Cybersecurity - Copyright Infringement Process

This document outlines the procedure that the Office of Cybersecurity and the DoIT Help Desk will follow when quarantining users for copyright infringement.

Note: Copyright strikes resets every semester.

Cybersecurity will find and do all the notifications for copyright infringement users. The Help Desk role is for an Onsite Agent to assist with strike 2 and 3 infringements to confirm the copyright material has been removed from the user's computer (along with any unapproved file sharing programs such as uTorrent, BitTorrent, qBittorrent, Vuze). If infringing material is still present please remove and once confirmed clean, the Onsite Help Desk Agent will enable all devices in ClearPass and resolve the incident. 

Any questions with Strike 2 and Strike 3 copyright infringement cases, please escalate to Security-BADGIRT with these classifications:

  • Incident Response and Investigations
    • BadgIRT
      • Submit Incident

Copyright strike procedure

Strike One

  1. Office of Cybersecurity receives an alert about alleged infringement (Cease and Desist report) about a user on a Campus Network.
  2. Office of Cybersecurity determines that this is the first strike for this user.
  3. Office of Cybersecurity emails a copy of the infringement report to the user along with our copyright boilerplate, e.g. "Per policy, please remove all infringing material." In addition, Cybersecurity will inform the user that this is strike one and include a URL with the policy.
  4. Office of Cybersecurity updates the users "strike" count and closes the incident.

Strike Two

  1. Office of Cybersecurity receives an alert (incident) about alleged infringement (Cease and Desist report) about a user on a Campus Network.
  2. Office of Cybersecurity determines that this is the second strike for this user.
  3. Office of Cybersecurity disables all wireless devices on UWNet that are registered to the NetID.
  4. Office of Cybersecurity emails a copy of the infringement report to the user along with their copyright boilerplate, e.g. "Per policy, please remove all infringing material." In addition, the Office of Cybersecurity will state that this is strike two and network access will be removed until user brings the infringing device to the Onsite Help Desk to ensure the copyright material has been removed from the device and confirm the copyright quiz has been completed. 
  5. Office of Cybersecurity will update the "strike" count for the NetID and assign the ticket to the Help Desk (internal note: strike counts currently start over each semester).
  6. The Onsite Help Desk will confirm the device is clean and that the copyright quiz has been completed.

    • Onsite Help Desk Procedure

      • A Help Desk agent may check and clean the device of any file-sharing programs and all the infringing material through the following steps:
        • Search the computer using Finder/"Cmd + Space" on an Apple Computer or using File Explorer/Windows Search on a Windows Computer. You are first looking for the specific file or files referenced in the case. If you find these files, or any clear reference to them (such as a different Game of Thrones episode than the one possibly reported) delete them entirely, making sure to empty the recycling bin afterwards.
        • Additionally you want to look for possible file sharing programs on the user's computer. On an Apple Computer you can look in the Applications folder, on a Windows Computer you can navigate to "Add or Remove Programs" in settings. Common unapproved file sharing programs include: uTorrent, BitTorrent, qBittorrent, Vuze. (But these are not the only ones) If you see something that looks suspicious, ask the user to clarify what it is and what it does. This is their second strike, so it is in their best interest to be transparent at this point so we don't leave a program on their computer that might result in a 3rd strike. Uninstall any of these discovered programs.
        • Update the ticket that this has been completed, including detailed notes on exactly what was found and removed, or that nothing was found (hopefully meaning the customer found and removed the files already themselves).
      • NOTE: A journal note will be added to the case automatically once the Qualtrics quiz is passed with a 10/10. Once the quiz is completed, AND the infringing material removed, the HD can re-enable devices on ClearPass and confirm access is restored.

      7. The Onsite Help Desk will enable all devices in ClearPass and resolve the incident.

Strike Three

  1. Office of Cybersecurity receives an alert about alleged infringement (cease and desist report) about a user in the Campus Network.
  2. Office of Cybersecurity determines that this is the third strike for this user.
  3. Office of Cybersecurity disables all wireless devices on UWNet that are registered to the NetID. 
  4. Office of Cybersecurity emails a copy of the infringement report to the user along with their copyright boilerplate, e.g. "Per policy, please remove all infringing material." In addition, the Office of Cybersecurity will state that this is strike two and network access will be removed until user brings the infringing device to the Onsite Help Desk to ensure the copyright material has been removed from the device and confirm the copyright quiz has been completed. 
  5. In all third strike cases, Office of Cybersecurity staff will send an email to Jeff Savoy and Allen Monette alerting them that a third strike happened along with the person's NetID.
  6. In addition, Office of Cybersecurity will state that this is strike three and network access will be removed until we hear back from the appropriate University official below:
    • Students living in UW Housing: Dean of Students
    • Non students living in Eagle Heights: Community Services Manager
    • Faculty and staff: Appropriate Human Resources representative
  7. Office of Cybersecurity will update the "strike" count for the NetID and assign the ticket to the Help Desk (internal note: strike counts currently start over each semester).
  8. The Onsite Help Desk will confirm the device is clean and that the copyright quiz has been completed.

    • Onsite Help Desk Procedure

      • A Help Desk agent may check and clean the device of any file-sharing programs and all the infringing material through the following steps:
        • Search the computer using Finder/"Cmd + Space" on an Apple Computer or using File Explorer/Windows Search on a Windows Computer. You are first looking for the specific file or files referenced in the case. If you find these files, or any clear reference to them (such as a different Game of Thrones episode than the one possibly reported) delete them entirely, making sure to empty the recycling bin afterwards.
        • Additionally you want to look for possible file sharing programs on the user's computer. On an Apple Computer you can look in the Applications folder, on a Windows Computer you can navigate to "Add or Remove Programs" in settings. Common unapproved file sharing programs include: uTorrent, BitTorrent, qBittorrent, Vuze. (But these are not the only ones) If you see something that looks suspicious, ask the user to clarify what it is and what it does. This is their second strike, so it is in their best interest to be transparent at this point so we don't leave a program on their computer that might result in a 3rd strike. Uninstall any of these discovered programs.
        • Update the ticket that this has been completed, including detailed notes on exactly what was found and removed, or that nothing was found (hopefully meaning the customer found and removed the files already themselves).
    • NOTE: A journal note will be added to the case automatically once the Qualtrics quiz is passed with a 10/10. Once the quiz is completed, AND the infringing material removed, the HD can re-enable devices on ClearPass and confirm access is restored.
  9. The Onsite Help Desk will escalate the ticket back to Security-BADGIRT
  10. Office of Cybersecurity will re-enable Wireless UWNet access once the Dean of Students approves.
  11. Office of Cybersecurity will close the incident.

      See Also


      Keywords:
      CSOC copyright violation strikes first second third one two three quarantine infringement OCS office of cyber security residents affiliates campus users guests visitors conference attendees copywrite cease and desist settlement 
      Doc ID:
      20383
      Owned by:
      Help Desk KB Team in DoIT Help Desk
      Created:
      2011-09-22
      Updated:
      2025-05-29
      Sites:
      DoITHelpDesk-internal