The course of action that Stanford University must pursue in the event of electronic copyright infringement perpetrated by a student, is governed by certain Federal regulations, and has a significant impact on student privacy. Specifically, students who violate the Digital Millennium Copyright Act (DMCA) may be at risk of his or her personally identifiable information being provided to copyright owners that may choose to pursue legal actions.
The DMCA was signed into law on October the 28th of 1998, amending Title 17 of the U.S. Code, more commonly known as the United States Copyright Act. The DMCA criminalizes the circumvention of measures that are intended to control access to copyrighted works and also increases the penalty for copyright infringement perpetrated on the Internet.
Students most often violate this act by illegally sharing copyrighted material, which is done by downloading or uploading protected content with their personal computers. Copyright owners often hire companies to monitor file-sharing traffic to record the IP addresses of computers engaged in illegal sharing. Once the IP address of a violating computer is logged, the Internet service provider (ISP) for that computer can be tracked. In the case of students on campus, the designated ISP is 'Stanford'.
The DMCA provides a mechanism by which copyright owners can complain to ISPs about illegal file sharing. Once the ISP of a violating computer is tracked, copyright holders file a 'DMCA complaint', which tells the ISP that a particular computer/IP address is sharing an illegal file. According to Subsection 512(c) of the Copyright Act, ISPs may designate an agent toward which all such complaints must be directed. For Stanford, the Information Security Office (ISO) fulfills this role.
Provided that Stanford responds to every DMCA complaint it receives, and that there is an appropriate public policy in place, the University cannot be liable for infractions that occur on its network. However, this 'safe harbor' does not extend to the infringers themselves and they are still liable for their actions.
Upon the receipt of a DMCA complaint, the Stanford ISO will issue an email notification to the offender. He or she will then have two business days to pass a short 5-question quiz and indicate that the illegal file has been removed or that the sharing has ceased. If a user receives a second DMCA complaint, they must again indicate that the file has been removed or that that sharing has ceased. However, a third DMCA complaint will result in termination of Internet access for that user. This policy ensures that the University is not liable for infringement that occurs on campus, but does not protect students.
Some students are under the misimpression that their online activity is anonymous and untraceable. However this is not the case, as much of your online activity is logged by the systems you access to use the Internet, and these logs can be used to implicate you in illegal file sharing.
But by far the greatest risk to student privacy in this context comes from subpoenas issued by courts on behalf of copyright holders. The Recording Industry Association of America (RIAA) is responsible for a great many of the DMCA complaints issued. In February 2007, the RIAA announced that it would begin issuing pre-litigation letters to infringers. These letters inform of the forthcoming lawsuit against the recipient and subpoena for the infringer's identity. If presented with a subpoena, by law the University must reveal the identity of the individual in question.