next up previous contents
Next: Pornography Up: Some Computing Related Legal Previous: If You are Threatened

Unauthorized Use

The conditions of account use on HSEAS computers are quite explicit. You, and only you, may use your account. You may not share this account with anyone. ``Anyone'' includes your friends, family, secretary, and so on. Sharing can occur intentionally. For example, giving your password to a friend so he or she can read your mail while you're out of town, or so they can help you with a problem is unauthorized use. Using a .rhosts file to give away access to another user is also a form of intentional sharing that is not acceptable.

Sharing can be unintentional as well; an automated login script on your home or office computer can work for anyone with physical access to that computer. Writing your password down and having it posted near your computer is in effect sharing your account with anyone who has access to your computer. Leaving your terminal or console unlocked while you are logged in and away from the computer is also a form of sharing your account. Anyone can, and eventually someone will, make use of that type of lapse of security.

We are rigid on this issue, because personal accountability is a major foundation for security. Further, we have seen many times that shared accounts propagate. For example, Joe gives Ken his password so Ken can read his (Joe's) mail. Much later, Ken leaves the university, and starts work at a new location. At that site, Bob tells Ken, "I really need to use Matlab to solve these equations, but we can't afford to buy it.". Ken says, "I know an account that we can use to do your Matlab runs.". A couple of months later, Bob's niece Phyllis is in town, and she wants to cruise the Internet. Bob's company systems do not allow access to things like WWW, but Bob remembers the account on the university's host that Ken showed him, and Bob and Phyllis Surf the Web. When she returns home, Phyllis tells her boyfriend Bubba about this wonderful resource. Bubba is a clever boy, and soon Joe's account is being used by the local 2600gif chapter to store and forward licensed software, cracking tools, etc., and they've used their access to break into other systems. Soon the FBI is on Ken's doorstep, and Ken gets to spend lots of ``quality time'' speaking earnestly with government officials.

Unauthorized use also applies to you using someone else's account on a remote system. Most sites are consistent in this. A user at a remote site does not have the authority to share or otherwise ``sub-let'' his/her account on that system to you. If you use another person's account, that site (e.g., a corporation, another university) may institute legal actions against you. Remember, the person at the other end may say they never permitted you to use the account. Even if they admit tosharing, that site can still prosecute under the various laws (e.g., ECPA, CTA) mentioned previously.


next up previous contents
Next: Pornography Up: Some Computing Related Legal Previous: If You are Threatened

Del Armstrong
Fri Oct 25 16:31:41 EDT 1996