Copyright and Security Guide for Academic Institutions

Policies to curb copyright infringement in university and college settings 

Universities and colleges have a strong interest in addressing the problem of copyright infringement on campus and on their networks. Intellectual property is essential to their mission; if it is not adequately protected, their own works are devalued, as well as the works that they use and teach. Moreover, the institution's bandwidth may be abused and its network resources misused to serve up content to downloaders all over the world. Illegal file-sharing can compromise networks with viruses, spyware and data security threats. It taxes the institution's resources in responding to infringement notices and engaging in disciplinary proceedings. It presents students with the prospect of facing legal action, and in some circumstances can even lead to potential liability for the institution itself.

1. EDUCATION/COMMUNICATION 

Set up an appropriate copyright policy. Staff and students should understand that unauthorised copying and transmission of someone else's music or other works is copyright infringement, which will not be tolerated by the university and carries legal and financial penalties. This is best accomplished through setting a code of conduct and terms and conditions of enrolment.

2. BEST PRACTICE NETWORK SECURITY 

Several key steps are recommended to maintain a safe and legal online environment:

• Check what is on the system and delete clearly infringing material. Many institutions already audit their systems for certain types of copyrighted material, particularly software. Inventories should also include music and other major types of copyrighted works. 
• Control wireless access. Wireless use should be subject to the same policy as any other means of access. Universities should be sure that wireless connections to their network and the Internet are secure and encrypted.
• Maintain virus and spyware protection. Protective software can screen out rogue files containing viruses, spyware or other damaging material, and should be installed on every computer. All copies of anti-virus and spyware programmes should be run regularly and kept up to date.
• Set firewall rules. Firewalls enforce security policy on traffic flows to and from the external internet, and can be useful tools to restrict excessive bandwidth usage. Best security practice is to lock down all ports at the firewall that are not specifically needed for authorised Internet activity.
• Designate a compliance officer. Someone within each institution should be responsible for ensuring compliance, particularly protecting against copyright theft on its systems. The person needs to be sufficiently senior (such as the IT or finance director) to insist on ongoing compliance with the institution's code of conduct, to remove illicit material promptly and to deal with any notices or disciplinary actions.

3. TECHNOLOGY TO CONTROL FILE-SHARING 

The following new technologies are commercially available and effective in dealing specifically with illegal file-sharing: 

• Barring use of unauthorised P2P software. Barring unauthorised software installations and file-sharing activity on a university's system is an easy way of reducing copyright and security problems, stopping the vast majority of copyright infringement before it takes place. One network-based system developed by Red Lambda is cGrid (http://redlambda.com/integrity_overview.php), pioneered by the University of Florida. It can be customised to provide selective or complete blocking and also addresses a full range of other security management issues.
• Network filtering. Another option is to install a network filtering system for specific files. Unlicensed copyright sound recordings can be identified within P2P traffic and individually blocked, while leaving other P2P traffic unaffected. Sophisticated software that can selectively filter or block copyrighted material as it passes from the Internet to an institution's local infrastructure is now available, such as Audible Magic's "Copysense" (http://www.audiblemagic.com). Used in over 60 academic institutions to date, it claims to be able to find a match over 99 per cent of the time with no false positives.
• Traffic shaping. Sometimes known as "throttling", the idea is to put an appliance inline in the network that can selectively slow down all P2P traffic, using "caps" or at peak times. This does not prevent infringement, but if the "slowdown" is implemented aggressively on the upstream side, it can stop files that are being shared on the fast university network from feeding massive off-campus P2P activity. Several companies offer equipment for traffic shaping, including Cisco, Packeteer and Palisade.
• Prevent bandwidth abuse. Network monitoring software, which may be supplied with network equipment, allows institutions to check whether users or devices are hogging bandwidth and may be configured to automatically ban them from a network on a temporary or permanent basis. Technical staff should check traffic 'hot spots' to see if there is a system problem or illegal activity taking place.

Useful Materials 

• IFPI 2007 Copyright and Security Guide for Academic Institutions

Reproduced with permission from IFPI.