Note: Strike One procedures are here for awareness only; the Help Desk will only be involved with Strike Two and Three incidents.

1. OCS receives an alert about alleged infringement (cease and desist report) about a user on WiscVPN / Wireless.
2. OCS determines that this is the first strike (first warning) for this user.
3. OCS emails a copy of the infringement report to the user along with our copyright boilerplate, eg "Per policy, please remove all infringing material". In addition, OCS will notify the user that this is strike one and include a link to the policy.
4. OCS updates the "strike" count for the NetID and closes the incident.

1. OCS receives an alert about alleged infringement (cease and desist report) about a user on WiscVPN / Wireless.
2. OCS determines that this is the second strike (second warning) for this user.
3. OCS creates a WiscIT incident and sends it to the DoIT Help Desk. The incident will be classified as Security / Copyright / Strike 2, and the description will be formatted as follows:

   Copyright Strike 2
   NetID: [NetID in question]
   MAC: [MAC address of device]
   
   Evidentiary Information:
   <FILE INFRINGEMENT DETAILS>
   
   <COPY OF REPORT>
   

4. OCS emails a copy of the infringement report to the user along with our copyright boilerplate, eg "Per policy, please remove all infringing material". In addition, OCS will state that this is strike two and network access will be removed until conditions are met (link to the details included).
5. OCS disables WiscVPN and wireless access for the NetID.
6. OCS disabled user's devices in clearpass
7. OCS will update the "strike" count for the NetID
8. The DoIT Help Desk notifies the user with call or email of the issue and steps for resolution. They should provide the user with the following information:
   

   "The Office of Campus Information Security (OCS) received a report about infringement allegedly occurring from a computer you may be using to access the University system.

   This activity needs to cease immediately. In addition, we request that all infringing material be removed from your computer. Our records indicate that this is the second notice that we have received. Per policy (https://kb.doit.wisc.edu/security/page.php?id=20431) we have disabled your WiscWireless and WiscVPN network access until you have completed the Learn@UW copyright quiz and had your computer scanned for malware and file-sharing programs by the DoIT Help Desk or other similar service."

9. The DoIT Help Desk agent routes the incident to the HDQA. HDQA will then escalate this incident to the US-Help Desk EAST requesting that the user and all of their Bradford devices be quarantined. (Until this action happens, the customer will still have full access to the Housing network.)
10. The user brings the computer to the DoIT Tech Store to have it cleaned of any file-sharing programs and all the infringing material or a receipt from computer shop for a similar service. The DoIT Tech Store agent will update the ticket and escalate to the HDQA who then will escalate to BadgIRT WiscIT group.
11. OCS will check if the user has passed an online copyright quiz (located in Learn@UW and currently titled 'UW-Madison Copyright Tutorial') with 100%. The users will have another quiz to confirm they completed the copyright quiz. When that quiz is completed, an email notification is sent to OCS. Once completed, OCS will update the ticket.
12. OCS will re-enable WiscVPN and wireless access.
13. The DoIT Help Desk will close the incident.

1. OCS receives an alert about alleged infringement (cease and desist report) about a user on WiscVPN / Wireless.
2. OCS determines that this is the third strike (third warning) for this user.
3. OCS creates a WiscIT incident and sends it to the DoIT Help Desk. The incident will be classified as Security / Copyright / Strike 3, and the description will be formatted as follows:

   Copyright Strike 3
   NetID: [NetID in question]
   MAC: [MAC address of device]
   
   Evidentiary Information:
   <FILE INFRINGEMENT DETAILS>
   
   <COPY OF REPORT>
   

4. OCS emails a copy of the infringement report to the user along with our copyright boilerplate, eg "Per policy, please remove all infringing material". In addition, OCS will state that this is strike three and network access will be removed until we hear back from the Dean of Students. If the user is a faculty or staff, we will escalate to their human resource representative.
5. OCS disables WiscVPN and wireless access for the NetID.
6. OCS will update the "strike" count for the NetID.
7. The DoIT Help Desk notifies the user with call or email of the issue and steps for resolution. They should provide the user with the following information:
   

   "The Office of Campus Information Security (OCS) received a report about infringement allegedly occurring from a computer you may be using to access the University system.

   This activity needs to cease immediately. In addition, we request that all infringing material be removed from your computer. Our records indicate that this is the third notice that we have received. Per policy (https://kb.doit.wisc.edu/security/page.php?id=20431) we have disabled your WiscWireless and WiscVPN network access until we hear from (the Dean of Students office / your human resources representative). We would suggest that you contact (the Dean of Students / your human resources representative) to arrange for a meeting."

8. If the person receiving a third strike is a student, OCS staff will open a report within the Dean of Students Incident Reporting Form. OCS staff will complete the ticket with the following information:

   Background Information:
   
   fullname: OCS staff name
   title: OCS response staff
   email address: abuse@wisc.edu
   Nature of report: choose Copyright Incident Report (DoIT Use Only)
   date: use current date
   Location of the incident: Pick the best option, e.g. On-Campus (Other)
   
   Involved Parties:
   
   Copyright student full name and their email address
   
   Description/Narrative:
   
   Hello
   
   This is a report of a -third- copyright infringement notice being received for .  Their WiscWireless, WiscVPN and Internet Housing network access have been removed pending notification from the Dean of Students to re-activate those services.  Please send the notification of restoration of access to abuse@wisc.edu when appropriate.
   
   After the second strike, they took their machine into the DoIT tech store and completed the copyright tutorial.
   
   At minimum, I would recommend that they bring their computer into the DoIT tech store for a full uninstall of any peer to peer (P2P) software vs just disabling the P2P or configuring it not to share.
   
   We have included the past infringement reports below.
   
   Please let us know any questions.
   
   Thank you!
   
   -OCS Staff
   
   [INCLUDE **ALL** PAST  INFRINGEMENT REPORT DETAILS]
   [EXAMPLE BELOW]
   
   Infringement complainant: RIAA
   
   List of infringing content
   ------------------------------
   Kanye West POWER
   
   ------------------------------
   INFRINGEMENT DETAIL
   ------------------------------
   Infringing Work : POWER
   Filename : kanye west- power.mp3
   First found (UTC): 2011-11-01T21:16:41.73Z
   Last found (UTC): 2011-11-01T21:18:07.03Z
   Filesize : 7049312 bytes
   IP Address: 146.151.30.35
   IP Port: 21950
   Network: Ares
   Protocol: Ares
   
   Second notice:
   
   List of infringing content
   ------------------------------
   Sean Paul Give It Up To Me
   
   ------------------------------
   INFRINGEMENT DETAIL
   ------------------------------
   Infringing Work : Give It Up To Me
   Filename : sean paul - the trinity - give it up to me(2).mp3
   First found (UTC): 2011-11-13T20:14:29.57Z
   Last found (UTC): 2011-11-13T20:15:38.15Z
   Filesize : 6421672 bytes
   IP Address: 146.151.27.71
   IP Port: 21950
   Network: Ares
   Protocol: Ares
   
   Third Notice:
   
   List of infringing content
   ------------------------------
   Kanye West POWER
   
   ------------------------------
   INFRINGEMENT DETAIL
   ------------------------------
   Infringing Work : POWER
   Filename : kanye west- power.mp3
   First found (UTC): 2011-11-30T00:41:37.28Z
   Last found (UTC): 2011-11-30T00:43:06.12Z
   Filesize : 7049312 bytes
   IP Address: 146.151.30.182
   IP Port: 21950
   Network: Ares
   Protocol: Ares
   

9. In all third strike cases, OCS staff will send an email to Jeff Savoy and Allen Monette alerting them that a third strike happened along with the person's NetID.
10. OCS will re-enable WiscVPN and wireless access once the Dean of Students or (appropriate University official if this involves a faculty or staff) approves. If the Dean of Students or HR representative request additional action be taken (such as reformatting), OCS will update the incident with this info and the Help Desk will contact the customer. Once complete, the Help Desk will update the ticket and escalate to the BadgIRT WiscIT group. OCS will re-enable WiscVPN / Wireless access and close the case.
11. OCS will close the incident.