Peer-to-Peer (P2P) File Sharing and Copyright Infringement Compliancy Plan Higher Education Opportunity Act (HEOA) - H.R. 4137 Version 1.0 November 2010 INTRODUCTION In accordance with the Higher Education Opportunity Act of 2008 (HEOA), Framingham State University (FSU) has developed the following plan to combat the unauthorized uploading, downloading, and distribution of copyrighted materials utilizing peer-to-peer (P2P) file sharing applications on the campus network. Framingham State University is dedicated to insuring that all students, faculty, staff and contractors are in compliance with the provisions set forth in this plan, as well as any state or federal laws applicable to the possession, use or distribution of copyrighted materials using an electronic format. The plan includes the following components, based on the requirements of HEOA, as related to peer-to-peer file sharing and copyright infringement: 1. Education and Awareness 2. Technology-based deterrents 3. Response Plan 4. Legal Alternatives 5. Periodic Review 1. EDUCATION AND AWARENESS Framingham State University views education as the primary step in fostering awareness of the issues surrounding copyright infringement and a key mechanism in preventing the illegal distribution of copyrighted materials through the use of the campus computing network. The following mechanisms have been implemented at FSU to help educate end-users and to promote awareness within the campus community: • Annual disclosure letter Detailed information on copyright infringement Outline of criminal and civil penalties for illegally sharing copyrighted materials Steps the University will take to punish illegal distributing copyrighted materials Links to legal downloading alternatives and help sources • Published Policies Acceptable Use Policy Policy on P2P File Sharing • New Student Orientation • Student Handbook 2. TECHNOLOGY-BASED DETERRENTS Framingham State University makes no explicit attempts to monitor or block network traffic based on data content. It does, however, employ multiple network management strategies to insure the reliability and performance of the campus computing network that effectively reduce 2 the possibility of end-users downloading or distributing copyrighted materials. The management strategies employed at the University are, as follows: • Bandwidth Shaping - Through the use of Bluecoat Packeteer devices and Enterasys software applications, bidirectional rate-limiters are in place to set thresholds for the amount of bandwidth that can be consumed by individual users. This is aimed at preventing excessive bandwidth consumption, but also effectively reduces the amount of copyrighted materials an individual could potentially upload or download using the campus network. • Port Blocking - TCP/UDP source ports for well-known file sharing applications are blocked through the use of Enterasys Policy Manager and Cisco ASA 5520 firewalls. This significantly reduces the ability of a user to serve out any potentially illegal materials to internal hosts on campus or to external hosts off campus using the campus Internet gateway. • Application Blocking - Well-known file sharing applications that use a common TCP/UDP port, such as HTTP, or that do not have a unique port assignment, are blocked outbound through the use of a Tipping Point Intrusion Prevention System (IPS). This further reduces the ability of a campus user to illegally serve out any copyrighted materials. • Traffic Monitoring - Network Traffic monitoring and host-based analysis are provided through multiple tools on campus, including Bluecoat Packeteers, a Tipping Point IPS and OpenNMS. Through the use of these tools, the ITS Department has the ability to locate top band-width users. In the event that a user is found to be using excessive bandwidth, appropriate steps will be taken to determine the source host and limit or prevent the usage. 3. RESPONSE PLAN Digital Millennium Copyright Act (DMCA) notifications are received through our Internet service provider, the University of Massachusetts (UMASS) MITI Network. Upon receiving a notice of claimed infringement, Framingham State University will make all realistic attempts to track down and verify the claim. Should an individual be found in possession of illegally obtained or copyrighted materials, the University will provide the user with the notice and require that the materials in question be removed from the their computer in order to retain the privilege of using the campus network. If it is not possible to locate the offending party or if an individual refuses to remove the illegally obtained material from their computer, the University will use all technological tools at its disposal to block the individual from the campus network in order to prevent any further distribution of the copyrighted material. In the event of repeat offences, a user may have their user account(s) disabled and/or be permanently blocked from the campus network. More information is available in the in the Framingham State University Policy on Peer-to-Peer File Sharing located at: http://my.campus.framingham.edu. 3 4. LEGAL ALTERNATIVES In an effort to limit the illegal sharing of copyrighted materials on the FSU network, users are encouraged to seek legal alternatives for downloading. The annual disclosure letter provided to campus users includes links to legal sites that have been compiled and reviewed by the ITS Department. The current sites provided in the annual letter, are as follow: http://www.educause.edu/legalcontent http://www.mpaa.org/contentprotection/get-movies-tv-shows http://www.riaa.com/toolsforparents.php?content_selector=legal_music_sites http://www.live365.com/index.live http://www.shoutcast.com/ 5. PERIODIC REVIEW Review of this plan will be handled on an annual basis prior to the start of the fall semester. The goal will be to analyze the effectiveness of the plan and to highlight possible areas of improvement. The following items will be examined to form the basis of the review: 1. DMCA notices from the previous year will be compiled and analyzed based on the number and nature of the notifications. This will serve, as the benchmark for determining the effectiveness of this plan and also to highlight any areas of potential improvement. 2. The annual disclosure letter will be updated prior to sending it to the campus community at the beginning of each fall semester. Any necessary modifications will be made to the verbiage, such as updating the criminal penalties or modifying the legal alternatives for downloading. 3. Technology-based deterrents will be reviewed to determine if any relevant configuration changes are needed or if any technologies have been added within in the previous year that could be employed to reduce the illegal sharing of copyrighted material using the campus network. 4. Legal alternative sources for downloading will be reviewed and compiled annually for the purpose of inclusion in the annual disclosure letter. 4