April 19, 2004 4:00 AM PDT

Hollywood's new lesson for campus file swappers

Hollywood is poised to up the ante in its war against file swappers, with new technology that could make it easier to remove suspected pirates from campus networks, CNET News.com has learned.

Movie studios, record labels and technology companies have been testing the system for months, according to sources familiar with the project.

Known as the Automated Copyright Notice System (ACNS), the technology promises to make copyright enforcement easier on peer-to-peer networks, saving schools and Internet service providers (ISPs) time and money. ACNS allows them to automatically restrict or cut off Internet access for alleged infringers on notice from a record label or movie studio. For example, universities using ACNS could instantly send notices of copyright infringement to students by e-mail and restrict their network access until they have removed the file.

Though not specifically ACNS, a similar system is set to go live Monday at the University of California at Los Angeles, one of the nation's largest universities with 37,500 students.


What's new:
New technology could make it easier to remove suspected pirates from university networks.

Bottom line:
The technology promises to ease copyright enforcement on peer-to-peer networks, saving schools and Internet service providers time and money.

For more info:
More stories on the topic

"ACNS is an open-source, royalty-free system that universities, ISPs, or anyone that handles large volumes of copyright notices can implement on their network to increase the efficiency and reduce the costs of responding to the notices," according to a technical summary.

College campuses are ground zero for illegal file swapping via peer-to-peer networks because students often have access to high-speed Internet or local area network (LAN) connections through their school's network. Hollywood and the music industry say that such violations have cost them billions of dollars and thus have targeted universities to help to curb file swapping. ACNS, one such measure, is designed to takes some of the burden off universities and ISPs as they field thousands of content takedown notices from copyright holders.

Universities have an incentive to cooperate with the technological solutions because they can be held liable in lawsuits charging their students with digital theft.

The Motion Picture Association of America (MPAA) is still working on gathering support among universities, which are key to helping curb piracy, said Matthew Grossman, director of digital strategy at the group. "If it enables them to properly implement their copyright policies, we're all for it," Grossman said.

ACNS was jointly designed by Vivendi Universal Entertainment and Universal Music Group in response to an open call for technical solutions to peer-to-peer piracy. The two groups are still talking to universities, ISPs and technology companies about offering it as a pilot program. They have also applied for a patent on the piracy notice and prevention tool.

ACNS is the latest effort from record labels and Hollywood studios to crack down on piracy over peer-to-peer networks. The industries' tactics have grown increasingly aggressive, drawing charges from some critics that copyright holders have trampled the rights of accused infringers.

Last year, for example, the Recording Industry Association of America (RIAA) began suing hundreds of individual file swappers and using fast-track subpoenas allowed under digital copyright law and aimed at making it cheaper for intellectual property holders to sue dozens of people at once. A judge later invalidated most of those subpoenas, forcing the industry to pursue more costly and time-consuming filings aimed at specific individuals.

Privacy vs. policy
ACNS is aimed at slashing the costs of copyright enforcement on peer-to-peer networks, although its backers say the system does protect end-user rights.

According to its technical summary, ACNS does not invade privacy. Rather, it assists universities or ISPs in enforcing their own policies on network abuse and copyright infringement. ACNS can also be used to protect networks from viruses, Trojan horses and other nefarious activity, the summary asserts.

"We're helping the ISP or university with policy enforcement. We're not dictating the policy, but we're saying, 'Here's a tool to help with automating the process.' We're the friends of the ISP," said Mark Ishikawa, chief executive officer of BayTSP, a Los Gatos, Calif.-based digital protection company that is using the system on behalf of copyright holders.

MediaSentry, another copyright searching company, and packet shaping vendor Ellacoya have started testing ACNS. According to the technical specification for ACNS, the group is working with a university that has installed the system using its Cisco routers. Universal Studios, Paramount, MPAA and RIAA have all begun using Extensible Markup Language (XML) tags in their copyright notices.

Although universities are interested in tools that can help them reduce campus piracy, some are reluctant to use ACNS because of concerns that it might not give students a chance to contest the charges against them.

UCLA's new piracy prevention program, for example, is based on principles used in ACNS but ensures that students will always get a fair shake, according to the school's director of IT policy, Ken Wada. The policy affects 7,500 students who live on campus.

"It would be easy to accept a claim and shut the computer off without understanding the circumstances," Wada said. "We seek to balance our responsibilities to respect copyrights and our responsibilities for due process and student privacy."

Under section 512 of the federal Digital Millennium Copyright Act (DMCA), a representative of a copyright holder can send a "takedown" notice to a university or ISP requesting that copyrighted material be removed. Universities may be obliged to comply with such requests from copyright holders.

ISPs have argued that the DMCA takedown requirements do not apply to peer-to-peer networks because the ISPs are not in a position to police the private hard drives of their customers. The statute applies only to material hosted on the providers' own servers, the ISPs have argued.

UCLA sent letters to resident students and staff last week, describing its new policy for file sharing and intellectual property, and warned of the personal risks of file sharing by highlighting the RIAA's latest round of lawsuits against students in March. The university will launch the new piracy prevention program on Monday as a test throughout the spring quarter, Wada said.

Since July, UCLA has received 300 takedown notices from copyright holders, a school representative said.

UCLA's policy will give students two strikes. A first-time offender will lose his or her Internet access until the infringing files are removed. On a second offense, the process is the same, but the student faces disciplinary action from a dean.

"When we receive a claim of copyright infringement and when we've identified the computer, it's put into the form of restricted network access. That computer can only get to resources on the UC campus; file sharing has been stopped," Wada said. "You'll see some commonality with ACNS."

ACNS isn't the first automated network piracy-prevention tool.

Last year, the University of Florida created a similar open-source program called Icarus (Integrated Computer Application for Recognizing User Services). When Icarus detects illegal file trading on the school network, it automatically sends an e-mail and a pop-up notice warning the student that he or she is about to be disconnected.

Utilizing digital tags
ACNS relies on reports of illegal file swapping from movie studios and record labels, which notify schools of infringement. It enhances current reporting methods by using software tags to automate some of the steps.

Several studios and record labels, including Universal Music Group, have begun to standardize the tags at the bottom of their takedown notices into XML, code that allows data to be used seamlessly in various contexts.

The digital tags contain the name of the copyrighted material that's been comprised, the copyright holder's name, date and time stamp, and the Internet Protocol address of the infringer. Receipt of this tag triggers the internal notification process at a university or ISP using the system.

Typically, it can take days or weeks for a university to act on a copyright violation request. When a request reaches the IT administrators, they must investigate who used the IP address in violation of its file-sharing copyright policies. Then they send a note to the residential housing adviser where the student lives. The adviser then sends a note to the dean's office about the student's activity. And the dean will act on the school's policy for such behavior, notifying the student and potentially disconnecting Internet access to the student's machine.

ACNS would trigger such e-mail notifications and could automatically choke off the student's access to a peer-to-peer network, while leaving his Internet or e-mail connection untouched. Depending on the school's policy, it could put the student into a 30-minute penalty box, without access, on the first offense. The second offense could warrant a week without peer-to-peer privileges, and so forth.

A report is generated on the infringing act, including who was notified and how the situation was handled, and a log is created at the monitoring station.

Fred von Lohmann, an attorney with the Internet consumer rights group known as the Electronic Frontier Foundation, said ACNS is an interesting concept but doubted that it will solve the problem of campus piracy. He predicted that students ultimately create workarounds, for example, using wireless devices to avoid detection. He said that the more sensible solution is for the copyright holders to collectively license their content to college campuses.

That approach has proven controversial as well, however. Penn State signed a deal last fall with Napster to offer a legitimate online service for its students, but many people balked because it translates into added fees to their tuition.

"Whether it's an opening gambit for the recording industry to try to tell universities how to design their computer systems, we'll have to wait and see," von Lohmann said. "The trouble I have with this, there will be countermeasures, and who is going to absorb costs to constantly modify this system to make it work? Do universities really want to be drawn into the arms race?"


Join the conversation!
Add your comment
Universities NOT liable for students
Universities can't be held liable for illegal student behavior over their networks, protection is provided through the DMCA. They aren't any more liable legally than ISPs are. Please get your facts in order, cnet.
Posted by (13 comments )
Reply Link Flag
In other words... just don't attend these schools. Well, I know it's not that easy, but I'm sure the schools will get crap from the students for it. Isn't it your business, what's on your pc? It seems invasive to tell someone that they can't have a file on their computer... "Whoop, you can't have this Kernel32.DLL on your computer, because it might allow you to use your computer." Not all music traded on the internet is illegal either... how do they plan to deal with that?

It's a stupid system.
Posted by (1 comment )
Reply Link Flag
This is a crock of s#@$
First of all, it is not up to the university to do anything about file sharing, legally. The best they can do is simply limit the bandwidth to certain applications to keep the network speedy. Other than that - They should do nothing... And I'd like to see them get past my proxy server!!!
Posted by (1 comment )
Reply Link Flag
Sample XML
The issue is not how fast the media companies can shut down
students--the issue is when they are going to make their
shutdown notices *accurate*. The Universities are right--there
has to be an appeal process--none of this "shut it down now".

If you want an example of a typical shutdown notice (XML
included) see here:

<a class="jive-link-external" href="http://commons.somewhere.com/buzz/2004/" target="_newWindow">http://commons.somewhere.com/buzz/2004/</a>

This was Universal's second attempt to shut down my internet
connection by complaining to my ISP about things which had
absolutely nothing to do with me.

And they want to be able to just flick a switch and shut things
off without appeal? Would you give a light switch to someone
who doesn't know what a light bulb looks like?
Posted by (10 comments )
Reply Link Flag
Link Failure
Kee, you need to repost that file elsewhere. Access permission to the file was denied by the server you have it stored on.
Posted by (1 comment )
Link Flag
I read through the emails you posted on your site. Very interesting. Kudos on kicking their *****.
Posted by (1 comment )
Link Flag
Isn't an oxymoron to patent an open source, royalty-free syste? Maybe the RIAA wants everyone to adopt it and then they will charge out the wazoo for having it installed.

"ACNS is an open-source, royalty-free system that universities, ISPs, or anyone that handles large volumes of copyright notices can implement on their network to increase the efficiency and reduce the costs of responding to the notices," according to a technical summary.

ACNS was jointly designed by Vivendi Universal Entertainment and Universal Music Group in response to an open call for technical solutions to peer-to-peer piracy. The two groups are still talking to universities, ISPs and technology companies about offering it as a pilot program. They have also applied for a patent on the piracy notice and prevention tool.
Posted by benwolfe54 (2 comments )
Reply Link Flag
That's just the point. They DON'T think of these things. It's a clear violation of your right to privacy, but thanks to the DMCA, Patriot Act, etc., that right practically doesn't exist anymore. The RIAA, MPAA and other groups backing this plan know that. That's why they're taking advantage of the huge window of opportunity open for them now (and abusing the privelege). MY next question is, how are they going to determine not only what music isn't copyrighted, but what music was downloaded legally? I could have half my hard drive filled with music I got from iTunes or Napster. Would they try to cut off my Internet access for having THOSE on my hard drive? I think it's about time we voted out those in public office who are going along with this crap. Anyone else feel the same way?
Posted by jcolletta275 (7 comments )
Reply Link Flag
It's about time
Whoever is complaining about privacy shouldn't worry. If you
read the article, only flagged copyrighted files will be detected if
they are shared. If they are detected on your computer, you give
up your privacy rights just as if you were to get arrested by a
police officer. I am tired of all the P2P software, viruses, spyware
and adware. You can say whatever you want about which
version, Lite, copy or whatever. The are all the source and
contribute to this growing infection on the internet.

The real source of all illegal files has never been P2P software.
However, it has become the largest source of mainstream files
simply because any fool could download any song or movie and
most programs. Try converting everyone over to IRC, well, that's
not gonna happen. Plus, I don't even think a 1/3 of people using
Kazaa recognize the threat of being caught. Well, you are going
to see thousands get caught within the next 6 months. When
several companies, different industries with government support
all get together to crack down you are gonna have them coming
after you. I feel no remorse for all your mass piraters and
Posted by (4 comments )
Reply Link Flag
What everyone seems to overlook
Okay, I just have to mention one aspect of the P2P smack down
that none of the companies seem to see, or want to look at.
They state that college campuses are "ground zero" for illegal
downloaders because of bandwidth, I'm a recent college grad
and I can tell you first hand that of all the downloaders I know,
none of them do it because of the bandwidth. The #1 reason is
the high cost of such small goods. College sudents, myself
included, tend to have little or no money while i school.
Spending $10-20 on a CD is not going to happen, we all would
choose food over music. If the companies would stop illegal
downloadings as of today, their business wouldn't benefit one
bit. Two reasons why: 1) Students would not fall back on
purchasing CDs, they can't afford to. So what would happen is
they wouldn't buy anything or they'd esort to digitizing audio/
video from other sources to listen to. 2) The industry would
suffer because most file swappers tend to use the P2P channels
ad testing grounds for music. If they like it, they'll buy the
album, if not they'll keep he one or two mp3s or delete them all

I'm getting tired of hearing about companies taking their
customers to court hoping it will turn their business around. On
a common sense level that make none at all. I don't think it
takes a brilliant person to see the trends and realize that te
industry just need to cut their losses and try to redesign their
business models to fit customer wishes as opposed to their own.
What ever happened to "The customer is always right?"
Posted by (1 comment )
Reply Link Flag
Your exactly right in that aspect. Thats why ever since thise whole thing started I vowed to never buy a single product from the RIAA again whether it be a CD tape or even 8-track.

If I want to hear a band Ill go see them perform live. Thats what musicians do after all.. they are performers, entertainers.. not artists.. its not a painting its music.

As for someones analogy about the police you are incorrect. Even if you are suspected of doing something illegal they cannot search your house or your hard drive without a warrant or your express permission. Theres where the privacy issue comes into effect. Searching your computer just like searching your house to see if your doing something illegal without probable cause or a warrant is an invasion of privacy and highly illegal.
Posted by Fray9 (547 comments )
Link Flag
Penalty without hearing? Legal problem
I'm alarmed at the idea of penalties sometimes being imposed automatically by software, without giving the accused person any kind of hearing. What if the system malfunctioned?

All the computer usage rules that I helped frame for The University of Georgia (www.uga.edu/compsec/use.html) revolve around the notion of human accountability and the right to defend oneself in some kind of hearing. Punishment for misdeeds should not be automated.
Posted by mcugaedu (75 comments )
Reply Link Flag
Thats not the only problem
Theres also the fact that searching a persons hard drive without a warrant, permission, or probable cause by a law enforcement agency is illegal as is intercepting a data transmission without the persons permission, whether explicit or implied. That would either fall under traditional wiretapping laws or one of the many computer hacking laws.
Posted by Fray9 (547 comments )
Link Flag
Your Text (block 7):"Universities have an incentive to cooperate with the technological solutions because they can be held liable in lawsuits charging their students with digital theft."

Outtake of the document "Philosophy" from the Author of "Freeme":
One of the big successes of publishers such as the RIAA and MPAA has been a steady erosion and public brain-washing regarding the point of
copyright. A simple but effective measure has been the modification of terminology that is used for copyright violations: they speak of people "stealing intellectual property" or "theft of copyrighted music" in the trading of MP3s. The wide-scale copying ala Napster clearly is copyright violation, but "theft"? The definition of something being "stolen" means that it is taken from the rightful owner - and the owner no longer has possession of that item.

Well as you can see, you actually did fall into the Moustrap, didnt you....
Posted by (1 comment )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.