HEOA compliance plan

HEOA copyright infringement compliance plan

A. Introduction

The federal Higher Education Opportunity Act of 2008 (“HEOA”), reauthorizing the Higher Education Act, includes provisions which are intended to reduce the illegal exchange of copyrighted works including through peer-to-peer or “P2P” file sharing. Colleges and universities which are subject to those provisions must:

Certify to the U.S. Department of Education that they have developed plans to effectively combat the unauthorized distribution of copyrighted material;

Annually inform students that the illegal distribution of copyrighted materials may subject them to criminal and civil penalties, and of the steps the University will take to detect and punish such illegal distribution;

To the extent practicable, offer alternatives to illegal file sharing; and

Identify procedures for periodically reviewing the effectiveness of the plans to combat the unauthorized distribution of copyrighted materials.

B. Measures to deter copyright infringement

IT Governance, Risk, and Compliance recommends the following measures to deter and effectively combat the unauthorized distribution of copyrighted material:

Recommendation	Status
Use standard user security access and privileges on workstations in OIT managed computer labs. Lock down the workstations to prevent users from installing any products, including P2P clients.	Workstations in OIT managed computer labs provide administrator privileges to faculty/staff users who can then install software. This is mitigated by the use of Deep Freeze which restores the workstation to a vanilla image upon reboot which happens when the user logs off.
Use a software management system to identify all software installed on University machines, so that any unauthorized installations can be promptly identified and remediated.	Endpoint Services uses Microsoft’s Configuration Manager and Lansweeper identify and remove unauthorized software on OIT-managed computers.
Implement technology for notifying users of P2P file sharing.	Boise State blocks most P2P traffic on the firewall unless there are specific exclusions.

C. Student Notice

The IT Governance, Risk, and Compliance office recommends that the following Notice be issued annually to students through electronic mail.

Notice to be sent to Boise State students:

Peer-to-peer (P2P) file sharing can be a useful method for collaborating with people all over the world. However, P2P has become one of the most prolific sources of viruses, worms, Trojans, spy-ware, and other undesirable software. Use of P2P software can severely limit network speeds and can have a negative impact on any/all users on a network.

Installing P2P software risks the health of the user’s computer. Once in operation, P2P applications can cause general slowness in the overall performance of a computer. Further problems can also develop that might necessitate a complete rebuild of the system.

In addition, P2P users run the risk of identity theft and lost intellectual property.

P2P networks are often used for sharing copyrighted files, which can be illegal. If you don’t have permission of the copyright holder, you cannot share copyrighted material like music, video, books, or journal articles with anyone. There have been lawsuits against students resulting in $250,000 judgments for illegal file sharing.

Relevant university policies

Boise State Policy 8000, Information Technology Resource Use, governs the acceptable use of information technology. Along with this policy, administrative rules and procedures governing acceptable use are published on the policy website, and in the Student Code of Conduct.

Failure to follow technology acceptable use rules and procedures may result in sanctions including but not limited to loss of privileges, equipment and services; legal action; and suspension or termination of enrollment or employment.

Legal alternatives

For a directory of legal sources of online content, see: www.educause.edu/legalcontent.

D. Procedures for handling copyright infringement violations

The IT Governance, Risk, and Compliance office recommends the following procedure for handling copyright infringement violations. Upon all notifications of a copyright infringement, OIT Network Security reserves the right to report behavior to the Office of the Dean of Students (DOS) for disciplinary action under university policy 2020.

First time report

OIT Network Security notifies the student of the infringement.
If the student acknowledges the infringement and takes action to address the issue, no further action is taken.
If the student disputes the infringement, OIT may file a report with DOS.

Second report

OIT Network Security will file a report with DOS with recommendation for educational sanction.

Third report

OIT Network Security will file a report with DOS with recommendation for educational sanction and may suspend the student’s account.

E. Periodic review of effectiveness of HEOA copyright compliance plan

In addition, the CISO will independently review emerging technologies and discusses the availability of alternative strategies with other institutions of higher education.

Questions about this plan should be directed to the Chief Information Security Officer at CISO@boisestate.edu.

Updates

Created: January 2015

Last update: February 2026

Next review: February 2027