copy this blog

There’s a lot of chatter about recent actions by the RIAA on the SANS Unisog (University Security Operations Group) list. (For some reason, not all the messages are appearing on the listserv, but there are more there.) Apparently, the RIAA is informing the universities that they will be subpeoned as to the identity of particular users. I’m not sure if those letters of intent indicate that the university in question should be treating their records retention in any way differently then they have been treating it. The letters allegedly cite 18 USC 2703(f) (see the link to the message above). My questions are: does that statute apply, and if so is the university then required to save those logs upon receiving that notice? That portion of the law seems to apply to governmental entities, so I would think that once the government requested it you would need to, but not when the RIAA requests it. But IANAL. I’ll have to find someone to ask.

On an unrelated related note ^_-, it’s interesting how security or IT people are often the people who receive DMCA notices. In my experience, not all of us are particularly copyright savvy, although that is changing to some extent. Thankfully, a lot of us have access to legal counsel. ^_^