march 2014 dmca presentation

Digital Millennium Copyright Act

Theodore Mak, Clayton Bauer

Introduction Theodore Mak (tjmak@ucdavis.edu)

IT Express Programmer (Lead Consultant) Lead Incident Response and IT Abuse Administrator

Kam Chand (chand@ucdavis.edu) IT Express Programmer Incident Response and IT Abuse Administrator

Notes This presentation was adapted from the DMCA

lecture from the 2013 Security Symposium This is intended as a quick summary of the

technical side of DMCA Some materials may be outdated

ServiceNow has replaced Remedy

Digital Millennium Copyright Act (DMCA)

Passed into law October 28, 1998.

The DMCA protects internet service providers (ISP) from liability for copyright infringement by their

users. If the internet service provider meets certain

requirements.

Digital Copyright Millennium Act (DMCA) Requirements ISP must take:

Take steps when it receives notice that infringing material resides on its network

Adopt and implement a policy that provides for termination of users who are repeat infringers

Accommodate standard technical measures that are used by copyright owners to identify and protect copyrighted works

What groups are involved in DMCA?

IRT Incident Response Team (Kam and Theo) Handles the technical aspects

DMCA Group Technology Transfer Services Designated Agent

Individual within the ISP who is registered with the U.S. Copyright Office as the point of contact for DMCA communications.

Jan Carmikle

OSD /SJA Office of Student Development, Student Judicial Affairs Works with students

http://manuals.ucdavis.edu/ppm/250/250-05.pdf

How Does BitTorrent Work?

http://computer.howstuffworks.com

How Does BitTorrent Work? A user opens a web page and click on a link for the desired file.

Pirate Bay, Kickasstorrents, Torrentz, etc. BitTorrent client software (e.g. Vuze, Azure, BitComet, uTorrent)

communicates with a tracker to find other computers running BitTorrent that have the complete file (seed computers) and those with a portion of the file (peers that are usually in the process of downloading the file).

The tracker identifies the swarm, which is the connected computers that have all of or a portion of the file and are in the process of sending or receiving it.

The tracker helps the client software trade pieces of the file you want with other computers in the swarm. Your computer receives multiple pieces of the file simultaneously.

images.google.com

Key Point

To download files from BitTorrent, one must also share

http://computer.howstuffworks.com

IP Address Dynamic Host Configuration Protocol (DHCP) Dynamic IP addresses are issued using a leasing

system, meaning that the IP address is only active for a limited time.

If the lease expires, the computer will automatically request a new lease. Sometimes, this means the computer will get a new IP address, too, especially if the computer was unplugged from the network between leases.

MAC Address A unique 12 character addresses assigned to a

network interface card (NIC) Hard coded Must be registered to connect wired on campus Note: The MAC address can be spoofed

Investigation User Downloads File

Most commonly via BitTorrent Types: Music, television shows, movies, video games,

ebooks

Violation detected IP address is identified to belong to UC Davis Copyright Notification is sent to UC Davis

Designated Agent Notification is forwarded to IRT

Log searching begins

Sample DMCA Notification Evidentiary Information: Notice ID: 22275371730 Asset: ARCHER File Name: Archer.2009.S04E01-13.720p.WEB-DL.x264.AAC Timestamp: 2013-05-29 05:22:30.537 GMT Last Seen Date: 2013-05-29 05:22:30.537 GMT File Size: 2833295329 IP Address: 128.120.169.94 Protocol: BitTorrent

How Do We Know? Wireless – We track the wireless authentication

logs Wired – We track the MAC address

Students must register their ethernet MAC address to connect using a wire

Investigation: Staff or Student Student

First or Second Violation? Results are sent back the DMCA group Office of Student Development (OSD) / Student Judicial

Affairs (SJA) is notified Staff/Faculty

Results are sent back to the DMCA group DMCA group investigates with violator’s Department

Case is entered into ServiceNow

No Results / Exceptions

Incorrect Information Date and time inaccurate

Missing information (such as timezone)

Department VLAN Unregistered Device (solved!)

Interpreting IRT Email

Deactivation: 1st and 2nd Violation

First Violation Disable wireless and wired access for two weeks IRT confirms with DMCA, Users, and OSD Start of two week count down

Second Violation Disable wireless and wired access permanently Same process as first violation

Deactivation: Process

DMCA notifies IRT and user of shutdown User is instructed to forward all inquires to OSD/SJA IRT deactivates account using the wireless blacklist

tool and Infoblox

Case is entered into ServiceNow

Key Notification Points Remove peer-to-peer software from your computer If you have a wireless router registered in your name

you are responsible for activities of anyone accessing the UC Davis network through the router. 

Do not use another person’s computer or allow others to use your computer or your login/password.

In approximately two weeks the users account will activate

Wireless Blacklist Users are added to the wireless blacklist

Infoblox We block the registered wired MAC address listed

on the users central computing account. If no MAC address are listed user the users

account, we do not block them. Automatically reactivates

Activation Activate wireless login ID

by removing user from wireless blacklist Unblock MAC address

Automatically unblocked in Infoblox ServiceNow ticket is closed

DMCA Notification Totals (1998-2012)

Statistics (2011-2014)

Jul-11Au

g-11Sep

-11Oct-

11Nov

-11Dec-

11Jan

-12Feb

-12Mar-

12Ap

r-12May

-12Jun

-12Jul-12Au

g-12Sep

-12Oct-

12Nov

-12Dec-

12Jan

-13Feb

-13Mar-

13Ap

r-13May

-13Jun

-13Jul-13Au

g-13Sep

-13Oct-

13Nov

-13Dec-

13Jan

-14Feb

-140

20

40

60

80

100

120

140

160

180

200

220

DMCA Requests

Month / Year

Statistics: Comparison

July Aug Sept Oct Nov Dec Jan Feb0

20

40

60

80

100

120

140

160

180

200

2011-2012 2012-2013 2013-2014

Num

ber

of D

MCA

Req

uest

s

Requests vs Actions

Jun-13 Jul-13 Aug-13 Sep-13 Oct-13 Nov-13 Dec-13 Jan-14 Feb-140

50

100

150

200

250

300

350

400

450

500

DMCA Requests Actions Taken

Ways to Minimize DMCA Educating users about DMCA

Popcorn Time Streams video from torrents Temporary copy of the file is saved on the client’s

computer While streaming, the copy can be shared

Sources http://research.ucdavis.edu/pgc/ipm/copyright/

dmca http://manuals.ucdavis.edu/ppm/250/250-05.pdf http://orintranet.ucdavis.edu/home.cfm?id=OVC,

23,1728,1718,1745,2063 http://www.getlegal.ucdavis.edu/Copyright.htm http://dmca.harvard.edu/dmca_overview.php http://computer.howstuffworks.com

Questions

Ask us anything!

Contact Information

Theodore Mak tjmak@ucdavis.edu

Kam Chand chand@ucdavis.edu