Antipiracy Campaign Exasperates Colleges

But attempts to break with recording industry run into legal hurdles

Related materials

Text: How 3 Universities Challenged the Recording Association

Article tools

Printer friendly	E-mail article	Subscribe	Order reprints
	Discuss any Chronicle article in our forums
Latest Headlines Universities Must Disclose More Data on Animal Research A court settlement requires the U.S. Department of Agriculture to make public more information about research on animals, prompting some academic researchers to worry about further attacks by animal-rights extremists. 2-Year Colleges Streamline Student Aid and Focus on Counseling For Provost Who Fled Lebanon, U. of Dayton Is His 'Village' Letters Home From World War II Soldiers Are Found in College Basement

By CATHERINE RAMPELL

Talk to the chief information officer at just about any American university, and he will probably say that his institution has bent over backward to help the Recording Industry Association of America curb illegal file sharing on his campus.

He will also tell you he's angry.

On e-mail lists and in interviews, university CIO's and other information-technology professionals say their mission is getting derailed and staff time is being overloaded by copyright takedown notices, "prelitigation settlement letters," RIAA-issued subpoenas, lobbying efforts, and panicked students accused of piracy.

Now, feeling burdened and betrayed, some of those universities are quietly fighting back, resisting requests for information and trying to quash subpoenas. Those that do so, though, find that their past compliance — and the continued compliance of their peer institutions — is being held against them.

"We feel like we've been led down the garden path, and our interest in working in partnership and leading our mission as educators is now being used against us," said Tracy Mitrano, director of IT policy at Cornell University.

For years the entertainment industry and higher education have considered themselves allies in the fight to curb illegal file sharing on campuses, most visibly through the Joint Committee of the Higher Education and Entertainment Communities Technology Task Force.

Over the past year, joint-committee members from universities say tensions have grown, primarily because they feel betrayed by the industry's lobbying to force filtering technology on university networks.

"They're pressing for legislative proposals at both the federal and state level that we think are really inappropriate," said John C. Vaughn, executive vice president of the Association of American Universities and a joint-committee member. The proposals call for government policies "that would go against issues of privacy or academic openness that we think are important to maintain," he said.

Then universities saw an uptick this spring in the number of Digital Millennium Copyright Act takedown notices, which require universities to track down and remove infringing content from their networks. The RIAA attributed the rise to a software upgrade. University officials say no matter the cause, the proliferation is taxing their resources and distracting them from their real jobs.

Responding to RIAA notices used to be part-time work for one person, said William C. Dougherty, assistant director for systems support at Virginia Tech. "Now he's doing it full time and has an assistant," he said. "Our attorneys are also involved on almost a daily basis, as am I."

Ways to Resist

Mr. Dougherty said that in June his office began discussing "technological and sociological approaches" to reduce the time spent responding to RIAA notices. One potential solution would be to erase network-access logs sooner so that the university could not be asked to track down alleged pirates' identities after a month had passed. Mr. Dougherty says that those records get less reliable the older they are and that he fears implicating the wrong students.

Other universities have considered similar strategies, but, like Virginia Tech, they keep data on assigned IP addresses and network access for technical and administrative functions that might be impeded by erasing records.

Some universities have opted for another route: They have stopped forwarding prelitigation settlement letters from the RIAA. The letters offer students whose IP addresses have been associated with copyright infringement the option of settling out of court for several thousand dollars rather than going to court and potentially facing much scarier penalties. Most universities agree to forward the letters to students, since the RIAA can't find out their identities without a court order.

Not forwarding the letters is controversial. On the one hand, it helps extricate universities from the RIAA's battle against music pirates and relieve some legal concerns involving the Family Educational Rights and Privacy Act.

"Our acting as an agent or providing a direct link between the RIAA and students would be circumventing Ferpa," says Denise Stephens, vice provost for information services and chief information officer at the University of Kansas, which stopped forwarding the letters last fall.

On the other hand, not forwarding letters can anger students who feel deprived of an opportunity to settle.

When the University of Wisconsin at Madison stopped sending the letters on to students, the student newspaper objected, saying in an editorial: "Despite their misgivings about the recording industry, [the university] should step out of the picture and stop interfering with the judicial process."

A handful of universities have used legal means to try to resist RIAA demands upon their time. The RIAA's investigators can trace an alleged file sharer to an IP address, but without the Internet-service provider's help, they generally cannot identify who was assigned to that IP address. Accordingly, the RIAA must subpoena the service provider — in this case, a university — to find out who the alleged pirates are.

Universities have challenged such subpoenas in the past on jurisdictional grounds, and in recent months they have turned to a new strategy.

The University of Oregon, Marshall University, and Morehead State University all recently filed motions to quash such subpoenas by arguing that they imposed an "undue burden" upon a university.

In separate filings, the institutions said that at least some of the IP addresses flagged by the RIAA had been assigned to suites with multiple roommates. The institutions felt that turning over the names of all students assigned to those IP addresses would violate the privacy of students who weren't involved in the alleged file sharing. Therefore, the universities argued, they would need to do an expensive investigation to determine which students should be identified.

"A lot more students are going to have names given out that were not, and could not, be guilty," said Jane V. Fitzpatrick, Morehead State's general counsel. "It's not our job to investigate for these people."

The Power of Precedent

The RIAA's reply? You've already set a precedent for making it your job.

In court documents and interviews, the RIAA has argued that past compliance with the subpoenas means that they were not an "undue burden" before, so they should not be one now.

Both Morehead State's and Marshall's motions to quash the subpoenas were denied. The judges in both cases said there was no "undue burden" because investigations were not actually necessary to abide by Ferpa regulations. In the Morehead State ruling, the judge pointedly noted that "Morehead has responded, without objection, to virtually identical requests in other, similar litigation."

For now the University of Oregon's motion is pending. Oregon, unlike Marshall and Morehead, has no past subpoena compliance the RIAA can recite. Still, the RIAA highlights the fact that a fellow state institution, Portland State University, "responded to a virtually identical subpoena" without fuss.

"Indeed, hundreds of universities and dozens of commercial Internet-service providers have responded to the exact same subpoena without breadth or burden concerns," the RIAA argued in a brief.

That compliance is exactly the problem, the RIAA's critics contend.

"At the point where universities finally come to see they're the target of this RIAA campaign, that's the point at which they'll start arguing their own self-interest," says Charles R. Nesson, founder of the Berkman Center for Internet and Society at Harvard Law School. He believes the RIAA is trying to wear universities down with letters and subpoenas until they give in and install filtering software, a policy precedent that the RIAA may then decide to use against commercial ISP's.

Cary Sherman, president of the RIAA, says the industry is not banking on a slippery-slope strategy like the one Mr. Nesson describes and disputes accusations of bullying.

"I think that some universities feel like if they're cooperative, then we shouldn't send them so many notices because that's a burden," Mr. Sherman said. "But when our vendors detect infringement, we send out notices. That's not intending to be punitive. We really do appreciate and value the cooperation we're getting from universities, even if it hasn't been uniform across universities."

While a growing number of universities contemplate halting such cooperation, there is no stampede. Institutions that have stopped have done so independently and discreetly, eschewing attention to what otherwise seem like bold, trend-bucking actions. Morehead State's student-newspaper archives online, for example, show no coverage of the university's attempts to shield the identities of students fingered by the RIAA.

A number of other institutions emphasized that they were not trying to "make a statement" by either complying with or resisting RIAA demands. They were just doing whatever made sense for their IT departments at the time, they say.

And, says Cornell's Ms. Mitrano, industry's "attempt to get more attention may cause them to receive less attention from us."