Louisiana State University's Response to the RIAA Letter.

Dear Mr. Peters:



Thanks for taking the time to share your thoughts. The following has been posted on my Web site, and it should address some of your concerns. (http://www.lsu.edu/chancellor/issues/index.htm).

Issue: The RIAA has traditionally engaged in scare tactics and over- ambitious lawsuits. As an LSU student living on campus, what steps has/will LSU take to protect the privacy of students who use peer-to- peer networks for legal purposes? And what steps has/will LSU take to protect its students from the RIAA's scare tactics?

Answer: I assure you that LSU strives to protect the privacy of its students, faculty, and staff. Concerning the issue of peer-to-peer file sharing, Information Technology Service (ITS) has educational material available online at File Sharing at LSU and www.lsu.edu/itpolicy on actions you can take to avoid copyright infringement, and ways in which students who use peer-to-peer applications for legal purposes can protect themselves. In addition, the institution has implemented preventative measures to insure appropriate use of peer-to-peer applications on our campus network and within the residential housing network we support.

I want to take a moment to explain in a bit of detail about how RIAA notifications work, both in the past and now with their new tactic. Indeed, you are correct that they do seem to be taking ever more aggressive actions.

First, ITS (on behalf of the University) does not reveal the identity of students in response to any notification from RIAA (MPAA, or others) regarding potential copyright infringement – unless a legal court order is issued (a subpoena). Here is how the notification process works.

These entities notify LSU of their belief that their copyright is being misused, under what is called the Digital Millennium Copyright (DMCA for short); they give us the only details they can get via the network – the IP number of the device alleged to have infringed on their copyright. The DMCA law then requires LSU to pass on these notifications to those connected to our network at that address. We do not reveal that information to the entity issuing the DMCA complaint. We alert the student – not the RIAA. We do monitor the individual's response to the complaint and there are actions we take as a University network provider (detailed in those Web links above).

If the University is served with a subpoena (legal order from a court of law) requiring the name of a person associated with that IP address – usually the result of the problem not being addressed, then and only then do we reveal the information we have on the person – as required by law. At this point, LSU cannot do otherwise and be within the law.

The latest RIAA process is a step beyond the DMCA notifications, but again falls short of a court-mandated action. Now, the RIAA is notifying universities that a particular IP number is infringing copyright and that they intend to eventually issue a subpoena to sue that person in court – but they're offering a chance for that individual to settle in advance without going to court. What LSU will do in this new process is to proceed with forwarding the notification to the user involved (as if it was a DMCA complaint, which after a fashion it is) – but again, we are not revealing their identity without the legal subpoena. We are also going to send along information we have on the law, so the person can best judge what to do.

The news stories also talk about the RIAA asking universities to keep log files. How LSU is interpreting this is as follows. They do not want us, should they issue a subpoena later, to then say “… we erased our network records (say, after the end of a semester) so we can not tell you who had that IP address anymore.” LSU, at the time the notification is received, makes note of to whom we sent the letter; and we've kept that information. We are not tracking the use of that user or computer nor are we keeping data about any use. This is the limit of what we feel we must do under the law. Despite comments in the media from other institutions, I have confidence that they, too, are doing this minimal record keeping.

As a point of fact, in the two years that I have been at LSU, we have not once received a court-order/subpoena to reveal an individual's identity. LSU also is well below the national average in receipt of DMCA complaints as well, and as my recent broadcast memo stated, we have not received any notifications in this most recent RIAA action. I believe that LSU students by and large respond appropriately to initial DMCA notifications, and thus there is no need for the RIAA to go further. This has been our experience to date.

I assure you that the Office of the CIO here at LSU, through its Information Technology Security & Policy function, is closely monitoring the actions being taken by the RIAA, and will work with University Counsel on insuring our network environment continues to promote compliance with the law that protects both copyright owners and the privacy of our network community. We are also working to ensure that the LSU community stays informed of developments.

Again, LSU is committed to providing a safe, secure environment for faculty, staff and students.