RIAA/MPAA Mitigation Policy

RIAA/MPAA

Mitigation

Policy

Best Practices for

Responding to

Infringement Notices



Jeremy Hallum and Christopher

M. Brenner

Table of Contents

Introduction ................................................................................................................................... 3



Infringement Notifications ............................................................................................................. 3



Upon Receiving a Notification ....................................................................................................... 5



Consequences of Infringing ........................................................................................................... 6



Appendix: University Resources .................................................................................................... 6









Author: Jeremy Hallum & Christopher M. Brenner CONFIDENTIAL AND ADVISORY

Page 2



Location: \\lsa\dfs\Dept\lsait\dept\Security\

Last Updated: November 30, 2011

Introduction





The Recording Industry Association of America (RIAA) and the Motion Pictures Association of

America (MPAA) have been undergoing a vigorous defense of their copyrights by employing

various corporations that monitor popular file sharing sites and record the IP addresses of

users that download and disseminate their material. The University routinely receives letters of

infringements and it is the job of the IT Professionals in the various Departments in LSA to

notify the people responsible for downloading copyrighted data illegally and ask them to

modify their behavior. This document explains LSA policy in dealing with these Infringement

Notices, and resources that are available to educate users.







Infringement Notifications



The RIAA and MPAA employ several contractors who monitor many of the major file sharing

networks and popular bit torrents, and pass information on IP addresses to teams of lawyers.

The lawyers then send out Notices of DMCA Infringement to Universities and ISPs, and ask

them to notify the user (if they can be found) to modify their behavior. A DMCA Infringement

Notification from their legal teams usually looks something like the following:







University of Michigan - Ann Arbor

503 Thompson Street, Room 3042 Fleming

Ann Arbor, MI 48109-1340 US







RE: Unauthorized Distribution of the Copyrighted Television Program Entitled

True Blood





Dear John King:



We are writing this letter on behalf of Home Box Office, Inc. ("HBO").



We have received information leading us to believe that an individual has utilized the below-referenced IP address

at the noted date and time to offer downloads of copyrighted television program(s) through a "peer-to-peer"

service, including such title(s) as:



True Blood



The distribution of unauthorized copies of copyrighted television programs constitutes copyright infringement under

the Copyright Act, Title 17 United States Code Section 106(3).



Author: Jeremy Hallum & Christopher M. Brenner CONFIDENTIAL AND ADVISORY

Page 3



Location: \\lsa\dfs\Dept\lsait\dept\Security\

Last Updated: November 30, 2011

Since you own this IP address (192.168.1.1), we request that you immediately do the following:



1) Disable access to the individual who has engaged in the conduct described above; and/or

2) Take other appropriate action against the account holder under your Abuse Policy/Terms of Service Agreement.



On behalf of HBO, owner of the exclusive rights to the copyrighted material at issue in this notice, we hereby state,

that we have a good faith belief that use of the material in the manner complained of is not authorized by HBO, its

respective agents, or the law.



Also, we hereby state, under penalty of perjury, under the laws of the State of New York and under the laws of the

United States, that the information in this notification is accurate and that we are authorized to act on behalf of the

owner of the exclusive rights being infringed as set forth in this notification.



Please direct any end user queries to the following address:



SafeNet DMCA

4690 Millennium Dr.

Belcamp, MD 21017



CopyrightQs@safenet-inc.com

(443) 327-1777



Kindly include the Case ID 661290319, also noted above, in the subject line of all future correspondence regarding

this matter.



We appreciate your assistance and thank you for your cooperation in this matter. Your prompt response is

requested.



Respectfully,



A Kempe

Enforcement Coordinator

SafeNet, Inc.



------------------------------



INFRINGEMENT DETAIL

--------------------



Infringing Work: True Blood

First Found: 22 Oct 2008 15:41:30 EDT (GMT -0400)

Last Found: 22 Oct 2008 15:41:30 EDT (GMT -0400)

IP Address: 141.211.36.76

IP Port: 36546

Protocol: BitTorrent

Torrent InfoHash: 5A59F014BF679645B26C188269047D110D374ED5

Containing file(s):

True.Blood.S01E01.PREAiR.DVDSCR.XviD-MEDiEVAL.avi.torrent (574,803,968 bytes)









Author: Jeremy Hallum & Christopher M. Brenner CONFIDENTIAL AND ADVISORY

Page 4



Location: \\lsa\dfs\Dept\lsait\dept\Security\

Last Updated: November 30, 2011

These notifications typically are received by the ITCS User Advocate, who then distributes them

to the Primary Contacts in the University of Michigan NICR. These contacts are usually the

group who maintains the machines for the departments who use that subnet and the LSA

Security Team. If, for some reason, you get these notices from an outside source (say directly

from representatives of the copyright holder) for your network, then you should send the

notices directly to the ITCS User Advocate (abuse@umich.edu), and the LSA Security group (lsa-

security@umich.edu). You should not directly correspond with representatives of any outside

group at any time without consulting with the User Advocate.









Upon Receiving a Notification



So you have received a notice from the ITCS User Advocate that an infringer exists on your

network. What are your responsibilities as an IT Professional at the University of Michigan?

The University of Michigan asks you to do the following things:



 Assist in finding the individual who is distributing the infringing content

 Make sure that they stop distributing the content.

 Inform them that they are in violation of the University Terms of Service, and that they

should refrain from using the University of Michigan Network in this manner at all

times.





The members of the LSAIT Security Group are available as resources to help you reach a

successful resolution to this process. When a DMCA notification is received, typically a

member of the Security Group will begin the process by looking at the College DHCP and DNS

servers to help narrow down the exact user that might be distributing infringing content, when

we have access to that information. Administrators also look through the NetDisco interface

(https://clerks.umnet.umich.edu/netdisco/login.html?done=%2Fnetdisco%2Findex.html),

where it is possible to determine the physical switch and port number of a machine that is

plugged in to the network.



After LSA has determined all of the information that can be recovered, they will contact the IT

professionals in the department and impart everything that we have learned so that they can

further localize and identify the user. In some cases (especially departments that have local

DHCP and DNS servers), LSA may not be able to localize this information, and it may be up to

the local computer professional to determine this.



The department IT professional is responsible for getting the user to desist in the actions that

caused the Infringement Notice to be sent out, and to inform them that they must not use the



Author: Jeremy Hallum & Christopher M. Brenner CONFIDENTIAL AND ADVISORY

Page 5



Location: \\lsa\dfs\Dept\lsait\dept\Security\

Last Updated: November 30, 2011

University Network to distribute content that they do not have the copyright for, as per the

Terms of Service that they agreed to when they arrived at the University (as enumerated in the

Standard Practice Guide 601.7).



The DMCA mandates that we make an effort to respond to all valid DMCA take-down notices

within 24 hours, so be aware of this whenever you receive one of these from the User

Advocate or the LSA Security Group.



Consequences of Infringing

The University currently has enumerated the sanctions for file sharing as follows:



 First time infringers receive a warning and guidance.

 Persistent infringers may lose access to their UM accounts for some duration on a case-

by-case basis, or receive some other sanction.

 University employees may be terminated or receive other sanctions.





As of this writing, neither the LSA Security Group nor the ITCS User Advocate mandates that

you report the name or uniqname of any infringer to either group to track them in any way. At

this time, it is up to departments and their IT professionals to track repeat infringers.









Appendix: University Resources



The University has many, many resources to educate users on File Sharing and Copyright

Infringement. Below is just a small sample of pages that have useful information on this topic:



 Be Aware You’re Uploading Webpage at ITCS: http://www.bayu.umich.edu/

 University of Michigan IT User Advocate: http://www.itd.umich.edu/itua/index.php

 Copyright at the University of Michigan: http://www.copyright.umich.edu/

 University of Michigan File Sharing FAQ: http://www.copyright.umich.edu/file-sharing-

faq.html

 Other Copyright Resources: http://www.copyright.umich.edu/links.html









Author: Jeremy Hallum & Christopher M. Brenner CONFIDENTIAL AND ADVISORY

Page 6



Location: \\lsa\dfs\Dept\lsait\dept\Security\

Last Updated: November 30, 2011