Well, technically, to monitor people's internet usage is possible, but to actively do that is difficult.
However, I can tell you from a corporate standpoint, as I have done it before, is that anyone who has setup anything, they will have roughly the following setup:
Firewall (With Logging)
Proxy Server (If their Firewall software can't support certain logging or content control)
Specifically setup DHCP server to force certain types of things.
In the last company I worked at, A Checkpoint Firewall was setup, but in order to control certain accesses for the call center and for stores, we had to setup a Proxy Server to do web content filtering due to the nature of some of the places the Call Center and Stores had to be able to go to. Checkpoint Firewall does not deal with dynamic domain IP assignments easily so having to rely on a Proxy Server to control that was necessary.
To further control that and take it out of the hands of the users, you would then force them to use the proxy server via DHCP. While they could try and go directly out, that is where the firewall would be configured to block that access going out and forcing users to use the proxy server if they wanted to gain web access, which again, you restrict them from going where they wanted based off of IP or by user authentication process.
In cases like what you put above, with logging in place and one additional thing, which would be bandwidth monitoring... If abnormal surges of information is happening and with the right tools, you can narrow down the IP of a person within a given network and then show logs of what a person is doing so they can't 'fib' about it.
Streaming videos, for example, tend to raise flags in corporate or education areas because it is an abuse of their resources and generally get tracked down pretty quickly, especially if it is heavy traffic. The one thing most people cannot disguise that brings the most attention will always be heavy bandwidth usage from a particular IP. Don't forget, there is also various kinds of listings, that I wouldn't put it past if there was a listing of known porn sites for business and education to 'monitor' and have alerts... Not to mention it probably isn't the first rodeo of that nature they had to deal with.
Also, mind you, I wouldn't put it past that girl has probably done it more than once and not just in the class that not only did she raise a red flag, but they gathered some more information to pretty much point out 'You can't say this is a first time offense.' as I have been asked to pull logs for several days when a person has done something a manager suspects has been going on to show the user they are in trouble.
And again, this goes back to what Google Code may provide. In all honesty, they may have not considered people using their service to be using it as a repository for malicious code, and to be fair, decent, well meaning coders would not put malicious code out there. The framework of what Google Code is also setup to be where authors of said code are putting up executable code that people might want to use, the said author is putting it up in good conscious and maintaining that code exempt of any harm.
And to be honest, this is also the same methodology that Microsoft has worked under when you look at Windows as well as all the Microsoft Software products. The original intention was there for people to make use of the software to improve things, however, the security holes in that software and in any software was basically not taking into consideration other people's malicious intent and it bit them in the butt time and time again.
