LIVE @ ISTE 2024: Exclusive Coverage

Ten ways to combat illegal file sharing

Knowing how to comply with HEOA might take more than a simple read-through of the law.
Knowing how to comply with HEOA might take more than a simple read-through of the law.

As colleges and universities prepare to meet a new federal directive to curb illegal file sharing, one expert has a list of 10 suggestions for educational technology officials.

In a recent webinar hosted by Audible Magic, a company that sells content protection technology to schools, participants learned that as of July 1, 2010, colleges and universities must comply with the peer-to-peer (P2P) provisions of the Higher Education Opportunity Act (HEOA), a federal regulation that aims to stem illegal file sharing.

“This is an important issue,” said Jay Friedman, vice president of marketing for Audible Magic, “because [according to a report by the Administrative Office of the United States Courts], in just the last year, the number of lawsuits filed by the U.S. Copyright Group alone has jumped. In 2009, there were 2,000 lawsuits filed. In just the few months in 2010, 14,000 have been filed.”

Friedman explained that “the burden is really on the institution to be HEOA compliant, because this new regulation requires annual disclosure to students, requires the use of one or more tech-based deterrents, and states that institutions must ‘effectively combat unauthorized P2P use with measurable results.'”

But knowing how to comply with HEOA might take more than a simple read-through of the law’s very vague definition.

According to Warren Arbogast, founder and president of the Boulder Management Group, which helps higher-education institutions work with technology, most colleges and universities are confused about what needs to be done in order to be HEOA compliant.

“The definition of compliance is fuzzy at best, and because of this, many universities and colleges do not have cohesive plans in place. They tend to go more with a Band-Aid approach, meaning lots of fixes without comprehensive input from other departments,” said Arbogast.

Arbogast urged colleges and universities to first define what compliance means for their campus, then identify key stakeholders (such as IT, legal counsel, copyright agents, student affairs, and residential housing) and involve them in the process, and make sure to involve students and faculty as well.

“Communication is essential,” he said, “both internal and external, such as with vendors and organizations like EDUCAUSE that can help with these issues. So many times I’ve seen IT departments trying to go it alone.”

Another problem that Arbogast pointed to was campus leaders’ opinion that the emphasis on curbing illegal file sharing eventually will wane before any major action needs to be taken.

“Many institutions believe that the issue will just go away, or that thinking up a solution based solely on the IT department will take care of the issue. The notion, despite what many institutions may think, that this issue is dead is false. The recording industry, the film industry, the publishing industry, the game industry, and many more are not out of money and are banding together to take action,” he said.

Friedman presented a list of 10 best practices that have emerged from his company’s work with many higher-education institutions in solving illegal P2P file-sharing issues:

1. Comply with both the letter and spirit of the law. Part of being compliant is not just putting in place technology barriers, but also leveraging teachable moments, employing a three-strikes model (or graduated response) for students, and making sure that the end goal of being HEOA compliant is to build better digital citizens.

2. Involve all key constituencies, such as those who deal with federal funding, student and judicial affairs, legal counsel, residential/housing, IT, campus decision-makers, and students and faculty.

3. Define clear policies that fit your school’s philosophy. For example, will your approach to illegal file sharing be proactive or reactive? What is considered an infraction? How will that infraction be communicated? What sanctions should be in place for when an infraction occurs?

4. Address all legal issues, and not just HEOA compliance; for example, individual privacy issues, net neutrality, academic freedom, and so on.

5. Assess the effectiveness of whatever technologies you use, such as the cost, impact on the network, impact on campus policies, how much they measurably reduce illegal file sharing, how many offenders resume illegal file sharing, and so on.

6. Know the impact of your network architecture, such as bandwidth needs, asymmetric routing, integration with other network resources, and Network Address Translation and Dynamic Host Configuration Protocol.

7. Know what technologies are available, such as deep packet inspection, bandwidth shaping, blocking devices, homegrown solutions, and copyright detection products.

8. Measure overall effectiveness by tracking the reduction in DMCA notices, the reduction in file-sharing activity, and the reduction in P2P bandwidth usage.

9. Know that it’s not enough simply to respond to Digital Millennium Copyright Act (DMCA) copyright infringement notices. Institutions should try to be proactive, not just reactive, and they should prepare to set clear rules, enforce these rules, and include educational components in their plan.

10. Calculate a budget for executing your plan, including both a capital and operating budget. Identify potential shrinkages in the future, and determine the potential cost of any legal mandates and risks.

Central Washington University (CWU) is one institution that took steps to comply with HEOA before the mandate was even created.

In 2002, CWU began receiving Recording Industry Association of America (RIAA) notices and decided to establish a partnership between IT, housing, and student affairs to develop a plan of action.

“In 2002 our goals were to eliminate violations, reduce the number of illegal P2P attempts, reclaim our ResNet bandwidth, reclaim IT staff time, and improve student awareness,” said Jason Gerdes, ResNet specialist for CWU.

Gerdes explained that through proactive staff training and educating students about the effects of illegal file sharing, as well as by implementing Audible Magic’s CopySense—a network-based solution that identifies and blocks copyrighted files while allowing other legitimate P2P sharing—and Packeteer PacketShaper, the university was optimistic about cutting back on illegal file sharing.

“We also developed a registration quiz for students,” said Gerdes. “Basically, every time a student connects to ResNet for the first time, they must take a quiz about our campus acceptable-use policy. The questions alternate from person to person to allow for no cheating, the student has to answer eight or more questions correctly, and they only have to take the quiz once. If the student doesn’t get eight or more correct, they just have to take the quiz over again. Any missed questions, regardless of if they pass or not, will provide the correct answers.”

CWU also implemented a “three-strike” policy for students, with each infraction resulting in the following sanctions:

  1. Access to ResNet is disabled for one week.
  2. Access is disabled for two weeks and a letter is sent home to parents.
  3. Access is disabled indefinitely, and a complete judicial review will be completed through student affairs.

“Now our DMCA notices have been virtually eliminated, and we have significantly reduced the number of illegal P2P attempts. We’ve also reclaimed our ResNet bandwidth over time—and students appreciate the speed as well,” said Gerdes.

Gerdes said institutions looking to model this approach should remember that for their compliance plan to be successful, the administration must be willing to support the IT department’s solutions. He also mentioned that student buy-in was crucial as well.

“If institutions don’t start planning on a sound compliance plan, the issue won’t go away; instead, colleges and universities will be held even more accountable,” reiterated Arbogast. “The industry will come back even stronger, because after all, their material is being stolen. They will also lobby for stricter legislation.”

Arbogast listed four actions institutions can take immediately to become more compliant, even if concrete implementation hasn’t started:

  1. Collaborate with key stakeholders to determine the definition of compliance as it relates to your campus.
  2. Create a plan that includes both technical and educational components to comply with both the letter and spirit of the law.
  3. Create a timeline for completion and follow it through.
  4. Talk with others outside the campus for advice and help, such as organizations, vendors, and other institutions.



Audible Magic

The Boulder Management Group

Central Washington University

Sign up for our K-12 newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

Meris Stansbury

Want to share a great resource? Let us know at

New Resource Center
Explore the latest information we’ve curated to help educators understand and embrace the ever-evolving science of reading.
Get Free Access Today!

"*" indicates required fields

Email Newsletters:

By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

eSchool News uses cookies to improve your experience. Visit our Privacy Policy for more information.