A few days ago, many sites reported on the RIAA's most recent attack on the University of Michigan and how they were demanding they be given student names in order to pursue "legal" action or settlement talks (though some call it extortion). While initial reports made it seem like the University was cooperating with the RIAA and just handing over students names, that appears to not be the case. In fact, that appears that nothing short of a subpoena will make them reveal that information:

3/15 Update: I just spoke with Jack Bernard, Assistant General Counsel for the University of Michigan; the university is not identifying students suspected of sharing files to the RIAA, as was erroneously stated here. He said, "the university cannot disclose the students' names associated with an IP address without a valid production document [subpoena] or permission from the students."
What the University has done is contact the students individually and let them know they were on the RIAA's "list". Whether or not the students come forward is up to them. At the very least, it is good to see the University not rolling over for the RIAA.