


“Students Flock to Web Sites Offering Pirated
Textbooks”
“How It Does It: The RIAA Explains How It
Catches Alleged Music Pirates”
HEOA: Higher Education
Opportunities Act








a.k.a: Higher Education Act Reauthorization, Higher
Education Act
Enacted on August 14, 2008
http://www.ed.gov/HEOA
Contains language specifically addressing copyright
infringement at HE institutions
“technology-based deterrents”
Current status: “negotiated rulemaking”
Publishing of official rules Nov 2009
Compliance July 2010
New ITS Procedures?





End of 2009: New federal mandates
Early 2010: New/modified UH DMCA
procedures
Email notifications (uhitc-l listserv)
Notifications via Chancellors/Deans/Directors
Failure to comply may result in loss of
federal funding!
Current Climate




Culture
Attitudes
Awareness (or lack thereof)
UH “Takedown” notice statistics




2006: 15
2007: 124 including 3 “Preservation Notices”, 2
“Early Settlement Letters”
2008: 396 notices received
2009: 65 to date
2007 vs. 2008
DMCA Notices 2007 vs. 2008
95
100
# of Notices Received
90
80
72
70
60
2007
2008
50
40
30
31
24
20 13
10
31
30
23
13
12
6
0
20
14
31
22
11
5
1516
17
12
7
0
0
Jan Feb Mar Apr May Jun
Jul
M onth
Aug Sep Oct Nov Dec
Industry Notifications


Sent to “dmca-agent”
Three Types:



“Takedown” Notice
“Preservation” Notice - RIAA
“Pre-settlement” Letter - RIAA
Who sends these notices?
NBC Universal
Paramount
Sony Pictures
RIAA
HBO
MGM Studios
Business Software Alliance
Activision
Fox Entertainment
Warner Brothers
Entertainment Software Alliance
The Teaching Company
JK Rowling
Hachette Book Company
What titles are being infringed on?
Entourage
Supreme
Commander
Mathworks Matlab
Watchmen
The Secret Life of Bees
Chris Brown - Wall To Wall
Role
Models
Forgetting Sarah Marshall
House
Harry Potter and the
Goblet of Fire
The Machinist
Dead Like Me: Life
After Death
Maroon 5 This Love
Takedown Notice

Provides:




IP Number
Date & time of incident
Material being infringed upon
ITS Response




Block access (IP, username, MAC)
Notify network administrator
If user is identified, user must sign a “Copyright
Notification” Letter
If 2nd offense, grievance will be filed with appropriate
University officials
Preservation Notice


From RIAA
Preservation Notice notifies UH of the RIAA’s
intent to subpoena UH for documents for
subscriber information associated w/ an IP at
a given time
Pre-Settlement Letter





From RIAA
Follow-up to the Preservation letter
Asks to forward letter to user
Evaluating on case-by-case basis
UH will NOT provide any information to the
RIAA unless presented with a VALID
subpoena
Legal Issues



UH will not provide any information to the
RIAA unless presented with a valid subpoena
UH must comply with all legal obligations
If a user receives an “early settlement letter”,
matter is between RIAA and user
Questions?
[email protected]
(808) 956-2400
Descargar

CyberSecurity @ UH