|
Policy #52
Use Of Computers and Data
Communications
I. PURPOSE
The University provides computer access
and capabilities through the Office of the Chief Information Officer and
various College and department computer systems. The University relies heavily
upon these systems to meet operational, financial, educational and
informational needs. It is essential that these systems and machines be
protected from misuse and unauthorized access. It is also essential that WCU's
computers, computer systems, and computer networks, as well as the data they
store and process, be operated and maintained in a secure environment and in a
responsible manner.
This policy applies to all University
computer systems and refers to all hardware, data, software and communications
networks associated with these computers. In particular, this policy covers
computers ranging from multi-user timesharing systems to single user personal
computers, whether free-standing or connected to the network.
In addition to this computer policy, users
of these computer systems are subject to applicable state and federal laws.
Computer abuse will be referred to the Chief Information Officer and/or college
or department computer network and laboratory managers. Abuse involving theft
or vandalism will also be reported to the Director of University Police.
Computing resources are valuable, and
their abuse can have a far-reaching negative impact. Computer abuse affects
everyone who uses computing facilities. The same moral and ethical behavior
that applies in the non-computing environment applies in the computing
environment.
II. DEFINITION OF TERMS
A. Computer Systems
Computer systems include any personal
computer (stand-alone or networked), workstation, mini-computer or mainframe
computer used on this campus or accessible by way of networks at other
locations.
B. Computer Networks
Computer networks include any local or
wide area communications systems connecting above defined computer systems.
C. Network Backbone
Network backbone consists of the primary
communications media which connect small networks and individual terminals,
personal computers, workstations, etc., to other devices.
D. Local Area Networking Media
Local area networking media may consist of
copper wire, fiber optic cable, thin or thick wire cable which is used to
connect one terminal, personal computer, workstation, etc., to another or to
network interface equipment.
III. COMMON FORMS OF COMPUTER ABUSE
Misuse or abuse of computers, computer
systems, computer networks, programs, and data are prohibited. The following
topics are considered areas of abuse:
A. PRIVACY VS. OPEN RECORDS
Investigating or reading another user's
files is considered the same as reading papers on someone's desk - a violation
of that person's privacy. Reading protected files without authorization, by
whatever mechanism, is a criminal violation.
Western Carolina University reserves the
right to examine files, programs, passwords, accounting information, printouts,
or other computing material without notice for the purpose of investigating
possible abuses of this policy. No accurately addressed and delivered
electronic mail will be read by system personnel without the user's consent
except in those situations that are explicitly delineated as exceptions in the
Electronic Communications Privacy Act ("18 U.S.C. 2510,et. seq.").
Violations include, but are not limited
to:
attempting to access another user's
computer files without permission;
supplying or attempting to supply false or misleading information or
identification in order to access another user's account;
deliberate, unauthorized attempts to access or use University computers,
computer facilities, networks, systems, programs or data;
the unauthorized manipulation of WCU's computer systems, programs or data.
the unauthorized capturing of computer network data directly from network
backbone or local area networking media.
B. THEFT
Theft includes the stealing of any
property of the institution or the State of North Carolina. Violations include,
but are not limited to:
unauthorized use of university computing
resources, including the use of E-mail or Internet communications, for personal
gain or personal purposes;
using subterfuge to avoid being charged for the use of computer resources;
deliberate, unauthorized use of another user's account to avoid being billed
for the computer usage;
abusing specific computer resources such as the INTERNET;
attempting unauthorized access to computers outside the University using the
University's computers or communications facilities;
removing any computer equipment (hardware, software, data, etc.) without
written authorization;
copying, or attempting to copy, data or software without proper authorization.
C. VANDALISM
Any user's account, as well as the
operating system itself, is a possible target for vandalism. Attempted or
detected alteration of user system software, data or other files, as well as
equipment or resources disruption or destruction, is considered vandalism.
Violations include, but are not limited to:
sending either mail or a program which
will replicate itself or do damage to another user's account;
tampering with or obstructing the operation of the University's computer
systems (for example, attempting to "crash" the system);
inspecting, modifying, or distributing data or software without proper
authorization or attempting to do so;
attempting to interfere with the performance of the system;
damaging computer hardware or software.
D. COPYRIGHT ISSUES
The University owns licenses to a number
of proprietary programs. Users who redistribute software from the computing
systems break agreements with its software suppliers, as well as applicable
federal copyright, patent and trade secret laws. Copyright protection also
applies to many resources found on the Internet, including but not limited to,
images, audio and video files, and electronic versions of print materials.
Therefore, the redistribution of any
software or other copyrighted materials from computing systems is strictly
prohibited except in the case of software that is clearly marked as being in
the public domain. Violations include, but are not limited to:
copying, transmitting, or disclosing data,
software or documentation without proper authorization, or attempting to do so.
E. HARASSMENT
Harassment of other users may be the
sending of unwanted messages or files. Violations include, but are not limited
to:
interfering with the legitimate work of
another user, to include sending of chain mail or other non-university related
messages;
the sending of abusive or obscene messages via computers;
the use of computer resources to engage in abuse of computer personnel or other
users.
F. MISCELLANEOUS
Other uses commonly considered unethical
include, but are not limited to, the following:
unauthorized and time consuming
recreational game playing;
using computer accounts for work not authorized for that account;
sending chain letters or unauthorized mass mailings;
using the computer for personal profit, the private benefit of other
individuals or organizations, or for other illegal purposes;
personal advertisements.
IV. COMPUTER USAGE GUIDELINES
A. Users may not engage in any of the
common forms of computer abuse listed above.
B. Users are to have valid, authorized
accounts and may only use those computer resources that are specifically
authorized. Users may only use their account in accordance with its authorized
purpose. Users are responsible for safeguarding their own computer account.
Users should not let another person use their account unless authorized by the
system administrator for a specific purpose. Passwords should be changed often
to ensure that private and secure files are kept secure.
C. Users may not change, copy, delete,
read, or otherwise access files or software without permission of the custodian
of the files or the system administrator. Users may not bypass accounting or
security mechanisms to circumvent data protection schemes. Users may not
attempt to modify software except when intended to be user customized.
D. Users may neither prevent others from
accessing the system nor unreasonably slow down the system by deliberately
running wasteful jobs, playing games, engaging in non-productive or idle
chatting, or sending mass mailings or chain letters.
E. Users shall assume that any software or
file they did not create is copyrighted. They may neither distribute
copyrighted proprietary material without the written consent of the copyright
holder nor violate copyright or patent laws concerning computer software,
documentation or other tangible assets.
F. Users must not use the computer systems
to violate any rules in the University Staff Handbook, Faculty and Student
Handbooks, or any local, state or federal laws.
G. A user shall disclose to the
appropriate authorities misuses of computing resources or potential loopholes
in computer systems security and cooperate with the systems administrator in
the investigation of abuses.
In connection with inquiries into possible
abuses, the University reserves the right to examine files, programs,
passwords, accounting information, printouts, or other computing material
without notice. Only the Chief Information Officer may authorize examinations.
Whenever such an examination is conducted, the examiner will maintain an
inventory of all items examined.
V. PENALTIES
Abuse or misuse of computing services may
not only be a violation of this policy or user responsibility, but it may also
violate the criminal statutes. Therefore, the University will take appropriate
action in response to user abuse or misuse of computing services. Action may
include, but not necessarily be limited to: suspension or revocation of
computing privileges. Access to all computing facilities and systems can, may,
or will be denied; reimbursement to the University for resources consumed;
other legal action including action to recover damages; referral to law
enforcement authorities; computer users (faculty, staff and/or students) will
be referred to the appropriate office for disciplinary action. Students will be
referred to the Office of the Vice Chancellor for Student Affairs.
VI. DISTRIBUTION OF THIS POLICY
The University will insure that all users
are aware of the policy by publishing it in appropriate media designed to reach
all faculty, staff and students.
Formerly Executive Memorandum 94-109
Initially approved December 12, 1994
Revised December 20, 2002
Administering office: Office of the Chief Information Officer
Posted June 08, 1999
|
