Acceptable Use Policy

June, 2001

December, 2005 (title change only)

Thanks to the Purdue ECN for permission to use their policy statement as a guideline.

1. Introduction

The Purdue University Department of Computer Sciences(CS) operates the department computing facilities to support its instructional and research mission. The policy presented here applies to all computer systems of CS, regardless of their operating system or manufacturer. As used in this policy statement, the term "user" refers to any person consuming resources on CS facilities. The term "CS" refers to computing and associated facilities specifically assigned by the Department of Computer Sciences or "CS staff" for operations and maintenance. The term "CS staff" includes a group of full-time professional staff and part-time student employees who work in the areas of basic software system support, hardware maintenance, operations, and user support.

This policy may be superseded in whole or in part by any applicable University policy, or State or Federal law.

2. Advisories

CS makes available to faculty, staff, students and others computing facilities consisting of hardware, software and documentation. The use and operation of these facilities is subject to the following advisories.

1. Every effort is made by the CS staff to prevent loss of data in the event of hardware or software failure or through human error. This is done by making daily backup copies of data stored on CS systems to magnetic tape or other media. It must be recognized, however, that in rare cases it may not be possible to restore the latest version of every data file from these backups and some data loss may occur. Because these cases are outside of the CS staff's control, the staff cannot be held liable for any loss of data arising directly or indirectly from the failure of hardware, software, or from human error.

2. Because the goals of CS are primarily educational in nature, computer systems are generally open to perusal and investigation by users, and security controls may be less restrictive than they would be in other environments. Although an appropriate effort is made to maintain system security, unauthorized access to information is possible through malicious mischief. The CS staff cannot guarantee against loss of privacy, theft of information, damage, or loss of data arising directly or indirectly from the absence or failure of system security protection mechanisms.

3. Most of the software used in CS is purchased from third-party vendors, often without source code. This limits the CS staff's ability to repair bugs in this software, or to modify the software. In many cases, several software packages of similar purpose are provided to attempt to serve a broader range of needs. However, CS can make no warranty, express or implied, regarding the computing services offered or their fitness for any particular purpose.

3. Access to CS Facilities

When applying for access to CS facilities, a valid University identification card must be presented. Students may also be required to present a current class schedule.

1. The facilities of CS are made available to the faculty, staff, and graduate students of the Department of Computer Sciences. Facilities may also be made available to student organizations and faculty and staff of other Schools by special arrangement.

2. Only properly authorized persons may access CS facilities; proper authorization is provided by CS staff members or their designates in the form of an account issued in the name of the authorized person.

3. A user may not permit any other person, including other authorized users, to access CS facilities through his or her account.

4. Those persons who have been issued keys, access cards, or combinations to obtain access to CS facilities may not use these items to allow other persons to access the facilities. Keys, access cards, and combinations may not be lent or given to others.

4. User Rights and Responsibilities

A user of the CS facilities has the following rights and responsibilities.

1. To enable the CS staff to accurately maintain information about the user of each account, each user is responsible for supplying current information to the appropriate CS staff member including school or department affiliation, degree program (undergraduate or graduate), expected graduation or termination date, and University position (faculty, staff, graduate staff, or student).

2. Providing false or misleading information for the purpose of obtaining access to CS facilities is a violation of University policy.

3. Each user is responsible for any and all activity initiated in or on CS facilities by his or her account.

4. Users are responsible for selecting a secure password for their account and for keeping that password secret at all times. Passwords should not be written down, stored on-line, or given to others. Passwords should never be given out to someone claiming to be a CS staff member; authorized CS staff members have full-access privileges and do not need to know individual users' passwords.

5. Users are responsible for protecting their own files and data from reading and/or writing by other users, using whatever protection mechanisms are provided by the operating system in use. Users are responsible for picking up their printer output in a timely fashion to avoid theft or disposal.

6. Users are responsible for reporting any system security violation, or suspected system security violation, to the CS staff immediately.

7. Most CS facilities are made available on an unmonitored basis. It is the responsibility of every user to act in such a manner as to not cause damage to the physical equipment. Accidental damage, or damage caused by other parties, should be reported to the CS staff as soon as possible so that corrective action can be taken.

8. Users who borrow hardware, software, or documentation from CS lending collections are responsible for its proper care and for returning it in a timely fashion.

9. Users are responsible for obeying all official notices posted in terminal rooms, attached to CS equipment, and displayed in the logon message of the day.

10. Users who are affiliated with the Department of Computer Sciences may not be denied access to CS facilities by someone who is not using the facilities for instructional, research, or administrative purposes or who is not a faculty, staff, or student member of the Department of Computer Sciences. A user affiliated with the Department of Computer Sciences may ask the offending person to relinquish the resource, or may ask a CS staff member to intervene on his or her behalf.

11. Users have the right not to be harassed while using CS facilities, whether it be physical, verbal, electronic, or any other form of abuse. Harassment should be reported to the CS staff.

12. Above all, users of the CS facilities are responsible at all times for using them in a manner that is ethical, legal, and not to the detriment of others.

5. CS Staff Rights and Responsibilities

The CS staff generally may do whatever is necessary to carry out its responsibility to maintain effective operation of the CS facilities.

1. The CS staff has the responsibility to make every reasonable effort to maintain the privacy of a user's files, electronic mail, and printer listings.

   1. Student files as kept on CS facilities are considered "educational records" as covered by the Family Educational Rights and Privacy Act of 1974 (Title 20, Section 1232(g) of the United States Code, also referred to as the Buckley Amendment). However, this does not preclude disclosure of these files to University officials with a legitimate educational interest. Whenever appropriate and possible, the CS staff will seek prior approval from the student before any such disclosures are made.

2. In the normal course of examining and repairing system problems, and when investigating instances of improper use of CS facilities, the CS staff may need to examine users' files, electronic mail, and printer listings. The CS staff has the right to do this, subject to item 5.1 above.

3. Investigations that discover improper use may cause the CS staff to: limit the access of those found using facilities or services improperly; disclose information found during the investigation to University or law enforcement authorities; initiate disciplinary actions as prescribed by University policies and procedures. The CS staff has the right to do this, subject to item 5.1 above.

4. In order to protect against hardware and software failures, backups of all data stored on CS systems are made on a regular basis. The CS staff has the right to examine the contents of these backups to gather sufficient information to diagnose and correct problems with system software, or to investigate instances of improper use of CS facilities, subject to item 5.1 above.

5. With reasonable cause for suspicion, the CS staff has the right to monitor any and all aspects of a system, to determine if a user is acting in violation of the policies set forth in this document, subject to item 5.1 above.

6. The CS staff may alter the priority or terminate the execution of any process that is consuming excessive system resources or objectionably degrading system response, with or without prior notification.

7. The CS staff may remove or compress disk files that are not related to Department of Computer Sciences missions or that are consuming large amounts of disk space, with or without prior notification.

8. The CS staff may terminate login sessions that have been idle (unused) for long periods of time, in order to free resources. This applies particularly to limited resources such as dial-in connections . The definition of a "long period" of time may vary from system to system, depending on resource availability.

9. The CS staff has the responsibility to provide advance notice of system shutdowns for maintenance, upgrades, or changes so that users may plan around periods of system unavailability. However, in the event of an emergency, the CS staff may shut down a system with little or no advance notification. Every effort will be made to give users a chance to save their work before the system is taken out of service.

10. CS staff members have the responsibility to report any violations of University policy, state law, or federal law pertaining to the use of University computer facilities to the appropriate authorities whenever such violations come to their attention.

11. The CS staff may refuse or restrict access to any person who has violated the policies set forth in this document, or who has violated the policies of other computer facilities belonging to the University.

6. Proper Use

The CS facilities are provided for use by faculty, staff, and students to support the missions of the Department of Computer Sciences. All faculty, staff, and students using CS facilities are responsible for using these facilities in an effective, ethical, and lawful manner.

1. Many resources, such as disk space, CPU cycles, printer queues, batch queues, login sessions, and software licenses, are shared by all users. No user may monopolize these resources.

   1. Users should consume as little disk space as practical, making use of available means for compressing files and archiving unused files off-line.

   2. Users should not load the system in such a way that others cannot perform useful work. Only a single instance of large, resource-intensive programs should be executed at one time.

   3. Long printer jobs (such as theses) should not be printed during periods of peak printer demand.

   4. Many software packages have a limited number of licenses, requiring users to share the licenses. The number of licenses available for each software package is available from CS staff. Users should relinquish licensed software when no longer using the license.

   5. The resources of workstations located in public labs should be respected; jobs may not be run that would interfere with the use of that workstation by the person sitting at the keyboard .

2. CS facilities are provided for academic use (instruction and research) and some administrative uses.

   1. The license agreements for some pieces of software may specifically restrict the software to instructional use. The CS staff should be consulted beforehand when planning the use of CS-supplied third-party software for research or administrative tasks in lieu of purchasing research or administrative licenses for this software.

   2. CS facilities may not be used for any activity that is commercial in nature without first obtaining written approval to do so from the President's Office (obtain form 32A from the CS business office). Commercial activities include consulting , typing services, developing software for sale, and in general any activity that is paid for by non-University funds.

3. The CS staff recognizes the academic value of research on computer security and the investigation of self-replicating code. However, the use and development of this type of software, if not properly supervised, can inadvertently affect the operation and integrity of CS systems.

   1. Users may not intentionally develop or use programs that harass other users of the system.

   2. Users may not intentionally develop or use programs that attempt to bypass system security mechanisms, steal passwords or data, or "crack" passwords.

   3. Users may not intentionally develop or use programs that, by design, attempt to consume all of an available system resource (memory, swap space, disk space, network bandwidth, etc.).

   4. Users may not intentionally develop or use programs designed to replicate themselves or attach themselves to other programs , commonly called worms or viruses.

   5. Users may not intentionally develop or use programs designed to evade software licensing or copying restrictions.

   Users who believe that they have a legitimate reason to use or develop programs in the above categories must give prior notice to the CS staff. Special arrangements can be made to provide an adequate environment for conducting the research without risking damage to or impairment of other systems.

4. Files owned by individual users are to be considered private, whether or not they are accessible by other users.

   1. Just as an unlocked door or window does not implicitly grant permission to strangers to enter your house, the ability to read another user's files does not implicitly grant permission to read those files.

   2. Under no circumstances may a user alter a file that does not belong to him or her without prior permission of the file's owner. The ability to alter another user's files does not implicitly grant permission to alter those files.

   3. Students' files or copyrightable works produced as the result of traditional works of scholarship, however, are considered to be jointly authored by the sponsoring faculty member who guides these works or provides the supporting resources used to produce these works. Sponsoring faculty members, therefore, have access rights to all such copyrightable works. [Executive memorandum B-10].

5. Because this is an educational environment, computer systems are generally open to perusal and investigation by users. This access must not be abused either by attempting to harm the systems or by stealing copyrighted or licensed software.Game playing, and the development of computer games, is permitted on CS systems (subject to departmental policies). However, these activities must be limited to times when demand for system resources is low. Work in pursuit of the goals of the Department of Computer Sciences has priority over game playing and development.

   1. System-level files (not owned by individuals) may be used and viewed for educational purposes if their access permissions so allow.

   2. Most system-level files are part of copyrighted or licensed software, and may not be copied, in whole or in part, except as needed as part of an educational exercise.

   3. The same standards of intellectual and academic honesty and plagiarism apply to software as to other forms of published work.

   4. Making copies of software having a restricted-use license is theft. So is figuring out how to "beat" the license protection scheme.

   5. Deliberate alteration of system files is vandalism or malicious destruction of University property.

6. Game playing, and the development of computer games, is permitted on CS system (subject to departmental policies). However, these activites must be limited to times when demand or the system resources is low. Work in pursuit of the goals of the department of Computer Science has priportiy over the games and the development. 

7. Harassing or defamatory material may not be sent via electronic mail or posted to electronic bulletin boards and news groups.

8. CS facilities and network connections may not be used for the purposes of making unauthorized connections to, breaking into, or adversely affecting the performance of other systems on the network , whether these systems are University-owned or not. The ability to connect to other systems via the network does not imply the right to make use of or even connect to those systems unless properly authorized by the owners of those systems.

9. Other organizations operating computing and network facilities that are reachable via CS systems may have their own policies governing the use of those resources. When accessing remote resources from CS facilities, users are responsible for obeying both the policies set forth in this document and the policies of the other organizations.

7. Software Copyrights and Licenses

The software used on CS facilities is operated under license agreements with AT\amp;T, Sun Microsystems, Apple Computer, and others.

1. United States copyright and patent laws protect the interests of authors, inventors, and software developers in their products. Software license agreements serve to increase compliance with copyright and patent laws. It is against federal law and CS policy to violate the copyrights or patents on computer software. It is against CS policy and may be a violation of state or federal law to violate software license agreements.

2. CS's UNIX source code license binds each and every user to respect the proprietary nature of the UNIX operating system and its source code. The specifics of the operating system may not be taught, nor may the system or any part thereof (including source code) be moved to or copies released to any non-licensed site.

3. Software in use on CS facilities, unless it is stored in areas specifically marked as containing copyable software, may not be copied to magnetic tape, hard or floppy disks, or otherwise removed from CS facilities. These specifically marked areas will contain a special file called README describing the software and the terms for making copies. Backup copies of licensed software are maintained by the CS staff; users may not make copies of licensed software.

4. Source code for licensed software may not be included in software that is released for use outside CS.

8. Enforcement

The disposition of situations involving a violation of the policies set forth in this document and the penalties that may be imposed for these violations are as described below.

1. Minor infractions of this policy, when likely accidental in nature, such as poorly chosen passwords, overloading systems, excessive disk space consumption, and so on are typically handled internally to CS in an informal manner by electronic mail or in-person discussions. More serious infractions are handled via formal procedures:

1. 1. Infractions such as sharing accounts or passwords, harassment, or repeated minor infractions as described above may result in the temporary or permanent loss or modification of CS access privileges, and/or notification of a student's academic advisor.

   2. More serious infractions, such as unauthorized use, attempts to steal passwords or data, attempts to steal licensed software, violations of University policies, or repeated violations as described in section 8.1.1 may result in the temporary or permanent loss of CS access privileges. In all cases, the offender's associated School or department will be notified of the infraction. If the offender is a student at the University, the case will also be referred to the Dean of Students office for appropriate action.

   3. Offenses that are in violation of local, state or federal laws usually result in immediate loss of all CS computing privileges, and will be reported to the appropriate University and law enforcement authorities.

2. Penalties may be imposed under University regulations, Indiana law, or the laws of the United States.

1. 1. Section B-2 of the Purdue University Regulations Governing Student Conduct, Disciplinary Proceedings, and Appeals, as passed by the Board of Trustees of Purdue University, states, in part:
   2. Misconduct Subject to Disciplinary Penalties. The following actions constitute misconduct for which students may be subject to administrative action or disciplinary penalties.

      a. Dishonesty in connection with any University activity. Cheating, plagiarism, or knowingly furnishing false information to the University are examples of dishonesty.

      d. Physical abuse of any person or conduct which threatens or endangers the health or safety of any other person, whether or not such conduct occurs on University property.

      e. Theft or attempted theft of, or the unauthorized use or possession of, or the unauthorized exertion of control over, or causing damage to property of any kind belonging to the University , a member of the University community, a campus visitor, or a person or agency participating in a University activity.

      f. Unauthorized entry or access to, or unauthorized use or occupancy of, any University property including without limitation lands, buildings, structures, telecommunications, computer or data processing equipment, programs, systems, or software, or other facilities or services. .....

      i. Lewd, indecent, or obscene conduct or expression on University property or in connection with a University activity. .....

      l. Any conduct which substantially threatens or interferes with the maintenance of appropriate order and discipline in the operation of the University, or any conduct on University property or in connection with a University activity which invades the rights of others.

      "Administrative action" means the issuance of an oral or written warning, admonition, reprimand, and/or use of counseling procedures. "Disciplinary penalty" means expulsion, suspension, probated suspension, disciplinary probation, and other educationally sound sanctions.

   3. Title 35, Article 43 of the Indiana Code contains the following:

      35-43-1-4(b) Computer tampering:

      A person who knowingly or intentionally alters or damages a computer program or data, which comprises part of a computer system or computer network without the consent of the owner of the computer system or computer network commits computer tampering, a Class D felony.

      35-43-2-3(b) Computer trespass:

      A person who knowingly or intentionally accesses: (1) a computer system; (2) a computer network; or (3) any part of a computer system or computer network; without the consent of the owner of the computer system or computer network, or the consent of the owner's licensee, commits computer trespass, a Class A misdemeanor .

      In the State of Indiana, a Class D felony is punishable by a term of one-half to three years in prison and a fine of not more than $10,000. A Class A misdemeanor is punishable by a maximum of one year in prison and a fine of not more than $5,000.

   4. Title 18, Section 1029 of the United States Code imposes penalties of fines and up to ten years in prison for:

      (a) Whoever-

      (1) knowingly and with intent to defraud produces, uses, or traffics in one or more counterfeit access devices;

      (2) knowingly and with intent to defraud traffics in or uses one or more unauthorized access devices during any one-year period, and by such conduct obtains anything of value aggregating $1,000 or more during that period;

      (3) knowingly and with intent to defraud possesses fifteen or more devices which are counterfeit or unauthorized access devices; .....

      (e) As used in this section-

      (1) the term "access device" means any card, plate, code, account number, or other means of account access that can be used, alone or in conjunction with another access device, to obtain money, goods, services, or any other thing of value, .....

      (2) the term "counterfeit access device" means any access device that is counterfeit, fictitious, altered, or forged, .....

      (3) the term "unauthorized access device" means any access device that is lost, stolen, expired, revoked, canceled, or obtained with intent to defraud;

   5. Title 18, Section 1030 of the United States Code imposes penalties of fines and up to ten years in prison for:

      (a) Whoever- .....

      (3) intentionally, without authorization to access any computer of a department or agency of the United States, accesses such a computer of that department or agency that is exclusively for the use of the Government of the United States or, in the case of a computer not exclusively for such use, is used by or for the Government of the United States and such conduct affects the use of the Government's operation of such computer;

      (4) knowingly and with intent to defraud, accesses a Federal interest computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer;

      (5) intentionally accesses a Federal interest computer without authorization, and by means of one or more instances of such conduct alters, damages, or destroys information in any such Federal interest computer, or prevents authorized use of any such computer or information, and thereby-

      (A) causes loss to one or more others of a value aggregating $1,000 or more during any one year period; or

      (B) modifies or impairs, or potentially modifies or impairs, the medical examination, medical diagnosis, medical treatment, or medical care of one or more individuals; or

      (6) knowingly and with intent to defraud traffics (as defined in section 1029) in any password or similar information through which a computer may be accessed without authorization, if-

      (A) such trafficking affects interstate or foreign commerce; or

      (B) such computer is used by or for the Government of the United States;

      the term "Federal interest computer" means a computer-

      (A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects the use of the financial institution's operation or the Government's operation of such computer; or

      (B) which is one of two or more computers used in committing the offense, not all of which are located in the same state;

   6. Title 18, Section 2701 of the United States Code imposes penalties of a fine of not more than $250,000 or imprisonment for not more than one year, or both, for anyone who:

      (1) intentionally accesses without authorization a facility through which an electronic communication service is provided; or (2) intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system .....

      As defined in Title 18, Section 2510 of the United States Code,

      "electronic communication" means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce, .....

   7. Title 18, Section 2511 of the United States Code imposes penalties of a fine or imprisonment for not more than five years, or both, for any person who:

      (a) intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication; .....

      Other regulations and laws may be applied as well, depending on the nature of the offense.