Current Legal Developments

Hot Topics







This past summer saw developments relating to peer-to-peer (“P2P”) music file sharing.  Of most significance, on June 25, 2003, the Recording Industry Association of America ("RIAA"), a trade group that represents U.S. record companies, announced it would seek out the heaviest P2P service users and sue them for copyright infringement [1].  Subsequently on September 8 the RIAA filed suit against 261 individuals in federal courts across the country.  In order to identify these individuals, the RIAA issued over 1600 subpoenas under the Digital Millennium Copyright Act.  The RIAA has since issued lawsuit notification letters to an additional 204 individuals.

In connection with the recording industry's enforcement effort,
colleges and universities have been served with DMCA subpoenas seeking the identity of students engaged in file sharing on educational networks and should be aware of their rights and responsibilities in this regard. This Note will describe P2P file sharing, identify some campus policies to respond to or prevent inappropriate activity, and suggest possible responses by institutions in receipt of a DMCA subpoena seeking the identity of alleged copyright infringers using the institution's computer network.

What Is Peer-to-Peer Sharing? 
Peer-to-peer networks consist of users who share information directly with each other over the Internet without having to log onto a central computer.  In 1999, a Northeastern University student created a software program called Napster, which allowed its users to trade music and other data online.  In February 2001, however, the United States Court of Appeals for the 9th Circuit held that Napster, Inc. had committed contributory copyright infringement by maintaining a central database of available files and their locations for the program’s users [2]. 

Following the Napster case, the recording industry targeted the other major peer-to-peer file sharing services, including KaZaA, Grokster, Aimster and Morpheus. While these services are also designed to let people exchange music, movies, videos and other files over the Internet, they, unlike Napster, are not themselves directly involved in the actual process of sharing, but instead merely provide programs that permit the sharing to occur.  A recent federal decision concluded that the companies that provide these programs are not engaging in infringing activity, because the programs can also be used for legitimate file sharing – just as a VCR may be used for both legal and illegal acts [3]. 

In its effort to protect the intellectual property of its members, the recording industry is now attempting to pursue directly individuals who share files of copyrighted material.  Some (though by no means the dominant) percentage of file sharing occurs in the college and university environment, [4] and many of the first subpoenas were issued to educational institutions. Colleges and universities should be prepared to respond if they receive such subpoenas and should take steps to protect themselves – and their students – from potential lawsuits.

Peer-to-Peer Sharing Issues for Universities and Colleges
In the current legal climate, universities should be aware of the following P2P file-sharing issues.

Intellectual Property Issues
Distribution of copyrighted materials over the Internet without the copyright owner’s permission can be a violation of the Sec. 106 of the Copyright Act. The DMCA generally protects colleges and universities from liability for illegal file sharing by their students on university networks.  However, the institution must register with the Copyright Office and comply with certain other requirements in order to obtain this “safe harbor” immunity [5].  Moreover, the institution can lose its immunity in some cases if it knows or should know about specific infringing activity [6]. 

Other Network Issues
Peer-to-peer sharing can adversely affect the performance of the computing network in several ways. File sharing can consume a large amount of bandwidth -- some studies have shown that as much as 60% of all traffic/storage on university networks may be devoted to file sharing, leaving little room for more important traffic [7]. Large scale file sharing may also render a network more susceptible to viruses and privacy violations and may open the door to hackers.  Moreover, excessive P2P sharing on an institution's network may result in a large volume of DMCA subpoenas, the processing of which requires use of limited institutional resources.

Recording Industry Concerns
In an October 3, 2002, letter to nearly 2,300 college and university presidents, the RIAA expressed concern over student “piracy of copyrighted creative works” and addressed the need for academic institutions to develop policies to prevent online copyright infringement
[8]. Specifically, the RIAA requested that colleges and universities adopt and implement policies that:

(1)  Inform students of their moral and legal responsibilities;
(2)  Specify what practices are and are not acceptable on yo
ur school's network;
(3)  Monitor compliance; and
(4)  Impose effective remedies against violators.

While these requests go beyond the requirements of the DMCA – which, in particular, does not require an ISP to monitor its users’ compliance with copyright law – they are an important indicator of the recording industry's expectations.

What Should A College or University Consider When Implementing Policy?

Whether for legal, bandwidth management or other reasons, institutions attempting to deal with these issues should consider taking some or all of the following steps:

image   Adopt and inform students and other users of a policy terminating the network privileges of those found to be infringing copyrights repeatedly and actively enforce that policy when infringements are identified.  Doing so is a prerequisite to the DMCA safe harbor.

image Post the policy on the institution's website where it is easily accessible to the university community.  In addition, institutions may wish to implement a mechanism that requires users to prove they have read the policy prior to obtaining initial access to the institution's network [9].

image   Educate users about copyright law and give them examples of what they can and cannot do [10].  Let them know that it generally is best to assume that all but the oldest material is copyright protected unless explicitly stated otherwise and that copyright infringers could face up to $150,000 per infringement, as well as potential criminal penalties in some cases.

image   Recognize that not all P2P file sharing is copyright infringement; some P2P sharing may have legitimate academic use, and your policy should acknowledge the academic benefits of legitimate P2P sharing.

image   Consider implementing packet-shaping or other technical means of limiting the amount of file sharing that can occur on the network.

What If An Institution Receives a DMCA Subpoena?
The DMCA gives copyright owners the ability to subpoena internet service providers (including colleges and universities operating computer networks) for “information sufficient to identify the alleged infringer” [11]Copyright holders need not file a lawsuit first; the copyright holder need only apply to the clerk of any United States district court (see discussion at footnote 15 below)The application must include the following:

image a signature of a person authorized to act on behalf of the copyright owner;

image identification of the copyrighted work claimed to have been infringed;

image identification of the material claimed to be infringing (including information reasonably sufficient to allow the service provider to locate the material);

image information reasonably sufficient to allow the service provider to locate the complaining party;

image a statement that the complaining party has a good faith belief that the use of the material is not authorized;

image a statement that the information in the application is accurate;

image a proposed subpoena; and

image a sworn declaration that the purpose of the subpoena is to identify the alleged infringer and that the information obtained will be used only to protect copyright rights [12].

A college or university that receives such a subpoena must “expeditiously disclose to the copyright owner or person authorized by the copyright owner the information required by the subpoena, notwithstanding any other provision of law …” [13].   Before doing so, however, the institution should confirm that the subpoena complies with the requirements listed aboveIf it does not, compliance with the subpoena would not be required by the DMCA and therefore presumably would be prohibited by the Family Educational Rights and Privacy Act (“FERPA”) [20 U.S.C. 1232(g)(b)(2)(B)] [14].  Whether a subpoena that does comply with the DMCA requirements must also comply with the additional requirements of FERPA – including notification of the affected students in advance of compliance – is an open question [15]. Institutions would be wise to continue to insist on compliance with FERPA until this issue is resolved.




FN2.  A&M Records, Inc.  v.  Napster, Inc., 239 F.3d 2004 (9th Cir. 2001)

FN3.  The RIAA has appealed that decision. See

Metro-Goldwyn-Mayer Services, Inc.  v.  Grokster, Ltd., 259 F.Supp.2d 1029 (C.D.Cal. 2003)

FN4.   Statement of Hon. Lamar Smith, Chairman, Subcommittee of Courts, the Internet, and Intellectual Property, House Judiciary Committee, February 26, 2003, indicating that research by one P2P file sharing service indicated that 16% of all files available at any given moment are located at IP addresses managed by U.S. educational institutions; and that users trading from networks managed by educational institutions accounted for 10% of all users on the service at any given moment.

FN5.   See 17 U.S.C. § 512;

Complying with the Digital Millennium Copyright Act: Responding to Notices of Alleged Infringement. University of Texas System.

FN6.  For an excellent discussion of types of copyright infringing activity and the potential liability of students engaged in peer-to-peer file-sharing, see "Background Discussion of Copyright Law and Potential Liability for Students Engaged in P2P File Sharing on University Networks", issued on August 8, 2003 by the American Council on Education (ACE).  This article was issued as part of the education effort of the Joint Committee of the Higher Education and Entertainment Communities, formed to work collaboratively toward solutions to the copyright problems caused by unauthorized peer-to-peer file sharing on college campuses.

FN7. Controlling Peer to Peer Bandwidth Consumption, P-Cube, Inc.

FN8. RIAA Letter to College and University Presidents, October 3, 2002.  Following the RIAA letter, on October 8, 2002 the presidents of 6 leading higher education associations wrote a letter to the presidents of U.S. colleges and universities referencing the RIAA letter and urging them to join in "addressing the inappropriate use of campus facilities to disseminate copywritten materials".

FN9.  See Travelers of the Electronic Highway (T.E.H.).  Technology Training Services, Cornell University;

Instructions for Taking the Electronic Community Citizenship Examination.  University of Delaware.

FN10.  See An Overview of Your Rights and Responsibilities in Cyberspace. Steven J. McDonald.

Copyright Letter.   Rhode Island School of Design.

Copyright Tutorial.  University of Texas System.

FN11.  See 17 U.S.C. § 512(h)(3).  The RIAA as provided has a DMCA Fact Sheet on its website.  

Senator Sam Brownback of Kansas recently introduced Senate Bill 1621, the "Consumers, Schools, and Libraries Digital Rights Management Awareness Act of 2003", Sec. 5 of which states in part "Notwithstanding any other provision of law, an Internet access service may not be compelled to make available to a manufacturer of a digital media product or its representative the identity or personal information of a subscriber or user of its service for use in enforcing the manufacturer's rights relating to use of such product on the basis of a subpoena or order issued at the request of the manufacturer or its representative except under a valid subpoena or court order issued at the request of the manufacturer or its representative in a pending civil lawsuit or as otherwise expressly authorized under the Federal Rules of Civil Procedure or the civil procedure rules of a state.

FN12.  See 17 U.S.C. §§ 512(c)(3)(A) and (h)(2)

FN13.  See 17 U.S.C. § 512(h)(5); see also, In re Verizon Internet Services, Inc., 257 F.Supp.2d 244 (D.D.C. 2003) (subpoena power under DMCA is constitutional and internet service providers must comply with subpoena requests).  Verizon has appealed this decision and argument was held before the U.S. Circuit Court of Appeals for the District of Columbia on September 16.  A comprehensive case archive, including links to pleadings and briefs, is available at

FN14.  See 20 U.S.C. 1232(g).

FN15. In response to RIAA subpoenas it received issued by the U.S. District Court for the District of Columbia, Boston College moved to quash enforcement of the subpoenas on the ground that they did not comply with Federal Rule of Civil Procedure 45(a)(2) and (b)(2) because they were not issued from the court for the district in which the production of the documents named in the subpoena were to produced, or alternatively by a court within 100 miles of the place of production.  Boston College further argued that because the subpoenas were not lawfully issued, it could not disclose the information pursuant to FERPA Sec. 1232g(b)(2)(B); and sought a protective order stating that if and when the RIAA served it with lawfully issued subpoenas, those subpoenas must give Boston College sufficient time to give reasonable advance notice to any student whose education record may be produced.  The U.S. District Court for Massachusetts granted Boston College's motion to quash on the basis of FRCP 45(a)(2) and (b)(2).




image 17 U.S.C. § 512
Copyright:  Limitations on Liability Related to Material Online
20 U.S.C. 1232(g)
Education:  Family Educational and Privacy Rights
34 C.F.R. § 99.31
Education:  Family Educational Rights and Privacy



image A&M Records, Inc.  v.  Napster, Inc., 239 F.3d 2004 (9th Cir. 2001)
In re Verizon Internet Services, Inc., 257 F.Supp.2d 244 (D.D.C. 2003)
Metro-Goldwyn-Mayer Services, Inc.  v.  Grokster, Ltd., 259 F.Supp.2d 1029 (C.D.Cal. 2003)


Cornell University
image Duke University

image Loyola University Chicago
image University of North Carolina, Chapel Hill

Web Sites:

United States Copyright Office
image Recording Industry Association of America

Additional Resources:

Copyright, Civil Rights, and the Middle Ages, September/October 2003 (Tracy Mitrano, Educause Review)
RIAA Letter to U.S. Senator Norm Coleman, August 14, 2003
image American Council on Education:  Background Discussion on Copyright Law and Potential Liability for Students Engaged in P2P File Sharing on University Networks, August 8, 2003
image Copyright and Digital Media in a Post-Napster World, August 2003 (The Berkman Center for Internet & Society, Harvard Law School)
image Letter to Institutional Presidents, October 8, 2002
image RIAA Letter to College and University Presidents, October 3, 2002


Darren S. Cahr, Nicole Murray, and Howard Zweig (NACUA Member)Gardner Carton & Douglas.

Content Contact:
December Bolden
(562) 951-4500
Technical Contact:

Last updated: December 24, 2003

OGC Home | Attorneys | Campus Assignments | Specialties | Current Legal Developments | Resources | OGC Manuals