[House Hearing, 110 Congress]
[From the U.S. Government Publishing Office]


 
                       THE ROLE OF TECHNOLOGY IN 
                     REDUCING ILLEGAL FILESHARING: 
                        A UNIVERSITY PERSPECTIVE 

=======================================================================

                                HEARING

                               BEFORE THE

                  COMMITTEE ON SCIENCE AND TECHNOLOGY
                        HOUSE OF REPRESENTATIVES

                       ONE HUNDRED TENTH CONGRESS

                             FIRST SESSION

                               __________

                              JUNE 5, 2007

                               __________

                           Serial No. 110-34

                               __________

     Printed for the use of the Committee on Science and Technology


     Available via the World Wide Web: http://www.house.gov/science

                                 ______

                     U.S. GOVERNMENT PRINTING OFFICE

35-706 PDF                 WASHINGTON DC:  2007
---------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing
Office  Internet: bookstore.gpo.gov Phone: toll free (866)512-1800
DC area (202)512-1800  Fax: (202) 512-2250 Mail Stop SSOP, 
Washington, DC 20402-0001



















                  COMMITTEE ON SCIENCE AND TECHNOLOGY

                 HON. BART GORDON, Tennessee, Chairman
JERRY F. COSTELLO, Illinois          RALPH M. HALL, Texas
EDDIE BERNICE JOHNSON, Texas         F. JAMES SENSENBRENNER JR., 
LYNN C. WOOLSEY, California              Wisconsin
MARK UDALL, Colorado                 LAMAR S. SMITH, Texas
DAVID WU, Oregon                     DANA ROHRABACHER, California
BRIAN BAIRD, Washington              KEN CALVERT, California
BRAD MILLER, North Carolina          ROSCOE G. BARTLETT, Maryland
DANIEL LIPINSKI, Illinois            VERNON J. EHLERS, Michigan
NICK LAMPSON, Texas                  FRANK D. LUCAS, Oklahoma
GABRIELLE GIFFORDS, Arizona          JUDY BIGGERT, Illinois
JERRY MCNERNEY, California           W. TODD AKIN, Missouri
PAUL KANJORSKI, Pennsylvania         JO BONNER, Alabama
DARLENE HOOLEY, Oregon               TOM FEENEY, Florida
STEVEN R. ROTHMAN, New Jersey        RANDY NEUGEBAUER, Texas
MICHAEL M. HONDA, California         BOB INGLIS, South Carolina
JIM MATHESON, Utah                   DAVID G. REICHERT, Washington
MIKE ROSS, Arkansas                  MICHAEL T. MCCAUL, Texas
BEN CHANDLER, Kentucky               MARIO DIAZ-BALART, Florida
RUSS CARNAHAN, Missouri              PHIL GINGREY, Georgia
CHARLIE MELANCON, Louisiana          BRIAN P. BILBRAY, California
BARON P. HILL, Indiana               ADRIAN SMITH, Nebraska
HARRY E. MITCHELL, Arizona           VACANCY
CHARLES A. WILSON, Ohio





















                            C O N T E N T S

                              June 5, 2007

                                                                   Page
Witness List.....................................................     2

Hearing Charter..................................................     3

                           Opening Statements

Statement by Representative Bart Gordon, Chairman, Committee on 
  Science and Technology, U.S. House of Representatives..........     8
    Written Statement............................................     9

Statement by Representative Ralph M. Hall, Minority Ranking 
  Member, Committee on Science and Technology, U.S. House of 
  Representatives................................................    10
    Written Statement............................................    11

Prepared Statement by Representative Eddie Bernice Johnson, 
  Member, Committee on Science and Technology, U.S. House of 
  Representatives................................................    12

Prepared Statement by Representative Russ Carnahan, Member, 
  Committee on Science and Technology, U.S. House of 
  Representatives................................................    12

Prepared Statement by Representative Harry E. Mitchell, Member, 
  Committee on Science and Technology, U.S. House of 
  Representatives................................................    13

Statement by Representative F. James Sensenbrenner Jr., Member, 
  Committee on Science and Technology, U.S. House of 
  Representatives................................................    11

                               Witnesses:

Dr. Charles A. Wight, Associate Vice President for Academic 
  Affairs and Undergraduate Studies, University of Utah, Salt 
  Lake City
    Oral Statement...............................................    14
    Written Statement............................................    15
    Biography....................................................    17

Dr. Adrian Sannier, Vice President and University Technology 
  Officer, Arizona State University
    Oral Statement...............................................    17
    Written Statement............................................    19
    Biography....................................................    21

Mr. Vance Ikezoye, President and CEO, Audible Magic Corporation
    Oral Statement...............................................    21
    Written Statement............................................    23
    Biography....................................................    26

Ms. Cheryl Asper Elzy, Dean of University Libraries and Federal 
  Copyright Agent, Illinois State University
    Oral Statement...............................................    26
    Written Statement............................................    28
    Biography....................................................    35

Dr. Gregory A. Jackson, Vice President and Chief Information 
  Officer, University of Chicago
    Oral Statement...............................................    35
    Written Statement............................................    37
    Biography....................................................    41

Discussion.......................................................    42

             Appendix 1: Answers to Post-Hearing Questions

Dr. Charles A. Wight, Associate Vice President for Academic 
  Affairs and Undergraduate Studies, University of Utah, Salt 
  Lake City......................................................    54

Dr. Adrian Sannier, Vice President and University Technology 
  Officer, Arizona State University..............................    57

Mr. Vance Ikezoye, President and CEO, Audible Magic Corporation..    60

Ms. Cheryl Asper Elzy, Dean of University Libraries and Federal 
  Copyright Agent, Illinois State University.....................    63

Dr. Gregory A. Jackson, Vice President and Chief Information 
  Officer, University of Chicago.................................    70

             Appendix 2: Additional Material for the Record

Statement by Mr. Safwat Fahmy, CEO and Founder, SafeMedia 
  Corporation....................................................    74

Republican Briefing Memo.........................................    78


 THE ROLE OF TECHNOLOGY IN REDUCING ILLEGAL FILESHARING: A UNIVERSITY 
                              PERSPECTIVE

                              ----------                              


                         TUESDAY, JUNE 5, 2007

                  House of Representatives,
                       Committee on Science and Technology,
                                                    Washington, DC.

    The Committee met, pursuant to call, at 2:05 p.m., in Room 
2318 of the Rayburn House Office Building, Hon. Bart Gordon 
[Chairman of the Committee] presiding.


                            hearing charter

                  COMMITTEE ON SCIENCE AND TECHNOLOGY

                     U.S. HOUSE OF REPRESENTATIVES

                       The Role of Technology in

                     Reducing Illegal Filesharing:

                        A University Perspective

                         tuesday, june 5, 2007
                          2:00 p.m.-4:00 p.m.
                   2318 rayburn house office building

1. Purpose

    On Tuesday, June 5, 2007, the Committee on Science and Technology 
of the U.S. House of Representatives will hold a hearing to learn about 
the experiences of universities that have implemented technological 
measures to reduce copyright-infringing filesharing on their campus 
networks. University representatives and a leading technologist will 
discuss the nature of these technologies, their potentials and 
limitations, techniques for evaluating and testing them in realistic 
settings, and their experiences using them.

2. Witnesses

Dr. Charles Wight is the Associate Vice President for Academic Affairs 
and Undergraduate Studies at the University of Utah.

Dr. Adrian Sannier is the Vice President and University Technology 
Officer at Arizona State University, on leave from Iowa State 
University.

Mr. Vance Ikezoye is the President and CEO of Audible Magic Corporation 
of Los Gatos, California.

Ms. Cheryl Asper Elzy is the Dean of University Libraries at Illinois 
State University and a member of the management team of ISU's Digital 
Citizen Project.

Dr. Greg Jackson is the Vice President and Chief Information Officer at 
the University of Chicago.

3. Brief Overview

          Most colleges and universities provide high-speed 
        Internet access to their students, faculty and staff. These 
        campus networks are intended for education and research, but 
        they are often used for entertainment or other purposes as 
        well. Over the past several years, free peer-to-peer (P2P) 
        filesharing programs have made it easy for college and 
        university students to illegally download and share copyrighted 
        music, movies, and other content via their campus network 
        connections. In 2005, copyright-infringing filesharing in the 
        U.S. cost the movie industry $500 million, an estimated 44 
        percent of which was due to college and university students. In 
        2006, some 1.3 billion music tracks were downloaded illegally 
        in the U.S. by college students, compared with approximately 
        500 million legal downloads.

          Under the ``safe harbor'' provision of the Digital 
        Millennium Copyright Act (DMCA) of 1998, colleges and 
        universities are not held liable for copyright-infringing 
        filesharing conducted on their campus networks, provided that 
        they cooperate with copyright holders to identify and deal with 
        users on their networks who illegally share copyrighted 
        materials.

          Many college and university campuses have adopted 
        technological measures to prevent illegal filesharing on their 
        networks. These measures fall into two general categories: 
        ``traffic-shaping'' systems, which control the speed of network 
        transmissions based on where in the network they originate and 
        what computer program sends them; and ``network-filtering'' 
        systems, which specifically identify and block transmissions 
        that contain copyrighted material. The use of traffic-shaping 
        technology is relatively common, and a majority of campuses now 
        employ it to improve the performance of their campus networks. 
        Network-filtering technologies have not yet been as widely 
        adopted.

4. Issues and Concerns

What has been the overall experience of campuses that have implemented 
technological measures to reduce illegal filesharing? A significant 
majority of U.S. campuses are using traffic-shaping systems to control 
and modify the rate of file transmission on their networks. Campuses 
``shape'' the traffic on their networks by modifying the rate at which 
different types of files are transmitted, based on which part of campus 
the data is coming from, what type of program is transmitting the data, 
and other factors. Most campuses have had a positive experience with 
this type of technology and do not report any significant complaints or 
concerns about its use. A smaller number of campuses have deployed 
network-filtering systems that specifically identify and block 
copyrighted materials in transmitted files. The experience of these 
universities with these technologies will be valuable input for other 
campuses that are considering which technological measures are 
appropriate to take in reducing illegal filesharing, and also in 
discovering what technical issues may arise in the deployment of these 
technologies on campus networks.

Have technological measures been successful in reducing illegal 
filesharing on campuses? Campuses that have adopted technical means to 
reduce illegal filesharing can measure their impact by the change in 
the number of copyright-infringement complaints they receive under the 
terms of the Digital Millennium Copyright Act (DMCA). A number of 
universities report major reductions in these complaints after 
installing network-filtering technologies. For instance, Wittenberg 
University in Ohio estimates that its DMCA complaints dropped from 50 
per year to about three after installing a network-filtering technology 
from Audible Magic Corporation. The University of Florida reports a 
drop from approximately 50 copyright-violation complaints per month to 
zero after deploying a network-filtering system now sold by Red Lambda, 
Inc. The University of Portland installed a network-filtering system 
two years ago, and currently blocks millions of copyright-violating 
files per month, resulting in a 70 percent reduction in DMCA 
complaints. Campuses using traffic-shaping technologies alone do not 
report experiencing as significant a reduction in DMCA complaints.

Do technologies to reduce illegal filesharing affect the speed and 
reliability of campus networks? Campus networks can be relatively 
complex, and must be able to transmit large amounts of data for 
research and educational purposes without major delays. Most 
universities agree that traffic-shaping technology improves, rather 
than harms, the performance of their networks by giving preference to 
digital traffic from classrooms and labs during peak usage hours and 
controlling large-scale characteristics of network transmission. In 
fact, a number of universities have been able to delay expensive 
upgrades to their network infrastructure because of traffic-shaping 
systems. However, there is some argument over whether network-filtering 
technology has a degrading effect on a network. Some universities have 
argued that it will slow down network speeds and reduce the reliability 
of the network. Others report that network-filtering systems increase 
the speed of their network for legitimate transmissions by eliminating 
large amounts of illegal usage, thus freeing up network resources. 
After installing network-filtering systems, Wittenberg University 
experienced a 63 percent reduction in network traffic, the University 
of Florida experienced a 40 percent reduction of inbound traffic and an 
85 percent reduction of outbound traffic, and the University of 
Portland experienced at least a 50 percent reduction in overall network 
traffic. The experiences of campuses that are currently deploying both 
traffic-shaping and network-filtering technologies will help clarify 
the impact they have on network performance. Realistic testing with 
scientific metrics, as is being performed at Illinois State University, 
will also yield valuable data for evaluating these claims.

Do network-filtering technologies interfere with legitimate uses of 
campus networks? Since network-filtering technologies aim to 
specifically identify copyright-infringing content in data 
transmissions, there is a concern that they may incorrectly identify 
legitimate content that happens to be transmitted by peer-to-peer (P2P) 
filesharing protocols, and thus interfere with educational or research 
uses of the network. BitTorrent, a popular protocol for transferring 
large files, is used to illegally transfer copyrighted movies, but it 
is also used to download copies of the freely distributed Linux 
operating system, transfer satellite photos from NASA's Visible Earth 
website, and exchange many other legal files. The OCKHAM Initiative, a 
collaboration among Emory University, the University of Notre Dame, 
Oregon State University, and Virginia Tech, recently received a grant 
from the National Science Foundation (NSF) to use P2P filesharing 
protocols to promote digital libraries for research and educational 
purposes. And Pennsylvania State University has developed and begun 
using LionShare, a legal and secure peer-to-peer filesharing program to 
transfer academic and personal files among institutions around the 
world. If network-filtering systems incorrectly identify these 
legitimate network transmissions as copyright-infringing, they would 
interfere with appropriate and necessary usage of campus networks and 
prevent educational and research activities. This issue is another area 
in which realistic testing with scientific metrics in the vein of the 
Illinois State University Digital Citizen Project can provide important 
data.

Are anti-illegal-downloading technologies vulnerable to hackers or 
other technological counter-measures? There is a concern among 
universities that network-filtering technologies may be quickly 
defeated by hackers, both on and off campus. Encrypting copyright-
infringing files before they are transmitted may circumvent the 
detection step of network-filtering systems and allow users to continue 
illegal filesharing in spite of the installation of these technologies. 
While it is clear that any technological system is ultimately 
vulnerable to continual technological advances, understanding the ways 
in which network-filtering systems can be kept updated to respond to 
technological challenges will be important for evaluating the long-term 
utility of technical means to reduce illegal downloading. A useful 
parallel to this issue can be found in the growth and distribution of 
anti-virus and anti-spam software, the original versions of which would 
be entirely impotent in today's network environment. Continual updates 
in reaction to changes in the digital landscape have not only kept 
these programs effective, they have allowed them to improve their 
accuracy in eliminating viruses and spam and thus enhanced the utility 
of most networks on which they are installed. No responsible network 
administrator would today operate a system without anti-virus and anti-
spam technology installed.

Do technologies to reduce illegal downloading compromise privacy of 
networks? Privacy on computer networks is a significant concern, and to 
the extent that it is compatible with legal usage it must be protected. 
Many universities are concerned that the component of network-filtering 
systems that identifies copyrighted material violates the privacy of 
users of the network, by more closely examining the content of their 
transmitted files. It is important to understand the methods by which 
these technologies identify copyright-infringing files, and whether 
these methods are more invasive to privacy of transmissions than other 
network maintenance operations, such as filtering e-mail for spam and 
examining downloaded files for possible viruses or computer worms. 
University witnesses at the hearing can provide insight about privacy 
concerns that may have arisen on their campuses when they deployed 
network-filtering technologies.

5. Background

Definitions and technical background
    ``Illegal filesharing'' is a broad term for the digital 
distribution of files that contain copyright-protected material, such 
as music, movies, and some software. Illegal filesharing is usually 
accomplished with computer programs that create peer-to-peer (P2P) 
network connections linking many individual computers. A variety of P2P 
programs, such as Kazaa, LimeWire, eDonkey, and Morpheus are available 
for free download from their distributors' websites.
    After a user installs a P2P program (called a ``client 
application'') onto their computer, he or she runs the application to 
connect to the computers of other users of that particular P2P 
software. The client application allows users to ``share'' files 
located on their computer hard drives. Once users make files available 
for sharing with each other, anyone who uses the same software to 
connect to the P2P network may locate and download desired files easily 
and at no cost. For example, a user of the LimeWire client application 
can directly access files saved on another LimeWire user's computer 
hard drive. Alternatively, a user can search for a particular file 
name, such as an MP3 song title, across all the computers connected to 
the LimeWire network, and then download a copy of that file onto his or 
her computer.
    It is important to note that downloading music, movies and software 
over the Internet is not itself illegal, as long as users pay legal 
fees. For instance, Apple's iTunes Store allows users to legally 
purchase and download music for their iPod player, and services such as 
MovieLink and CinemaNow allow users to buy and download movies. There 
are also legal downloading sites for college and university students 
that are supported by advertising revenue or blanket subscription fees, 
such as Ruckus and Cdigix. However, using programs such as LimeWire to 
share copyrighted material does not involve any royalty payment to the 
copyright owner, and is therefore illegal.
Impact on college and university networks
    Illegal filesharing has become common at many colleges and 
universities across the country. According to a 2006 survey by the 
University of Richmond's Intellectual Property Institute, 34 percent of 
college students illegally download music from P2P networks. NPD Group, 
a leading entertainment research firm, found in a recent survey that 
more than two-thirds of music acquired by college students was obtained 
illegally, and that students are more than twice as likely as the 
general population to use P2P networks to download music. A 2005 study 
by L.E.K. Consulting found that 44 percent of U.S. losses to the movie 
industry from illegal filesharing were due to college students.
    Under the ``safe harbor'' provisions of the 1998 Digital Millennium 
Copyright Act (DMCA), colleges and universities are not liable for 
copyright violations committed using their networks, as long as they 
cooperate with copyright holders who file complaints that their 
copyrighted material is being illegally transmitted over the campus 
network. Over the past two years, the music industry has sent almost 
60,000 copyright-infringement notices to over 1,000 schools. This has 
created a significant administrative burden for the schools to process 
and respond to these claims. In addition, over 1,000 lawsuits have been 
brought against students at over 130 schools, and the cost of dealing 
with these claims can be quite high.
    Illegal filesharing has had a major impact on the performance of 
campus networks. Shortly before the University of Florida deployed its 
network-filtering system, its dormitory network was at 95 percent of 
total transmission capacity. Prior to installing its network-filtering 
system, the University of Portland found that its network was 
transmitting files at 100 percent capacity. Many other campuses face a 
similar problem with increased campus demand for network access, and a 
number are finding that illegal filesharing is an unexpectedly large 
fraction of this demand. This has important consequences for campus 
decisions about the appropriate level of resources to invest in network 
expansions and upgrades.
Technological measures to prevent illegal filesharing
    Colleges and universities can take a number of technological steps 
to help reduce illegal filesharing on their campus networks. These 
generally fall into two categories of technologies that can be 
installed on the campus network. The first category encompasses 
hardware and software systems known as ``traffic shapers,'' which 
modify the rate at which certain files are transmitted over the 
network. Traffic-shaping systems prioritize the transmission speed of 
files based on a number of factors, such as where on the network the 
transmitted files originate (files from laboratory computers may 
receive faster transmission than those from dorm computers) or what 
software program is sending the files (files from known research 
software may be given faster transmission than data from games or other 
entertainment software). Traffic-shaping systems can also establish a 
maximum data transmission amount per day for users, so that users who 
``hog'' transmission time can be prevented from overusing the network. 
While traffic-shaping systems do not specifically identify or target 
files that contain copyrighted material, they can reduce the flow of 
data to and from computers that tend to transmit or receive copyright-
infringing transmissions, making illegal filesharing slower and more 
difficult. According to a 2005 survey by EDUCAUSE, almost 90 percent of 
campuses use some form of traffic-shaping technologies on their 
networks. Traffic-shaping products include Packeteer's PacketShaper, 
Allot Communication's NetEnforcer, and APconnections' NetEqualizer.
    The second category of technologies available to campus networks to 
reduce illegal filesharing encompasses systems known as ``network 
filters''. These technologies use a variety of techniques to more 
closely examine transmissions on the network and specifically determine 
whether they contain copyrighted materials. They can generally be 
configured to either block the transmission of files that are found to 
contain these materials, or simply to log the infringing transmission 
and send warning notices to the user(s) involved. One of the methods 
employed by network-filtering technologies to detect copyrighted 
material is known as ``fingerprinting,'' in which various 
characteristics of music tracks and movies (a ``fingerprint'' of the 
content) are stored in a database, and transmitted files are compared 
against this database to detect a match. A second method is based on 
analyzing the transmission patterns of data on the network and 
statistically comparing them with previously identified infringing 
network traffic. Network-filtering systems are not yet widely deployed 
by colleges and universities, although a growing number of schools are 
beginning to adopt them. Network-filter products include Audible 
Magic's CopySense, Red Lambda's cGRID::Integrity, and SafeMedia's 
Clouseau.
Reactions from the university community
    Most colleges and universities have embraced the adoption of 
traffic-shaping technologies. Their use of these systems is motivated 
partly by concerns about illegal filesharing and partly by the desire 
to make their networks more efficient. Many campuses have responded to 
the illegal filesharing issue with educational and awareness campaigns 
for their students, to teach them that filesharing using most free P2P 
software applications is illegal and could expose them to legal action. 
A smaller number of campuses (roughly 100 by the end of 2006) have 
begun providing legal alternatives for downloading music and movies. 
These legitimate services include Ruckus, Cdigix, and Napster, and are 
funded either by advertising revenue, flat student fees per semester, 
or other financing models. Education campaigns often include a 
component to teach students who are using P2P applications for illegal 
filesharing about the existence of these legal sites.
    In contrast to attitudes towards traffic-shaping systems, 
education, and legitimate download services, many universities have 
raised objections to installing network-filtering technologies. These 
objections are based on policy, financial, and technical rationales, 
and have spurred a significant debate on the issue of the appropriate 
role for network-filtering systems in dealing with illegal downloading.
    Policy objections to network-filtering systems are based on 
arguments that their use violates privacy, by inspecting network 
transmissions too closely. There is also an argument that network-
filtering systems compromise academic freedom, by blocking or impeding 
the free transmission of data. These policy issues, while valid, must 
be considered in the context of other network-management policies in 
place on virtually all campus networks, including the use of anti-spam 
and anti-virus filters, which examine the content of transmitted files 
for unwanted commercial content (spam) or malicious software (viruses 
and worms). If the behavior of anti-spam and anti-virus software is not 
considered invasive of privacy or counter to academic freedom, then to 
the extent that network-filtering systems examine content in a similar 
fashion, they should not be considered so either.
    Financial objections to network-filtering technologies generally 
involve concerns that it would be too expensive to purchase systems 
with sufficient capability to effectively reduce illegal filesharing on 
campus networks, and/or that it would be too expensive to pay for 
maintenance and upgrades to these systems. In addressing this issue, it 
is useful to consider the relative costs campuses currently pay for 
their network management, and place the cost of network-filtering 
systems in this context. While campuses differ, in the case of many 
campuses using network-filtering systems, the costs associated with 
these technologies are significantly less than that of other network 
management activities. In addition, network-filtering systems can 
relieve pressure on campus networks clogged with a mix of legitimate 
and illegitimate traffic, and thus eliminate or defer the need for 
expensive network-expansion projects. For example, the University of 
Florida was able to defer a $2 million network upgrade for over two 
years by installing a network-filtering system and reducing a large 
amount of network traffic that was determined to be illegal. Wittenberg 
University estimates that it saves between $20,000 and $25,000 annually 
on network usage because of its network-filtering system. Campuses also 
realize savings by not having to process as many DMCA complaints: the 
University of Florida saved roughly 3000 work-hours in the first year 
after installing its system, and Wittenberg University estimates it 
eliminated 90 percent of its complaint-processing time (roughly 45 
work-hours per year) by using its network-filtering technology.
    Finally, technical objections to network filters are grounded in 
the argument that they are imperfect, and do not detect and stop all 
illegal filesharing on a network. The objections also include concerns 
that network-filtering systems will be defeated by technical attacks, 
such as a move to encrypted data transmission for illegal filesharing 
or other work-arounds. While these systems are indeed imperfect in the 
sense that they do not prevent 100 percent of illegal transmissions, an 
important analogy can be made to the adoption and deployment of the 
first firewalls, spam filters and virus filters, which were and 
continue to be imperfect technologies, yet today form a critical 
digital defense across campus and commercial networks that no 
responsible network administrator would fail to employ. An adoption 
standard based on technical perfection is inconsistent with other 
technology adoption policies and is ultimately counter-productive.
    Chairman Gordon. This hearing will come to order, and good 
afternoon to everyone. Welcome to today's hearing entitled The 
Role of Technology in Reducing Illegal Filesharing: A 
University Perspective. Today we are going to be addressing the 
issue of illegal filesharing on university computer networks. 
This practice, which is also known as digital piracy, is 
costing the entertainment industry billions of dollars and 
thousands of jobs.
    I would also note that illegal filesharing isn't just about 
royalty fees. It clogs campus networks and interferes with the 
educational and research mission of universities. It wastes 
resources that could have gone to laboratories, classrooms, and 
equipment, and it is teaching a generation of college students 
that it is all right to steal music, movies, and other content 
because it is easy to download them on the Internet. That is 
wrong, and it needs to be stopped.
    Our committee is not the first to address this issue. Under 
the leadership of my friend Lamar Smith the Judiciary Committee 
held a series of hearings on this topic in the last Congress. 
The Education Committee has also held a hearing on this issue. 
However, those hearings focused on the legal and regulatory 
structure as was appropriate given the jurisdiction of the 
Committees. The focus of today's hearing is on technology to 
help prevent illegal filesharing.
    In today's digital world we generally rely on technology to 
combat illegal activities. It is illegal to send spam or to 
hack into a system to steal data. And though regulations 
attempt to stop these illegal activities, regulations alone are 
not enough. Systems from large corporate networks to home 
desktop computers use anti-spam and anti-virus software 
firewalls.
    Do these technologies stop all illegal activities? Of 
course not, but they do prevent the bulk of bad things from 
happening, and the technologies have improved even as the 
sophistication of the spammers and hackers has increased. The 
Science and Technology Committee has a long history of holding 
hearings and moving legislation about technologies that are 
used to combat these illegal activities.
    I believe the case of illegal filesharing is exactly the 
same. We can't rely on laws and regulations alone to fix the 
problem. Technology will be the first line of defense, and I am 
hopeful that our work here will contribute to the beginning of 
real action on this problem. I don't want to be holding this 
same hearing in the 111th Congress.
    Our witnesses will focus on the use of technology to combat 
illegal filesharing. Some of them will discuss how their 
campuses decided to use technology to reduce digital piracy. I 
hope to learn about their experiences with these technologies 
and how well they have worked. I am also interested in learning 
about the technologies themselves; how they stop copyrighted 
files from being illegally shared and what technical issues 
there may be for implementing them on campus networks. And I am 
looking forward to hearing about an important cooperative 
project between higher education and the entertainment 
community to rigorously test and evaluate these technologies in 
an objective, scientific manner.
    I want to thank our panelists for taking time from their 
busy schedules to appear before us today. One of our nation's 
greatest strengths is our education system, and America's 
universities are the envy of the world. Their mission is to 
educate students, and they should not condone or look the other 
way when their computer networks are used as clearing houses 
for digital piracy and illegal filesharing. Universities do not 
condone piracy of computer software, textbooks, or academic 
research articles, and they should not treat entertainment 
intellectual property any differently.
    It is my hope that by working together we can fix the 
problem of digital piracy on our campuses.
    [The prepared statement of Chairman Gordon follows:]
               Prepared Statement of Chairman Bart Gordon
    Good morning. Welcome to today's hearing entitled ``The Role of 
Technology in Reducing Illegal Filesharing: A University Perspective.''
    Today we are going to be addressing the issue of illegal 
filesharing on university computer networks. This practice, which is 
also known as digital piracy, is costing the entertainment industry 
billions of dollars and thousands of jobs. Many of the people affected 
by it are my constituents, who live near and work in Nashville, the 
recording capital of America. They are the ones who first brought this 
issue to my attention.
    I would also note that illegal filesharing isn't just about royalty 
fees. It clogs campus networks and interferes with the educational and 
research mission of universities.
    It wastes resources that could have gone to laboratories, 
classrooms, and equipment. And it is teaching a generation of college 
students that it's all right to steal music, movies, and other content, 
because it's easy to download them on the Internet. That's wrong, and 
it must be stopped.
    Our committee is not the first to address this issue. Under the 
leadership of my friend Lamar Smith, the Judiciary Committee held a 
series of hearings on this topic in the last Congress. The Education 
Committee has also held a hearing on this issue. However, those 
hearings focused on the illegality and regulatory structure, as was 
appropriate given the jurisdiction of those Committees. The focus of 
today's hearing is on technology to help prevent illegal filesharing.
    In today's digital world, we generally rely on technology to combat 
illegal activities. It's illegal to send spam or to hack into a system 
and steal data. And though regulations attempt to stop these illegal 
activities, regulations alone are surely not enough. Systems from large 
corporate networks to home desktop computers use anti-spam and anti-
virus software and firewalls.
    Do these technologies stop all illegal activities? Of course not. 
But they do prevent the bulk of bad things from happening. And the 
technologies have improved, even as the sophistication of the spammers 
and hackers has increased. The Science & Technology Committee has along 
history of holding hearings and moving legislation on technologies that 
are used to combat these illegal activities.
    I believe the case of illegal filesharing is exactly the same. We 
can't rely on laws and regulations alone to fix the problem. Technology 
will be the first line of defense. I'm hopeful that our work here today 
will contribute to the beginnings of real action on this problem. I 
don't want to be holding this same hearing in the 111th Congress.
    Our witnesses will focus on the use of technology to combat illegal 
filesharing. Some of them will discuss how their campuses decided to 
use technical methods to reduce digital piracy, and I hope to learn 
about their experiences with these technologies and how well they have 
worked.
    I am also interested in learning about the technologies 
themselves--how they stop copyrighted files from being illegally 
shared, and what technical issues there may be for implementing them on 
campus networks.
    And I am looking forward to hearing about an important cooperative 
project between higher education and the entertainment community to 
rigorously test and evaluate these technologies in an objective, 
scientific manner.
    I want to thank our panelists for taking time from their busy 
schedules to appear before us today.
    One of our nation's greatest strengths is our educational system, 
and American universities are the envy of the world.
    Their mission is to educate students, and they should not condone 
or look the other way when their computer networks are used as 
clearinghouses for digital piracy and illegal filesharing. Universities 
do not condone the piracy of computer software, textbooks, or academic 
research articles, and they should not treat entertainment intellectual 
property any differently.
    It is my hope that by working together we can fix the problem of 
digital piracy on campuses.

    Chairman Gordon. And now I would like to yield to my 
friend, Mr. Hall.
    Mr. Hall. And I assure you that I will call a hearing in 
the 111th if we need to, and I will confer with you in the kind 
of manner that you have with me, and I thank you for it.
    Thank you, Chairman Gordon, for convening this very Full 
Committee hearing today. I would like to echo your welcome to 
our distinguished panel today, and I thank all of you for 
taking time to come to Washington to discuss how we can reduce 
digital piracy.
    The breadth of experience and expertise here today I think 
is going to get us a long way in understanding the problem of 
copyright infringement and hopefully eliminate some of the next 
steps for the community.
    In particular I would like to welcome Dr. Greg Jackson, the 
Chief Information Officer of the University of Chicago, and 
former Director of Academic Computing for the Massachusetts 
Institute of Technology. Dr. Jackson has also served on 
advisory boards for major information technology industry firms 
and helped usher in the next generation of Internet 
technologies with the National Lambda Rail and Internet 2 and I 
thank you, Dr. Jackson, and I look forward to hearing from you 
and all of your talented colleagues here today.
    Piracy of digital available media has become a large 
concern as more and more intellectual and creative works are 
available in easily transferred digital format and access to 
high bandwidth networks has spread. High-speed Internet 
connections used to be limited to major universities and 
government research labs. Now, relatively cheap broadband 
access is available, including over 50 million residential 
high-speed connections. Through this combination illegal 
filesharing of music, movies, software, and other contents is 
easier than ever, literally at the click of a button.
    This rampant disregard for copyright law absolutely needs 
to end. A number of other committees have set, have met to 
discuss aspects of this problem. The hearing today will examine 
for us one detail of the larger intellectual property 
enforcement debate, focusing on the efficacy of technological 
solutions to stopping illegal filesharing.
    Colleges and universities hold a unique perspective being 
both creators of intellectual property, Internet service 
providers to a large and technically savvy group of students 
and staff, and custodians of some of the fastest cutting-edge 
networks in the Nation. From reading our witnesses' testimony, 
it is clear that no single silver bullet solution is available 
to stop unauthorized distribution of digital media while 
allowing authorized traffic.
    The variety of campus network needs and policies with 
respect to the proper role of the institution in policing users 
leads to a highly diverse environment. However, recent work and 
cooperation among higher education, copyright holders, and 
technology companies has helped build an understanding of these 
varied requirements and given us insight into how we might 
proceed in the end. The technologies we will discuss today are 
going to form part of a larger anti-piracy solution that also 
includes legal alternatives, education, and adequate 
protections of privacy and consumer rights.
    And if I have any time left I yield to the gentleman, Mr. 
Sensenbrenner.
    [The prepared statement of Mr. Hall follows:]
           Prepared Statement of Representative Ralph M. Hall
    Thank you, Chairman Gordon, for convening this Full Committee 
hearing today.
    I'd like to echo your welcome to our distinguished panel today. 
Thank you all for taking the time to come to Washington to discuss how 
we can reduce digital piracy. The breadth of experience and expertise 
here today will get us a long way in understanding the problem of 
copyright infringement and hopefully illuminate some next steps for the 
community.
    In particular, I'd like to welcome Dr. Greg Jackson, the Chief 
Information Officer of the University of Chicago and former Director of 
Academic Computing for the Massachusetts Institute of Technology. Dr. 
Jackson has also served on advisory boards for major IT industry firms 
and helped usher in the next generation of Internet technologies with 
National LambdaRail and Internet2. Thank you Dr. Jackson, I'll look 
forward to hearing from you and all of your talented colleagues here 
today.
    Piracy of digitally available media has become a large concern as 
more and more intellectual and creative works are available in easily-
transferred, digital format and access to high bandwidth networks has 
spread. High speed Internet connections used to be limited to major 
universities and government research labs. Now, relatively cheap 
broadband access is available, including over fifty million residential 
high speed connections. Through this combination, illegal filesharing 
of music, movies, software, and other content is easier than ever--
literally at the click of a button. This rampant disregard for 
copyright law needs to end.
    A number of other committees have met to discuss aspects of this 
problem. This hearing will examine one detail of the larger 
intellectual property enforcement debate, focusing on the efficacy of 
technological solutions to stopping illegal filesharing. Colleges and 
universities hold a unique perspective, being both creators of 
intellectual property, Internet service providers to a large and 
technically savvy group of students and staff, and custodians of some 
of the fastest, cutting edge networks in the Nation.
    From reading our witnesses testimony, it is clear that no single, 
silver-bullet solution is available to stop unauthorized distribution 
of digital media while allowing authorized traffic. The variety of 
campus network needs and policies with respect to the proper role of 
the institution in policing users leads to a highly diverse 
environment. However, recent work and cooperation among higher 
education, copyright holders, and technology companies has helped build 
an understanding of these varied requirements and given us insight into 
how we might proceed. In the end, the technologies we'll discuss today 
will form part of a larger anti-piracy solution that also includes 
legal alternatives, education, and adequate protections of privacy and 
consumer rights.

    Chairman Gordon. I was going to suggest that. Mr. 
Sensenbrenner has an appointment to chew someone out, and so we 
don't want to stand in his way, and we would like for him to--
--
    Mr. Sensenbrenner. It is the State Department on issuing 
passports. So there is a big problem with that.
    First of all, I thank both the Chair and the gentleman from 
Texas for yielding.
    When I was the Chair of the Judiciary Committee, I was 
really an intellectual property hawk, and I was the one that 
directed Congressman Smith to have the series of hearings in 
the last Congress relative to the copyright law and the 
enforcement of the copyright law.
    This hearing closes the loop on this, because obviously we 
are never going to be able to get 100 percent enforcement given 
the massive popularity of the Internet and the new technologies 
for filesharing, and that is why the technologies are important 
to be able to prevent this from happening in the first place.
    I am a graduate of Stanford University. So is my son, and 
when I went out to visit my son during his time out at 
Stanford, I frequently checked in with the front office, and 
one of the things that I talked about there was the problem of 
filesharing on university campuses. This was several years ago, 
and at that time the estimate was given to me that about 80 
percent of the broadband that the university purchased, again, 
with the money that came from tuition and elsewhere, was used 
for filesharing, and only 20 percent was being used for 
legitimate research of other academic purposes.
    This is a staggering figure, and to say that filesharing on 
university campuses does not drive up the cost of education is 
just flat out false. And the more we can do to have the 
technology to prevent this from happening in the first place, 
the better off the kids who don't fileshare will be in terms of 
not seeing one tuition increase piled on top of another tuition 
increase, and in the case of public universities, 
administrators having a good go at the legislature to get more 
taxpayers' dollars to be used to pay for this.
    So I welcome this hearing today. I am sorry I have to go 
leave to chew the Director of Counselor Affairs out, but 
anybody who wants to travel overseas pretty soon and who 
doesn't have a passport yet, will know that I am doing the 
Lord's work there while you are doing the Lord's work here. So 
thank you.
    Chairman Gordon. Thank you, Mr. Sensenbrenner. We should 
have called you as a witness.
    If there are other Members who wish to submit additional 
opening statements, your statements will be added to the 
record.
    [The prepared statement of Ms. Johnson follows:]
       Prepared Statement of Representative Eddie Bernice Johnson
    Thank you, Mr. Chairman.
    I would like to welcome here today the witnesses for today's 
hearing to explore technologies used by colleges and universities to 
reduce copyright-infringing filesharing on campus.
    Universities historically have upheld strict standards in terms of 
ethical conduct, opposing plagiarism, and supporting moral values when 
it comes to the process of research and higher education.
    Again, universities are positioned to take a leadership role in the 
practice of reducing illegal mass copying of music and videos in which 
it is against the law to reproduce and share the files.
    Always at the cutting edge of technology policy discussions, the 
Committee on Science and Technology is eager to learn more about 
current best-practices on campus. We want to hear examples of 
excellence in protecting the copyrights of music and videos on campus.
    Such technologies save the music and movie industries from costly 
losses due to illegal filesharing, and they enforce current copyright 
laws.
    While these technologies have great potential for widespread 
adoption and use, they also have limitations. The Committee hopes to 
hear more about these limitations and how they can be overcome.
    Other pertinent issues include whether the technologies compromise 
the privacy of campus computer networks and otherwise interfere with 
legitimate uses of campus computer networks.
    Again, welcome to today's witnesses. Thank you, Mr. Chairman. I 
yield back.

    [The prepared statement of Mr. Carnahan follows:]
           Prepared Statement of Representative Russ Carnahan
    Mr. Chairman, thank you for hosting this hearing to explore 
approaches to the reduction of illegal filesharing on the campus 
networks of universities around the country.
    Copyright-infringing filesharing costs the movie, music, and 
software industries hundreds of millions of dollars each year, and I 
look forward to examining ways that Congress can help to counteract 
this worrying trend.
    Numerous studies by intellectual property and consulting firms over 
the past few years have shown that college students account for a 
disproportionately large percentage of illegal downloads on peer-to-
peer networks. Increasingly, the high-speed Internet networks provided 
by universities for the purposes of education and research are becoming 
the domains of digital piracy and illicit filesharing by students.
    Today's hearing focuses on the important task of bolstering the 
technology available to universities for controlling the copyright-
protected material being transmitted across their campus networks. I am 
eager to hear our witnesses' assessments of the counter-measures 
implemented thus far so that we can reflect on the successes and 
inefficiencies of the technologies and seek to make modifications for 
improvement. Your first-hand experiences are vital to protecting the 
copyrights of musicians, producers, and software engineers, as well as 
maximizing the performance of university networks.
    To all the witnesses--thank you for taking time out of your busy 
schedules to appear before us today. I look forward to hearing your 
testimony.

    [The prepared statement of Mr. Mitchell follows:]
         Prepared Statement of Representative Harry E. Mitchell
    Thank you Mr. Chairman.
    I would like to extend a special welcome today to Dr. Adrian 
Sannier, Vice President and University Technology Officer at Arizona 
State University. Dr. Sannier made a special trip to Washington today 
to represent Arizona State University, a groundbreaking research 
university in my hometown of Tempe, AZ.
    Dr. Sannier is an integral part of ASU's mission to become a ``New 
American University'' and as such and it does not surprise me to know 
that the University Technology Office is at the forefront of peer-to-
peer filesharing issues.
    The purpose of today's hearing is to learn about the experiences 
universities have had combating illegal filesharing on campus. Illegal 
filesharing on campus networks puts many of our universities in a 
unique position. Students disregarding copyright protections may be 
liable for legal action, an incentive for many universities to block 
filesharing on their networks and protect students. At the same time 
legal filesharing (such as research) should be allowed and privacy 
protected.
    Many universities are in a difficult position when it comes to 
solutions for illegal filesharing and some have implemented 
technological measures to reduce copyright-infringing filesharing on 
their networks.
    ASU is one of the first universities in the country to implement 
technology to track and block illegal filesharing and Dr. Sannier will 
share his insight about ASU's experience with Audible Magic 
Corporations's anti-piracy technology--from what has worked to the 
school's concerns about existing technologies.
    I look forward to Dr. Sannier's testimony and learning about the 
experiences of other universities around the country.
    I yield back the balance of my time.

    Chairman Gordon. And now I would like to recognize Mr. 
Matheson to introduce our first witness.
    Mr. Matheson. Well, thank you, Chairman Gordon, and I do 
want to introduce a constituent of mine, Dr. Charles Wight from 
the University of Utah. He has been a member of the faculty at 
the University of Utah since 1984, and he has many roles he has 
taken there, but among the many roles he serves as Associate 
Vice President for Academic Affairs and Undergraduate Studies. 
And in this role he is responsible for the university's 
continuing education unit, its general education program, and 
for development of policies for educational technology and 
online courses.
    He serves on the university's academic leadership team and 
assists the Chief Information Officer, Dr. Steven Hess, in the 
development of institutional policies regarding institutional 
data access and security. And in 2001, he chaired a committee 
that wrote the current institutional policy governing copyright 
ownership for works created using resources of the University 
of Utah.
    So I want to welcome him as a witness, and Mr. Chairman, I 
will yield back.
    Chairman Gordon. Thank you very much, and our second 
witness is Dr. Adrian Sannier, the Vice President and 
University Technology Officer at Arizona State University, 
which is in the district of Mr. Harry Mitchell, and Mr. 
Mitchell had a conflict, but he sends his best, and I 
understand you are going to be meeting with him later. He is 
another valued Member of this committee.
    And our third witness is Mr. Vance Ikezoye, President and 
CEO of Audible Magic Corporation of Los Gatos, California.
    Our fourth witness is Ms. Cheryl Elzy, the Dean of 
University Libraries at Illinois State University and a member 
of the management team of the Digital Citizen Project.
    And Mr. Hall has already introduced the Republican witness 
today, and so we are all glad you are here. As our witnesses 
know, your statements will be made a part of the record, and we 
hope that you can summarize. We try to keep it within five 
minutes, but we want to be sure that you feel comfortable 
getting your full point.
    And then we will introduce our Members for five minutes. So 
we will now start with Dr. Wight.

STATEMENT OF DR. CHARLES A. WIGHT, ASSOCIATE VICE PRESIDENT FOR 
ACADEMIC AFFAIRS AND UNDERGRADUATE STUDIES, UNIVERSITY OF UTAH, 
                         SALT LAKE CITY

    Dr. Wight. Mr. Chairman, Members of the Committee, I am 
pleased to appear today to share some of the experiences of the 
University of Utah in reducing illegal peer-to-peer sharing of 
music and video files.
    My name is Chuck Wight, and I serve as Associate Vice 
President for Academic Affairs and Undergraduate Studies at the 
University of Utah.
    First of all, I want to stress that respect for copyrights 
lies at the heart of what universities do. Students and faculty 
enjoy the protection of intellectual property that we create 
every day through scholarly research. As teachers, we enjoy 
special privileges from the Doctrine of Fair Use, which permits 
limited use of copyrighted materials for non-profit educational 
purposes.
    Therefore, when members of our community abuse copyrights 
of others, whether it is plagiarism or through peer-to-peer 
filesharing, we take this very seriously.
    At the University of Utah we have adopted a two-pronged 
approach to reducing illegal peer-to-peer filesharing. First of 
all, we continuously monitor our networks to identify high 
bandwidth users in all areas of the campus network. Each week 
every local area network manager receives a report of the top 
talkers on his or her local area network. Each LAN manager is 
responsible for assessing whether the high bandwidth activity 
is an appropriate use of university resources, and if not, that 
person is responsible for correcting the situation.
    In the part of our network that serves the student 
residences, we run the Audible Magic software, which monitors 
network traffic to detect and block the transmission of 
copyrighted works that are registered with Audible Magic. These 
are mostly music recordings and movies.
    In addition, we automatically terminate network access to 
any student computer that has a total volume of outgoing 
network traffic that exceeds two gigabytes in a single day. 
Whenever this happens, someone from our information security 
office follows up with the user to determine whether or not the 
network activity was appropriate. That person then takes action 
to either restrict the activity or to allow it to continue.
    This two-pronged approach to the peer-to-peer filesharing 
problem has been very successful for us. We reduced the number 
of DMCA copyright abuse notices from RIAA, MPAA, and others by 
more than 90 percent. We currently deal with only two or three 
notices per week. After implementing this strategy about three 
years ago, the university saved about $1.2 million per year in 
Internet bandwidth charges.
    In addition, we saved an estimated $70,000 per year in 
personnel costs that would have otherwise been required to 
investigate and respond to copyright abuse complaints. Every 
time our information security office investigates a valid 
complaint or finds an instance of illegal filesharing activity, 
the user must agree in writing to abide by the university's 
acceptable use policy in order to have his or her network 
access restored. The rate of repeat offenses is low. In more 
than ten years there have been only three instances where a 
user's network access was permanently revoked.
    It is important to realize that there is no software or 
other network monitoring technology that can identify illegal 
transmission of copyrighted material with 100 percent 
reliability. Port shifting and encryption are just two of the 
many effective strategies that peer-to-peer filesharing 
programs use to overcome almost any technology solution to this 
problem.
    That is why it is important to use multiple strategies, for 
example, Audible Magic combined with network traffic volume 
monitoring, for detecting suspected violations. It is also 
important for the university to contact users personally in 
each case to make a detailed assessment of the situation.
    Our approach is largely, though not 100 percent, effective 
for reducing illegal filesharing activities on our campus. It 
allows us to block some content automatically, and it allows us 
to ensure that our network bandwidth resources are used 
appropriately, while at the same time respecting the privacy of 
individual users.
    Thank you.
    [The prepared statement of Dr. Wight follows:]
                 Prepared Statement of Charles A. Wight
    Mr. Chairman and Members of the Committee, I am pleased to appear 
today to share some of the experiences of the University of Utah in 
reducing the illegal sharing of digital copyrighted materials. My name 
is Charles Wight, and I currently serve as Associate Vice President for 
Academic Affairs and Undergraduate Studies at the University of Utah. 
In this capacity I am responsible for, or I am otherwise engaged in, 
creating and implementing a wide range of university policies dealing 
with educational technology, online courses, Internet security, 
copyright policy, institutional data access, and student behavior.
    Copyright law is essential to many of the core functions of 
universities. Faculty, staff and students enjoy protection of the 
intellectual property that is created every day through the process of 
scholarly research. Teachers also derive enormous benefit from the 
doctrine of Fair Use (sections 107 through 118 of the Copyright Act, 
Title 17 of United States Code), which permits limited free use of 
copyrighted materials for nonprofit educational purposes. Therefore, we 
are concerned whenever members of our university community are engaged 
in activities that violate the copyrights of others.
    The University of Utah employs two independent technology solutions 
on its campus network to address the problem of illegal filesharing. 
The first is continuous monitoring of network traffic to identify high-
bandwidth users in all areas of campus. The second is a network 
monitoring program called Audible Magic, which detects and blocks 
transmission of unencrypted copyrighted music and video recordings from 
computers in the student residence halls. The decision to use these 
technologies for detecting suspected cases of copyright abuse through 
peer-to-peer filesharing was made by its Chief Information Officer, Dr. 
Stephen Hess, in consultation with the University administration and 
the University's Information Technology Council, a broadly based 
oversight committee composed of faculty and staff from all major areas 
of the campus. The University's Information Security Office (ISO) 
implements the policies.
    The ISO network monitoring software automatically generates daily 
reports for the manager of each local area network (LAN), typically for 
a department or college within the university. The report lists all of 
the computers connected to that LAN for which the volume of outgoing 
network traffic exceeded one gigabyte (GB) over a 24 hour period. Each 
LAN manager is responsible for assessing the type of information being 
sent and whether the use of network resources is consistent with 
university policy and applicable laws. In most cases, the traffic is 
associated with legitimate teaching and research functions of the 
university. However, in some cases, LAN managers are able to identify 
computers that are transmitting large amounts of data inappropriately. 
It is the responsibility of the LAN manager to isolate the offending 
computer from the campus network and to contact the user or 
administrator of the machine to make a detailed assessment of the 
situation.
    The ISO also runs Audible Magic network monitoring software in the 
local area network serving our student residence halls, where the 
potential for illegal filesharing is high. The software is designed to 
detect transmission of copyrighted materials registered with Audible 
Magic by looking for particular patterns of bits crossing the network, 
somewhat like software designed to detect computer viruses. Whenever 
Audible Magic detects the transmission of a protected work, the 
transmission is automatically reset, preventing the protected work from 
being shared. Additionally, network access is cut off automatically if 
the total volume of outgoing network traffic from a student computer in 
the residence halls exceeds two GB per day.
    Currently, the ISO deals with suspected cases of abuse of network 
resources about two or three times each week. Approximately 70 percent 
of the instances occur in the area of our network that serves the 
student residence halls. If the ISO finds that a user violated the 
university's Information Resources Policy (http://www.admin.utah.edu/
ppmanual/1/1-15.html), then the ISO representative reviews that policy 
with the user. The user must then provide a signed statement agreeing 
to abide by the policy as well as applicable federal and State laws. 
Only then is the user's access to the network restored. Students who 
violate the policy more than once are referred to the Dean of Students 
and the Student Behavior Committee for disciplinary action.
    This two-pronged technology solution has been effective for 
minimizing the amount of illegal copyright violations on campus through 
peer-to-peer filesharing. In the past 10 years, there have been only 
three instances in which it was necessary to permanently revoke a 
user's access to the university network. Since we began using the 
Audible Magic network monitoring software more than two years ago, the 
number of copyright abuse notices received from the Recording Industry 
Association of America (RIAA) and the Motion Picture Association of 
America (MPAA) has declined by more than 90 percent. The strategy also 
pays financial dividends for the university. By focusing attention on 
high-bandwidth users, the University has saved enormous amounts of 
money that would have otherwise been required to build network capacity 
to support illegal activities. Our ISO currently spends only about 
three person-hours per week dealing with network abuse issues. Without 
the two technology solutions in place, it is likely that it would 
require at least one additional full-time employee to respond to 
complaints.
    It is important to note that there is no software or other network 
monitoring technology that can identify illegal transmission of 
copyrighted material with 100 percent reliability. Audible Magic only 
detects transmission of works that are registered with the company. 
Furthermore, it cannot detect the transmission if the session is 
encrypted (e.g., with the BitTorrent peer-to-peer filesharing 
software). Monitoring network traffic volume can identify large 
bandwidth users, but does not necessarily indicate illegal activities. 
That is why it is important to employ at least two independent 
strategies (e.g., network traffic volume and Audible Magic) for 
detecting suspected violations. It is equally important to reserve 
judgment in each case until after making personal contact with the user 
or administrator of a suspect computer to assess whether or not the use 
of university network resources is appropriate.
    In conclusion, the University of Utah currently employs a two-part 
strategy of monitoring local network traffic volume across its entire 
network and operating filesharing detection software in the local area 
networks serving the student resident halls. This strategy is largely, 
though not 100 percent, effective for identifying inappropriate peer-
to-peer filesharing activities involving copyright infringement. The 
strategy protects the privacy of individuals while at the same time 
flagging suspicious activities electronically. When suspected cases of 
network abuse are detected, university officials follow up with 
individual computer users to determine whether or not the activity is 
appropriate, and they take any actions necessary to ensure that our 
network resources and the Internet are used responsibly.

                     Biography for Charles A. Wight
    Professor Charles Wight has been a member of the University of Utah 
faculty since 1984. His primary academic appointment is in the 
Chemistry Department, where he and his research group perform research 
on the chemical reactions and combustion of high explosives and solid 
rocket propellants. Chuck is the Deputy Director of the University of 
Utah Center for Simulation of Accidental Fires and Explosions, a large 
multi-disciplinary center for high-performance computing and 
simulation. Chuck serves as Associate Vice President for Academic 
Affairs and Undergraduate Studies. In this role, he is responsible for 
operating the University's Continuing Education unit, its General 
Education program, and for development of policies for educational 
technology and online courses. He serves on the University's Academic 
Leadership Team and assists the Chief Information Officer, Dr. Stephen 
Hess, in the development of institutional policies regarding 
institutional data access and security. In 2001, Chuck chaired a 
committee that wrote the current institutional policy governing 
copyright ownership for works created using University of Utah 
resources.

    Chairman Gordon. And Dr. Sannier, you are recognized.

STATEMENT OF DR. ADRIAN SANNIER, VICE PRESIDENT AND UNIVERSITY 
          TECHNOLOGY OFFICER, ARIZONA STATE UNIVERSITY

    Dr. Sannier. Thank you, Chairman Gordon, Ranking Member 
Hall, and distinguished Members of the Committee for giving me 
this opportunity to describe for you Arizona State University's 
use of technology to reduce the incidence of copyright 
infringing filesharing on its campus networks.
    My name is Adrian Sannier, and I am the University 
Technology Officer at Arizona State University responsible for 
the governance of the network, among other duties. As one of 
the Nation's largest universities with over 65,000 students 
attending its four campuses in the metropolitan Phoenix area, 
ASU provides its students, faculty, and staff with an extensive 
and evolving array of computing and communication services. 
These services have become a core enabler of the university's 
academic and research missions and will continue to do so in 
the foreseeable future.
    To govern the legitimate use of these services, ASU has 
developed an acceptable use policy for its computing and 
communication services that expressly forbids their use to 
transfer or exchange files when that transfer or exchange would 
infringe on copyright. Users of the university's computing and 
communication services must electronically agree to this policy 
as a condition of connection. The policy explicitly forbids the 
use of university communications or computing infrastructure 
for any unlawful communications, including threats of violence, 
obscenity, child pornography, copyright infringement, and 
harassing communications.
    I am pleased to report that despite some reports to the 
contrary in the popular press, ASU has a relatively low rate of 
complaint about the illegitimate use of its network from 
copyright holders such as the RIAA. ASU's complaint rate, which 
is the number of individuals alleged to have distributed 
copyrighted content per thousand students, is less than half of 
one percent, the lowest among the 25 institutions for which the 
RIAA released data this past spring.
    In a recent letter to university presidents around the 
Nation, the RIAA outlined a set of four best practices that 
they recommended that universities employ to prevent or reduce 
student exposure to lawsuits. ASU was an early adopter of these 
practices, and they are the cornerstones of our successful 
containment efforts.
    The first recommended practice is education. ASU 
incorporates education about the illegitimate use of networks 
in our new student orientations, our residence hall 
orientations, and our twice yearly information security 
orientations.
    The second recommended practice is to offer students a 
legitimate online service as an alternative to illegitimate 
filesharing. Beginning in July of 2005, ASU was an early 
adopter of one such service, a digital entertainment network 
designed specifically for college students known as Ruckus. 
ASU's subscription provides its students with downloadable 
access, legal downloadable access, to 2.75 million songs, full-
length feature films, short-form video, sports clips, and music 
videos, as well as access to a social network site focused on 
the network.
    The third recommended practice is to take appropriate 
disciplinary action when students are found to be engaging in 
infringing conduct online. And so in addition to sanctions 
available under applicable law, ASU, and regents' policy, ASU 
can impose temporary or permanent reduction or elimination of 
access privileges to computing and communication accounts, 
networks, or ASU-administered computing rooms, services, or 
facilities in the event of infractions.
    The RIAA's final recommendation encourages universities to 
implement technical solutions to restrict, filter, or curtail 
peer-to-peer filesharing. Any technical solution must balance 
the rights of copyright holders with the legitimate uses of the 
university's network and its users' expectations of privacy and 
academic freedom.
    Beginning in December of 2000, ASU's first attempt at such 
a solution was a packet-shaping solution. The packet-shaping 
solution restricted the amount of bandwidth available to peer-
to-peer filesharing to a portion of the network bandwidth so 
that we could contain how much filesharing was being done. But 
by 2006, the amount of illegitimate network traffic had grown 
so high that reinvesting in that solution, which had cost the 
university about $250,000, seemed the wrong alternative.
    After evaluating several different products and approaches, 
we have finally settled on Audible Magic's CopySense Network 
Appliance. The CopySense product does not disable peer-to-peer 
networking services or restrict the bandwidth available to 
them. Instead, the CopySense Appliance treats copyrighted 
material as if it were a computer virus on a P2P network. It 
works by blocking the exchange of copyrighted content while 
allowing legitimate files to transfer unobstructed. While our 
technical team was skeptical of this approach at first, our 
initial tests convinced us that the CopySense approach would 
provide us with a viable solution.
    We installed the CopySense solution in spring semester 
without fanfare. It was configured to reject any traffic 
identified as registered commercial music, likely commercial 
music, commercial film and TV, or likely commercial software, 
and it began rejecting about between five and 10 percent of the 
overall network bandwidth immediately, identifying that traffic 
as the exchange of copyrighted material.
    Overall I would classify our adoption of CopySense as one 
of the easiest technical adoptions we have undertaken and that 
it has thus far caused very little disruption in our community.
    The list price is just over $200,000, and so that as a 
pioneer reference account, we will probably end up spending 
closer to half of that for an implementation of ASU's scale.
    While we at ASU are pleased with our new technical 
solution, we remain concerned about the potential for ongoing 
arms races. Peer-to-peer services have evolved to defeat 
counter measures before, and it would be foolhardy to think 
that they won't continue to do so. And as long as these arms 
races continue, universities will be called upon to continue to 
expend resources in the defense of copyright that they might 
spend otherwise.
    We, therefore, applaud the progress that many in the market 
have made in developing new and more effective business models 
for the consumer-friendly distribution of electronic content 
and look forward to the day that these improved services make 
copyright-infringing file exchange unattractive to all but the 
fringe of our community.
    Thanks again for this opportunity to share Arizona State 
University's experiences with you.
    [The prepared statement of Dr. Sannier follows:]
                  Prepared Statement of Adrian Sannier
    Thank you, Chairman Gordon, Ranking Member Hall, and other Members 
of the Committee for giving me an opportunity to describe for you 
Arizona State University's use of technology to reduce the incidence of 
copyright-infringing filesharing on its campus networks.
    As one of the Nation's largest universities, with over 65,000 
students attending its four campuses in the metropolitan Phoenix area, 
ASU provides its students, faculty and staff with an extensive and 
evolving array of computing and communications services. These services 
have become a core enabler of the University's academic and research 
missions.
    To govern the legitimate use of these services, ASU developed an 
Acceptable Use Policy for its computing and communication services that 
expressly forbids their use to transfer or exchange files when that 
transfer or exchange would infringe on copyright. Users of the 
University's computing and communication services must electronically 
agree to this policy as a condition of connection. The policy 
explicitly forbids the use of university communications or computing 
infrastructure for any unlawful communications, including ``threats of 
violence, obscenity, child pornography, copyright infringement and 
harassing communications.''
    I am pleased to report that, despite some news reports to the 
contrary in the popular press, ASU has a relatively low rate of 
complaint about the illegitimate use of its network from copyright 
holders such as the RIAA. ASU's complaint rate, which is the number of 
individuals alleged to have distributed copyrighted content per 
thousand students, was only 0.52 percent, the lowest among the 25 
institutions for which the RIAA released data this past Spring.
    In a recent letter to University Presidents around the Nation, the 
RIAA outlined a set of four best practices that they recommend 
universities employ to prevent or reduce student exposure to lawsuits 
and/or Digital Millennium Copyright Act notices. ASU was an early 
adopter of each of these best practices, and they are the cornerstones 
of ASU's successful containment efforts.
    The first recommended practice is to educate students about the 
do's and don'ts of downloading and copying music and other copyrighted 
works. ASU incorporates these topics as part of our new student 
orientations, our residence hall orientations and our twice yearly 
information security week orientations.
    The second recommended practice is to offer students a legitimate 
online service, one that provides an inexpensive alternative to illegal 
filesharing. Beginning in July of 2005, ASU was an early adopter of one 
such service, a digital entertainment network designed specifically for 
college students known as Ruckus. ASU's subscription provides its 
students with downloadable access to 2.75 million songs, full-length 
feature films, short-form video, sports clips, and music videos, as 
well as access to a social network site focused on the network.
    The third recommended practice is to take appropriate disciplinary 
action when students are found to be engaging in infringing conduct 
online. Under the terms of ASU's Acceptable Use Policy,

         upon receiving notice of a violation, ASU may temporarily 
        suspend a user's privileges or move or delete the allegedly 
        offending material pending further proceedings. A person 
        accused of a violation is notified of the charge and has an 
        opportunity to respond before ASU imposes a permanent sanction.

    In addition to sanctions available under applicable law and ASU and 
regents' policies, ASU may impose a temporary or permanent reduction or 
elimination of access privileges to computing and communication 
accounts, networks, ASU-administered computing rooms, and other 
services or facilities.
    The RIAA's final recommendation encourages universities to 
implement a network technical solution to restrict, filter, or curtail 
peer-to-peer filesharing. Any technical solution must balance the 
rights of copyright holders with the legitimate uses of the 
university's network and its users' expectations of privacy and 
academic freedom.
    Beginning in December of 2000, ASU's first attempt at a solution 
was a network monitoring solution from Packeteer. ASU used the 
Packeteer product to monitor network data streams and use the protocol 
information contained in the streams to prioritize traffic. This 
allowed ASU the amount of university bandwidth devoted to peer-to-peer 
traffic to be strictly limited. Over a five year period, ASU invested 
more than $250,000 in the installation and maintenance of this 
solution, which was purchased and maintained solely for its role in 
protecting the interests of copyright holders. In 2006, as the 
legitimate traffic volumes continued to increase, requiring a 
concomitant increase in investment in Packeteer, ASU began to look for 
a different solution.
    After evaluating several different products and approaches, we have 
finally settled on Audible Magic's CopySense Network Appliance. The 
CopySense product does not disable peer-to-peer networking services or 
restrict the bandwidth available to them. Instead, the CopySense 
Appliance treats copyrighted material as if it were a computer virus on 
a P2P network. It works by blocking the exchange of copyrighted content 
while allowing legitimate files to transfer unobstructed. While our 
technical team was skeptical of the approach at first, our initial 
tests convinced us that the CopySense approach would provide us with a 
viable solution.
    We installed the CopySense in spring semester without fanfare. It 
was configured to reject any traffic identified as registered 
commercial music, likely commercial music, likely commercial film and 
TV, or likely commercial software. It began rejecting about five 
percent of the overall network bandwidth immediately, identifying that 
traffic as the exchange of copyrighted material. Despite the 
interruption in network transmission, there was no noticeable increase 
in calls to our help desk, and we received no complaints about network 
performance for legitimate purposes attributable to the CopySense 
product.
    Overall I would classify our adoption of CopySense as one of the 
easiest technical adoptions we have undertaken and that it has thus far 
caused very little disruption in our community.
    The list price for the CopySense product at ASU's scale is just 
over $200,000, but ASU expects its costs this year, as a Pioneer 
Reference Account, to be closer to one-half that price.
    While we at ASU are pleased with our new technical solution, we 
remain concerned about the potential for an ongoing ``arms races.'' 
Peer-to-peer services have evolved to defeat effective counter-measures 
before and it would be foolhardy to believe that no further evolution 
is possible. As long as this ``arms race'' continues, universities will 
continue to be called upon to spend scarce resources procuring and 
deploying the latest technical counter-measures and expending time and 
energy in the protection of copyright at the expense of the value-added 
application of emerging technologies to the core missions of the 
institution.
    We therefore applaud the progress that Apple and others have made 
in developing new and more effective business models for the consumer 
friendly distribution of electronic content and look forward to the day 
that these improved services make copyright-infringing file exchange 
unattractive to all but the fringes of our community.
    Thank you again for the opportunity to share Arizona State 
University's experience with you.

                      Biography for Adrian Sannier
    Dr. Adrian Sannier was recently named Vice President and University 
Technology Officer at Arizona State University. The former Stanley 
Professor of Interdisciplinary Engineering at Iowa State University's 
Department of Industrial and Manufacturing Systems Engineering, Sannier 
brings with him 17 years of experience in both the public and private 
sectors. At Iowa State, Sannier was one of the founders of the Human 
Computer Interaction program and, in addition to research and teaching, 
was Associate Director of ISU's Virtual Reality Applications Center. 
Research at VRAC focuses on the applications of immersive visualization 
and next generation human/computer interfaces to challenges in science, 
technology and the humanities. Prior to joining the Iowa State 
University faculty in 2001, Sannier was Vice President and General 
Manager of Engineering Animation, Inc., a leading provider of 3D 
computer graphics software. Sannier led a group of 200 programmers and 
artists, who created products for a diverse group of companies, from 
Mattel and Disney to Ford and General Motors.

    Chairman Gordon. Thank you, and Mr. Ikezoye.

  STATEMENT OF MR. VANCE IKEZOYE, PRESIDENT AND CEO, AUDIBLE 
                       MAGIC CORPORATION

    Mr. Ikezoye. Good afternoon, Chairman Gordon, Ranking 
Member Hall, and distinguished Members of the Committee. My 
name is Vance Ikezoye, and I am President and CEO of Audible 
Magic Corporation. Thank you for your invitation to appear 
today.
    By way of background, Audible Magic provides solutions to 
identify and manage electronic media, including preventing its 
piracy. My testimony here today is intended to provide an 
overview of the technological aspects of this issue, not to 
advocate a specific public policy position.
    Audible Magic has developed a technical solution called the 
CopySense Appliance. Our product provides universities the 
ability to automate the education process, and enforce network 
use policies related to copyright, while protecting students' 
privacy and academic access to technology.
    We introduced this solution in late 2003, and to date we 
have over 80 customers worldwide. We have over 70 higher 
education customers that range in size from as few as 150 
students to large public universities. Our experience has shown 
that the use of technology such as CopySense has significantly 
reduced piracy on campuses. On one college campus, we saw 
within one month an 80 percent decrease in total network 
traffic, a 71 percent decrease in the number of users of 
filesharing applications, and finally, the filesharing traffic 
itself dropped from 20 gigabytes per day to effectively zero in 
less than one week.
    CopySense Appliance was designed to intelligently detect 
and manage copyrighted content transfers over public 
filesharing applications like BitTorrent and Gnutella. Using 
our copyright identification technology, the system matches 
unknown files transferred over known public peer-to-peer 
filesharing applications to a database of copyrighted materials 
that have been registered by the copyright owners.
    Our design philosophy is based upon the belief that peer-
to-peer technology is not the problem. Peer-to-peer filesharing 
networks are an efficient means to distribute legitimate 
materials such as Linux software or even promote local unsigned 
artist's music. However, it is the unauthorized transfers of 
copyrighted works, whose owners do not want their works copied, 
that is the problem.
    Our product allows the technology to work for everyone. The 
system can be used to allow content owners, such as a local 
garage band, to designate their content to be freely 
distributed, while a major label could designate their content 
to be blocked from distribution. Our product ranges in price 
from $5,000 on a small network to about $100,000 for a larger 
university network, depending on the bandwidth managed.
    I would like to highlight for the Committee the new 
capabilities introduced this year, which are specifically 
designed to support universities in their mission to educate 
students. The CopySense system provides universities the 
ability to influence student behaviors through a graduated 
series of student communication and sanctions. The CopySense 
system can detect student violations of the university's 
network policies, which can include using peer-to-peer 
applications to download copyrighted music or movies.
    Upon detection of these violations, the system will 
communicate with the student by automatically redirecting the 
student's Internet browser to a university-maintained website. 
This website can be used to educate the student on their 
violation and the reasons why their behavior was inappropriate. 
These pages could even be used to administer a copyright lesson 
and test. Because the system triggers at the time of the 
violation, the system is able to leverage the teachable moment 
by immediately providing feedback to the student.
    The system possesses a configurable point system that 
provides an escalation in notifications or sanctions. The 
system could be configured to direct communications privately 
to the student violating the school policy. Any other 
information or reports could be restricted from access by 
others. In this way the system can comply with most 
universities' privacy policies.
    I would like to point out that no technology is or will 
ever be a 100 percent effective solution, no matter what the 
context. But I will also propose that a solution does not have 
to be 100 percent to be effective and to make a difference on 
campuses.
    One issue we hear from larger universities is a concern 
that our technology cannot handle their high bandwidth 
networks. First, our technical system is not an inline device. 
If an inline device is not fast enough, or even worse fails, it 
can slow down or stop network traffic. The CopySense Appliance 
performs its matching activity in parallel with a real-time 
network traffic flow. The actual experience of our customers 
has been that the CopySense Appliance has no adverse impact on 
network performance.
    Secondly, we often get questions about our effectiveness; 
how can we match and identify files quickly enough to stop the 
transmissions of offending files when the campus networks are 
so fast? We have designed a very sophisticated solution to 
these problems. Let me briefly explain both the concern and how 
we handle it.
    Files transferred over networks are broken up into discreet 
chunks referred to as packets. In order to make a match, a 
portion of the file will need to be reassembled and a number of 
packets collected. At that point we can perform the match using 
our fingerprinting technology.
    You might be thinking, this must take a long time, and so 
on high speed networks the system won't ever match a file 
before the offending file transfer has already occurred. Our 
technical approach isolates this problem to only the first time 
we see the file being transferred. The first time we encounter 
a file we have never seen before, we must go through the 
process of using our fingerprinting technology. However, once 
this occurs, we can associate the file with an identifier, 
which is like an ID number. This ID number can be read from the 
data transmission very quickly and in more than enough time to 
take action.
    Can technology solve the problem of piracy of copyrighted 
works in every instance? Can technology clear all university 
and college campuses of illegal filesharing? Technology will 
never be the entire solution. Technology is just one of the 
essential tools to combat piracy on campuses and as the title 
of this hearing indicates technology can reduce the number of 
violations and play a major role in supporting universities' 
and colleges' efforts to address this most important issue.
    [The prepared statement of Mr. Ikezoye follows:]
                  Prepared Statement of Vance Ikezoye
    Good afternoon, Chairman Gordon, Ranking Member Hall, and 
distinguished Members of the Committee. My name is Vance Ikezoye and I 
am President and CEO of Audible Magic Corporation. Thank you for your 
invitation to appear today to discuss the important issue of using 
technology to reduce digital copyright violations on university and 
college campuses.
    By way of background, I am a co-founder of Audible Magic. I have a 
Bachelor's degree in Engineering from the University of California, 
Berkeley and a MBA from the University of Pennsylvania, Wharton School. 
My work experience includes 13 years at Hewlett-Packard. Audible Magic 
was founded in 1999 and is based in Los Gatos, California. We provide 
technologies, services, and easy-to-use solutions to identify and 
manage electronic media, including preventing its piracy. Our customers 
include legitimate peer-to-peer networks such as iMesh and Kazaa, and 
video sharing and social community sites like MySpace and Microsoft 
Soapbox. Artists, publishers and content owners desiring to protect or 
manage their copyrighted music, video or software register in Audible 
Magic's continually updated database. The electronic fingerprint and 
ownership information database currently exceeds five million works and 
is one of the largest collections of its kind in the world. My 
testimony here today is intended to provide an overview of the 
technological aspects of this issue, not to advocate a specific public 
policy position.
    Audible Magic has developed a technical solution called the 
CopySense Appliance. Our product provides universities the ability to 
automate the education process, enforce network-use policies related to 
copyright, while protecting students' privacy and academic access to 
technology.

Technology's Effectiveness on Campuses

    We introduced this solution in late 2003 and to date have over 80 
customers worldwide including about 70 university and college 
customers. Our university customers span all corners of the United 
States and range in size from as few as 150 students to large public 
universities. In addition, we hope to soon have one of the highest 
enrollment universities in the United States as a customer. Both 
private and public institutions use the CopySense Appliance as a 
solution to illegal peer-to-peer filesharing on campus. Our experience 
in over 70 universities and colleges has shown that use of technology 
such as CopySense has significantly reduced piracy on campuses. On one 
college campus, we saw within one month an 80 percent decrease in total 
network traffic, a 71 percent decrease in the number of users of peer-
to-peer filesharing applications, and finally the peer-to-peer 
filesharing traffic dropped from 20 GB per day to effectively zero in 
less than one week.
    The CopySense Appliance was designed to intelligently detect and 
manage copyrighted content transfers over networks by individuals using 
popular public filesharing applications like BitTorrent and Gnutella. 
Since 2003, we have continued to improve our product and have focused 
on developing features to support the needs of universities and other 
educational institutions. Our solution is a turnkey, hardware product 
that is easily installed on the network of a university and provides 
automated detection and enforcement of copyright policies that are 
defined by the university administration. I will talk later about the 
new features we have integrated which provide tools to support the 
education of students in this area of copyright.
    Using our copyright identification technology, the system matches 
unknown files transferred over known public peer-to-peer filesharing 
applications to a database of copyrighted materials that have been 
registered by the copyright owners. Since we focus on known public 
peer-to-peer filesharing applications, private communications such as 
e-mail pass by unaffected.
    Our design philosophy is based upon the belief that peer-to-peer 
filesharing technology is not the problem. In fact, peer-to-peer 
technology is powerful and will be utilized increasingly in mainstream 
applications in the future. Peer-to-peer filesharing networks 
themselves are an efficient means to distribute legitimate materials 
such as Linux software or even promote local unsigned artists' music. 
However, it is the unauthorized transfers of copyrighted works, whose 
owners do not want their works copied that is the problem.
    Our product allows the technology to work for everyone. The system 
can be used to allow content owners, such as a local garage band, to 
designate their content to be freely distributed, while a major label 
or movie studio could designate their content to be blocked from 
distribution. All other content passes through unimpeded without 
affecting the network's performance or reliability.
    Our product ranges in price from $5,000, on a small network, to 
$100,000 for a large university network, depending on the network 
bandwidth managed. Our customers have found that we can provide a cost-
effective solution that can save them significant costs of bandwidth 
while providing better service to their users. As an example, one of 
our customers is a small technical high school, which uses a DSL 
connection, like many people have in their homes, and it found our 
product to dramatically improve its users' satisfaction in a cost-
effective manner.

New Tools to Support Education of Students

    I would like to highlight for the Committee the new capabilities of 
the CopySense Appliance, introduced this year, which are specially 
designed to support universities in their mission to educate students. 
The CopySense system provides universities the ability to influence 
student behaviors through a graduated series of student communications 
and sanctions. The CopySense system can detect students' violations of 
the university's network policies and apply automated sanctions to the 
violators, which are defined by the university administration. The 
university can configure the product to detect specific behavioral 
violations, which can include using peer-to-peer applications to 
download copyrighted music or movies.
    Upon detection of these violations, the system will communicate 
with the student by automatically redirecting the student's Internet 
browser to a website which the university maintains. This website can 
be used to educate the student on their violation and the reasons why 
their behavior was inappropriate--these pages could even be used to 
administer a web-based copyright lesson and test. Because the system 
triggers at the time of the violation, the system is able to leverage 
the `teachable moment' by immediately providing feedback to the 
student.
    The system possesses a configurable point system that provides an 
escalation in the notifications or sanctions. As an example, if a 
student was a serious repeat offender, the system could block the 
student's web, e-mail, or Internet access for preset periods of time.
    The system could be configured to direct communications privately 
to the student violating the school policy. Any other information or 
reports could be restricted from access by others unless configured and 
specified by the University. In this way the system can comply with 
most universities' privacy policies.

Concerns About Technical Effectiveness

    Before I get into specific issues that are commonly brought up 
about network technologies, I would like to point out that no 
technology is or will ever be a 100 percent effective solution no 
matter what the context. But I will also propose that a solution does 
not have to be 100 percent to be effective and make a difference on 
campuses.
    Our design principle is that the system should not be over-
reaching. Adopting this design principle, by definition, says that our 
system will not be a 100 percent solution. As an example, we may not be 
able to identify or even detect 100 percent of the filesharing traffic 
on the network. In order to detect 100 percent of the traffic, our 
system would have to be installed on every segment and device on the 
network--and this could dramatically increase costs. However, as I 
suggest, if we focus on feedback in an effort to educate students, we 
might begin to achieve the end result of correcting improper behaviors.
    A critical concern of any technology relates to privacy. We have 
designed the CopySense system so that it can be configured to restrict 
access to information in a manner consistent with a university's 
privacy policy. If so configured, the university could treat this 
system as a black box as they do their other network equipment. This 
black box operates automatically without access by unauthorized 
personnel. In this way, the system's educational features could be 
configured so that only the student is notified of detection of their 
inappropriate behavior.
    The second aspect of the system design with respect to privacy is 
that the system matches only copyrighted items in a database that are 
transferred over known public filesharing networks. All other 
communications such as e-mail and web traffic go by unimpeded and 
without inspection. Our product operates in a manner similar to anti-
virus products or even spam filters. Only our registry contains 
fingerprints of copyright works rather than fingerprints of viruses or 
spam.
    From one perspective, our product is much less invasive from a 
privacy point of view than spam-filtering technology. Our product only 
detects the transfer of copyrighted works over public filesharing 
networks. Remember that these networks connect millions of anonymous 
strangers who are revealing the contents of their computers' hard 
drives; it is a question if there is even an expectation of privacy 
under these circumstances. Contrast that with spam-filtering 
technologies, which scan and intercept private e-mail communications 
between known individuals.
    One issue we hear from larger universities is the concern that our 
technology cannot handle the high-bandwidth speeds that they have 
deployed on their campuses. First, from a network administrative point 
of view, our system is not an in-line device. In-line devices are 
problematic since all the data traffic needs to go through them. If the 
device is not fast enough or even worse, fails, it can slow down or 
stop network traffic. As a device that is not in-line, the CopySense 
appliance operates on the sidelines and performs its matching activity 
in parallel with the real time network traffic flow. The actual 
experience of our university customers has been that the CopySense 
appliance has no adverse impact on network performance.
    Secondly, we often get questions about our effectiveness--how can 
we match and identify files quickly enough to stop the transmissions of 
offending files when the campus networks are so fast? We have designed 
a very sophisticated solution to this question. Let me briefly explain 
both the concern and how we handle it.
    Files transferred over networks are broken up into discrete chunks 
referred to as packets. In order to make a match using our technology, 
a portion of the file will need to be reassembled and a number of 
packets collected and buffered. Our system in the course of its 
operation does this routinely. Once we collect and reassemble enough of 
the file, we can perform a match using our fingerprinting technology.
    You might be thinking, ``This must take a long time and so on high-
speed networks the system won't ever match a file before the offending 
file transfer has already occurred.'' Our technical approach isolates 
this problem to only the first time we see the file being transferred.
    The first time our product comes across a file we have never seen 
before, we must go through the process of collecting and analyzing the 
file using our fingerprinting technology. As one might guess, on high-
speed networks it may happen too fast for our technology. However, 
after this initial experience with the file, we can associate the 
identity of the file with an identifier, which is like an ID number for 
files shared over these networks. This ID number can be read from the 
data transmission very quickly--in more than enough time to take 
action. We maintain a local list of these identifiers in every system 
installed. Thus in most cases, this list can be used to accurately 
match files transferred even over high-speed networks in plenty of time 
to react.
    I also want to point out that our CopySense content identification 
solution has become the industry standard, not only in the university 
network community, but in other technology settings, including legal 
peer-to-peer systems and user-generated content websites like MySpace, 
GoFish, and others. One of the many reasons why our technology has been 
adopted is because it is highly accurate.
    A general concern raised about any network traffic analysis is the 
issue of encrypted filesharing networks. Encryption is a technique that 
is commonly used in electronic communications to scramble what would 
otherwise be an open, readable message. Encryption is most commonly 
used in financial transactions over the Internet, such as a credit card 
transaction, in order to protect the privacy and security of these 
transactions.
    Peer-to-peer filesharing applications have adopted encryption, 
however, not to protect the privacy of the users, but to inhibit 
network management of peer-to-peer traffic and to prevent detection of 
illegal transfers of copyrighted-content files. The reality is that 
encryption technology can prevent the detection of content transfers at 
the file level such as that performed by our product. There are popular 
filesharing applications that use various levels of encryption today. 
However, even peer-to-peer filesharing applications that encrypt data 
often have some unique characteristics that identify the transfers. Our 
product deals with this by providing the university the ability to 
detect and block the use of encrypted peer-to-peer filesharing 
applications. This in combination with the educational features of the 
system is intended to discourage use of encrypted filesharing 
applications and migrate users back to unencrypted filesharing 
applications.
    The term ``darknet'' generally refers to filesharing application 
networks that limit themselves to a local area such as a floor within a 
dorm. These darknets provide students a mechanism for transferring 
copyrighted files without exposing their illegal conduct to the 
university network systems or to the ``light'' of the outside world. 
The strategy to address this usage is to understand that detecting and 
stopping all darknet traffic is not the primary goal. The goal is to 
change the students' behavior. Therefore even statistical detection, 
perhaps by periodically deploying systems around the campus network, 
like a radar speed detection trailer that is moved from neighborhood to 
neighborhood, can be an effective means to influence students' 
behavior.
    Can technology solve the problem of piracy of copyrighted works in 
every instance? Can technology clear all university and college 
campuses of illegal peer-to-peer filesharing? Technology will never be 
the entire solution. Technology is just one of the essential tools to 
combat piracy on campuses, and as the title of this hearing indicates, 
technology CAN reduce the number of violations and play a major role in 
supporting universities' and colleges' efforts to address this most 
important issue.
    Thank you for the opportunity to appear before you today and I will 
be happy to answer any questions you may have.

                      Biography for Vance Ikezoye
    Vance Ikezoye co-founded Audible Magic in 1999. He has over twenty 
years of experience in high technology sales, marketing, and technical 
support including thirteen years at Hewlett-Packard Company. At HP he 
was involved in both the computer systems and medical products 
businesses. After HP, Ikezoye joined Trade Reporting and Data Exchange 
Incorporated, a VC-funded information company startup, where he served 
for five years in the positions of Vice President of Sales, Marketing, 
International, and Business Development. During that time, he developed 
distribution channels in the U.S., Europe, South America, and Asia. 
Ikezoye holds a Bachelor's degree in Engineering from U.C. Berkeley and 
an MBA from the University of Pennsylvania, Wharton School.

    Chairman Gordon. Thank you, and Dean Elzy, you are 
recognized for five minutes.

    STATEMENT OF MS. CHERYL ASPER ELZY, DEAN OF UNIVERSITY 
     LIBRARIES AND FEDERAL COPYRIGHT AGENT, ILLINOIS STATE 
                           UNIVERSITY

    Ms. Elzy. Chairman Gordon, Congressman Hall, and Members of 
the Committee, thank you for the opportunity today to share 
with you about Illinois State University's Digital Citizen 
Project.
    Illinois State University is a typical university campus of 
20,000 students, great faculty, and great kids. They are not 
inherently bad people. They are like college students 
everywhere, sharing movies, music, TV shows, games, and 
software, a good deal of it without copyright permission. Our 
campus is no different.
    I described the Digital Citizen Project in detail in my 
first Congressional testimony before the House Subcommittee on 
21st Century Competitiveness last fall, but briefly, this 
project started back in 2005, when we received nearly 500 
copyright violation notices. The pivotal moment for me came 
personally, though, when we received four subpoenas for 
students who were going to be sued. I think I felt the 
situation more deeply because I, myself, have a son at Illinois 
State. What would I think or how would I react if this was my 
child being sued? To tell the truth, I would be raising hell 
with the university for not protecting my son. Why did they let 
him do this? Why wasn't someone watching?
    But what could ISU do? The simple answer seemed to be why 
don't we go ask them what they want, them in this case was the 
RIAA. So we did. Though no institution had actually come to 
them before, the good news is they were willing to talk, and 
that 28 months ago marked the beginning of our project.
    From the first the project leaders felt it was crucial to 
work with everyone, literally everyone in solving this issue. 
We have worked closely with RIAA and MPAA as our main long-term 
project advisors and supporters. We are also partnering with 
EDUCAUSE and the American Council on Education, and we have 
talked to the American Library Association and the Association 
of Public Television Stations. From the monitoring and 
enforcement industry we have had Packeteer on campus for a long 
time, and we have talked to or worked directly with Audible 
Magic, Red Lambda, enterasys, E-Telemetry, Allot, SafeMedia, 
and others. We are investigating still more like the Bradford 
Networks. Legal digital media services we have met with include 
Cdigix, Ruckus, Apple, Napster, Pass Along, and XM Satellite 
Radio. New ones surface almost every day. We came to Capitol 
Hill on five occasions and met with the staffs of dozens of 
Congressmen, Senators, and committees, both Democratic and 
Republican. We have gone to almost a dozen agencies looking for 
funding, and we are still looking. We have even talked at some 
length with the Electronic Freedom Foundation. They gave us 
what we considered high praise when they said, after a long 
conference call, that our project sounded ``as good as they 
could hope for.''
    Digital Citizen is designed to incorporate education, 
monitoring, legal digital media services, fair use and easier 
copyright permissions, K-12 education and ethics training and 
rewards for good digital citizenship. Overall, the long-term 
goal of the project is to provide a consumer-reports-like 
study, if you will, on the services and systems that are out 
there or just coming on the scene so higher ed will be able to 
make informed, fiscally-responsible decisions.
    As to funding, well, funding is hard to find. We were 
fortunate to receive grants from several entertainment 
companies and associations, but new and different approaches 
like ours to rapidly-evolving challenges like campus piracy, 
don't fit neatly into existing grant categories. It is also 
hard to find funding because many find it easier to talk about 
the symptom, downloading, than to fix the root problem, which 
is changing behaviors and culture.
    Our project timelines were originally based on a three-year 
project; however, it has taken us two years to get sufficient 
funding to get started. We have only now begun to get to the 
heart of the research and analysis. Technically, our project 
has been funded for 18 months, and the clock began five months 
ago. Without new dollars the project will end July 1 next year. 
Our early research and data so far confirmed many expected 
outcomes and revealed some surprises. Please ask me about those 
later if you would like to know more.
    If decision-makers from other campuses came to us today, 
and they have already started, to find out what to do, we 
wouldn't have an answer. It is too early. The monitoring 
technologies don't seem to be fully ready to do what Congress 
or the entertainment industry wants yet. A consumer study is 
desperately needed so side-by-side comparisons, benefits, and 
features can be determined. Both monitoring systems and legal 
digital media services need to be evaluated, and this all needs 
to happen now. A consumer study can help the entertainment 
industry as well by providing reliable, tested feedback. But 
technology is not the answer. The 911 Commission Report says 
that ``Americans' love affair with technology leads them to 
also regard it as the solution, but technology produces its 
best results when an organization has the doctrine, structure, 
and incentives to exploit it.''
    Doctrines, structure, and incentives. That is what ISU has 
put together in the Digital Citizen Project. Your help is 
essential in directing the conversations toward improvements 
and testing of emerging technologies, and support for the 
comprehensive efforts of the Digital Citizen Project and other 
comprehensive programs like ours, that will be invaluable.
    Thank you.
    [The prepared statement of Ms. Asper Elzy follows:]
                Prepared Statement of Cheryl Asper Elzy
Chairman Gordon, Congressman Hall, and Members of the Committee:

    Good afternoon. I am Cheryl Elzy, Illinois State University's Dean 
of University Libraries and our designated agent for notification of 
claims of infringement under Section 512(c) of the Digital Millennium 
Copyright Act (DMCA). In other words, I am the DMCA agent on campus. 
Thank you for the invitation to appear today to share with you Illinois 
State University's plans to address peer-to-peer downloading on our 
campus. The overall project has come to be known as the Digital Citizen 
Project. In the hearing today I will share with you ISU's story of how 
this program came to be, what we've learned, and where we're going.
    But first, I'd like to thank the Committee for its word choices in 
titling this hearing. ``Reducing'' violations is realistically probably 
as much as any of us can hope for whether it's from an industry 
perspective or a technology view or a cultural bias--at least at this 
time. While this is a hearing before the Science and Technology 
Committee, with all respect--technology is only a means to an end in a 
whole lot of ways. Illegal peer-to-peer downloading is NOT solely a 
technology problem. It doesn't have a ``technology'' solution alone. 
The discussion should be about legal access to materials and other 
information resources. We should be talking about connecting users with 
the right tools. An added focus has to be on education and changing 
behaviors. How we do that is what the Digital Citizen Project has been 
exploring for the past twenty eight months and will describe for you 
today.

ILLINOIS STATE UNIVERSITY AS AN INSTITUTION

    By way of background, Illinois State University is an institution 
of about 20,000 students with nearly 18,000 of those being 
undergraduates. The first public university in Illinois, Illinois State 
University was founded in 1857 as a teacher education institution, a 
tradition still very much in evidence today as Illinois State is among 
the top five producers of classrooms teachers in the Nation and has 
more alumni teaching in classrooms today than any other university in 
the country. Our institution is a comprehensive University offering 
more than 160 major/minor options in six colleges delivered by around 
700 outstanding faculty. Students benefit from ``the small-school 
feeling they get from this large university, and the incredible 
opportunities they encounter.'' (Yale Daily News Insider's Guide to 
Colleges, 2000)
    We are a typical campus: great students, great faculty, never 
enough money or space or time. Like every other campus across the 
country, our students, our faculty and staff are not inherently bad 
people. They don't carry off armloads of CDs from the local music 
store. They aren't ripping through Blockbuster with dozens of movies 
under their jackets. But studies continue to show that college students 
everywhere share music, a good deal of it without copyright permission. 
Add to that movies, videos, and television programs. And games. And 
software. Our campus is no different.
    Technology today makes sharing movies and music easy. Everybody's 
friends and colleagues download, or so users believe. They think it's 
not hurting anyone really. It's anonymous, quick, direct, and easy. 
There is no one easy solution, no shrink-wrap fix that will make the 
students stop or make this problem or the DMCA complaints go away. We 
at ISU believe the solution to this overwhelming and all-pervasive 
problem lies in education coupled with enforcement of existing laws and 
direct avenues to legal ways of getting the tunes, the tracks, the 
games, and the movies that are an integral part of today's student and 
faculty lives.
    The scope of the problem is national. It's worldwide. It's not just 
higher education. It's junior high and high schools. Sometimes even 
grade school, as early as third grade according to what we've finding. 
My purpose here today is not to talk about the global landscape or the 
national picture. I'm here to share what one typical university with 
typical students is trying to do to address not just the symptom of the 
problem--the illegal downloading of digital media, but its 
comprehensive root cause.

THE HISTORY OF THE DIGITAL CITIZEN PROJECT

    I described the history, background, and varied parts of the 
Digital Citizen Project in extensive detail in my first Congressional 
Testimony before the House Education and Workforce Committee's 
Subcommittee on 21st Century Competitiveness in a hearing entitled 
``The Internet and the College Campus: How the Entertainment Industry 
and Higher Education are Working to Combat Illegal Piracy'' on 
September 26, 2006. (http://republicans.edlabor.house.gov/archive/
hearings/ 109th/21st/piracy092606/elzy.htm) I would be honored and 
pleased if you would check that testimony if you need more information 
than is presented here.
    To describe the project briefly, though--during the winter of 2005 
we at ISU became progressively more dismayed as the number of copyright 
complaints began increasing dramatically. In 2001, 2002, and 2003 we 
received a few scattered complaints throughout the year, but nothing 
particularly overwhelming. By 2004 Illinois State was seeing a little 
more DMCA activity, but in 2005 everything just seemed to explode 
across our screens. Sometimes there were days when we were getting 20 
or 30 notices a day, several days a week, primarily from entertainment 
industry associations. In the fiscal year ending in June 2005, Illinois 
State University had received 477 formal DMCA complaints from the 
Business Software Alliance, the Entertainment Software Association, 
Sony, Fox, NBC, HBO, MPAA, and RIAA. The problems on campus were 
stemming from activity in the residence halls, Greek houses, other 
places on campus, and dial-up access. Staff time to manage these 
increased exponentially. Our student judicial office saw much heavier 
traffic referred to them for discipline. Follow-ups and tracking seemed 
to take forever.
    Naturally we began asking questions among those working in the 
appropriate use areas on campus. Why the sudden rise in numbers? Were 
our students doing more illegal downloading or were they just getting 
caught? Were we somehow targets of new enforcement campaigns? Why the 
rise at universities when the problem is so much more widespread? What 
was all this costing us? How much costly technological bandwidth was 
this taking besides the obvious investment in staff? How could we 
possibly be satisfied with simply reacting, instead of being proactive 
on the part of our students?
    The pivotal moment for me personally came when we received four 
subpoenas for information on some of our Illinois State University 
students who were going to be sued in federal courts for copyright 
infringements. At that moment my campus was faced with decisions with 
no options particularly attractive. Do we comply (as other campuses 
had) or do we fight release of the information (as still other campuses 
had)? Do we warn the students about the subpoenas or do we stand aside? 
I think I felt this whole situation more deeply because I myself have a 
son attending Illinois State. What would I think or how would I react 
if this was my child? The truth is I'd be raising hell with the 
University for not protecting my son! Why did they let him do this? Why 
did they make it possible for him to get into this mess? Why didn't 
they block this kind of thing? Why wasn't someone watching?
    The university complied with the subpoenas and provided the 
information. Then we stepped back to think and to plan. What could we 
do to protect our students while still complying with the law? How 
could we educate and direct our students? What could we do to police 
ourselves? The rather simple solution seemed to be, literally and in 
the exact words I used back in February two years ago, ``Why don't we 
go ask them what they want us to do?'' ``Them'' in this case was the 
Recording Industry Association of America. So we did. Though no one, no 
institution had actually come to them before, the good news is that 
they were willing to talk. And that, 28 months ago, marked the 
beginning of our Digital Citizen Project.
    One of our first steps was to find out what other institutions were 
doing to combat illegal downloading and reduce DMCA complaints through 
scholarly literature, through conferences, through the press. Today, 
over two years later, more and more colleges and universities are 
taking significant steps to tackle the illegal downloading issues. But 
judging by what we could find in the professional literature 28 months 
ago, the answer then appeared to be: not much. We knew anecdotally that 
some institutions were actually throwing the complaints away. A number 
of institutions were delivering educational or public service 
campaigns, often with a unique local twist. There were a few that were 
putting up a legal music or movie service or two and hoping students, 
in particular, would be attracted to the legal approach. A few other 
universities simply shut down all bandwidth available for peer-to-peer 
activities of any kind, legal or not. Some reported limiting the amount 
of bandwidth available to peer-to-peer applications. All of these 
programs reported little or varying degrees of success. From our 
perspective, most universities and colleges seemed to be waiting for 
someone to prove to them that the problem was real and needed 
attention. Others were waiting for ``the'' solution.

THE PROJECT DESIGN

    Rather than confronting campus piracy with a single approach, we 
worked with RIAA and ultimately MPAA to develop a multi-faceted 
approach to combating piracy on campus. Early on the discussions 
focused on three things--monitoring and enforcement, legal services, 
and education--but subtle changes began to emerge very quickly. The 
first was to move education to lead the list. That was significant to 
us as educators. A critically important aspect for me as a librarian 
was a crystal clear definition of fair use of media in the classroom 
along with easier paths for copyright clearance of media we needed to 
use. Another addition to the program focused on K-12 education and 
ethics. It is widely accepted that downloading behaviors start much 
earlier than when a student arrives on a college campus--and in fact 
student behaviors are learned in high school or before, at home from 
their parents, at school, and at play. Finally, to attract students to 
a comprehensive program of legal, ethical online behavior we wanted to 
offer some sort of rewards for good digital citizenship.
    Overall, the long-term goal of ISU's Digital Citizen Project is to 
create a nationally recognized program that could be cost-effective, 
that is based on comparison and research of the products currently 
available, and that is replicable on other college campuses. We are far 
from there, but we're laying a solid foundation. And we absolutely know 
that there is no one-size-fits-all institutional solution. Nor is there 
a one-size-fits-all technology solution. Not at all. But if a central 
place for education, conversation, trial, and admittedly error can get 
a foothold, then all of higher education benefits. We would like to be 
that central place to serve as a resource for higher education, a 
bridge between education and the entertainment community, a funnel for 
positive feedback and advice to vendors, and a repository for 
educational materials on cyber-ethics, legal downloading, and system or 
software implementation. We want to provide a ``consumer report-like'' 
study, if you will, on the services and systems that are out there and 
just coming on the scene so higher ed will be able to make informed, 
fiscally responsible decisions on what to do on each of the 4,000 
campuses across the country.

THE PROJECT PARTICIPANTS AND CONTACTS

    From the first days of this project 28 months ago the project 
leaders felt it was crucial to work with everyone--literally everyone--
in solving this issue. We contacted associations. We talked to vendors. 
We went to conferences to make other contacts. We came to Capital Hill 
in search of support. We have talked with or partnered with RIAA and 
MPAA as our main long-term project advisors and supporters. We are also 
working closely with EDUCAUSE and the American Council on Education, 
and we have talked with the American Library Association and the 
Association for Public Television Stations. From the monitoring and 
enforcement industry we've had Packeteer on campus for a long time, and 
we have talked to or worked with Audible Magic, Red Lambda, enterasys, 
e-Telemetry, Allot, SafeMedia, and others. We've investigated still 
more, like Branford Networks. Legal digital media services we've met 
with include Cdigix, Ruckus, Apple, Napster, Pass Along, and XM 
Satellite Radio. New ones surface almost every day. We came to Capital 
Hill on five occasions and met with the staffs of dozens of 
Congressmen, Senators, and committees both Democratic and Republican. 
We've gone to almost a dozen agencies looking for funding, and are 
still looking. We've even talked at some length with the Electronic 
Freedom Foundation (EFF). They gave us what we considered high praise 
when they said, after a long conference call, that our project sounded 
``as good as [they] could hope for.''

DIGITAL CITIZEN PROJECT FUNDING

    As to funding--the biggest financial supporter of this project to 
date is Illinois State University itself. The University has 
contributed staff time for a wide range of people working on the 
Digital Citizen Project from CIOs to network engineers to researchers 
and staff, salaries, space, equipment, supplies, and more with an 
estimated value of over $450,000. Beyond that we've gotten formal 
research grants from the University, federal funds in the form of a 
$68,000 Library Services and Technology Act (LSTA) grant through the 
Illinois State Library, and substantial support through the 
entertainment industry. Specifically, funding has come to the project 
from Viacom, Time/Warner, NBC/Universal, a research conglomerate called 
MovieLabs, RIAA, and MPAA. We are aggressively seeking public or higher 
ed funding to balance the support base of the project to avoid even the 
appearance of being a ``bought-and-paid-for study.'' The data we 
produce and the findings we share must be real and must be defensible 
academically. We must remain balanced, unbiased, and neutral in order 
to work productively with all the project partners--some of whom hate 
each other, and some of whom are suing each other. Funding is hard to 
find because new and different approaches--like ours--to rapidly 
emerging and changing challenges--like campus piracy--don't fit neatly 
into existing grant categories. It's also hard to find funding because 
most find it easier to talk about the symptoms (downloading) than to 
fix the root problems--changing behaviors and culture while adapting 
different business and marketing models. In a nutshell, we need more 
funding and we need more time.

THE PROJECT TIMELINE

    Regarding time, our project timelines were originally based on a 
three-year project. However, it's taken us two years to get started. 
We've only now begun to get to the heart of the research and analysis. 
Technically and specifically, our project was supported under our 
current research agreement, for 18 months. The clock began five months 
ago. Without new dollars, the project will end July 1, 2008. To date, 
the Digital Citizen Project has captured network data using Audible 
Magic's technology in August 2005, August 2006, and April 2007. Last 
summer, we surveyed high school seniors coming to Illinois State about 
their downloading habits and preferences, and we're doing that again 
starting the week of June 4. We have completed and have reports on a 
number of focus groups organized and analyzed by professors on our 
marketing faculty. We've just completed an extensive, in-depth survey 
of campus faculty, staff, and students on their attitudes toward 
downloading--and we're planning two more studies in the fall. Perhaps 
most interesting--we're journaling the problems, issues, and surprises 
surrounding the implementation of the project, the systems, and the 
research. And if anything highlights the changing landscape of this 
project, it is our experiences. For example--one firm changed its 
business model five times in the last 28 months, moving from charging 
our campus $40,000 for its service to being free and directly marketed 
to students. Another leader went out of the downloading business all 
together. A supplier of monitoring systems wanted us to change how we 
register our students on the network rather than adapting to the 
existing environment. We discovered in working with another vendor that 
to get the data we wanted with one company's network monitoring system, 
required not a single box but multiple ones--multiplying the projected 
expense beyond what any campus could afford. One system initially 
needed another to work, so a campus would have to buy two systems--not 
one--to be effective. Misunderstandings on conference calls and e-mails 
occurred regularly. A classic misunderstanding occurred when one vendor 
told us we needed to install their ``secret kernel'' on our network. 
Our engineers freaked! We weren't going to put anything on our live 
production network that we didn't fully understand, let alone something 
SECRET!! As we learned later in probably the 10th conference call--the 
vendor wanted us to load their cGrid kernel, their software! But that 
shows the mistrust, the misunderstandings, and the huge amount of time 
it takes to resolve even simple issues in this project. These examples 
may seem silly or incidental to you--but they all take time, 
explanation, resources--and they impact what we should expect to tell 
our colleagues about ease of implementation or our vendor partners 
about what they might want to change.

THE PROJECT'S FUTURE

    What we expect to do over the next thirteen months covers a huge 
spectrum of activities. We are testing the data gathering capabilities 
of network monitoring right now in anticipation of a major, in-depth, 
comprehensive study in September. We are, at this moment, conducting 
very detailed interviews with student downloaders to get a better 
understanding of what they do and why so we can design educational 
programs that might have an impact on campus piracy. We'll be 
conducting two more behavioral research studies in the fall, designing 
what we are calling ``birdtrax'' (named for our mascot Reggie Redbird), 
which will outline the options for legal digital media services, 
sorting out a financial plan to recover some costs long term, and 
implementing some public relations options. We'll pilot and launch an 
escalated response monitoring and enforcement system in late fall. 
``birdtrax'' will become a live site that students can use to learn 
about and navigate to legal digital media services. As varying layers 
of enforcement are employed, impact on downloading traffic will be 
studied. All through the next thirteen months in order to continue the 
study, the project leaders will be writing grants and seeking funds to 
extend and expand the project capacity.
    As stated above, the Digital Citizen Project's long-range goal is 
that we will serve as a kind of ``consumer's reports'' on the digital 
media scene, testing, reviewing, and implementing new services as they 
emerge in the market while serving as a resource to higher education on 
the education side of this equation. We absolutely know that we very 
well may provide evidence of what DOES NOT work as much as what does. 
Illegal downloading may need far more effort and much broader 
approaches than we can bring to bear on the problem as a single 
institution.
    Working with vendors to secure participation in our ``consumer's 
report'' approach to the downloading issues has had its challenges and 
successes. An advantage we have that also becomes a concern is that we 
are doing our research on a live network. It's an advantage because it 
provides real-world evidence. It's a concern because any missteps can 
bring our campus network down. So we are now developing a proposal that 
will fund a test network so we can work with some of the softwares and 
systems outside of our live production network. We're also working on a 
plan that will compartmentalize various systems on the live network--
such as using different dorm complexes to analyze the effectiveness of 
different systems at the same time. Another challenge in the consumer 
report-like model is convincing most of the vendors that they won't be 
the ONLY service or software at Illinois State University. However, 
testing as many systems and services as we can is something we must do 
for the comprehensiveness and integrity of the Digital Citizen Project 
and its research goals. At one extreme--notably with our fellow 
witness, Audible Magic--our project and our expertise has been so 
valued that we are working in complete partnership to develop new 
modules and releases of that company's product. At the other end of the 
spectrum, we have been completely ignored in our repeated attempts to 
bring one of the leaders in the downloading field into our project. 
Some vendors who really want to be a part of ISU's Digital Citizen 
Project and birdtrax just aren't ready for complete implementation and 
roll-out yet, so we hope to include those in the next phase of the 
research and offerings. Your assistance in urging vendors to 
participate in our study for the benefit of higher education is as 
important as urging higher ed to do something about campus piracy. 
Higher education needs this kind of comparative information.

RESULTS OF THE DIGITAL CITIZEN PROJECT SO FAR

    Downloading is a complex issue. Universities are complex 
operations. Testing and implementing new technologies is an 
extraordinary undertaking. Research is a complex task. There are 
privacy issues, financial issues, legal issues, practical issues on a 
live network, and cultural issues. But to be effective, the Digital 
Citizen Project must be comprehensive. So the entire spectrum of what 
we're looking becomes exponentially complex.
    However, we do have some early results to share.
    Illinois State did begin limiting peer-to-peer traffic very early--
back in 1998 as Napster and other downloading services began to take 
off. We use Packeteer to shape the bandwidth on our campus so that not 
more than five percent of our capacity can be used for any kind of 
peer-to-peer application. It's important to stop here and state our 
project's strong opinion that a campus cannot unilaterally block all 
peer-to-peer. There are too many legitimate uses of P2P--cooperative 
research file transfers, software upgrades, library digital files, 
distance education requirements, and more. By shaping our bandwidth and 
implementing a more selective monitoring system, we believe we can meet 
two needs--supporting legitimate peer-to-peer uses while blocking the 
sharing of copyright media.

          Our work with the technology available so far has 
        shown us several things already, and one of the most important 
        is understanding how network tools and appliances work within 
        our network The twists, and turns, and varying demands of each 
        system make getting real, accurate, comprehensive data on real 
        peer-to-peer traffic extremely difficult. There are problems 
        with encryption of illegal files. Some files are sent over 
        different parts of our network, making them more difficult to 
        capture. The volume of data we have to analyze from our network 
        overall is staggering, even in just one month's capture. Very 
        preliminary results showed that Audible Magic captured 23 
        million files of all kinds--legal, illegal, encrypted, and 
        more--on our network in April 2007 alone. The amount of 
        recognizable P2P--even with all the recognition problems--is 
        sizable, though probably not at all out of line with activity 
        on other campuses. In only the first five days of the month 
        individuals downloaded copyrighted files ranging from one file 
        to 466 signatured files.

          Most problematic for the monitoring technologies 
        overall, though is the lack of identifiable tags or electronic 
        signatures on digital files. While the percent of signatured--
        and therefore, findable--unique titles has grown over the last 
        two years from 11 percent to 51 percent, there is much more to 
        be done. Signatured titles right now are almost exclusively 
        music files. Virtually no movies have the electronic signature. 
        To find movies takes elaborate analysis and actually LOOKING at 
        the tags, descriptors, or metadata. We can't stop what we can't 
        find. We are working with the industry to devise an 
        electronically, automatically recognizable system of coding 
        files. The monitoring systems will be more effective and 
        comprehensive.

          We're finding that our students are well-versed in 
        prime sites for downloading copyright material. 46 percent use 
        BitTorrent, followed by Gnutella, Limewire, and Morpheus. 
        Darknets--or sharing files within the campus network--account 
        for about 16 percent of the traffic we can identify in the 
        network snapshots we've done. Industry sources pegged this at 
        45 percent while our own network engineers estimated maybe five 
        percent. The actual data proved that both ends were off a bit.

          In our early snapshots we found not as many computers 
        on our network use peer-to-peer applications. Of the 13,000 
        computers on our network, only 26 percent used peer-to-peer 
        services, legal or illegal. That is a little less than 3,400 
        machines, a figure that is lower than any of us had expected. 
        Apparently the anecdotal evidence of ``everybody's doing it'' 
        may be off base. But of the 3,400 computers using peer-to-peer, 
        97 percent of the traffic originated in the residence halls, 
        indicating that we may be able to concentrate our educational 
        efforts on those groups.

    In addition to what we've found out about the technology and what 
it can do, we've learned more about our students and their behaviors.

          We surveyed high school seniors who were coming to 
        campus to register for classes at ISU last summer. Notice, 
        please, I'm not calling them college freshmen, but rather high 
        school seniors. Their attitudes and behaviors had been 
        established before any exposure to our campus. We probed their 
        use of digital media and what kind of mobile players they used. 
        Of the 217 responding students, 89 percent reported they had a 
        portable music player. 67 percent of those devices are Apple 
        iPods with the rest scattered among 26 different kinds of 
        players. 93 percent played music and 51 percent watched movies/
        TV/videos from their computers. When asked how these incoming 
        students acquired their music and movies, the responses 
        demonstrated an extreme range of sources from actually buying 
        CDs to commercial services like iTunes. Various P2P networks 
        such as Limewire, Bearshare, and BitTorrent were mentioned by 
        39 percent of the seniors. While not testing the legal vs. 
        illegal use of these networks, the naivete we've seen elsewhere 
        shown through as we found comments such as ``Not legally,'' 
        ``pirate from XXXX'' or ``illegally downloaded.'' To us, this 
        absolutely shows that our new students come with habits 
        entrenched in a digital lifestyle.

          In our surveys and focus groups this spring, we 
        learned that many students started downloading in sixth grade, 
        or when they are about 10-13. 55 percent in the focus group 
        study downloaded often, averaging 23 songs per day. They 
        believe downloading saves them time and money, but that they 
        would use legal alternatives if they were easy to use, had the 
        kind of media in their digital libraries that the students 
        wanted, and they were free. When asked, though, if the students 
        could name any legal digital media services, they could not. In 
        fact, many seemed to assume that iTunes might be illegal when 
        it is not. Most aren't going to quit until there is some 
        deterrent.

    More on these studies will be published in the coming months in the 
academic literature.
    One of the most important things we feel we've learned in the 
course of the last 28 months is that no monitoring or blocking system 
will completely eliminate DMCA complaints. As we said, learning what 
DOESN'T work in our project may be as important as what does--
particularly on this point. Nothing appears to be effective enough to 
stop all copyright violation notices at this point. We're getting 
there, but not yet. And while no system has to be 100 percent effective 
before it is implemented, it is premature to ask all college campuses 
to invest tens of thousands of dollars in systems that aren't ready 
yet. We've all heard from other hearings that ``the hammer is coming.'' 
But if the hammer drives nails that break or bend, the construction 
project is ineffective. Leaks will occur. And certainly, if Congress 
asks all 4,000 colleges and universities across the country to 
implement monitoring systems over a very short period of time--from our 
experiences it would seem impossible for vendors to supply our needs, 
let alone the tech support we all will absolutely have to have to make 
the systems operational. We've been working with one industry-leading 
vendor for 16 months to try to bring them to campus for a test--and 
we're still not there.

CONCLUSIONS

    If campus decision makers came to the Digital Citizen Project 
today--and they've already started--to find out what to do, we wouldn't 
have an answer for them. It's too early. The monitoring technologies 
don't seem to be fully ready to do what Congress or the entertainment 
industry wants. Yet. Yes, they may REDUCE campus piracy. From our early 
experiences and data, we believe the technologies do not yet do what 
higher education wants--to STOP the DMCA complaints completely.
    The other technological equation is legal digital media services. 
iTunes is not the only answer. 30-40 percent of the students have some 
other sort of player not compatible with iTunes. Legal services need to 
market their services more effectively so student can at least name 
one. They need to listen to their customers and be comprehensive, easy, 
and--of course you would expect this--free. Studios have to help them 
by supporting digital distribution systems. Movie studios need to get 
in the game because we're suspecting from early findings on our campus 
that far more bandwidth is used in downloading movies, videos, TV shows 
than songs. Video may be just as pervasive a problem as music. Right 
now it's far harder to track.
    Higher education needs more information. A consumer study like 
we're proposing is desperately needed so side-by-side comparisons, 
benefits, and features can be determined. Both monitoring systems and 
legal digital media services need to be evaluated. And this all needs 
to happen now.
    The consumer study can help the entertainment industry as well by 
providing feedback, gaps, strengths, needs, and more. Audible Magic, an 
early and strong partner in our Digital Citizen Project, was very open 
to taking our feedback and both modifying their product for our network 
environment, but also adding new functionality. They ran with our 
wishes to develop a new product in conjunction with our ISU programmers 
that we believe will be very useful to other campuses. This is an 
example of the kind of partnership that should be promoted and 
rewarded.
    But again--technology is not THE answer. The 9/11 Commission Report 
says that ``Americans' love affairs with [technology] leads them to 
also regard it as the solution. But technology produces its best 
results when an organization has the doctrine, structure, and 
incentives to exploit it.'' (http://www.911commission.gov/report/
911Report-Ch3.htm) What is needed is ``the doctrine, 
structure, and incentives''--a comprehensive program of education and 
ethics on campus and in the schools, cultural change, enforcement, high 
quality legal avenues for entertainment, and some sort of positive 
reinforcement for good digital citizenship. That's what we believe must 
be developed and tested for effectiveness. Think of seat belts. In 1963 
Congress passed its first seatbelt law--44 years ago. In 2006, seat 
belt usage was determined to be 81 percent (http://www-
nrd.nhtsa.dot.gov/nrd-30/NCSA/RNotes/2007/810690.pdf). We've worked 
over 40 years to get people to change a behavior that will save lives, 
and we're still at only 81 percent compliance. How long will it take to 
change the behavior, the ingrained culture of illegally downloading 
copyrighted materials? Early education and great technologies hold the 
key. We have proven at Illinois State that we can be effective in 
researching the problem. We are certainly successful in being able to 
work with everyone--higher ed, industry, vendors, associations, 
Congress, and more. We need funding and time to create a true test 
environment and a living laboratory on our campus to work with the 
technologies and track what works and what does not.
    Your help is essential in directing the conversations toward 
improvements in and testing of new technologies. Your assistance is 
critical in directing all of us to focus on education starting with the 
Nation's very young, and your involvement in a national conversation on 
practical fair use and copyright permissions, can point the way to 
creating great role models. Your support for comprehensive efforts like 
our Digital Citizen Project, with funding and by utilizing us as a 
knowledgeable resource for Congress and higher education in general, 
will be invaluable.
    For more information visit www.digitalcitizen.ilstu.edu

                    Biography for Cheryl Asper Elzy
    Cheryl Asper Elzy currently serves as Dean of University Libraries 
and as the campus federal DMCA copyright agent at Illinois State 
University in Normal, Illinois, where she manages the operations, 
services, collections, and programs of the 1.6 million-volume Milner 
Library. She came to Illinois State in 1981 to teach in the library 
science program after serving on the faculty of Quincy College as 
Assistant Director of its library. Dean Elzy also served as director of 
the Chenoa Public Library and Gridley Public Library in the 1980's as 
part of a unique shared staffing program funded by the Illinois State 
Library in Springfield to bring professional librarians to small 
libraries.
    Dean Elzy joined Milner Library's faculty in 1984 where she has 
held a number of increasingly responsible positions including head of 
the Education/Psychology/Teaching Materials Center Division, Associate 
University Librarian for Personnel, and Associate Dean of University 
Libraries. Professor Elzy was named Interim Dean of University 
Libraries in 1996, and Dean in 1998. She is active in the American 
Library Association, the Library Administration and Management 
Association, the Illinois Library Association, and the Council of 
Directors of State University Libraries in Illinois.
    Dean Elzy earned three degrees at the University of Illinois at 
Urbana/Champaign, including two advanced degrees from the Graduate 
School of Library and Information Science. She has published in the 
fields of reference services evaluation, evaluation of collections, 
end-user studies of reference databases, and in children's literature 
research. More recently Dean Elzy's research has focused on issues 
surrounding the illegal downloading of copyrighted songs, movies, 
videos, and games on college campuses.

    Chairman Gordon. Can't beat them out if we are not getting 
action. Good job and thank you, and now Dr. Jackson, you are 
recognized for five minutes.

 STATEMENT OF DR. GREGORY A. JACKSON, VICE PRESIDENT AND CHIEF 
           INFORMATION OFFICER, UNIVERSITY OF CHICAGO

    Dr. Jackson. Mr. Chairman, Mr. Hall, Members of the 
Committee, I am Greg Jackson. I am the Vice President and Chief 
Information Officer at the University of Chicago. Thank you for 
inviting me here today.
    Let me summarize five points from my written testimony. 
First, the university's business centers on intellectual 
property. We patent, copyright, publish, and teach. Protecting 
our rights to all this is important, but so is access. Research 
and teaching depend on the convenient availability of 
intellectual property. We need to work together across 
organizational and political lines to find the elusive right 
balance between mechanisms that protect intellectual property 
and mechanisms that make it accessible. Staking out 
irreconcilable adversarial positions won't achieve that.
    Second, the university deplores violations of copyright 
law. We received 57 DMCA complaints last year and expect about 
twice that many this year. We handle these aggressively by 
immediately disconnecting the offender. Before restoring 
connections, we require first offenders to meet with the Dean 
on the record to emphasize the seriousness of the offense. We 
fine second offenders 1,000 bucks. In addition, we paper the 
campus with posters like these. We discuss the issue at 
orientation and in class, and our acceptable use policy covers 
it. Periodically I remind the entire community by E-mail that 
the university takes copyright offenses seriously and that they 
can have very negative consequences.
    Our approach has yielded good results. DMCA complaints 
involve less than half of one percent of our community. Over 
five years we have had only six repeat offenders.
    Third, the principle drivers of infringement are business 
related. Movie and music producers serve their online customers 
inconsistently, incompatibly, inefficiently, inconveniently, 
and incompletely. Music purchased legally from Microsoft, for 
example, can't be used on Apple devices or vice versa. Pricing 
seems high and managing keys and licenses is a major hassle. 
Most movies remain unavailable, and no one offers Beatles 
tracks. If the right thing keeps falling short of customers' 
reasonable expectations, too many customers will keep choosing 
the wrong thing.
    Fourth, network-based anti-infringement technologies fail 
within high-performance networks. As I detail in my written 
testimony, the Internet transports not distinct, intact files 
but rather files chopped up into packets and then shuffled 
together. Only limited address and type information and not 
content is readily available in transit. Address and type alone 
cannot accurately identify illegal transfers and reconstituting 
file content for blocking at network speeds can be a daunting 
challenge. This is why the dominant anti-infringement 
technologies fail within high-performance networks; both 
traffic-shaping products, such as Packeteer, Red Lambda, and 
Clouseau; and signature-matching products such as Audible 
Magic. These may work today at the relatively slow borders 
between campuses or dormitories and the regular Internet as we 
have heard today, but they will fail even there as strong 
encryption becomes commonplace and legitimate applications of 
peer-to-peer filesharing expand.
    Moreover, as Apple, Amazon, and others sell unprotected 
copyrighted music and movies, legal network transmissions will 
become identical to illegal ones, further hampering anti-
infringement technology.
    Finally, technological obstacles to behavior have limited 
counterproductive effects. We have learned this lesson from 
long experience with intensively-networked university 
communities. The only successful, robust way to address 
problems that involve personal responsibility and behavior is 
with social rather than technical tools. We must teach and 
persuade people that certain behaviors are socially and 
economically counter-productive for their own communities. If 
owners, publishers, transmitters, and users do that teaching 
together, collective benefit will trump individual malfeasance. 
If we instead try to restrict behavior technologically, the 
only result as Dr. Sannier said earlier, will be an arms race 
that no one wins.
    I hope that the Committee translates this lesson into 
effective policy and collaborative practice, and I appreciate 
the opportunity to provide whatever help I can.
    [The prepared statement of Dr. Jackson follows:]
                Prepared Statement of Gregory A. Jackson
    Mr. Chairman, Representatives of the great State of Illinois, and 
Members of the Committee, I am pleased to be here today. My name is 
Greg Jackson. I am Vice President and Chief Information Officer at the 
University of Chicago, where I have overseen central information 
technology and services for almost eleven years. Before that I was 
MIT's Director of Academic Computing, and before that a statistician 
and faculty member at Harvard and Stanford.
    Two high-level policy questions frame our discussion today. The 
first is whether the copyright law that has grown up around 
industrially-organized publishing remains relevant and productive in 
today's widely distributed information economy. The second is to what 
degree network service providers should be responsible for illegal use 
of their networks.
    I know that the Committee has engaged these larger questions in 
other hearings. Since I can claim no special expertise with regard to 
the larger questions, I will concentrate on the two topics I have been 
asked to address based on my experience at the University of Chicago: 
how we handle DMCA and related incidents, and the feasibility, in 
research universities like ours, of technologies one might use to 
reduce the illegal sharing of copyrighted materials.
    My testimony emphasizes five key points:

          The University's business centers on intellectual 
        property;

          Like most of its peers, the University deplores 
        violations of copyright law;

          Market shortcomings are the principal drivers of 
        infringement;

          Network-based anti-infringement technologies fail 
        within high-performance networks, and eventually they will fail 
        more generally; and

          Technological obstacles to behavior have only limited 
        and transitory effects.

    Let me begin with a few words about the University. We are a large 
private institution, one of the world's major research universities. We 
operate one of Chicago's principal medical centers and, through 
subsidiaries, two DOE research laboratories, Argonne and Fermi. We have 
a $2 billion operating budget, 13,000 students, 2,000 faculty, 5,000 
staff, 150 buildings in five states and four foreign countries, 25,000 
telephones, and--most important for today's topic--a high-performance 
network using about 2,500 switches and routers to connect our 25,000 
digital devices to each other, to research universities and labs 
worldwide, and to the Internet.

1.  The University's business centers on intellectual property

    Our research produces not only deeper understanding of how the 
world works, but also concrete products including many inventions and 
creative works. Our teaching instills in our students not only concrete 
knowledge and skills, but also insights into what's worth doing and 
what isn't, what's right and what's wrong. We protect our intellectual 
property: we patent inventions, copyright works, distribute online 
journals, value distinctive teaching, and so on. Yet research and 
teaching, the heart of higher education, also depend on access to 
intellectual property. This has implications for course materials, for 
our libraries, for publications, for the University of Chicago Press, 
for our relationships with outside entities, and in many other domains.
    It is important to us that patents and copyrights be enforceable--
even though in many cases we license our intellectual property, and 
especially our research, for free. But it is also important that we be 
able to do the best possible research and teaching, that technology 
advance rather than degrade our ability to do that, and therefore that 
technology promote rather than deter access to intellectual property.
    A key challenge for all of us--copyright owners, publishers, 
transmitters, enforcers, and users alike--is to find the elusive right 
balance between mechanisms to protect intellectual property and 
mechanisms to make it accessible. Tradeoffs are inevitable. We should 
all be working together, across organizational and political lines, to 
find reasonable, manageable compromises among our diverse needs, rather 
than unilaterally and adversarially staking out fundamentally 
irreconcilable positions.

2.  Like most of its peers, the University deplores violations of 
                    copyright law

    The University of Chicago received 57 Digital Millennium Copyright 
Act (DMCA) complaints in 2006. At the current pace (33 complaints 
through April 30), we will receive about 130 complaints in 2007. Those 
complaints involve only about one half of one percent of our community. 
58 percent of last year's complaints involved music, and most of the 
rest involved movies, TV shows, or software; this year the music 
percentage has dropped to 52 percent. (I should note that the MPAA 
``top 25'' listing has an incorrect DMCA count for us--it's about ten 
times the right number. We have asked MPAA to clarify or correct this, 
but thus far have received no substantive response.)
    The DMCA, as we understand it, requires the University, as a 
``network service provider,'' to end violations when we receive a 
valid, accurate DMCA complaint. (A valid complaint requires that data 
sufficiently detailed to locate the offending computer, plus various 
other elements including an affirmation and a signature, be sent to the 
University's ``DMCA agent''--me, in our case.) We deal strongly with 
DMCA violations. When we receive a complaint, network-security officers 
first verify that the offending material remains available, or that our 
network logs confirm the access cited in the complaint (this is what 
makes a complaint accurate). If the complaint is valid and accurate, 
network-security officers immediately disable the network connection 
cited in the complaint, as DMCA requires. In addition, by University 
policy we identify who was using the connection at the time of the 
offense, and refer the offender to the appropriate disciplinary 
process.
    For first offenders this means a formal hearing before a Dean (or 
an HR officer in the case of staff) and a file notation, after which we 
restore the network connection. (Very few offenders dispute the 
violation, although many assert--often with good reason--that the 
offense resulted from negligence rather than intent.) For second 
offenders we impose a fine of $1,000, the proceeds of which become 
financial aid for others. Over the past five years we have had just six 
second offenses.
    In addition to the disciplinary process for offenders, we 
communicate broadly with the community on this topic. We deploy 
humorous but persuasive posters. We discuss the issue at student 
orientation. Faculty and instructors discuss it in class at relevant 
moments. It is covered by our acceptable-use policy. About once a year, 
I personally remind the entire community by e-mail that the University 
takes DMCA offenses very seriously and that they can result in very 
negative consequences.
    Many of our DMCA offenses, we believe, result not from intentional 
distribution of copyrighted material, but rather from how hard it is to 
disable the public-sharing features of peer-to-peer software. Because 
of this, we publish a web page providing extensive guidance as to how a 
user can disable peer-to-peer sharing. Scores of other entities--
including RIAA itself--have cited or linked to our materials.
    Unfortunately, inaccurate DMCA complaints, discriminatory 
enforcement, and politically-structured ``top 25'' lists have 
proliferated lately. One movie company, for example, has an accuracy 
rate down around 20 percent, and even though commercial ISPs in some 
university towns serve precisely the same numbers and types of students 
who live in campus dormitories, the ISPs receive no DMCA complaints and 
never make top-25 lists even when the local university does. This is 
all becoming very problematic, since these problems waste resources, 
and the inconsistencies and discrimination cause offenders to dispute 
rather than accept our guidance.

3.  Market shortcomings are the principal drivers of infringement

    Media producers provide and protect their online wares 
inconsistently, incompatibly, inefficiently, inconveniently, and 
incompletely. For example, music purchased legally from Microsoft can't 
be used on Apple devices or vice versa, pricing seems high, managing 
keys and licenses is a major hassle, and no one offers Beatles tracks. 
So long as the right thing remains more daunting, awkward, and 
unsatisfying than the wrong thing, too many people will do the wrong 
thing.
    Digital rights management (DRM), the principal mechanism vendors 
use to protect content sold online, involves packaging intellectual 
property so that it cannot be used without a special digital key. The 
digital key, in turn, is restricted to a particular customer or device 
with license to use the content. This is how iTunes, Zune, Ruckus, and 
Genuine Microsoft Validation work. Customers who want to use content 
protected by different DRM typically have to use different software--or 
even different devices--to gain access. Managing keys can be a major 
hassle, for example when one's device dies or is replaced. Moreover, 
poorly implemented DRM can disable customers' computers entirely, as 
one media company unfortunately demonstrated broadly with its CDs not 
too long ago.
    DRM appears to be a good idea. However, it has been plagued by poor 
execution, and so has come to be a frustrating obstacle rather than a 
convenient enabler. Moreover, DRM has become a challenge to security 
specialists and hackers, who delight in showing how easily it can be 
subverted. This exemplifies the unwinnable arms race and has induced 
some vendors to begin selling unprotected content, points to which I 
will return.

4.  Network-based anti-infringement technologies fail within high-
                    performance networks, and eventually they will fail 
                    more generally

How Networks Transmit Files
    Say that person A wants to send a file to person B. If A and B work 
at universities, the file might be a pre-publication draft, a three-
dimensional x-ray scatter image of a molecule, or the video of a 
procedure carried out within a containment facility, but the process 
would be exactly the same if A were sending a personal wedding video or 
an illegal copy of Eleanor Rigby to B. Here's what happens, in 
simplified form:

        1.  A's computer chops up the file (which may first be 
        encrypted, for security) into many small chunks, much as I 
        might cut up a large mounted photograph to make a jigsaw puzzle 
        whose pieces would fit in regular envelopes. A ``header'' on 
        each chunk contains limited information including as the 
        address of B's computer and the kind of data being 
        transmitted--by analogy, think of the addresses and ``contains 
        photo--do not bend'' notations on an envelope. The encased 
        chunk is now a ``packet,'' in networking jargon.

        2.  One by one, A's computer sends packets to the network for 
        transmission to B's computer. A's computer sends other files to 
        other places at the same time. The packets from the other files 
        get shuffled with the B-destined file's packets as they leave 
        A's computer.

        3.  Once the packets reach the network, bucket brigades of 
        routers and switches pass them along--again mixed with others, 
        and again one by one--until each packet reaches its 
        destination. Although packets headed for the same destination 
        usually follow the same path, a great strength of the Internet 
        is that they need not do so. Network equipment constantly 
        monitors flows, and switches to alternate routes when 
        particular paths get clogged.

        4.  As packets reach B's computer--some from A, some from other 
        sources--B's computer sorts them and requests re-transmission 
        for any missing packets. It then extracts the chunks of data 
        from the packets and reassembles them into the original file.

    I highlight four key attributes of this process. First, files move 
across the network in discrete packets, rather than as whole files. 
Second, packets are intermingled with other packets from other files as 
they leave the source, as they move across the network, and as they 
arrive at their destinations. Third, packets going from one source to 
one destination may follow different paths across the network. Fourth, 
this chopping and scattering is intentionally designed into the 
Internet to ensure reliability, speed, and robustness.
    As particularly advanced users of networking, colleges and 
universities typically deploy networks comprising an array of main 
switches and routers interconnected in a ring or mesh with tentacles 
reaching out to smaller switches and routers, rather than connect 
everything to one telephone-like central switching point. Rings and 
meshes maximize the robustness and efficiency of networks. As a 
desirable consequence, they also make internal traffic on campus 
networks especially likely to follow multiple routes between points.
    Much as it's easy to attain perfect network security by detaching 
computers from networks, it's easy to protect intellectual property by 
locking it in a strongbox where no one can retrieve it, or by disabling 
networks that might transmit it. The value of intellectual property 
depends largely on circulation, however, so using a strongbox or 
disabling networks reduces the value of the property. Implementing the 
strongbox or complicating the network diverts resources from more 
productive pursuits. And so the challenge we are discussing today: Can 
anti-infringement technologies work without degrading the efficiency 
and productivity of the campus networks critical to research and 
teaching?
    There are two principal network-based technologies for 
forestalling, detecting, or reducing illegal network filesharing: 
traffic shaping and signature matching.
Traffic Shaping
    Traffic shaping involves handling packets differently depending on 
information in their headers. Thus, for example, we might assign Web 
packets higher priority than e-mail, or Berkeley-bound packets higher 
priority than Emory-bound ones, or locally-originated packets higher 
priority than others. Higher priority translates into faster transfers, 
so varying priorities in this way ``shapes'' traffic according to 
policy.
    The most common shaping tools are firewalls, which block traffic 
according to source, destination, or other header attributes. 
Packeteer, cGrid, Clouseau boxes, or other more sophisticated shapers 
can also speed or slow traffic according to packet headers. Traffic 
shaping can be quite effective when offending traffic (a) has stable or 
predictable header attributes and (b) those header attributes clearly, 
reliably, and accurately distinguish illegal from legal traffic.
    Unfortunately, much illegal filesharing fails these tests. Newer 
peer-to-peer software routinely switches addresses and ports in 
increasingly complex ways. It often mixes infringing transmissions with 
legitimate ones, for example by disguising transmissions as Web traffic 
or legal transfers. Moreover, a great deal of illegal filesharing no 
longer uses distinctive peer-to-peer software or protocols. Traffic 
shaping has thus become rather ineffective against illegal network 
filesharing, although it remains an important mechanism for network 
management.
Signature Matching
    Signature-matching technologies compare a file's content to a 
database of abstracted ``signatures,'' and then take specified action 
when they find a match. The most typical examples are virus or spam 
checkers, which perform the matching exercise when a computer opens a 
file or message and block the file if it matches the checker's 
database. The comparisons necessary for signature matching can be slow, 
since accuracy requires detailed comparison. However, virus and spam 
screening appears not to slow things down, mostly because personal 
computers and e-mail servers operate so much faster than people use 
files or read e-mail.
    Signature matching for network traffic is much more challenging. In 
order to do high-quality comparison on network traffic, an entire 
digital file must be available for comparison to the signature 
database. Accurate signature matching thus entails three requirements: 
that all packets travel through one network point where they can be 
gathered and reconstituted, that reconstitution and comparison be as 
fast as network transmission, and that matching methods and databases 
identify only illegally transferred files--that is, there can be no 
false positives. These are the challenges for Audible Magic and similar 
products.
    The requirements for satisfactory signature matching appear 
unattainable within the typical campus network. (The network border is 
a separate issue, to which I will return.) First, as I pointed out 
earlier, a file's packets are mixed in with others, and may travel 
different routes across the network. This makes gathering and 
reconstitution en route difficult at best, and often impossible. 
Second, networks are equipped and optimized to transmit packets without 
decoding anything but headers, and only the headers are standardized 
and optimized for this purpose. Since campus and research networks 
carry traffic at very high speeds, there is no practical way to do 
full-file comparison without seriously degrading network performance. 
Third, legal and illegal copies of files sometimes are identical. This 
will become more common as Apple, Amazon, and other companies sell more 
copyrighted content without DRM.
    What about partial signature matching using data from individual 
packets? In general, even this cannot be done at campus-network speeds, 
since reading headers does not suffice, and reading anything else slows 
the network. The larger problem is accuracy: the smaller the basis for 
comparison, the greater the likelihood of errors, both positive and 
negative. Compounding the problem, newer peer-to-peer software and 
other filesharing mechanisms use strong, increasingly sophisticated 
encryption to protect or disguise files, and therefore to defeat 
signature matching.
Border and Host-Based Approaches
    Two signature-matching strategies might make technical sense. One 
is more promising than the other, but neither will work for long.
    The less promising strategy involves signature matching on users' 
computers, rather than the network. Over the past few years, colleges, 
universities, and other networking providers have very successfully 
persuaded their users to install anti-virus and anti-spam software on 
their personal computers. Since signature-matching software works 
analogously, and the target files are already intact, installing anti-
infringement signature-matching software might not degrade the 
performance of personal computers.
    Users like and are happy to use anti-virus and anti-spam software 
because it reduces problems without constraining or suppressing 
benefits. Unfortunately, much as we might wish otherwise, experience 
has shown that many users likely would perceive anti-infringement 
software in precisely the opposite way. If installation of such 
software were to be required, compliance and technical work-arounds 
would become major problems. We already see this problem with copy-
protected DVDs: users easily and inexpensively replace software that 
complies with copy protection with software that doesn't.
    The requirement might also have serious indirect negative 
consequences. Users resisting anti-infringement software, for example, 
might become suspicious of anti-spam and anti-virus software. If this 
caused a backlash and led users to remove, disable, or bypass those 
protections, requiring anti-infringement software might not only have 
failed to achieve its own objectives, but it would also have reversed 
the Internet-wide security and privacy gains anti-virus and anti-spam 
software has yielded over the past few years.
    The apparently more promising strategy involves the border between 
campus or dormitory networks and the commodity Internet (that's the 
regular Internet, as opposed to special high-performance research 
networks such as Internet2 or National LambdaRail). Commodity 
connections are expensive, and so colleges and universities typically 
buy no more capacity or speed than they need. Moreover, all traffic 
destined for the commodity Internet flows through one or two 
connections at the typical campus border, so gathering packets seems 
more feasible than it does within campus networks. As the Committee has 
heard today, sufficiently fast signature matching therefore might be 
possible at commodity border points.
    But even perfect border screening can succeed only partially and 
temporarily. For example, it cannot detect or act on filesharing within 
campus networks. As peer-to-peer encryption becomes more common and 
powerful, it will become increasingly difficult to identify files. As 
some vendors begin selling music and movies without DRM, it will become 
impossible to differentiate legal from illegal transmissions using 
signatures. False positives and false negatives will increase, thus 
rendering even border screening ineffective and counterproductive.

5.  Technological obstacles to behavior have only limited and 
                    transitory effects

    I have confined my remarks thus far to technical feasibility. Let 
me conclude with a broader observation.
    Unexpected problems arise in networked environments. In large part 
this is because fast, extensive networks enable people to do foolish 
things much faster--and at much greater scale--than they could 
otherwise. Since colleges and universities started providing high-
performance networking to entire communities earlier than anyone else, 
we have lots of experience assessing and solving problems that arise in 
intensively networked environments.
    An important lesson we have learned is this: When the problems that 
arise are about personal and organizational behavior, about the rights 
and responsibilities of community members and citizens, the only 
successful, robust way to address them is with social rather than 
technical tools. We must educate people to understand why certain 
behaviors are counterproductive for their own community or economy. If 
we do that together--by which I mean owners, publishers, transmitters, 
and users--collective good will trump individual malfeasance. When we 
instead restrict behavior technologically, we get nothing but an arms 
race we can't win.
    I hope that this committee can translate this lesson into effective 
policy and collaborative practice, and I appreciate the opportunity to 
provide whatever help I can.

                    Biography for Gregory A. Jackson
    Gregory A. Jackson is Vice President and Chief Information Officer 
at the University of Chicago. In this capacity he reports to the 
President, and manages the University's central computing facilities, 
telephones, communications, network services, administrative computing, 
academic computing, computer store, and related entities.
    The umbrella organization for these activities, Networking Services 
and Information Technologies, spends about $70 million annually 
overall. It employs about 350 individuals (not counting students). 
Jackson also works closely with the University's widely diverse 
academic and administrative units to frame and guide more distributed 
information-technology activities, and to make sure the University 
makes optimal use of information technology in its education, research, 
and administration. He serves on University-wide committees, councils, 
and boards including Budget, Computing Activities and Services, Patents 
and Licensing, Research Infrastructure, Intellectual Property, Provost 
Staff, Executive Staff, President's Council, and various others.
    Jackson has served on the Boards for EDUCAUSE, National LambdaRail, 
and Internet2. He has served as a member of the EDUCAUSE Recognitions 
Committee, chaired the Internet2 National Planning and Policy Council, 
and is an active participant in the Common Solutions Group and the Ivy+ 
and CIC CIO groups. He also has served on the higher-education advisory 
boards for Dell, Sun, Apple, Microsoft, and Gateway.
    From 1991 to 1996 Jackson was Director of Academic Computing for 
the Massachusetts Institute of Technology. From 1989 through 1991 he 
was Director of Educational Studies and Special Projects in the 
Provost's Office at MIT. Concurrently with his administrative work at 
MIT, Jackson was Adjunct Lecturer in Harvard's Kennedy School of 
Government, and Lecturer in the Harvard University Extension. From 1981 
through 1990 Jackson was Associate Professor of Education at Harvard 
University (Assistant Professor 1979-81), teaching in the University's 
doctoral and management programs in higher education. He served as one 
of the founding Directors of Harvard University's Educational 
Technology Center, which studied the use of technology to advance 
educational practice. He also served as Assistant Director of the Joint 
Center for Urban Studies of MIT and Harvard University, a 
multidisciplinary research organization then operated by the two 
universities. Jackson was Assistant Professor of Education at Stanford 
University from 1977 through 1979.
    Trained as a statistician, Jackson has taught analytic methods for 
clarifying decision making, including statistical and qualitative 
research methods; policy analysis and evaluation, especially in higher 
education; and computer programming. At MIT Jackson also taught an MIT 
freshman seminar on the scientific integrity of murder mysteries.
    Jackson has worked extensively on evaluation and planning methods 
in higher education; on research, instructional, and library computing 
in universities; and on admissions and college-choice issues including 
the differential impact of financial aid on minority and majority 
college applicants. He is co-author of two books--Who Gets Ahead? and 
Future Boston--and of numerous articles, reports, and teaching cases.
    Born in Los Angeles and raised in Mexico City, Jackson earned his 
Bachelor's degree from MIT and his doctorate from Harvard.

                               Discussion

    Chairman Gordon. We will start now with our questions, and 
I will begin as the Chair.
    Dr. Jackson, you state that the network-based anti-
infringement technologies will fail within higher-performance 
networks. Has the University of Chicago actually tested any of 
the network filter technologies?
    Dr. Jackson. We have used Packeteer extensively and we----
    Chairman Gordon. But I was asking you have you tested the 
network filter?
    Dr. Jackson. The filter, we are in the process right now.
    Chairman Gordon. So you haven't done that yet? You haven't 
tested it yet?
    Dr. Jackson. We have not done it yet. Correct.
    Chairman Gordon. So it is a little hard to state that, it 
would seem to me, with such certainty if you haven't tested it 
yet.
    Dr. Jackson. Well, we had engaged, we talked to Audible 
Magic at length at a conference in the fall.
    Chairman Gordon. But you haven't tested it, although you--
--
    Dr. Jackson. And they had agreed with----
    Chairman Gordon.--stated unequivocally that it won't work.
    Dr. Jackson. Correct, Mr. Chairman.
    Chairman Gordon. Okay. And you have also said that 
technological obstacles to illegal behavior have only limited 
and transitory effects. Do you believe this is true for 
spammers and computer hackers and people who develop computer 
viruses? And if so, why does the University of Chicago use 
anti-spam, anti-virus software and firewalls, and why should 
illegal filesharing be any different from these other illegal 
activities?
    Dr. Jackson. Well, let me say two things about that, 
because that is an excellent question.
    The first is that spam and virus filtering actually work 
very well because they run on people's own computers, and they 
run in a way that really doesn't interfere with anything else. 
So people do not perceive any problem from doing that.
    Chairman Gordon. Are they 100 percent effective?
    Dr. Jackson. They are pretty close to 100 percent 
effective. Yes. Up in the 80 to 90 percent effectiveness. If, I 
should say if we could have a tool that we could persuade 
people to install that would run at that level of effectiveness 
and do the filtering accurately, we wouldn't have any objection 
to that. We have not seen that yet.
    The second issue is why we believe that we have been able 
to persuade people to do this technologically but not to do the 
other, and the truth is it took us several years to persuade 
people that they actually should install this, and the key 
thing is, unless people are very good about their passwords, 
are very good about not sharing them, are very good about not 
letting their kids use their machines, and a variety of other 
problems, all of the anti-virus, anti-spam stuff is 
ineffective. We have had very good success finally getting 
people to not share their passwords and not share their 
machines, and that is purely behavioral influence.
    Chairman Gordon. I don't want my time to run out here. You 
raised a question that was similar to Dr. Sannier, and that is 
if there is an arms race, where does it stop? I think to some 
extent we have seen this with spammers and others, and 
hopefully as you say it has been somewhat successful.
    Mr. Ikezoye, could you address your thoughts on this arms 
race?
    Mr. Ikezoye. Yes. Clearly the ingenuity of the people 
developing these applications, these peer-to-peer applications, 
have provided a real challenge technologically but just as 
these networks have evolved from the early days from Napster to 
today, also our own product continues to evolve as well. And so 
I really do think that analogy of comparing these to the spam 
and anti-virus programs is a good one. In fact, spam and anti-
virus both use these registries of content, and we use a 
registry of content. It just happens to be that we have 
copyright works in our database.
    But where I would, I think, agree with, echo the panel is 
that I think technology by itself is never going to be the 
solution and that it needs to be combined with an educational 
process in that two things, technology, as well as education, 
go a long way towards influencing behaviors, which is what we 
have to do to really have an effect on this.
    Chairman Gordon. And Dean Elzy, one of the things we have 
heard as we are trying to get information on this is that when 
trying to use technology to reduce this illegal filesharing, 
you really can't install it on every computer on the campus, so 
that makes it more expensive or more difficult. What has been 
your experience in that regard?
    Ms. Elzy. We have been looking at technologies that will 
impact all of our students and all of our faculty and staff as 
opposed to just the residence halls and some other areas. So we 
are looking at more global opportunities to install both 
filtering and education technologies and software that will 
take care----
    Chairman Gordon. Have you found that the vast majority of 
the filesharing was from the residence halls?
    Ms. Elzy. Yes, we did. Some of our early studies and 
snapshots that we have been able to do over a period of the 
last 18 months have shown that by far the majority of the 
filesharing is done, in the residence halls.
    Chairman Gordon. I think it was 97 percent.
    Ms. Elzy. Ninety-seven percent of the filesharing that is 
happening is there, but only 27, 26 percent of the computers on 
campus are doing any filesharing at all. So it is 97 percent of 
26 percent. So it is a much smaller percentage than we expected 
to find.
    Chairman Gordon. So that, again, if we are playing hand 
grenades, and we know we are not going to get 100 percent, that 
would be a more economical way to approach the problem for 
universities.
    Ms. Elzy. Absolutely.
    Chairman Gordon. Thank you, and now I call on Mr. Hall.
    Mr. Hall. Thank you, Mr. Chairman. It seems to me that the 
panel agrees substantially on a number of important issues from 
the testimony we have just heard and from the testimony you 
submitted.
    I would like to take a moment just to make sure I have got 
that right. Does everyone agree that technology can't 
completely stop piracy? And next, does everyone agree that 
notwithstanding its imperfection, technology can be a part of a 
comprehensive anti-piracy policy? I never saw such an agreeable 
group.
    Dr. Jackson, in your testimony you described the principle 
challenges finding ``the elusive right balance between 
mechanisms to protect intellectual property and mechanisms to 
make it accessible. Tradeoffs are inevitable.'' So it appears 
that the broader community has entered into a number of 
cooperative projects on this, including Dr. Elzy's Digital 
Citizen Project and the Joint Higher Education and 
Entertainment Industry Committee.
    Dr. Jackson, do you believe these groups can provide the 
information your institution needs to make informed decisions 
about comprehensive anti-piracy efforts?
    Dr. Jackson. I believe they are on the right path to doing 
that. We participate in the Joint Committee, and that has been 
a really useful place to come to common ground, I think. I 
mean, in a sense there has been better discussion on the 
technological pieces than on the educational pieces. So each of 
us is doing our own educational thing, and it has been much 
harder to find a coherent campaign that we can all do together 
that will really help students understand that they are 
shooting themselves in the foot.
    Mr. Hall. One day you think there will be technology that 
will do that?
    Dr. Jackson. I don't think there will ever be technology 
that will do it perfectly. It is interesting. If you look at 
spam and viruses, viruses we have pretty much won the battle 
against viruses. Spam, most of us who run large E-mail systems 
believe we are losing that battle, and that within the next 
year or two we will have lost it completely.
    Mr. Hall. Do the other panelists agree that vendors, higher 
education, and the entertainment industry are making some 
progress in this area? Anyone care to comment on that?
    Dr. Sannier. I think that----
    Mr. Hall. The progress you are making.
    Dr. Sannier. I think it is clear that we are making a 
significant reduction. I think that all the panelists agree 
that this is an evolving issue that the technologies that 
sharers are using will require escalating counter measures in 
that arms race that I referenced, but that also the industry 
itself is making progress. Probably the most significant 
technological advance or advance of any kind in this area is 
the introduction of the ability to purchase rights-free music, 
that meets consumers' demands. That more than anything else 
will reduce the demand for illegal filesharing by providing an 
excellent legal alternative.
    Mr. Hall. Dr. Elzy, I mentioned you in my question. What is 
your opinion on the progress that has been made?
    Ms. Elzy. I think there has been a significant amount of 
progress, particularly because we have been able to talk to 
different groups and get different people to the table that 
haven't been before. I think evidence of the improvement that 
we are seeing is that the entertainment industry itself is 
taking great strides. One of the ways that a lot of the 
monitoring systems will find digital files is through some sort 
of electronic signature on the file, and for example, we have 
seen an increase of 40 percent in how many of the files are 
signatured. The caution here is that the music industry has 
gone from 11 percent to 51 percent files found. So we can only 
find one out of two illegal file transfers. The electronic file 
signatures for movies are almost non-existent, and you can't 
stop what you can't find. So we are hoping that the 
entertainment industry will continue its efforts to try to 
individualize their files so that the tracking systems can 
actually be more accurate.
    And as they become more accurate, then higher education is 
going to be much more ready to adopt them.
    Mr. Hall. You know, we haven't talked about expense and the 
cost of that technology. Maybe there is no good comparison 
here, but 15 years ago E-Systems, a company that had national 
and international operations, had indicated that they had 
technology that could protect our border, but it was too 
expense. And now here 15 years later they are talking about 
building a 20-foot wall or putting the National Guard down 
there to lock arms on it and question what kind of expense that 
is going to take. And they don't think that is going to be too 
much if it takes that to protect the border. And do you feel 
that we ought to go to that expenditure if it takes it to stop 
the piracy? I am sure you all agree that we should, don't you? 
Do you not?
    And I am not going to ask you where is the money going to 
come from, because I think you all have a good idea about that.
    My time is up. Thank you, Mr. Chairman.
    Chairman Gordon. Thank you, Mr. Hall.
    Mr. McNerney is recognized.
    Mr. McNerney. Thank you, Mr. Chairman. I am afraid I am 
going to overrun my five minutes, so you will have to hold me 
back a little bit here.
    I thank the panel, I think this is a very fascinating 
discussion, and there is a lot to learn here. One of the things 
that Dean Elzy said impacted me personally; my own children 
were in college recently, and then the arrests were made, and 
that definitely makes an impression on you, and so I wanted to 
make sure today that I get things as straight as I can.
    Dr. Wight, I was very impressed with----
    Chairman Gordon. I am going to clarify that it wasn't your 
kids that were arrested.
    Mr. McNerney. Oh, no. They weren't the arrested, thank 
goodness.
    Dr. Wight, I was very impressed by your approach you are 
using, and I think that is probably common here. You are using 
the technology to the ability that you can, but you are also 
using the people in responsible positions in your university to 
make sure that the law is followed. And that must mean 
residence monitors and people at different levels--are they as 
willing to participate in this, or is there feedback? It seems 
like that is an opportunity for abuse at some level that would 
put people at risk that may not want to be in that position.
    Dr. Wight. This activity is centered in the university's 
information security office, and we only deal with about two or 
three instances of suspected abuse each week. So it is a part-
time task for one person in our ISO office, and it is not that 
big a deal. So we don't get non-technology people involved in 
the process but when something occurs, somebody from our ISO 
office goes and visits with a student or a computer user and 
makes a detailed assessment of the situation. And that is 
really necessary because it is not possible to tell with a 100 
percent reliability if a suspected case of copyright abuse was 
actually legitimate or not.
    Mr. McNerney. Well, one of the things you mentioned was, I 
think you said two gigabytes. If there is two gigabytes 
downloaded in a day, then that account is identified in some 
way. Do you stop the transfer of data during the process, or do 
you wait until the process is finished and flag it and then 
confront the person, or how does that work?
    Dr. Wight. We stop that process immediately, automatically. 
It is a network switch, and usually the next day somebody from 
our information security office follows up with the user to 
figure out what was going on. There are only two cases that I 
know of where we cut off a student's network access 
inappropriately. In both cases they were using voice-over IP 
software to talk with their parents and their grandparents, and 
what we did was we restored the network access and actually 
raised the threshold for those two students so it wouldn't 
happen again.
    Mr. McNerney. Thank you. Dr. Sannier, I am sure I am not 
pronouncing your name correctly, but I was interested in this 
Ruckus software. That is something that is available to the 
university to download films and music and so on, but Dr. 
Jackson raised a good question. If you go legitimately to 
Microsoft or Apple, you can't share files. Does Ruckus get 
around that problem? Does it allow students to play on 
different platforms and so on?
    Dr. Sannier. All of the services that you subscribe to, 
sir, have these liabilities, because digital rights management 
software is still in the cumbersome stage. And so each of these 
systems has their own particular idiosyncrasies. So once you 
have adopted a system, they can service very well, but we are 
still not at the stage where the services that consumers can 
purchase or that we can purchase on behalf of our students are 
meeting consumer demand. And I am hopeful that technological 
advances in the next two years or so will greatly reduce this 
problem by reducing the demand for piracy because the 
commercial services will begin to meet the demand.
    Mr. McNerney. So you are doing a carrot-and-stick here, and 
then you are going to put technology in place, you are going to 
punish bad doers, and then you are going to offer something 
that will work maybe as well as illegal, maybe better than 
illegal transfers.
    Dr. Sannier. Absolutely. It seems that that coordinated 
approach, I think you see everyone on the panel agree that, you 
know, that is the method by which this problem will get 
contained and ultimately solved.
    Mr. McNerney. I have got to ask you a tech question here, 
Dr. Ikezoye. You gave a pretty good explanation of why your 
system doesn't interfere with bandwidth and how it works with 
packets. About how many packets of the initial transfer do you 
need to make an ID, to make sure that what is being transferred 
is legal or not illegal?
    Mr. Ikezoye. The first time we see a file, we need to 
reconstitute, reassemble enough of the file to do the ID, which 
is about 20 to 30 seconds of a file, whether it is a soundtrack 
for a movie or a song. But once we do, as I mentioned then we 
associate that identification with this ID number. It could be 
like a passport number, that then later on we can get after the 
first or second packet we could identify that and then block 
the transfer.
    Chairman Gordon. Thank you, Mr. McNerney. And Mr. Feeney, 
you are recognized for five minutes.
    Mr. Feeney. Well, and I will thank you, Mr. Chairman, for 
having this hearing. I am one of at least three members of this 
Committee that is also a member of the Judiciary Committee. I 
can tell you that we take property rights, especially 
intellectual property rights very seriously on that committee. 
We focus on that.
    Now, this is the third committee by the way, the Labor and 
Education Work Force Committee has held hearings on the 
technology involved in the universities because this is a huge 
problem, and Congress is going to continue to focus on it. I 
should tell you that as an old real estate lawyer, I never tire 
of pointing out that most Americans think of property rights 
with respect to the home that they own, and land that they may 
own as a business, but it was only as an afterthought in the 
Bill of Rights that the founding fathers got around to 
memorializing our specific rights to hold our real property. It 
was in Article 1, one of my favorite articles as a Member of 
Congress, that the founding fathers pointed out the critical 
nature of protecting intellectual property.
    And while I appreciate the, you know, the panel's 
recognizing the importance of intellectual property and I want 
to agree with everybody that education is key, but education 
alone cannot solve the problem. I am disappointed, I guess, to 
some extent that Dean Elzy and Dr. Jackson have minimalized the 
possibilities and the importance of technology in this regard, 
because while I am sure you educate your students, Dr. Jackson, 
on the importance of not committing robbery or burglary or 
rape, you also put locks on the door. And sometimes the only 
way to help young people learn the importance of respecting 
civil institutions, some of the responses you gave about how 
you can't change behavior until you change culture, et cetera, 
remind me when I went to China and pressed the issue of 
intellectual property. We have got rampant theft in China and 
some other countries around the world.
    The commerce, the equivalent of our Commerce Secretary, he 
was a very brilliant guy. I believe he is educated in the U.S., 
perhaps even the University of Chicago, because he could have 
taught economics. He was a real free market kind of guy. I was 
very impressed. But his answer was very similar. He said, you 
know, this can be a long process in China because it is going 
to take us decades to change people's attitudes and behavior.
    And I guess the point of all this is to tell you that the 
Judiciary Committee, see, on a bipartisan basis it is not going 
to be patient for very long with universities that haven't made 
aggressive steps, including education, including policy, 
including technology, whether you like it or not. And we are 
not going to tell you which technology to use, but I think I 
speak in part for Chairman Berman, who chairs the Intellectual 
Property Subcommittee, Chris Cannon, and many others of us when 
I tell you that our committee is going to be insistent that the 
universities, not just because of the theft involved, but 
because you are shaping not just academic excellence for young 
people, but also their attitude towards civil responsibility, 
that we are going to be insistent that we reward universities 
that are aggressive in this regard. I want to note that, for 
example, the University of South Carolina, Michigan State, 
Howard University, Seton Hall, Ohio have adopted technological 
educational, and policy processes that have been very 
successful. The University of Florida, my home state by the 
way, talking about the cost, brags about the fact that 
implementing a technology that they use has saved them some $2 
million in expanding the broadband that they had originally 
intended to do.
    So there are potential savings for the university 
networking opportunity when you diminish the theft.
    And I guess with that, because I have got a lot more 
experts on the panel than I have expertise in this regard, I 
did want to issue that very important statement. I would ask, 
you know, perhaps Dr. Jackson and Dr., Dean Elzy, because I did 
single you out for my disappointment that you hadn't emphasized 
the potential of technology here.
    I guess I would ask you, give you a slight chance to defend 
your positions. We are spending a good deal of federal 
resources in terms of helping universities with their 
technological improvements directly and indirectly through 
student funding, et cetera. Is it responsible for a Congress 
that wants to protect intellectual property rights to continue 
to fund network enhancements for universities if some of those 
enhancements are indirectly being used, in fact, to promote 
intellectual property theft, and that would allow the two of 
you or whoever else would like to respond.
    Dr. Jackson. Yeah. If I may, I should say the University of 
Chicago does use technological means to block things. We are 
active users of firewalls. There is all kinds of traffic that 
we block from off campus. Until Packeteer failed on us we used 
Packeteer very heavily to turn these things down. So we used 
technological means to the extent we can.
    And I should also be clear. I mean, my job is to make sure 
that our network is maximally available so that we do the best 
teaching and research we can. There is all kinds of other use 
that is going to happen with unused cycles, but any time other 
use starts interfering with research and teaching, I am not 
doing my job.
    The key thing is that the technologies that we use to keep 
the interfering stuff from happening have to also not interfere 
with the critical stuff. So when Packeteer failed on us, for 
example, it caused all of our commodity Internet, the regular 
Internet traffic to stop working, and it took us awhile to 
figure out what was going wrong and to pull the Packeteers out. 
But this is the kind of tradeoff that is very difficult.
    So this is a very important technology for us. We really 
need it to work, but it needs to work in such a way, this is my 
point about tradeoffs, that it doesn't tread over into throwing 
the baby out with the bathwater, if you will. If I gave the 
impression that we are not fans of using technology to do 
effective screening, we absolutely are, but I do believe that 
at this point the technological means available to us aren't 
going to get this job done. And that we need to go way beyond 
that, and if we rely on the technology alone, that we are not 
going to get anywhere.
    Ms. Elzy. I, too, would like to share that we believe that 
technology is a part of the answer, but it is not the total 
answer, and if we rely on technology too much, we are going to 
be interfering with the legal uses of peer-to-peer technology 
and some of the educational activities that we have going on on 
the campus. For example, there is a lot of filesharing that 
happens through the course of distance education. There are a 
lot of my own library files that are digital in nature and may 
use the distribution technologies that are available to use 
today. I would like to not have those blocked.
    We believe that education can have an impact but only in 
partnership with all the other things that we have been talking 
about. And part of the technology solution is getting legal 
digital media services up and available and comprehensively 
usable. Approximately 67 percent of our incoming high school 
seniors, college freshmen bring iPods with them, but Ruckus 
doesn't work with iPods. So you have a group of students who 
are disenfranchised unless they switch over to a different MP-3 
player or you offer them multiple services.
    And when I was sitting in a focus group with a number of 
students, and I asked them after they had given a presentation 
on illegal sites and how the students use it, everybody does 
it, that kind of thing, I asked them to name a legal media 
service for me, and they couldn't name one. So there is a huge 
marketing and business opportunity here to get these into the 
knowledge base of the students. They said they would use the 
legal services if they knew what they were, if the music was 
free, and if it had the tunes that they wanted.
    Chairman Gordon. Thank you, Dean. Mr. Feeney, we are going 
to let you join us or join Mr. Sensenbrenner on the next 
committee, our next panel.
    Mr. Wilson is recognized for five minutes.
    Mr. Wilson. Thank you, Mr. Chairman. Just a question 
broadly but I understand that Ohio University, which is in my 
district, has recently implemented some innovative procedures 
to fight illegal filesharing. How much do universities 
communicate with each other in regard to resolving these kind 
of problems?
    And secondly, have you set up any formal pathways of 
communication to do your plan for in the future?
    Dr. Jackson. Well, here I am at the end. The answer is we 
communicate extensively on all kinds of issues, but this has 
been very, I mean, security, research computing, filesharing 
have been very high on all of our lists for awhile. To tick off 
a few of the mechanisms, the Joint Committee that was mentioned 
several times already has been a really effective compact 
medium, I mean, a few of us sitting in a room, EDUCAUSE, which 
is the umbrella organization, and Higher Education has a whole 
set of activities designed. I mean, if you look at the program, 
there is a huge fall conference where everybody goes. So there 
is a lot of the program and a lot of the side conversations 
that are about this.
    We trade notes all the time.
    Mr. Wilson. Good.
    Dr. Jackson. And this is really important, because it is 
the only way that you learn, I mean, to take the Chairman's 
point earlier, one way for us to find out if things work is to 
sort of try them. The other is I can go to one of our peers 
that is very similar to us and see what they have done, and if 
they have succeeded, I am going to adopt that. And we do these 
kinds of things all the time.
    So it is a lot of communication about the technological 
opportunities and limits, and there is an increasing amount of 
communication about whether it is poster campaigns or other 
kinds of educational campaigns that we can do.
    One interesting comment, I am not sure I should make this 
comment, but I will anyway. In terms of enforcement, one of the 
problems we have is that we will, you know, we have a set of 
students who have gotten into trouble doing this. And one of 
the things that is useful to make a point is to make sure the 
rest of the community knows that folks have gotten in trouble 
doing this. So public hangings, if you will.
    And here curiously enough we run into the Family 
Educational Records and Privacy Act, which is a federal law 
that says we cannot disclose this kind of thing publicly. My 
hope very often is that a student who we busted and put through 
the process will go to our student newspaper and complain, 
because then the student newspaper will publish it, and we get 
exactly what we want. But it is this curious game we have to 
play to try to sort of prod them to ask us a question.
    Mr. Wilson. It is a difficult situation, and we feel badly 
about what has happened in Ohio. We had a situation like this a 
couple of years ago where even some Social Security numbers of 
alums got out, and it was a real difficult situation. So I was 
just hopeful that the communication was going on between the 
universities, that we didn't not apply ourselves to make sure 
that everybody was going to be safe from it.
    That is all I have, Mr. Chairman. Thank you.
    Chairman Gordon. Thank you, Mr. Wilson.
    And Dr. Gingrey is recognized for five minutes.
    Mr. Gingrey. Mr. Chairman, thank you. I wish our legal 
experts, our attorneys, were still here, but since I am around 
Mr. Feeney, maybe he could answer this question for me. I am 
old enough to remember as a kid that you wouldn't buy all the 
comic books on the shelf. You would just buy maybe ten or 15 or 
20 of them, and when you got through reading them, you would 
swap those with the kid across the street for the 20 that he or 
she had that you didn't have. And I don't know really when you 
cut right to the chase how different that is from sharing these 
music files.
    And I say that but at the same time I am a real stickler 
and firm believer in the rule of law and warning youngsters as 
Ms. Elzy and Dr. Jackson said, that you probably can't 
completely solve this problem technologically, and of course, 
you all raised your hands and agreed to that, and there needs 
to be some balance. And I truly believe if you can scare the 
bejeezus out of them and show what could happen if they are 
guilty of stealing intellectual property, and appeal to their 
sense of fairness and fair play, of course, I think in your 
testimony, Ms. Elzy, you had said that some of the kids come to 
arrive at the college campus as freshmen having involved, 
engaged and steal intellectual property since the third grade, 
kind of like me and the comic books of 50 years ago.
    So I don't know exactly how you get to that, so these 
comments, of course, are not in the form of a question. You 
might want, any one of the five of you, might want to comment 
on that, but in regard to a specific question, and Dr. Wight, 
this was that fair use issue, in your testimony you highlighted 
the exemption of copyright for certain non-profit education 
purposes.
    I would like for you or any of you to elaborate on how 
copyrighted works are used in course work on your campus, and 
if the other witness would like to discuss that as well that 
would be great.
    Dr. Wight. So we do use a lot of copyrighted work on our 
campus for teaching purposes and research purposes, and the 
Doctrine of Fair Use gives us the limited right to do that free 
of charge. We can only do it with portions of work, and we have 
to restrict it to non-profit, educational activities, but we 
derive huge benefits from the Doctrine of Fair Use in that 
respect.
    More recently the TEACH Act has given us the ability to use 
digital copyrighted works in our teaching, in our classes, and 
again, there are limitations to what we can do, there are 
responsibilities that we have to live up to in terms of 
educating students about the copyright and how the use is 
limited in teaching. We have to password protect the digital 
files so that they can't be released.
    So we have a lot of responsibilities to live up to, but as 
long as we live within the rules, then we are allowed great 
latitude in using these materials for teaching. And it would be 
very, very difficult to get along without it.
    Dr. Sannier. I would just like to echo Dr. Wight's emphasis 
on how important fair use is to scholarly activity of all 
kinds. And I think this is why this is such a particularly 
important issue, that if we were to allow stringent enforcement 
of copyright to erode fair use, the country as a whole would be 
much the worse for it.
    And so these are complicated issues because to a kid who is 
looking at the digital filesharing, it does feel like, well, I 
am just sharing it with my friends, but fair use is when you 
share it with your friends and family, not your million closest 
friends. Because it is kind of hard to categorize a million 
closest friends, and this is the challenge that all of you face 
in drafting law that keeps pace with this changing technology.
    So, again, the weapon that we have is the commercial 
sector. The market ultimately will manage this for us.
    Mr. Gingrey. And I guess my comic book analogy breaks down 
when it is just a kid across the street, and now this 
technology would allow the sharing with a million kids across 
the street. So I do understand that point. Yeah.
    Chairman, I didn't have any other questions. I will be glad 
to yield back at this time.
    Chairman Gordon. Thank you, Dr. Gingrey, and I will remind 
you that you can also share your LPs with folks across the 
street, too.
    Before we bring this committee hearing to a close, I want 
to thank our witnesses. It has been a very informative hearing. 
It has been televised, so there are a lot more folks that are 
listening to this than are up here today, and our staff is all 
listening, so we want to thank you. I want to let you know that 
for any remaining or additional statements from Members and 
answers to any follow-up questions, the record will be open.
    And the witnesses are excused. Thank you.
    [Whereupon, at 3:20 p.m., the Committee was adjourned.]
                              Appendix 1:

                              ----------                              


                   Answers to Post-Hearing Questions




                   Answers to Post-Hearing Questions
Responses by Charles A. Wight, Associate Vice President for Academic 
        Affairs and Undergraduate Studies, University of Utah, Salt 
        Lake City

Questions submitted by Chairman Bart Gordon

Q1.  Have you had any complaints from faculty or students about any of 
the technologies you are using to reduce illegal filesharing? Were 
these complaints related to traffic-shaping systems (such as 
Packeteer's PacketShaper) or network-filter systems (such as Audible 
Magic's CopySense Appliance)? Has the use of these technologies blocked 
any legitimate filesharing or interfered with any educational or 
research work on the campus network?

A1. To the best of my knowledge, there have been only two incidents at 
the University of Utah in which student use of our campus network was 
temporarily disrupted as a result of using the network for legitimate 
purposes. Both instances were cases in which the student was using 
voice over IP services from the residence halls, and exceeded our 
bandwidth threshold for automatic termination of network services. In 
both cases, network services were restored and the threshold limits 
raised to accommodate the legitimate activities. There have been no 
complaints from faculty or staff, and no disruption of any educational 
or research work on the campus network.

Q2.  Was the use of Audible Magic's network-filter system controversial 
on your campus? For example, were staff and students concerned about 
privacy, academic freedom, or that such systems would slow down your 
network? Were any of these concerns borne out once the technologies 
were installed?

A2. Our use of Audible Magic's CopySense appliance is limited to the 
local area network serving the student residence halls, so faculty and 
research use is unaffected. The use of the software was not 
controversial, and there have been no complaints about abridgments of 
academic freedom. The reduction in network traffic has actually led to 
a significant speedup of the network for legitimate uses.

Q3.  About how much does your university spend on anti-spam, anti-
virus, and firewall software per year? How does this compare with what 
you spend on technologies to reduce illegal filesharing?

A3. For centralized network and e-mail services, the university spends 
in excess of $50,000 per year on anti-spam, anti-virus and firewall 
software each year. In contrast, we spend approximately $7500 per year 
for the Audible Magic CopySense appliance. The network bandwidth 
monitoring and reporting software that we use to identify high-
bandwidth users was created by University of Utah staff. We would use 
this capability even in the absence of a filesharing problem, so it 
does not represent an added cost of reducing filesharing activities.

Q4.  What is your estimate of the cost savings to your campus from the 
reduction in copyright notices since installing these technologies? 
Could you provide us with an estimate of the amount of time and money 
required to respond to one of these copyright abuse notices?

A4. It takes 1-2 hours of staff time in our Information Security Office 
to respond to each DMCA copyright abuse complaint received. Since 
implementing the use of the CopySense appliance, we have experienced a 
90 percent drop in the number of complaints, which translates directly 
to a savings of approximately $70,000 per year in staff salary and 
benefits costs. In addition, the reduction in network bandwidth costs 
in the first year saved the university an estimated $1.2M. Network 
bandwidth charges have decreased over time, and it is not possible to 
project the increase in filesharing activity that might have occurred 
in the absence of CopySense. However, a rough estimate of our savings 
would be in the neighborhood of $1M per year.

Questions submitted by Representative Ralph M. Hall

Q1.  Dr. Wight's testimony highlights the exemption of copyright for 
certain nonprofit education purposes. Please elaborate on how 
copyrighted works are used in course work on your campus. Does your 
university employ specific software to allow educational use without 
risking broader distribution? What is the scope of this type of fair 
use on your campus and how can educational fair use be differentiated 
from infringing traffic?

A1. Portions of copyrighted works are used routinely under the doctrine 
of Fair Use for educational purposes in classes throughout the campus. 
Usually, this takes the form of excerpts of published articles or books 
used to illustrate a concept or to serve as the focus of a class 
discussion. Our Marriott Library operates a digital reserve section 
where students can access some of these materials electronically. In 
addition, some copyrighted materials are used in online classes taught 
over the Internet. Electronic access to these materials is limited to 
students in particular classes for limited periods of time, in 
accordance with the TEACH Act. The Fair Use of a copyrighted work for 
educational purposes is normally limited to only a portion of the work. 
Therefore, when access to the entire work is desired, the university 
obtains the permission of the copyright owner. The Marriott Library 
uses a variety of technologies designed to limit access to copyrighted 
works in accordance with licensing agreements and applicable law. These 
include restricting access to digital resources by IP domain, 
university network ID/password authentication, and authorization 
according to particular classes for which students are registered.

Q2.  Many of the witnesses described their support for offering 
students ``a legitimate online service, one that provides an 
inexpensive alternative to illegal filesharing.'' Does your university 
offer this service to their students? If so, how many students use this 
product and what feedback have you received from them? If not, has your 
university considered their use before? What are the principal factors 
that affect the decision to provide legal alternatives?

A2. The University of Utah has considered the possibility of 
contracting with a commercial service for providing low-cost access to 
music and video files. However, it has no plans to expend state funds 
or tuition revenues to subsidize a service like this in the near 
future.

Questions submitted by Representative Michael McCaul

Q1.  Do you believe that the availability of a certain technology 
should automatically legitimize the activity undertaken on it? In 
preparing students for an increasingly technological world, does it 
help or hurt them when they are not adequately punished for abusing the 
school's network and computing resources and privileges?

A1. History shows that advances in technology have consistently 
outpaced advances in societal norms governing the ethical use of those 
advances. Because university research is at the forefront of knowledge 
in nearly all fields, every university has a strong mandate to educate 
its students and the general public about the ethical uses of new 
technologies (e.g., cloning, stem cell research, peer-to-peer 
filesharing, electronic surveillance, etc.). It is only by educating 
our community about the legal and ethical limits to the use of 
technology, and by backing up that education with appropriate sanctions 
for abusing the limits, that we can keep the growth of technology and 
social norms in balance with each other.

Q2.  Is it appropriate for taxpayers to fund school networks that are 
widely used to facilitate theft? Is it appropriate for school 
networks--created and intended for academic use--to be slowed and 
clogged by illegal activity?

A2. No. It is in the best interests of universities to optimize the use 
of their networks to discourage illegal and unethical activities and to 
facilitate legitimate uses for education and research.

Q3.  We have heard that technological measures exist that reduce or 
prevent illegal filesharing, reduce the network bandwidth wasted by 
such activity, secure the network against viruses and spyware, and 
decrease the amount of time spent by administrators responding to 
infringement notices. Doesn't the cost benefit of addressing these 
problems justify the cost of implementing effective network technology? 
If not, what type of analysis have you used to arrive at your decision?

A3. The cost of eliminating all illegal activities on any network would 
be prohibitively high, and it would raise the cost of higher education 
beyond the reach of many students. At the same time, the cost of doing 
nothing is also high, because it would encourage illegal uses of our 
campus networks that would otherwise be available for education and 
research. The sweet spot lies somewhere in the middle, by making 
appropriate expenditures for technologies that reduce undesirable or 
illegal network activities (e.g., spam, viruses and illegal 
filesharing) to acceptable levels. Currently, we have spent a modest 
amount of money ($7500/year) to reduce illegal filesharing by about 90 
percent. The administrative burden of responding to infringement 
notices is currently low (2-4 hr/week), so we believe that our efforts 
to reduce the problem have been largely successful.

Q4.  Rather than purchasing a commercially available technology, some 
schools, such as Ohio University have used internal technological 
solutions to block some or all of the illegal music, movies, and 
software on their networks. Ohio University went a step beyond blocking 
illegal peer-to-peer programs and shut down a ``darknet,'' which is a 
private hub that allows students to trade music and movies on the local 
area network without connecting to the wider Internet. What type of 
action has your university taken to address the issues of darknets 
operating on your internal system? What are some of the solutions to 
finding and shutting down darknets?

A4. All areas of the University of Utah network are continuously 
monitored for unusually high bandwidth activity, so this type of 
activity would likely be detected even if files were not exchanged with 
other computers outside the campus gateway. The Audible Magic CopySense 
appliance is operated in the portion of the network serving student 
residence halls, so any registered music or video files shared between 
computers even inside the network would be detected and blocked. 
Therefore, the solution implemented at the University of Utah would 
likely identify and stop any illegal filesharing, even on a ``darknet'' 
portion of the campus network.

Q5.  Campus officials at Stanford University wrote a letter to students 
last month saying ``Keeping up with the number of filesharing 
complaints coming in under the DMCA has required almost three full-time 
Stanford employees.'' How much time and resources did your institution 
spend on DMCA notices each year before implementing a technological 
solution? How much time does your staff spend on notices now that 
you've adopted a technological solution? What caused your University to 
take proactive steps?

A5. We currently respond to approximately 2-3 DMCA copyright 
infringement notices per week, which requires about 2-4 hr/week for a 
single employee. Prior to adoption of our technology solution, we 
received about 10 times as many complaints, which required at least one 
full-time employee to handle. The proactive steps to reduce illegal 
filesharing activities were taken for three main reasons: 1) to bring 
students and all members of our university community into compliance 
with acceptable network use policy and the law, and to educate them on 
the values of respecting copyrights; 2) to reduce the cost of 
university network resources by eliminating illegal high-bandwidth 
activities; and 3) to reduce expenditures on personnel required to 
respond to DMCA infringement notices.
                   Answers to Post-Hearing Questions
Responses by Adrian Sannier, Vice President and University Technology 
        Officer, Arizona State University

Questions submitted by Chairman Bart Gordon

Q1.  Did your campus first test the Audible Magic network-filter system 
before making a final purchase? Was there a cost associated with this 
initial testing?

A1. Yes we did test the system prior to purchase. There was no cost to 
the university during the testing phase.

Q2.  You have mentioned that your technical team was initially 
skeptical about the Audible Magic network-filter system. What were 
their primary concerns? Did these prove to be well-founded?

A2. The technology to identify and block ONLY copyrighted and otherwise 
illegal activity is very complex. There was skepticism that the Audible 
Magic platform could really do this efficiently. There were some 
initial performance issues with the platform due to the high volume of 
traffic at such a large university. These issues were resolved and the 
system is now performing well.

Q3.  Have you experienced any significant technical problems since you 
began using the Audible Magic network-filter system? In terms of 
reducing the demand for network bandwidth, had it saved your campus 
money, or do you anticipate that it will?

A3. ASU has not experienced any significant technical problems since 
implementing the Audible Magic network-filter system. During the few 
weeks the system was in production during the spring semester, ASU's 
overall bandwidth utilization to the Internet was reduced by about 
eight percent (48mb).

Q4.  Since installing the Audible Magic network-filter system, have 
your copyright-violation notices decreased? If so, by how much? What is 
your estimate of the cost savings to your campus from any reduction in 
copyright notices since installing these technologies? How much time 
and money is required to respond to one of these copyright abuse 
notices?

A4. Since installing the Audible Magic network-filter system, the 
number of copyright-violation notices has decreased dramatically. ASU 
went from 247 incidents from January through April of this year, down 
to 37 during the May/June timeframe. Usually the incidents occurred 
upwards of a month previously. There were cost savings in a number of 
areas due to this implementation:

        1.  University Technology Office Help Desk--significant 
        reduction in time being spent processing violations through the 
        ASU system. Reduction from 45 hours of staff time to 10 hours 
        of staff time which equates to a savings of $875 over two 
        months already.

        2.  Student Affairs Office--significant reduction in time and 
        resources necessary to address student violations. The staff in 
        student affairs must bring in the student to explain the issue 
        and instruct them on good security and copyright protection 
        practices.

        3.  University Technology Office Network Communications--
        reduction in bandwidth indirect cost of approximately $8,500 
        per year. However no direct cost savings have been realized as 
        we commit to a minimum amount of bandwidth per year; our cost 
        per mb is based on that commitment.

Q5.  About how much does your university spend on anti-spam, anti-
virus, and firewall software per year? How does this compare with what 
you spend on technologies to reduce illegal filesharing?

A5. ASU spends approximately $80,000 annually for anti-virus. Anti-spam 
we are using Barracuda Networks devices that total $50,000 for purchase 
with minimal annual expense, and finally we have approximately 50 
firewall pairs with an annual investment of around $150,000. The 
Audible Magic devices to prevent illegal filesharing cost $100,000 to 
purchase with approximately $10,000 annual expense.

Questions submitted by Representative Ralph M. Hall

Q1.  Dr. Wight's testimony highlights the exemption of copyright for 
certain nonprofit education purposes. Please elaborate on how 
copyrighted works are used in course work on your campus. Does your 
university employ specific software to allow educational use without 
risking broader distribution? What is the scope of this type of fair 
use on your campus and how can educational fair use be differentiated 
from infringing traffic?

A1. Course material access is restricted to students officially 
enrolled. All access is technically secured through a single sign-on 
authenticated I.D. Materials utilized by individual instructors are 
subject to fair use/copyright provisions. Student redistribution of 
course material is regulated by the acceptable use policy of the 
university.
    Instructors are provided copyright clearance and assessment of 
material use through the University libraries resource reserve, central 
distributed education staff, and college-based support staff.

Q2.  Many of the witnesses described their support for offering 
students ``a legitimate online service, one that provides an 
inexpensive alternative to illegal filesharing.'' Does your university 
offer this service to their students? If so, how many students use this 
product and what feedback have you received from them? If not, has your 
university considered their use before? What are the principle factors 
that affect the decision to provide legal alternatives?

A2. ASU offers Ruckus on campus and iTunes (among other services) are 
available via download from the Internet. There are currently 7,467 ASU 
users that have Ruckus accounts.

Questions submitted by Representative Michael McCaul

Q1.  Do you believe that the availability of a certain technology 
should automatically legitimize the activity undertaken on it? In 
preparing students for an increasingly technological world, does it 
help or hurt them when they are not adequately punished for abusing the 
school's network and computing resources and privileges?

A1. Changes in technology put pressure on established markets and ways 
of delivering products. As we have seen, it also puts pressure on our 
definitions of intellectual property. I think students must be prepared 
to help the companies they will one day join to adapt to and take 
advantage of these changes to create value and maintain economic 
viability. However, ethics training in all its forms is an important 
component of higher education, and a solid grounding in the value of 
intellectual property protections to the society that grants them is an 
important part of that training.

Q2.  Is it appropriate for taxpayers to fund school networks that are 
widely used to facilitate theft? Is it appropriate for school 
networks--created and intended for academic use--to be slowed and 
clogged by illegal activity?

A2. Clearly the academic networks run by universities must be focused 
on the legitimate purposes for which they were created. ASU has been 
successful in managing our network to ensure that it is not ``slowed or 
clogged'' in any way by illegal activity (copyright infringement). 
ASU's network operations are threatened much more by Spam and Denial of 
Service attacks.

Q3.  We have heard that technological measures exist that reduce or 
prevent illegal filesharing, reduce the network bandwidth wasted by 
such activity, secure the network against viruses and spyware, and 
decrease the amount of time spent by administrators responding to 
infringement notices. Doesn't the cost benefit of addressing these 
problems justify the cost of implementing effective network technology? 
If not, what type of analysis have you used to arrive at your decision?

A3. At this stage we have not observed that the network bandwidth 
recovered offsets the cost of the Audible Magic solution we have 
implemented. It is possible that it may in the future, but it is also 
possible that the solution we have used may not keep pace with the 
rapid technical evolution of the sharing services, in which case we may 
be forced to invest in further counter-measures.

Q4.  Rather than purchasing a commercially available technology, some 
schools, such as Ohio University, have used internal technological 
solutions to block some or all of the illegal music, movies, and 
software on their networks. Ohio University went a step beyond blocking 
illegal peer-to-peer programs and shut down a ``darknet,'' which is a 
private hub that allowed students to trade music and movies on the 
local area network without connecting to the wider Internet. What type 
of action has your university taken to address the issue of darknets 
operating on your internal system? What are some of the solutions to 
finding and shutting down darknets?

A4. In addition to commercially available technology such as Audible 
Magic, ASU uses firewall rules to prevent unauthorized servers on the 
network. Students are prohibited from connecting any external 
networking equipment to the ASU network this includes wireless access 
points; thus restricting using the ASU network for this type of 
behavior. The Cisco Network Access Control system prevents students 
from putting unauthorized devices into the network. The networking 
tools help us to easily notice a rough device for Wireless.

Q5.  Campus officials at Stanford University wrote a letter to students 
last month saying ``Keeping up with the number of filesharing 
complaints coming in under the DMCA has required almost three full-time 
Stanford employees.'' How much time and resources did your institution 
spend on DMCA notices each year before implementing a technological 
solution? How much time does your staff spend on notices now that 
you've adopted a technological solution? What caused your university to 
take proactive steps?

A5. The primary reason for investigating Audible Magic is the time 
savings in this area. This time savings is not only for the University 
Technology Office but also Student Affairs. The UTO Help Desk required 
at least two hours or more to track down the user; complicated 
incidents would require Netcom or Server support assistance. Once 
identified, Student Affairs staff the identified party and conduct 
training classes to instruct the students on correct behavior.
    At the rate the incidents were occurring for January through April 
we would have been on target to address approximately 1,000 incidents 
over the year. That means at the minimum there would have been 500 Help 
Desk Hours + 1,000 Student Affairs hours + any additional Netcom staff 
hours. With the implementation of the device we have already seen a 
greater than three-fourths drop in the number of incidents. The Audible 
Magic device may not catch every offense but it is greatly reducing the 
issues. We will have better numbers after the students return in the 
fall.
    ASU has been taking proactive steps in this area since it became an 
issue in the beginning of the decade. It has required steady 
investments of time and resources, and our counter measures have had to 
evolve in complexity and sophistication.
                   Answers to Post-Hearing Questions
Responses by Vance Ikezoye, President and CEO, Audible Magic 
        Corporation

Questions submitted by Chairman Bart Gordon

Q1.  How much does it cost to install and maintain the Audible Magic 
network-filter system at an average campus? After installing a system, 
do you continue working with the customer to upgrade and update the 
system over time?

A1. The cost of our system consists of two parts: the initial purchase 
of the system and annual charges.
    The initial purchase price of our system ranges in price and is 
based upon the bandwidth of the network it is installed upon. Thus 
smaller universities generally pay less. This price can be as little as 
a few thousand dollars to one hundred thousand dollars or more. The 
installation at one of the largest enrollment universities in the U.S. 
was around one hundred thousand dollars. Our average sale to 
universities is around twenty five to thirty five thousand dollars. In 
addition, some schools can reduce the cost by implementing the system 
on just the parts of the network which are the focus of the piracy 
problem - for example, on-campus housing.
    The annual charge is made up of two components: The educational 
module of our system, which is optional, is priced by the number of 
users, with the annual cost between seventy five cents and two dollars 
per user. Secondly we charge a support fee for the customer technical 
support, hardware support, software updates, and a subscription to 
access our content, of approximately twenty three percent of the system 
purchase price. Thus a fifty thousand dollar system would have an 
eleven thousand five hundred dollar annual support fee.

Q2.  Some universities have argued that technologies like Audible 
Magic's will fail on high-performance campus networks. Do you agree 
with this technical assessment? If your technology in its current state 
would not operate on high-performance networks, is it likely to improve 
in the near future so that it will?

A2. Clearly, high performance networks on campuses pose increased 
challenges from the level of speed, complexity, and management 
sophistication, but we have demonstrated our ability to handle a wide 
variety of customer networks with diverse network environments. As 
mentioned we have our systems in use on over seventy schools including 
some very large public universities.
    Addressing the question more directly, the general concern of high 
performance network failures tends to focus on the issue of 
scalability. In order to address scalability, we simply deploy higher 
capacity hardware systems on the high speeds networks of some campuses. 
This hardware is readily available and can be configured to handle the 
high speeds. The second related issue concerns what happens if our 
product fails, does it have a detrimental impact on the network? As 
mentioned previously, our system is not an inline device. Because it is 
not inline, the failure of the system will not negatively effect the 
stability of the network.
    With respect to the future, we feel very confident with our ability 
to not only to handle existing networks but for our technology and 
products' ability to keep pace with the increases in network bandwidth 
anticipated in the future.

Q3.  The majority of U.S. campuses already use traffic-shaping 
technologies to control their network bandwidth. How is this technology 
different from network-filter technologies such as yours, and why is it 
not always effective at stopping illegal filesharing alone?

A3. At a lower level, we share a lot of technology with traffic shaping 
products. Traffic shaping devices are able to identify data streams by 
application, i.e., they know the difference between e-mail, web 
traffic, or peer-to-peer filesharing applications. Our system does that 
but goes one step further. Our system is able to reconstruct the 
payloads of the transmissions for filesharing applications. These 
payloads are files such as music or movies. Upon reassembly and 
identification of the files as copyright media files, we are able to 
match the unknown file with our copyrighted content registry.
    The reason that traffic shaping solutions are not always effective, 
is that peer to peer filesharing applications are constantly evolving 
and require a dedicated focus to keep up. Because our product is 
focused on peer to peer filesharing and not any other applications, we 
are able to ensure the most up to date technology to manage illegal 
filesharing. In addition, traffic shaping technologies affect all P2P 
traffic, both legal and illegal. With the CopySense solution, only the 
illegal P2P traffic is affected.
    As an aside, our technology has been designed so that it could be 
integrated very easily into traffic-shaping or other advanced routing 
network infrastructure devices that currently exist on most networks 
today. As an example, our technology can even be integrated into the 
network infrastructure of an ISP.

Q4.  Your technology includes a database of the fingerprints of 
copyrighted music and movies, and is one of the largest in the world. 
How quickly is the database updated when new songs and movies are 
released?

A4. Our database is updated on a daily basis. In many cases, due to our 
relationships with the content industry we are able to update the 
database with new songs and movies before their commercial release.

Q5.  You mentioned that your product can be configured to be consistent 
with different universities' privacy policies. Can you explain in more 
detail how this works? Are technologies such as yours any more invasive 
of privacy than anti-virus or anti-spam software?

A5. Privacy policies vary widely from university to university. Some 
universities want to restrict the data on system reports that include 
IP addresses of individuals. We have designed the CopySense system so 
that it can be configured to restrict access to information in a manner 
consistent with a university's privacy policy. If so configured, the 
university could treat this system as a black box as they do their 
other network equipment. This black box operates automatically without 
access by unauthorized personnel. In some cases if a school's policy is 
that no university personnel can access activity information, the 
system's educational features could be configured so that only the 
student is notified of detection of their inappropriate behavior.
    The analogy of anti-virus or spam filtering products is an 
appropriate one. Our products operate in a manner similar to anti-virus 
products or even spam filters--only our registry contains fingerprints 
of copyright works rather than fingerprints of viruses or spam. An 
additional protection to privacy is that our system matches only 
copyrighted items in a database that are transferred over known public 
filesharing networks. All other communications such as e-mail and web 
traffic go by unimpeded and without inspection.
    From one perspective, our product is much less invasive from a 
privacy point of view than spam filtering technology. Our product only 
detects the transfer of copyrighted works over public filesharing 
networks. Remember that these networks connect millions of anonymous 
strangers who are revealing the contents of their computers' hard 
drives; it is a question if there is even an expectation of privacy 
under these circumstances. Contrast that with spam filtering 
technologies, which scan and intercept private e-mail communications 
between known individuals.

Questions submitted by Representative Ralph M. Hall

Q1.  Many of the witnesses described their support for offering 
students ``a legitimate online service, one that provides an 
inexpensive alternative to illegal filesharing.'' How does the 
CopySense application differentiate legally obtained copyrighted works 
on these services from infringing distribution on P2P networks?

A1. Our system only detects content transfers over known peer to peer 
filesharing applications. The system ignores transfers of content using 
online legitimate services such as iTunes. Therefore we do not have to 
differentiate the copyrighted works, we just have to be able to detect 
and identify the transport mechanism, whether peer to peer or iTunes. 
As an aside, even copyrighted works legally obtained from a legitimate 
online service are not legally allowed to be copied on P2P networks.

Q2.  What works are currently protected through use of CopySense? Does 
the database include non-entertainment material such as books or 
scholarly articles? How do copyright holders add fingerprints of their 
works to the database? Is there a limit to how large the database can 
be before impeding the functionality of your hardware?

A2. The database currently handles most of the North American catalog 
of music and has a rapidly growing catalog of film and television 
content. At this time, we have not yet created a database of books or 
scholarly articles.
    Copyright owners that want to register their content are able to 
contact us, sign a registration agreement, and then we work with the 
copyright owner to fingerprint their content in the most efficient 
manner. Most of the time, this consists of providing a software program 
to the copyright owner, which allows them to fingerprint the digital 
file. In some cases, the copyright owner will provide us physical media 
and we provide services to fingerprint their works for them. Because 
the fingerprint database is managed and located centrally, there is no 
relationship between the size of the database and the size of the 
hardware installed in the university. Therefore the answer to the 
question is that the database could grow indefinitely and will never 
impact the functionality of the hardware.

Questions submitted by Representative Eddie Bernice Johnson

Q1.  Some of the other panelists are concerned that technologies to 
reduce illegal filesharing will slow down networks, especially on large 
research campuses. Has this been a problem at large research 
universities where your technology is installed? Will the speed of your 
technology continue to increase?

A1. In our over 70 university customers, our technology has never been 
the cause of a slowdown of the network. In fact, because we can 
significantly reduce the bandwidth utilization of these filesharing 
applications, performance generally increases. However, technically the 
reason our technology is not a problem is that our system is not an 
inline device. Inline devices are problematic since all the data 
traffic needs to go through them. If the device is not fast enough or 
even worse, fails, it can slow down or stop network traffic. As a 
device that is not inline, the CopySense appliance operates on the 
sidelines and performs its matching activity in parallel with the real 
time network traffic flow. The actual experience of our university 
customers has been that the CopySense appliance has no adverse impact 
on network performance.
    The speed of our technology will continue to increase with the 
increases in computational power available in the market. I do not 
anticipate that hardware performance will be an issue for the 
foreseeable future.
                   Answers to Post-Hearing Questions
Responses by Cheryl Asper Elzy, Dean of University Libraries and 
        Federal Copyright Agent, Illinois State University

Questions submitted by Chairman Bart Gordon

Q1.  Since the beginning of the Digital Citizen Project at Illinois 
State University, have other universities sought information about your 
experiences and information on how to reduce illegal filesharing?

A1. Several associations and universities have sought out the 
leadership of the Digital Citizen Project through a variety of venues. 
One avenue of contact is through the Project web page at http://
www.digitalcitizen.ilstu.edu/. Another opportunity for sharing what 
we've learned so far comes through presentations at conferences like 
EDUCAUSE. Many will take our cards or contact us afterward once they've 
attended one of our sessions. The Project's technology specialist and 
one of the Project's leaders based here in DC gets many calls.
    All are seeking advice. Most just want answers--a shrink-wrap 
solution they can buy and all the DMCA complaints will go away. At 
present, the Digital Citizen Project doesn't have that answer. We are 
gaining experience every day. We are documenting the scope of the 
problem with each new study and data collection. There is much work to 
be done and improvements to be made before the technology will be 
effective in stopping the DMCA complaints and eliminating downloading. 
Some of the answers will come from changing cultures and behaviors as 
much as relying on a technological monitoring or blocking solution.
    The surprising large number of calls and contacts we do get about 
the Digital Citizen Project and its findings confirms our belief that a 
National Center on downloading issues should be funded and created at 
Illinois State University. All of higher education is laboring with a 
lack of reliable information on what to do, what works, and--more 
importantly--what doesn't work. Such a Center as we propose could 
provide reliable, tested, replicable information on products, 
softwares, educational programs, and more.

Q2.  You mention that ISU would like the Digital Citizen Project to be 
a ``consumer-reports-like'' study on ways to reduce illegal 
filesharing. Could you explain this in more detail? How would such a 
study work and what type of results might it produce? How would you 
integrate new technology products into the study throughout its 
duration?

A2. The ``consumer-reports-like'' study refers to an aspect of our 
study wherein Illinois State could capitalize on its strong working 
relationships with multiple associations and vendors to compare and 
contrast the capabilities of the emerging software and hardware 
products that are appearing almost weekly. The ``reports,'' as we 
conceive of them at present, would involve testing each product--first 
on a test networking and then on a segment of our live network such as 
a residence hall complex--and determine the effectiveness of the 
product from a variety of benchmarked perspectives. These elements 
might include ease of installation, size of the music and movie 
library, compatibility with Macs and PCs, ability to stand alone versus 
requiring another software or program to work. While the early focus 
would be on monitoring systems and escalated response programs, it 
could easily be expanded to include an evaluation of legal media 
downloading services or K-12 educational programs.
    It is important to remember that many of these products were 
originally developed for other uses than tracking filesharing but are 
being adapted to meet this new challenge. Also, in most cases they are 
products for a commercial environment. ISU is testing these in a live 
networked higher education environment to identify their strengths and 
weaknesses for reducing illegal filesharing. Each product will be set 
up for at least a semester through our residence hall network. Results 
expected vary depending on the sophistication of the product but may 
include: does the product identify copyrighted downloads and stop 
uploads, can the product tell the difference between copyrighted and 
non-copyrighted material, how much of downloads are being missed, and 
does it recognize metadata.
    It is also important to note that some of these products can be 
tested on a live network while others absolutely cannot. Certain 
programs cannot because their technology needs to alter the make-up of 
the ISU network so drastically as to make the ISU network profile so 
different that it could potentially change daily academic and business 
uses of the live ISUNet network or bring the network down all together. 
(This highlights a crucial reason that independent testing and 
evaluation is sorely needed by higher education. No institution can 
afford to destabilize its network in installing a product, nor can it 
change its network architecture to meet the demands of a new 
technology.) For those not able to be on a live network, a test network 
is essential, so Illinois State is seeking funding to create a small 
test network to provide a safe environment for study and evaluation.
    When the Project leaders become aware of new products, the new 
vendor is contacted and invited to join the project immediately. A 
product can be added at any time.
    The timetable for the Digital Citizen Study covers several years. 
The first phase of the study will be completed in June 2008. Existing 
funding extends only through that date. At that time we will have 
completed the early testing of two to three monitoring products, 
several surveys of college students' behavior and motivations regarding 
downloading, initial release of an escalated response system just 
developed at Illinois State, and put in place legal media downloading 
services. The long term effects of this will not be known because we 
will have just barely gotten all the elements of the Project started by 
the end of this first phase. The results of this first phase will be 
the foundation to build the solution for this problem in the next 
phase.
    We are seeking funding from private foundations, from the 
entertainment industry, and from the public sector to undertake 
succeeding phases that include studying downloading behaviors in the K-
12 age ranges and developing educational modules for the kindergarten 
through senior in high school level that will successfully capture 
their attention and positively impact their behaviors. We believe that 
through education at this younger level, with technological barriers in 
place, a long term solution is possible. These educational modules must 
appeal to the younger generation and be able to be integrated into an 
already crowded curriculum easily for teachers to incorporate them at 
point of need. Research in conjunction with Illinois State University's 
College of Education faculty using our elementary and secondary 
laboratory schools provides us an excellent opportunity to develop 
these modules. Moreover, ISU has institutional agreements with seven 
professional development schools--existing K-12 school districts--
throughout the state representing demographics from rural to inner-
city, from poor to wealthy. This phase is a three year project.
    Other phases of the Project that would get underway concurrently 
include further testing of monitoring systems with feedback both to 
industry and vendors as well as higher education decision-makers, 
exploration of financial models that might make systems on campuses 
more affordable and defensible, development of better public relations 
programs through a clearinghouse exchange of successes and best 
practices with other colleges and universities, and a comparison of 
existing educational programs available throughout the marketplace.
    The biggest barrier to Digital Citizen Project is money and time. 
Money and time. The work undertaken is labor-intensive, uses a lot of 
expensive technology, and requires a wide spectrum of expertise from 
network engineering to behavioral research to effective marketing to 
classroom excellence. Without additional funding, the Project will 
begin shutting down in March 2008. With additional funding, the Project 
can expand and adapt as rapidly as the downloading issues themselves.

Questions submitted by Representative Ralph M. Hall

Q1.  Dr. Wight's testimony highlights the exemption of copyright for 
certain nonprofit education purposes. Please elaborate on how 
copyrighted works are used in course work on your campus. Does your 
university employ specific software to allow educational use without 
risking broader distribution? What is the scope of this type of fair 
use on your campus and how can educational fair use be differentiated 
from infringing traffic?

A1. The Project leaders at Illinois State would certainly echo Dr. 
Wight's testimony regarding legal, educational uses of copyrighted 
media. At Illinois State University and on other college campuses, 
downloading and peer-to-peer technology is used heavily in distance 
education applications, in legitimate sharing of data and research 
through scholarly exchange of information online, in legal software 
upgrades for important programs such as Linux, for digital files housed 
in the university's library and shared for class reserves, and more. 
Our course management software on campus is WebCT through which 
students access many of the course materials, syllabi, and other 
course-related documents. WebCT allows faculty to post (with copyright 
permission) electronic journals, digitized chapter in books, images, 
film clips, audio files, and more--all with password protection so only 
authorized students can access the items. All these legal uses of 
downloading technology must be protected. To do less would be to 
cripple the academic enterprise. That is one of the many reasons that 
Illinois State chose not to block peer-to-peer traffic unilaterally.
    Illinois State University has, for almost seven years, used 
Packeteer to shape the traffic on our network and give highest priority 
for academic and administrative purposes. The university's library and 
campus technology's working groups have developed methods for password-
protecting files from images to film clips to electronic journal 
articles to data files so that only a given class or other specified 
group can gain access to material available for legal use through 
copyright permissions.
    The Digital Citizen Project's leaders feel strongly that the 
faculty model the behavior adopted by their students. If a faculty 
member bootlegs an opera or a play or a film, then the students will 
think it must be okay. We must make legal use of films, music, and all 
digital media easier by creating better avenues for securing copyright 
permissions. This can be illustrated with an experience straight from 
the Project's history. We were creating a brief training session for 
all incoming freshmen about the dangers of downloading and the fact 
that not ``everyone does it.'' We asked RIAA to help us in getting 
permission to use a couple of minutes of a copyrighted music video 
popular at that time. We started the process in April, and in August we 
still could not get that permission--even with the help of the 
industry's own association! We must develop and adopt distribution 
systems that make it easier for faculty to open a computer file and 
have a legal copy of a film, show, or song delivered to a classroom 
than it is for that faculty member to bring in his own copy for 
classroom use--a practice not presently permitted under DMCA.

Q2.  Many of the witnesses described their support for offering 
students ``a legitimate online service, one that provides an 
inexpensive alternative to illegal filesharing.'' Does your university 
offer this service to their students? If so, how many students use this 
product and what feedback have you received from them? If not, has your 
university considered their use before? What are the principal factors 
that affect the decision to provide legal alternatives?

A2. Illinois State University has, in the course of the Digital Citizen 
Project, explored formal agreements to provide legal media downloading 
services. We even got to the point of negotiating contracts with two 
different services, but those were never signed. Two crucial factors 
halted that initiative.
    First, the commercial legal vendors have come and gone so fast that 
it's difficult to be assured the deal is the best one or that the 
company will still be in existence at the end of the contract. One 
company with whom we negotiated changed its business model five times 
in 15 months--from costing $40,000 for our campus and requiring a 
formal contract to being free and open to anyone with an .edu e-mail 
address. Further, there are still no solid services with a broad and 
deep film library. ISU will be approaching Blockbuster and Netflix this 
fall about creating a college program with us, but that's still 
speculative.
    The second factor is driven by our study of high school seniors 
coming to Illinois State as freshmen over the last two summers. In 
summer of 2007, 80 percent of respondents report they are bringing an 
iPod to campus. iPods still only work with Apple compatible services, 
and the only legal Apple service is iTunes. The leading campus 
companies, most notably Ruckus, are not compatible with iPods, so to 
secure a single service would be to disenfranchise the vast majority of 
our students.
    Instead of bringing one or more legal services to campus, the 
Digital Citizen Project proposes to inform students--almost 
relentlessly--about all the legal media services we can identify. 
Anecdotally, when one of the researchers asked Project focus groups to 
name one legal service, no one in the groups could. They even thought 
iTunes was an illegal service. However, the students in the focus group 
universally said they would happily use legal downloading services if 
they knew what they were--and if they were easy to use, free or 
inexpensive, and had the library of songs and movies they wanted. There 
is a huge marketing opportunity here. If we can point the students in 
the right direction and find a funding model that may work for the 
individual and for the University, then we may be able to begin a slow 
shift in downloading behaviors.

Q3.  You state in your testimony that, ``if Congress asks all 4,000 
colleges and universities. . .to implement monitoring systems over a 
very short period of time--from our experience it would seem impossible 
for vendors to supply our needs.'' What leads you to this conclusion? 
In your opinion, how many years would vendors need to overcome these 
obstacles?

A3. The Project leaders have come to the conclusion that--at this point 
in time--vendors could not supply or service 4,000 college campuses 
because, in our opinion, they aren't ready. This is based on the 
experience of the Project itself. For example, Red Lambda is a 
monitoring system often mentioned in Congressional hearings as a 
potential monitoring system to reduce downloading. Red Lambda was the 
first monitoring system we began working with in October 2004. In 
January 2005 Illinois State gave Red Lambda $5,000 in installation fees 
to bring them to campus. Thirty months later, Red Lambda will make its 
first trip to campus (July 11, 2007) in preparation for installing 
their program on part of our network for testing and evaluation. When 
asked whether they have installations beyond the campus where Red 
Lambda was developed as Icarus, they can name only one or two that are 
in development or at the talking stage. Audible Magic, at last report, 
had about 60 customers (both business and higher ed), and they are the 
industry leader. Other companies like Allot, eTelemetry, Safe Media, 
and others either have no customers of record or less than a handful.
    These systems are also labor intensive to install and maintain. 
Each and every campus network is different in its architecture, its 
needs, and its capabilities. Some installations appear to change 
network settings or registration procedures that can cause chaos on a 
live network. There is very little available from these companies in 
the way of technical support either online, in person, or by phone.
    The existing monitoring systems that track by individual songs or 
films also cannot find every copyrighted item. Even the largest 
libraries of electronically signatured media still only capture 51 
percent of the songs (up from 11 percent two years ago, however) and 
about two percent of the movies. Campuses cannot catch and block what 
they cannot find. Until the tracking systems are more universal and 
comprehensive, the technology will not be as effective as the industry 
hopes.
    It should be noted that as monitoring systems become better, so 
will the efforts to get around them. One of the aspects of downloading 
that Illinois State researchers would ultimately like to tackle is how 
long it takes users to find ways to defeat any given monitoring 
system--whether through encryption or other means. The industry is 
going to have to constantly change its focus and methods in order to 
stay ahead of the downloaders technologically--which is why education 
and changing behavior becomes so much more crucial to reducing 
downloading.
    Should Congress decide to impose a requirement that all college 
campuses have monitoring systems in place to reduce illegal 
downloading, the Digital Citizen Project respectfully, but strongly, 
recommends that campuses be given a generous lead time because vendors 
will need to gear up significantly to provide systems and support 
services that will be essential if there is to be any success.

Question submitted by Representative Eddie Bernice Johnson

Q1.  You are an advocate that we must educate students about the issue 
of illegal filesharing. You also mention that most incoming ISU 
students have already ``learned'' this behavior while in elementary and 
high school. What sort of education programs should be instituted in K-
12 schools about illegal filesharing?

A1. Illinois State University researchers know that students in the K-
12 learning environment today are already far more technologically 
savvy students than those that have come before them. Many learn from 
their siblings or peers--or even their parents--very early how to 
download. Our research tells us some learn as early as third grade, but 
most know how certainly by their junior high years. With that being the 
case, our Project is committed to developing interesting and effective 
educational modules--short technological teachable moments--that 
teachers could use in the classroom or tech teachers could use in their 
classes when they are teaching a particular assignment. As one example, 
imagine a teacher as a class sponsor for a sixth-grade dance group, and 
the students want to download music from on of the popular downloading 
sites to use for their upcoming performance. This would be an 
opportunity for the teacher to take a few minutes to help those young 
people understand that taking music through an online source is illegal 
as well as morally unethical. She or he could use one of the many 
``teachable moments'' curricula developed by the Digital Citizen 
Project that would be fast, fun, and educational. However, at the same 
time we want to take care to help the students understand that their 
educational uses of music and media can be fair use while their 
entertainment uses are not and, therefore, they must pay for them.
    Classrooms are already crammed with all sorts of requirements. 
Teachers are overwhelmed. Educational materials are expensive. If the 
Digital Citizen Project can develop quick, point-of-use materials that 
can be woven into any classroom subject or setting, and if those 
materials are only a click away, and--better yet--if they are free, 
then there is a much better chance the information will get to the 
students.
    Lessons on illegal downloading can also be incorporated in the many 
cyber-safety curricula that are available or in development. Being safe 
and being legal on the Internet are very compatible subjects for 
discussion in classrooms.

Questions submitted by Representative Michael McCaul

Q1.  Do you believe that the availability of a certain technology 
should automatically legitimize the activity undertaken on it? In 
preparing students for an increasingly technological world, does it 
help or hurt them when they are not adequately punished for abusing the 
school's network and computing resources and privileges?

A1. The Digital Citizen Project leaders believe students should obey 
laws, appropriate use policies, and other rules for using university 
resources. The availability of technology should not absolve a user of 
responsibility for its use. Just as the invention of the match doesn't 
legitimize burning down a building, the invention of illegal 
filesharing technology and the audio/video capabilities of a computer 
don't legitimize stealing music, games, or movies. Students must know 
the rules and abide by them. In the past we've heard that young people 
``didn't know'' that downloading was illegal. The Digital Citizen 
Project research has confirmed that, in fact, students DO know 
downloading and filesharing is illegal--but they do it anyway.
    Rather than ``adequately punish'' students for downloading, the 
Digital Citizen Project seeks to interweave monitoring and 
enforcement--the punishment side of the program--with education and 
behavioral change, while at the same time helping students FIND the 
legal media services available to them. The Digital Citizen research 
has demonstrated that punishing them--kids ``getting caught''--only has 
a short term impact on student behavior, and they'll go back to their 
old habits once memory fades. If the industry and higher education 
truly wants to solve this problem, then a combination of approaches 
will be much more effective.
    We're facing a long-term cultural change. Think about seat belts. 
Congress passed the first seat belt laws in 1963. In 2006 seat belt 
use--something that can save a person's own life--was only at 80 
percent. Laws, fines, and other penalties along with some intensive 
marketing campaigns have only slowly moved people to change their 
behaviors. Downloading may be just such a cultural change that will 
take 20 years to effect.
    Students must be prepared to function well in today's 
technologically changing work and home environment. It is education's 
role, and that of parents, to teach students all through the grades 
that legal online behavior is essential. This isn't just a college 
campus issue. Downloading begins long before students come onto campus. 
A comprehensive answer must be sought.

Q2.  Is it appropriate for taxpayers to fund school networks that are 
widely used to facilitate theft? Is it appropriate for school 
networks--created and intended for academic use--to be slowed and 
clogged by illegal activity?

A2. It is appropriate for taxpayers to support computer networks for 
educational and research functions at all levels of education. Like it 
or not, without computers and the Internet today, the work of any 
university would come to a halt. Packet-shaping technology has gone a 
long way in the last few years to segregate and prioritize a variety of 
uses of Internet capabilities on campuses. Of the millions of messages 
and transactions that go across our campus network every day, 
downloading still represents a very small percentage from the research 
our project has done.
    The Digital Citizen Project is examining a number of funding 
options that may develop into means of supporting bandwidth for legal 
downloading by those who actually use it. On ISUNet, our network 
snapshots have shown that only about 26 percent of the computers on our 
network engage in any kind of downloading activity. Are there ways that 
only those who download pay for the privilege? Could there be a 
``reconnect'' fee for those whose privileges are suspended for illegal 
downloading? Is it appropriate to charge a fee to students much like 
cable TV is supported? All these are options that are being explored.
    Illinois State University has more students living on-campus (and 
thus using University network resources in their academic AND living 
spaces) than most campuses due to a two-year residency requirement for 
all freshmen and sophomores. However, even with such a policy, 
approximately two-thirds of ISU students live off-campus. While these 
students do use University network resources while on-campus, much of 
their entertainment resources come from commercial Internet Service 
Providers. The point is on most campuses, control and command of 
University networks only impact a percentage of students' filesharing 
activity.
    We agree with Congressman McCaul that it is no more appropriate to 
fund networks for theft than to provide them for spam, worms, bank 
fraud, solicitation, or pornography. Unfortunately, all these things 
happen on any network. Education, enforcement of policies, and 
knowledge of how to acquire digital media legally are all pieces of the 
puzzle to be solved.

Q3.  We have heard that technological measures exist that reduce or 
prevent illegal filesharing, reduce the network bandwidth wasted by 
such activity, secure the network against viruses and spyware, and 
decrease the amount of time spent by administrators responding to 
infringement notices. Doesn't the cost benefit of addressing these 
problems justify the cost of implementing effective network technology? 
If not, what type of analysis have you used to arrive at your decision?

A3. The costs of illegal downloading to college campuses are 
potentially very large. Many hidden costs combine with the more overt 
or identifiable expenses to add up quickly, especially when campuses 
receive hundreds of DMCA complaints every year. Anecdotal industry 
estimates of costs associated with managing one DMCA complaint two 
years ago were about $1,200. One of the things the Digital Citizen 
Project researchers want to examine more thoroughly is the actual cost 
of a DMCA complaint. Initial studies show something much lower than 
$1,200. Rather, the overt costs are more in the range of $75-$146. 
Obviously, this needs much more study.
    However, the technology to reduce illegal downloading is also 
expensive. Initial costs for implementing Red Lambda two years ago were 
approximately $85,000 per year for a campus of 20,000 students. Audible 
Magic hardware and software costs $50,000 per box with multiple boxes 
needed to adequately cover campus online traffic. That's just the 
hardware costs. Ongoing expenses for staffing, maintenance, and other 
monitoring support activities are significant. Most colleges cannot 
find the ongoing funds to support that without passing those costs on, 
once again, to the student. In an age of double-digit tuition 
increases, campuses understandably are reluctant to raise anything they 
can avoid.
    As described in Question #2 above, Illinois State's researchers are 
exploring how to make implementing monitoring systems, providing legal 
digital services, and offering effective education cost-effective. 
Downloading is an ingrained, cultural way of life for young people 
today. A lot of factors--including entertainment industry business 
models and delivery systems--will have to change as we work on the 
associated problems.

Q4.  Rather than purchasing a commercially available technology, some 
schools, such as Ohio University have used internal technological 
solutions to block some or all of the illegal music, movies, and 
software on their networks. Ohio University went a step beyond blocking 
illegal peer-to-peer programs and shut down a ``darknet,'' which is a 
private hub that allowed students to trade music and movies on the 
local area network without connecting to the wider Internet. What type 
of action has your university taken to address the issue of darknets 
operating on your internal system? What are some of the solutions to 
finding and shutting down darknets?

A4. About eighteen months ago the RIAA shared with Illinois State 
project leaders that they believed about 45 percent of the illegal 
downloading traffic was happening on ``darknets,'' within the campus 
network where they could not reach. Illinois State's own network 
engineers believed that darknet traffic was more like five percent. 
ISUNet is constantly monitored for unapproved servers or server-like 
activity, so many felt there was little chance much was happening on 
our campus in the way of darknets. However, when our Audible Magic box 
was placed on one floor of one dorm for a brief darknet ``snapshot,'' 
darknet traffic constituted about 16 percent of the activity. 
Assuredly, this is a tiny sample, but it is indicative of the need for 
more extensive documentation so we all can have accurate measures 
rather than relying on anecdote and supposition.
    When our network architecture was analyzed by Audible Magic for 
ways to address possible darknet, on-campus downloading activity, it 
was suggested that we needed a minimum of eight boxes (at $50,000 
each). 23 or more would be better. No campus is going to undertake such 
a massive, expensive installation. Internal network monitoring, 
escalated response with its increasing loss of network privileges for 
repeated violations, and stronger education have the best chance of 
combating darknet activity.

Q5.  Campus officials at Stanford University wrote a letter to students 
last month saying ``Keeping up with the number of filesharing 
complaints coming in under the DMCA has required almost three full-time 
Stanford employees.'' How much time and resources did your institution 
spend on DMCA notices each year before implementing a technological 
solution? How much time does your staff spend on notices now that 
you've adopted a technological solution? What caused your University to 
take proactive steps?

A5. Illinois State University has a team of individuals responsible for 
managing any DMCA copyright complaints. While no one person is 
responsible and no one has copyright complaints as the sum total of his 
or her job, many are involved and serve as back-ups to each other. 
Illinois State has a federal copyright officer, an appropriate use 
coordinator, a designated network engineer, and several support staff 
who receive, investigate, identify, notify, and track each individual 
complaint.
    In 2004, Illinois State received 469 DMCA violation notices. Early 
in its developing phases in 2005, the Digital Citizen Project 
participants tracked workload and analyzed the costs associated with 
the DMCA complaints. The cost was $75.26, including staff time, network 
resources, and any record-keeping for a first offense. For a second 
offense that would involve the on-campus student judicial process the 
cost increased to $133.29. In total, then, the 2005 costs ranged from 
$35,297 to $62,513 depending on the nature of the offenses. In point of 
fact, it was the increasing number of DMCA complaints and the delivery 
of four federal subpoenas that began the Digital Citizen Project. We 
felt we had to do something proactive, something to better protect our 
students from the possibility of being sued. Yet as a university that 
firmly stands for and believes in the principals of the American 
Democracy Project that teaches young people to be good citizens overall 
and to engage in politics and take civic responsibility seriously, we 
needed to redirect student behavior and change their culture in this 
regard.
    Illinois State University has not yet implemented a monitoring 
system, primarily to allow the research of the Digital Citizen Project 
to go forward without any unusual technological influences. New 
technologies will be tested this fall after a thorough data capture of 
network activity has been done. Reports on the effectiveness of the 
technologies implemented should be available mid-winter.
                   Answers to Post-Hearing Questions
Responses by Gregory A. Jackson, Vice President and Chief Information 
        Officer, University of Chicago

Questions submitted by Chairman Bart Gordon

Q1.  How effective and accurate would a technological system have to be 
for you to deploy it on your campus to reduce illegal filesharing? What 
technical capabilities would satisfy you that such a system would be 
appropriate for your university?

A1. Two technical measures are important: how accurately the technology 
detects infringing files, and what impact it has on network 
transmission. Accuracy, in turn, has two components--correctly catching 
infringing files (positive accuracy) and correctly letting legal files 
pass (negative accuracy). To be useful, a screening technology must 
have very high positive accuracy (that is, it must catch most 
infringing files), 100 percent negative accuracy (that is, it must 
never flag legal files as infringing files), and must have no net 
negative effect on network performance (that is, its operation must not 
slow or otherwise degrade network performance, or it must enhance 
network performance enough to more than compensate for any 
degradation).
    In addition, the cost of the screening technology must not divert 
resources from core network operations. That is, either the cost must 
be very low, or it must more than pay for itself by reducing 
discretionary networking expense.

Questions submitted by Representative Ralph M. Hall

Q1.  Dr. Wight's testimony highlights the exemption of copyright for 
certain nonprofit education purposes. Please elaborate on how 
copyrighted works are used in course work on your campus. Does your 
university employ specific software to allow educational use without 
risking broader distribution? What is the scope of this type of fair 
use on your campus and how can educational fair use be differentiated 
from infringing traffic?

A1. We use all kinds of copyrighted work instructionally: library 
material on reserve, slide collections, films and film excerpts, music, 
recordings of concerts, and so on.
    We use various means to ensure that our use of these materials 
remains legal. In many cases we get formal permission to use the 
materials; in other cases we rely on the fair-use exemptions that Dr. 
Wight discussed.
    We use two principal methods to ensure that copyrighted 
instructional materials circulate no further. In many cases we show 
them in class rather than distribute them, and otherwise we make the 
materials available through our campus instructional management system 
(chalk.uchicago.edu) or our central filesharing service 
(webshare.uchicago.edu). Both systems require users to have University 
network credentials and to be in the relevant class or otherwise be 
authorized to view and use materials.

Q2.  Many of the witnesses described their support for offering 
students ``a legitimate online service, one that provides an 
inexpensive alternative to illegal filesharing.'' Does your university 
offer this service to their students? If so, how many students use this 
product and what feedback have you received from them? If not, has your 
university considered their use before? What are the principal factors 
that affect the decision to provide legal alternatives?

A2. We have considered such services, but have consistently decided not 
to provide them at University expense. First, there is no subscription-
based service that works consistently and seamlessly across different 
technologies. Ruckus, for example, provides less functionality to 
Macintosh users than Windows users, and its materials can't be used on 
iPods; Apple, conversely, will not provide site licenses and insists on 
charging for each iTunes item, and those items only play on computers 
or iPods.
    Many of our students, faculty, and staff either use free services 
like Ruckus or purchase movies and music from Apple iTunes, Microsoft 
Zune, or Real Networks at their own expense. There is no reason for the 
University to involve itself in these transactions, which are, as they 
should be, between the vendors of copyrighted materials and their 
customers.
    We regularly ask students whether the University should subscribe 
to a service, and they regularly tell us they would prefer that we 
spend on other activities they value more. If an online service were to 
provide seamless service across diverse devices and to assume liability 
for any copyright infringement within the University, we might find 
such a service appealing if only as insurance. But such services do not 
exist today, and we see no prospect that they will in the near future.

Questions submitted by Representative Michael McCaul

Q1.  Do you believe that the availability of a certain technology 
should automatically legitimize the activity undertaken on it? In 
preparing students for an increasingly technological world, does it 
help or hurt them when they are not adequately punished for abusing the 
school's network and computing resources and privileges?

A1. A few years back our car was stolen. The thieves used Chicago city 
streets to gain access to the car, to remove it from our premises 
without permission, and three days later to total the vehicle while 
being pursued by police. The availability of city streets enabled this 
criminal act to take place, but did not legitimize it. Similarly, the 
increasing scope and speed of digital networks enables an immense scale 
and variety of uses, most of which are legal but some of which aren't; 
the network no more legitimizes the latter than the Chicago streets 
legitimized the theft of our car.
    In each case--streets and car theft, networks and copyright 
infringement--we as a society must educate our citizens as to what is 
legal and why, we must ensure that our laws advance our society, and we 
must take appropriate steps to apprehend and punish offenders 
commensurately with their offenses. This is true regardless of what 
technology enabled the offense. Our focus must remain on the offense 
and the offender rather than on the conduit involved.

Q2.  Is it appropriate for taxpayers to fund school networks that are 
widely used to facilitate theft? Is it appropriate for school 
networks--created and intended for academic use--to be slowed and 
clogged by illegal activity?

A2. High-performance networks, such as those found on most university 
campuses, are configured and provisioned to handle very high data flows 
as necessary for instruction or research, even though those very high 
data flows only happen occasionally. As one of my colleagues pointed 
out, provisioning data networks is much like managing snow clearance: 
the network capacity or snowplow equipment is essentially idle most of 
the time, but when they're needed they must be ready to handle huge 
loads very quickly.
    As a result of this use pattern, it's very rare that copyright-
infringing traffic interferes with network operations. The principal 
exception to this is the border between campus networks and the regular 
Internet. It's certainly inappropriate for academic resources--be they 
funded by taxpayers or tuition--to be diverted to non-academic 
purposes, and that's especially true for illegal purposes. 
Technological conflict between academic and non-academic use is not 
common on most university networks, and when it is relatively simple 
network configuration or management strategies keep everything sorted 
out.

Q3.  We have heard that technological measures exist that reduce or 
prevent illegal filesharing, reduce the network bandwidth wasted by 
such activity, secure the network against viruses and spyware, and 
decrease the amount of time spent by administrators responding to 
infringement notices. Doesn't the cost benefit of addressing these 
problems justify the cost of implementing effective network technology? 
If not, what type of analysis have you used to arrive at your decision?

A3. As I commented above, implementing expensive technologies might 
well reduce copyright infringement, but given the provisioning of 
university networks it would not yield any appreciable saving on 
network operations or administration. There are good reasons to 
implement reasonable technologies to reduce infringement, but saving 
money isn't one of them.

Q4.  Rather than purchasing a commercially available technology, some 
schools, such as Ohio University, have used internal technological 
solutions to block some or all of the illegal music, movies, and 
software on their networks. Ohio University went a step beyond blocking 
illegal peer-to-peer programs and shut down a ``darknet,'' which is a 
private hub that allowed students to trade music and movies on the 
local area network without connecting to the wider Internet. What type 
of action has your university taken to address the issue of darknets 
operating on your internal system? What are some of the solutions to 
finding and shutting down darknets?

A4. Good network managers monitor traffic patterns throughout their 
networks, taking steps to understand large flows and to resolve 
conflicts and choke points. A darknet that becomes active will begin 
generating large, detectable data flows. Network managers watch for 
changes like this, exploring their origin and nature to determine 
whether the right response is adding capacity or suppressing the flow. 
None of this is peculiar to darknets or copyright infringement. Video, 
students legally letting others hear (but not copy) their music 
collections, Skype, Microsoft patches--all of these can produce 
unexpected data flows, and trigger responses from network managers. We 
shut down problematic flows quite frequently, including the occasional 
darknet and many, many improperly secured computers that have been 
taken over by outsiders and used to send spam or mount denial-of-
service attacks.

Q5.  Campus officials at Stanford University wrote a letter to students 
last month saying ``Keeping up with the number of filesharing 
complaints coming in under the DMCA has required almost three full-time 
Stanford employees.'' How much time and resources did your institution 
spend on DMCA notices each year before implementing a technological 
solution? How much time does your staff spend on notices now that 
you've adopted a technological solution? What caused your University to 
take proactive steps?

A5. I'm baffled by this Stanford statistic. At the University of 
Chicago the typical DMCA complaint takes about an hour of security-
officer time to log and verify, and the discipline process for a first 
offender typically takes an hour of a Dean's or a personnel officer's 
time. As I said at the hearing, we expect to receive 100 or so DMCA 
complaints this year, which translates into 200 hours or of 
professional handling time, or about 10 percent of a full-time-
equivalent professional staff member. If we took no traffic-management 
steps, that number might double, but even then the total falls far 
short of the Stanford statistic.
                              Appendix 2:

                              ----------                              


                   Additional Material for the Record




                     Statement of Mr. Safwat Fahmy
                            CEO and Founder
                         SafeMedia Corporation
    Chairman Gordon, Ranking Member Hall, I want to commend you and 
your committee for calling this important hearing on ``Using Technology 
to Reduce Digital Copyright Violations on Campus.''
    My name is Safwat Fahmy, and I am the CEO and Founder of SafeMedia 
Corporation. Prior to founding SafeMedia, I spent more than 30 years in 
computer architecture design and software product development. I 
founded and served as the Chairman of the Board for WIZNET, a business 
to business (``B2B'') e-Commerce content firm and have developed GIS 
systems for federal and local governments and IBM's IPCS/MAPICS.
    My testimony addresses two issues: (1) the privacy risks and other 
dangers to consumers, students and other users posed by many popular 
P2P filesharing programs as outlined by a recent report issued by the 
United States Patent and Trademark Office; and (2) technology developed 
by my company to address illegal sharing of copyrighted materials on 
P2P networks. While I understand that the former is not the focus of 
today's hearing, I believe it is vitally important that the Committee 
better understands how many popular P2P programs operate as you examine 
how technology can be used to reduce digital copyright violations on 
campus.
    SafeMedia's mission is to provide an effective, cost-efficient and 
easily implemented solution for preventing illegal transfers of 
copyrighted digital material via peer-to-peer networks, and to restore 
and preserve copyright holders' asset value.
    As you know, since 2002, numerous Congressional Committees have 
addressed illegal piracy on college campuses through peer to peer (P2P) 
filesharing and the serious privacy and security risks posed by many 
popular P2P filesharing programs. As early as September of 2002, 
Congressman Robert Wexler, my home-district Congressman, stated at a 
hearing before the House Judiciary Subcommittee on Courts, Intellectual 
Property and the Internet that 2.6 billion songs and 12 to 18 million 
movies were being downloaded illegally every month. Perhaps as 
important as the loss of economic value, is the attendant loss of moral 
leadership and cultural degradation when intellectual property theft is 
ignored or even defended.
    Starting in March of 2003, the House Government Reform and 
Oversight Committee held a series of hearings on the threats to privacy 
and security on filesharing networks. Later that year, the House passed 
legislation authored by Representatives Henry Waxman and Tom Davis 
requiring federal agencies to develop and implement plans to protect 
the security and privacy of government computer systems from the risks 
posed by P2P filesharing. Among Congress' findings in the Waxman/Davis 
legislation were the following:

         ``Peer to peer filesharing can pose security and privacy 
        threats to computers and networks by--

                  Exposing classified and sensitive information 
                that are stored on computers or networks; Acting as a 
                point of entry for viruses and other malicious 
                programs;

                  Consuming network resources, which may result 
                in a degradation of network performance; and

                  Exposing identifying information about host 
                computers that can be used by hackers to select 
                potential targets.''

    The reality and severity of these risks, to those inside and 
outside of government, remain today and were most recently documented 
in a U.S. Patent and Trademark Office (``USPTO'') report released last 
month entitled, FilesharinQ Programs and ``Technological Features to 
Induce Users to Share.'' \1\ Researchers analyzed more than six years 
of data, claims and counterclaims of five popular filesharing programs. 
The report addressed whether filesharing programs ``deployed features 
that had a known or obvious propensity to trick users into uploading 
infringing files inadvertently.'' The study painstakingly examined 
``technological features'' that ``induce'' users to ``share'' 
copyrighted material. In addition to features such as ``share-folder,'' 
``search wizard'' and ``partial-uninstall,'' such coercive features 
include: (1) redistribution by default--which causes users to ``share'' 
all files that they downloaded; and (2) forced-sharing--which compels 
users to store and share their private folders and documents. which may 
include copyrighted material such as personal audio files from paid 
downloads or purchased CDs as well as sensitive personal information 
located in consumers' ``My Documents'' folders.
---------------------------------------------------------------------------
    \1\ http://www.uspto.gov/web/offices/dcom/olia/copyright/
oir-report-on-inadvertent-sh
aring-v1012.pdf
---------------------------------------------------------------------------
    The report also noted that even if a user is sophisticated enough 
to understand that he or she has become an unwitting participant in 
pirating, disabling the features is no simple process. In fact, the 
report warned that software distributors create, ``technological 
barriers'' to ensure that ``Disabling filesharing. . .can be very 
difficult and perhaps an impossible task for all but the most expert 
computer users.''
    The Report exhaustively examines how these features were designed 
and deployed primarily during the period from 2003 to 2006, well after 
legal actions were being initiated against users. Users, young or 
older, naive or experienced, are literally laying open their networks 
and files once they install a P2P filesharing program. The Report also 
recounts mounting evidence from security companies, government 
agencies, and television network investigations, demonstrating the 
serious security and privacy risks posed by P2P filesharing networks. 
In one example, ``a woman's credit-card information was found in such 
disparate places as Troy, Michigan, Tobago, Slovenia, and a dozen other 
places. Her music-downloading application was in fact making readily 
available her entire `My Documents' folder to that application's entire 
P2P audience, 24 hours per day.'' This example and others like it 
demonstrate why the U.S. Patent and Trademark Office said, ``They 
[filesharing programs] pose a real and documented threat to the 
security of personal, corporate, and government data.''
    The Report carefully avoids blaming distributors of P2P software 
for deceiving consumers, but noted that available public information 
made clear that their programs utilized such technological features. 
Incredibly, the companies whose filesharing software USPTO analyzed 
have not refuted any of the report's allegations. And in the final 
analysis, does it really matter to P2P networks users whose identity or 
taxpayer information is stolen or whose legally obtained music has been 
illegally distributed without their consent, whether the software 
designers intentionally meant to harm them or did so by ``accident?'' 
The simple fact is that the most popular P2P services cannot thrive 
without ``cooperation'' from users sharing their files. If that 
cooperation cannot be obtained willingly, as the report's analysis 
shows, it will be obtained through ``technological features'' that 
``induce'' users to ``share.''
    With my background in computer architecture design and software 
product development, I became acutely aware of the serious privacy and 
security risks posed by some P2P filesharing networks and the 
significant economic losses that are being sustained through illegal 
filesharing on certain P2P networks. I also recognized that technology 
could serve as an important part of the solution and so in October of 
2003, I came out of retirement to found SafeMedia corporation. I 
understood that any technological solution had to distinguish between 
P2P networks that utilize seemingly inadvertent and anonymous 
filesharing and services such as BitTorrent which require 
identification and consent of peers prior to the sharing of files. I 
set forth a number of additional criteria for a technologically sound 
solution and determined that any device or program addressing these 
issues had to:

          protect user privacy,

          provide 100 percent accuracy with no false positives,

          easily adapt to small or large network environments,

          cause no slowdowns for legitimate network traffic,

          self-correct with no additional administrative 
        burdens to network managers,

          adapt quickly to changes in illegal P2P networks and 
        transmissions,

          install easily, and

          perhaps most important, has to be available at an 
        affordable price.

    Mr. Chairman, I am happy to report that after years of hard work, 
we were able to utilize a combination of breakthrough core technologies 
to take this effort in a new direction. In fact, our solution will 
prevent illegal P2P filesharing networks from forming in the first 
place. We've labeled it ``P2P Disaggregator'' (P2PD) technology. It can 
be deployed at end-user sites, either integrated into network devices 
installed in edge routers/modems or subnet edge routers and 
concentrators, or as an independent network appliance which I will 
focus on today.
    Our device: ``Clouseau'' is a network appliance that detects and 
prohibits illegal P2P traffic while allowing the passage of legal P2P 
such as BitTorrent and all other Internet transmissions. Clouseau is 
inexpensive and smaller than a phone book--users simply plug it in 
between the Internet and their computer network, and it goes to work. 
With Clouseau, we have addressed and solved the weaknesses inherent in 
other technological approaches to this problem:

          No Invasion of User Privacy: Clouseau detection does 
        not invade user privacy, never captures or records user IDs, 
        does not decrypt any traffic, and allows the execution of all 
        current security techniques (Tunneling, SSH, etc.). Clouseau 
        never opens packets to determine file legality or illegality. 
        That determination is based solely upon the type of 
        transmission--it never invades user privacy by looking at the 
        content of a file.

          Accuracy: Clouseau is fully effective at forensically 
        discriminating between legal and illegal P2P traffic with no 
        false positives (i.e., identifying another protocol as the 
        targeted protocol) whether encrypted or not. It prohibits 
        sending and receiving all illegal P2P files, and prevents the 
        flow of copyrighted digital files from legal Internet services, 
        DVDs and CDs to P2P networks where they are totally accessible 
        to millions of users to pirate.

          Scalability: With little or no latency and nearly 
        perfect accuracy, Clouseau operates at network speed processing 
        large traffic volumes on the order of several hundred thousands 
        to several million connections at a time (depending on model) 
        with minimal computation expense.

          Robustness: The P2P community is constantly devising 
        new strategies to cloak their activities including launching 
        new protocols, double and triple-layering encryptions, and 
        frequently changing servers. SafeMedia vigilantly monitors all 
        these rapidly changing characteristics. Clouseau is provided 
        with a remotely secure update every three hours ensuring its 
        constant ability to meet these dynamic challenges.

          Network Appliance Advantages: In addition to the 
        above, Clouseau also provides some unique improvements to the 
        appliance model, such as:

                  Lights-Out Management--Clouseau has been designed as 
                a zero-maintenance appliance from the user's 
                perspective. All updates are done automatically and do 
                not require operator/administrative intervention.

                  Network Invisibility--Clouseau operates in a stealth 
                mode when performing P2P filtering. This feature allows 
                the appliance to be completely invisible to attacks 
                that may be launched on the device.

                  Resilient and Self-healing--In the event of physical 
                attack or hardware or software failure, numerous 
                internal fault-tolerant, self-protection measures are 
                in place to protect the device from undesirable changes 
                affecting the appliance's functionality. Should 
                deprecation of the module or corruption of a file 
                system be discovered, Clouseau will self-heal by 
                automatically restoring corrupted files. Clouseau 
                reboots in the event of power loss (in approximately 45 
                seconds) to ensure system and network security and 
                functionality. Thus, using a combination of resilient 
                operations, self-healing techniques and built-in fail-
                safes, Clouseau is able to protect itself from multiple 
                types of attacks that may be imposed on it.

                  Plug and Play--Clouseau is very easy to install and 
                requires no changes to existing network topology.

    How does Clouseau work? I will do my best to explain in layman's 
terms the following technologies utilized by Clouseau:

          Adaptive Finger Printing and DNA Markers--SafeMedia's 
        filtering system utilizes proprietary finger printing 
        techniques to identify specific P2P clients/protocols. By using 
        these DNA markers, Clouseau is able to uniquely identify 
        whether a packet is part of a P2P transaction or regular 
        Internet traffic. By studying the details in-depth, SafeMedia 
        is able to avoid false-positives.

          Adaptive Network Patterns--Not all protocols can be 
        easily identified with single packets. As such, Clouseau is 
        able to monitor packet flows and adapt its filtering based on 
        what it has already seen and now sees. This extensible system 
        utilizes a technique called experience libraries.

          Experience Libraries--P2P clients and protocols will 
        change every day. The process of adapting to this change and 
        constantly being updated with the latest knowledge of such 
        clients/protocols is the responsibility of the experience 
        library. SafeMedia's network operations trains these libraries 
        with new patterns and DNA markers and push these new libraries 
        to Clouseau units out in the field.

          Update--No P2P filtering appliance will function 
        without constant updates. All of the methods described above 
        are constantly evolving and SafeMedia utilizes the Akamai 
        network to push new updates through the Internet Using a highly 
        scalable network such as Akamai allows SafeMedia to off-load 
        the deployment of updates to a well-established content-
        distribution network.

    Clouseau has been effectively installed for clients in Florida, 
California, Oklahoma and Texas in a variety of educational and 
commercial settings. We are currently deployed at Florida Atlantic 
University. We continue to expand our higher education efforts and hope 
to announce soon that we will install the product at a number of 
additional colleges and universities.
    As you know some colleges and universities have been reluctant to 
adopt effective policies to deal with illegal filesharing. Some cite 
student privacy as a concern for refusing to stop clearly illegal 
filesharing, but they need to be challenged with this question: How 
does it protect student privacy to allow P2P filesharing services to 
roam student's computer hard drives for private folders and documents 
without their explicit permission? I would further ask if there isn't a 
double standard at work. Colleges and universities fiercely protect 
their own intellectual property. Why are they so cavalier when it comes 
to the intellectual property of others?
    Mr. Chairman, we welcome the insights and assistance that can be 
given to this issue by the Science and Technology Committee and would 
be happy to answer any questions you may have regarding Clouseau or the 
issues that have been raised in my testimony.
                        Republican Briefing Memo

           Reducing copyright infringement on campus networks

        Hearing of the House Committee on Science and Technology
                 June 5th, 2007 at 2 p.m., 2318 Rayburn
    The Full Committee on Science and Technology will meet to hear 
testimony on technologies, available and under development, designed to 
reduce the movement of copyrighted material across university and 
college networks.
    Piracy of digitally available media has become a large concern as 
more and more intellectual and creative works are available in easily-
transferred, digital format and access to high bandwidth networks has 
spread. Users can now easily access software allowing illegal 
filesharing of music, movies, software, and other content. Colleges and 
universities hold a unique perspective, being both creators of 
intellectual property and Internet service providers to a large and 
technically savvy group of students and staff.
    A number of other committees have met to discuss aspects of this 
problem. This hearing will examine one detail of the larger 
intellectual property enforcement debate, narrowly focusing on the 
efficacy of technological solutions to stopping illegal filesharing. 
The witnesses all have expertise on the details of campus networking 
and various methods that might be used to curtail illegal behavior, 
including efforts at education and providing legitimate alternatives.

Witnesses

    Charles Wight, Associate Vice President, University of Utah, and 
Adrian Sannier, Vice President and University Technology Officer, 
Arizona State University. Dr. Wight and Dr. Sannier will discuss their 
campuses' experiences with network-filtering technologies, and what 
technical issues/concerns remain from their perspective.

    Vance lkezoye, President and CEO, Audible Magic Corporation. Mr. 
Ikezoye will discuss his company's network-filtering technology, and 
comment on what technical issues may have arisen from its deployment on 
campuses across the country and what capabilities these technologies 
are likely to have in the near future.

    Cheryl Asper Elzy, Dean of University Libraries, Illinois State 
University. Dean Elzy will discuss the Digital Citizen Project, a joint 
project between ISU and the copyright-holder community to act as a live 
campus testbed for a variety of approaches to reducing digital 
copyright violations, including network-filtering technologies.

    Greg Jackson, Vice President and Chief Information Office, 
University of Chicago. Dr. Jackson will discuss the University of 
Chicago's technological and other approaches to reducing copyright-
infringing activity on campus networks.

Background

    Piracy occurs when an individual unlawfully distributes copyrighted 
content. As more and more intellectual and creative works are available 
in easily-transferred, digital format and access to high bandwidth 
networks has spread, copyright infringement has become a technically 
trivial process. In addition, while earlier piracy operations were 
often linked to single servers offering free access to material, 
today's piracy occurs mostly in distributed networks that lack a 
central software server. These peer-to-peer (P2P) networks draw on the 
resources of every computer on the network and cannot be centrally 
maintained or regulated. While exact data for the amount of piracy is 
not available, the widespread use of P2P programs suggests a 
significant amount of infringement.
    In responding to piracy, colleges and universities are treated in a 
like manner with commercial Internet service providers. Under 
provisions of the Digital Millennium Copyright Act (DMCA), colleges and 
universities are exempted from liability for copyright infringement on 
their networks as long as they appropriately respond to notifications 
of unauthorized distribution. Earlier this year, the Recording Industry 
Association of America, RIAA, released a list of the 23 schools that 
the record industry had sent the most notices to, alleging infringing 
activity by students or staff. A few weeks later the Motion Picture 
Association of America, MPAA, produced another list, detailing the 25 
institutions that received the most notices from their member 
companies. Both lists are included at the end of this document. While 
the methodology has been criticized by some schools, these events have 
served to highlight the continuing problem of piracy on both campus and 
commercial networks.
Joint Higher Education/Entertainment Industry Committee
    Recognizing piracy as a serious and continuing issue, 
representatives from colleges and universities and the recording 
industry first met in late 2002 as the Joint Higher Education/
Entertainment Industry Committee (Joint Committee). The Joint Committee 
was formed to allow content holders and higher education, (1) to 
examine ways to reduce the inappropriate use on campuses of P2P 
filesharing technologies, and (2) to explore the prospects for 
narrowing their differences on existing and proposed federal 
intellectual property legislation. A summary of the actions of the 
Joint Committee can be found at the end of this document. In October 
2006 and again in April of 2007, technology experts representing 
members of the Joint Committee and software vendors met to refine 
requirements for filtering illegal traffic from campus networks. A 
consensus document detailing the readiness of current technology and 
remaining obstacles is expected in late June, 2007.
Current Technology
    A number of vendors have proposed or developed technologies that 
may aide network administrators in their efforts to combat piracy. 
These technologies generally fall into three categories: 1) network 
filtering, 2) secure, legal distribution, and 3) legitimate 
alternatives.
    Network filtering technologies use various methods to identify and 
stop network traffic that carries copyrighted data. A number of 
companies offer different products in this area. These include tools 
that slow large downloads to deter piracy, that block all P2P activity 
without consideration of content, and those, like Audible Magic, that 
attempt to identify content as copyrighted. The witnesses will each 
discuss costs and benefits to various approaches. Surveys have shown 
that over 80 percent of colleges and universities engage in some type 
of filtering or blocking.\1\
---------------------------------------------------------------------------
    \1\ Campus Computing survey for 2006 (http://
www.campuscomputing.net/) reports that over 80 percent of respondents 
have policies related to downloading music and videos. EDUCAUSE ``Core 
Data Service'' survey (http://www.educause.edu/coredata/) shows that 
nearly 95 percent of respondents shape or track bandwidth utilization. 
The 2006 RESNET survey (http://www.resnetsymposium.org/surveys/
2006securitysurvey.htm) indicates that roughly 80 percent of 
respondents ``block, filter, or otherwise restrict'' P2P traffic 
between residence halls and the Internet.
---------------------------------------------------------------------------
    In addition to filtering out copyrighted material, colleges and 
universities must also allow legal distribution of copyrighted content. 
In particular, educational use of digital articles, books, films, and 
music is allowed and essential to higher education's core mission. 
Again, various vendors have technologies to provide students with 
course materials without risking wider, unauthorized distribution.
    Finally, the commercial market for legal procurement of digital 
media is growing. In addition to widely known businesses like Apple's 
iTunes and Amazon.com, smaller companies have created entertainment 
packages that directly target colleges and universities.
    All three of these classes of technology significantly interact, 
with both positive and negative effects. The availability of legal 
alternatives poses challenges to filtering technologies to allow their 
content, while blocking others. Alternately, the availability of a 
secure distribution system for course materials may enable network 
administrators to filter out infringing activity more easily.
Digital Citizen Project
    The diversity of products proposed or currently available to 
colleges and universities to combat piracy presents opportunities and 
challenges. Network administrators may find integrating separate 
systems within the campus network particularly difficult. However, 
administrators also have wide latitude to choose products that meet 
both the technical and policy requirements of their institutions.
    One specific barrier to further implementation has been a lack of 
data on the effectiveness and utility of various vendor technologies. 
Illinois State University has embarked on a project specifically 
designed to evaluate these technologies and disseminate their results 
to other higher education institutions.
    The Digital Citizen Project began in January, 2007 and aims to use,

         a comprehensive approach to confront pervasive attitudes and 
        behaviors in peer-to-peer downloading of movies, music, and 
        media we address ethical and legal issues through the 
        following: educating our college students, self monitoring and 
        enforcement, providing multiple legal digital media services, 
        marketing and public relations of our program and services, 
        investigating K-16 use of peer-to-peer software use and 
        developing a curriculum component to combat illegal downloads, 
        working with industry leaders to create educational fair use 
        media definitions and faster copyright use, providing rewards 
        for our students.\2\
---------------------------------------------------------------------------
    \2\ Digital Citizen Project. http://www.digitalcitizen.ilstu.edu/
summary/

    Dean Cheryl Elzy will testify further about the project.

Issues

Are products currently available that meet the requirements of campus 
network environments?

    No single, silver-bullet, solution is available to stop 
unauthorized distribution of digital media while allowing authorized 
traffic. The variety of campus network needs and policies with respect 
to the proper role of the institution in policing users leads to a 
highly heterogeneous environment for vendors. However, recent work by 
the Joint Committee has helped build an understanding of these varied 
requirements and given technology companies insight into how their 
products might better meet campus needs. In addition, many mature 
products are available that can contribute in part to a holistic anti-
piracy solution. Many campuses already use some type of filtering tools 
in all or part of there network. In addition, the availability of 
legitimate alternatives for entertainment content and secure methods 
for transferring teaching material has grown significantly in recent 
years.

Does peer-to-peer (P2P) software have non-infringing use?

    It is clear that a great deal of P2P traffic involves copyrighted 
content; however significant, legal uses of the technology are also 
available. Some examples include: BitTorrent, a general file-transfer 
protocol that has been implemented for legal downloads of software and 
movies, Skype, an Internet telephony program, and Vudu, producer of a 
tv set-top box providing movie screenings via P2P downloads. Therefore, 
many campuses are reluctant to censor all P2P traffic and prefer 
solutions that try to identify specific infringing activity. Due to the 
complexity of the copyright system, however, differentiating infringing 
use from allowed use remains technologically difficult. The witnesses 
will be able to discuss what options are available that block piracy 
while allowing the transfer of educational materials.

What role should education about copyright play and at what level?

    Many colleges and universities report undertaking some kind of 
education campaign, particularly geared towards incoming freshmen 
classes. Education techniques may range from simple notifications of 
campus policy on copyright infringement to short video segments 
defining student's rights and responsibilities or ongoing awareness 
campaigns. Many colleges and universities contend that piracy is 
established as a social norm before students enter collegiate study, 
and that education on what is and is not allowed under copyright law 
should begin in a K-12 setting. One goal of the Digital Citizens 
Project will be to systematically study education campaigns for their 
effectiveness.

What can campus efforts to combat piracy tell us about broader piracy 
controls?

    Campus networks comprise just part of the larger piracy problem. 
Commercial providers of Internet service have also seen growing 
complaints from copyright holders and many colleges contend that piracy 
begins well before students arrive on campus. Commercial networks could 
implement similar controls, and would face similar social and 
technological challenges, to those used by colleges and universities.

What rights do higher education institutions have to use copyrighted 
material?

    Under the Copyright Act, teachers are exempt from infringement for 
performing copyrighted works in certain educational contexts. 
Performance of a work done in the course of face-to-face instruction in 
a classroom, or performances done as part of instructional activities 
of a nonprofit institution, may not be an infringement of copyright.\3\
---------------------------------------------------------------------------
    \3\ Yeh, B.T. Congressional Research Service. RL33631--Copyright 
Licensing in Music Distribution, Reproduction, and Public Performance.

---------------------------------------------------------------------------
What rights do users have to use copyrighted material?

    Although most uses of copyrighted materials require permission from 
the copyright holder, the Copyright Act of 1976 provides several 
exceptions for the use of copyrighted material, regardless of the 
holder's permission. The doctrine of ``fair use'' recognizes the right 
of the public to make reasonable use of copyrighted material, in 
special instances, without the copyright holder's consent. Because the 
language of the fair use statute is illustrative, determinations of 
fair use are often difficult to make in advance. However, the statute 
recognizes fair use ``for purposes such as criticism, comment, news 
reporting, teaching, scholarship, or research.'' A determination of 
fair use considers four factors:

        *  The purpose and character of the use, including whether such 
        use is of a commercial nature or is for nonprofit educational 
        purposes.

        *  The nature of the copyrighted work.

        *  The amount and substantiality of the portion used in 
        relation to the copyrighted work as a whole.

        *  The effect of the use upon the potential market for/or value 
        of the copyrighted work.

    The U.S. Supreme Court has previously explained that this four-
factor test cannot be simplified by ``bright-line rules,'' but rather 
that the doctrine of fair use calls for ``case-by-case'' analysis. In 
the context of digital music downloads and transmissions, some alleged 
copyright infringers have attempted to use the doctrine of fair use to 
avoid liability for activities such as sampling, ``space shifting,'' 
and peer-to-peer filesharing. These attempts have not been very 
successful: several federal appellate courts have ruled against the 
applicability of the fair use doctrine for these purposes. The 
difficulty behind any fair use determination, however, is the 
irresolute nature of the exception--one court's determination of fair 
use may be another's determination of infringement.\4\
---------------------------------------------------------------------------
    \4\ Yeh, B.T. Congressional Research Service. RL33631--Copyright 
Licensing in Music Distribution, Reproduction, and Public Performance.



Higher Education Actions to Address Illegal Campus Peer-to-Peer 
---------------------------------------------------------------------------
                    Filesharing

History and Past Activities

          Formation of the Joint Committee of the Higher 
        Education and Entertainment Communities: The higher education 
        community joined with the entertainment industry to form the 
        Joint Committee, operating through the support and guidance of 
        the American Council on Education (ACE), the Association of 
        American Universities (AAU), EDUCAUSE, the Recording Industry 
        Association of America (RIAA), and the Motion Picture 
        Association of America (MPAA) [December, 2002]

          Work of higher education through the Joint Committee

                  Distribution to colleges and universities of 
                Background Discussion of Copyright Law and Potential 
                Liability for Students Engaged in P2P Filesharing on 
                University Networks [August, 2003]

                  Joint Committee-sponsored meeting of higher 
                education and entertainment association officials, 
                representatives of entertainment companies and online 
                digital delivery services to discuss how these sectors 
                can collaborate to reduce illegal and promote legal P2P 
                [June, 2003]

                  Report to colleges and universities of results of 
                Request for Information on technologies that may assist 
                in reducing unauthorized P2P filesharing [October, 
                2003]

                  Report to colleges and universities on legitimate 
                online digital content delivery services that might be 
                engaged as alternatives to unauthorized P2P filesharing 
                programs [December, 2003]

                  Distribution of University Policies and Practices 
                Addressing Improper Peer-to-Peer Filesharing [April, 
                2004]

                  Collaboration with RIAA to produce and distribute a 
                video on P2P intended for college freshmen orientation 
                [spring-summer, 2006]

                  Meeting of university, entertainment industry, and 
                technology vendor officials to examine network 
                technologies to reduce illegal P2P filesharing 
                [October, 2006]

                  Distribution of updated paper on legal aspects of 
                campus P2P, Background Discussion of Copyright Law and 
                Potential Liability for Students Engaged in P2P 
                Filesharing on University Networks [November, 2006]

                  Joint Committee meeting to assess past work, current 
                challenges, and future steps [November, 2006]

          Numerous presentations at higher education 
        association meetings, written communications to colleges and 
        universities, about illegal campus P2P filesharing and 
        reference to resources to address the problem [Ongoing]

Current and Projected Activities

          Formed new Technology Task Force to work with 
        commercial vendors to facilitate development of effective 
        technologies to reduce campus P2P

          Formed campus officials group to work with RIAA to 
        revise video for freshman orientation and promote broad 
        adoption by campuses

          Letter from ACE President David Ward to college and 
        university presidents and chancellors transmitting an RIAA 
        letter announcing a new round of lawsuits accompanied by a 
        ``pre-notice plan'' that allows settlement of claims before 
        filing of a lawsuit

          Conduct survey of colleges and universities to 
        identify effective policies and practices for reducing illegal 
        P2P filesharing, develop updated best practices recommendations 
        for distribution to colleges and universities

          Continue to discuss P2P activities and share 
        information through national meetings and written 
        communications
