Skip to main content

Cornell University

Cornell Complies with the Higher Education Opportunity Act (HEOA)

Understanding your obligations under the Higher Education Opportunity Act

This article applies to: Security & Policy

The Higher Education Opportunity Act (HEOA) requires higher education institutions, including Cornell, to practice due diligence informing students about copyright infringement risks. All higher education institutions must:

Cornell University’s compliance with section 668.14 of the Higher Education Act of 2008, commonly known as the peer-to-peer provision, includes this documentation of the plans to address unauthorized distribution of copyrighted material by users of the institution’s network.

Technological Deterrents

Since 2002, Cornell Information Technologies has and continues to operate a procedure to respond to Digital Millennium Copyright Act (DMCA) notices. Although originally a manual process, it is now largely automated to the user. This automated response begins when the notice comes to the university through The DMCA agent for the university has observational purview of each notice.

The Cornell DMCA agent requests that the IT Service Desk:

  1. Use network records to determine the responsible party (registered MAC address/NetID).
  2. Block the Internet Protocol (IP) or MAC address to prevent further file sharing by the device alleged to be in violation of federal law.
  3. Provide the identity of the user or party responsible for the computer (responsible party).

The Cornell DMCA agent then notifies the user or responsible party of the notice via an electronic process, Network Quarantine, with appropriate instructions to cease and desist.

  • For the first DMCA offense, the user must click on a button that acknowledges receipt and understanding of the message in order to regain network access. Review of the copyright law tutorial is encouraged but optional for first time offense.
  • A second offense requires completion of the copyright law tutorial and verification the copyright file and filesharing program have both been removed from the device indicated in the notice. Students must pay for the copyright law tutorial and pass a test with a score of at least 75% correct answers in order to complete it and have their network connection restored.
  • A third sequential offense is referred to the Office of Judicial Administration and, if not mitigated by circumstances, results in the loss of network privileges for a fixed period, typically four weeks, for student users.

For staff, the IT Service Desk forwards the DMCA notice, with the required staff response, to the Office of Human Resources.

In addition to this process for responding to DMCA notices, Cornell University has a unique market model, Network Usage Based Billing (NUBB), that charges users for the amount of bandwidth that crosses into the Internet. Although established for the purpose of creating a fair network enterprise system across the university, it has had the unintended salutary effort of reducing bandwidth usage. Consequently, Cornell University has no need to operate a bandwidth-shaping program.

Cornell University did not adopt the deep-packet inspection options that it explored because their use was found to violate university policy that prohibits monitoring the network for content as a practice and because those technological choices were in contradiction to Cornell University community values and tradition of open inquiry.


Cornell University has played a leading national role in educating users about the appropriate use of copyright material in the digital realm. The Institute for Computer Policy and Law, established in the 1990s, has always included issues related to peer-to-peer copyright in its curriculum for higher education professionals nationally. Aimed more for the campus community, the University Computer Policy and Law Program has had numerous speakers address this subject and many events focused on the concerns for and about students.

Two events stand out in particular:

  • A debate between legal counsel for the Recording Industry Association of America (RIAA) and an attorney from Jones Day, who outside of his role in that law firm represented the student’s side of the question.
  • A panel discussion on the subject that included leaders in this area such as Cary Sherman, chairman and CEO of the RIAA, Mr. French, former legal counsel for the Motion Picture Association of America (MPAA), and Fred von Lohmann, former legal counsel for the Electronic Frontier Foundation.

See Cornell Copyright Policies. Upon request from many schools, we have made these materials available online, and they have been used in a number of college courses that include copyright in their curriculum.

In addition to these general materials, Cornell University requires that each new student view an educational three-minute video specifically about peer-to-peer file sharing and copyright as a necessary step in their acquisition of a university network identifier. That process occurs before they come to campus.

A day or two prior to arriving on campus, the IT Security Office sends the annual DMCA notification, which includes information about compliance with copyright and the statutory damages of infringement as required by this law.

Legal Alternatives

To date, Cornell University hosts a principal site devoted to issues of peer-to-peer file sharing and copyright that includes many of the materials identified in the statements above. See Guide to Copyright Infringement Risks.

Included in that site is information about legal sources for online music and videos. See Legal Music and Video Resources.

Cornell University was an early adopter of the legal Napster program, and later Ruckus; both programs have since gone out of business and were therefore discontinued.

Periodic Review

University Counsel convenes a meeting each January to assess Cornell's compliance with the HEOA copyright provisions. In attendance are the Judicial Administrator, the Dean of Students, the Executive Director of Cornell Information Technologies, and the Director of Information Technology Policy, who is also the DMCA agent.

Under Counsel’s direction, the group reviews Cornell's policy, procedures, and practices and explores the development of new options.


To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.