Skip to main content

HEOA Compliance Plan

A. Introduction

The federal Higher Education Opportunity Act of 2008 (“HEOA”), reauthorizing the Higher Education Act, includes provisions which are intended to reduce the illegal exchange of copyrighted works including through peer-to-peer or “P2P” file sharing. Colleges and universities which are subject to those provisions must:

Certify to the U.S. Department of Education that they have developed plans to effectively combat the unauthorized distribution of copyrighted material;

Annually inform students that the illegal distribution of copyrighted materials may subject them to criminal and civil penalties, and of the steps the University will take to detect and punish such illegal distribution;

To the extent practicable, offer alternatives to illegal file sharing; and

Identify procedures for periodically reviewing the effectiveness of the plans to combat the unauthorized distribution of copyrighted materials.

IT Governance, Risk, and Compliance recommends the following measures to deter and effectively combat the unauthorized distribution of copyrighted material:

RecommendationStatus
Use standard user security access and privileges on workstations in OIT managed computer labs.  Lock down the workstations to prevent users from installing any products, including P2P clients.Workstations in OIT managed computer labs provide administrator privileges to users who can then install software.  This is mitigated by the use of Deep Freeze which restores the workstation to a vanilla image upon reboot which happens when the user logs off.
Use a software management system to identify all software installed on University machines, so that any unauthorized installations can be promptly identified and remediated.Customer Care uses Microsoft’s Configuration Manager to do this for OIT managed computers.
Implement technology for notifying users of P2P file sharing.Boise State has implemented Procera and Safe Connect systems to manage traffic and notify users of P2P use on the wired and wireless student housing networks. P2P traffic on other networks, wired or wireless are not managed.

C. Annual Notice to Students

The IT Governance, Risk, and Compliance office recommends that the following Notice be issued annually to students through electronic mail.

Notice to be sent to Boise State students:

Peer-to-peer (P2P) file sharing can be a useful method for collaborating with people all over the world.  However, P2P has become one of the most prolific sources of viruses, worms, Trojans, spy-ware, and other undesirable software.  Use of P2P software can severely limit network speeds and can have a negative impact on any/all users on a network.

Installing P2P software risks the health of the user’s computer. Once in operation, P2P applications can cause general slowness in the overall performance of a computer.   Further problems can also develop that might necessitate a complete rebuild of the system.

In addition, P2P users run the risk of identity theft and lost intellectual property.

P2P networks are often used for sharing copyrighted files, which can be illegal.  If you don’t have permission of the copyright holder, you cannot share copyrighted material like music, video, books, or journal articles with anyone.  There have been lawsuits against students resulting in $250,000 judgments for illegal file sharing.

Relevant University Policies

Boise State Policy 8000, Information Technology Resource Use, governs the acceptable use of information technology. Along with this policy, administrative rules and procedures governing acceptable use are published on the policy website, and in the Student Code of Conduct.

Failure to follow technology acceptable use rules and procedures may result in sanctions including but not limited to loss of privileges, equipment and services; legal action; and suspension or termination of enrollment or employment.

For a directory of legal sources of online content, see: www.educause.edu/legalcontent.

The IT Governance, Risk, and Compliance office recommends the following procedure for handling copyright infringement violations.

Upon notification of a copyright infringement, OIT Network Security will notify the Office of Student Rights and Responsibilities, OSRR, and the University Housing Technology Support, UHTS, department.

First Time Report

  • OSRR notifies the student if not a housing resident, or UHTS notifies student housing residents.
  • If the student acknowledges the infringement, a note is placed in the student’s OSRR file
  • If the student disputes the infringement, it may be escalated to student judicial

Second Report

  • May be escalated to student judicial with recommendation the student’s network ID be temporarily disabled for 14 days

Third Report

  • Escalated to student judicial with recommendation the student’s network ID be temporarily disabled for 30 days.

The Chief Information Security Officer (CISO) recommends periodically reviewing the effectiveness of this HEOA Copyright Compliance Plan through the use of an annual survey conducted by OIT Customer Care. In addition, the CISO will independently review emerging technologies and discusses the availability of alternative strategies with other institutions of higher education.

Questions about this plan should be directed to the Chief Information Security Officer at CISO@boisestate.edu.

Updates

Created: January 2015

Last Update: July 2022

Next Review: February 2025