1. Introduction

This Computer Use Policy applies to every user of networked and multi-user computer equipment installed within the School of Engineering and Applied Sciences. Its intent is to assist in providing a consistent, safe, secure and reliable environment in which computing and computer communications for educational, research and administrative purposes can take place. Thus, by making use of any of this equipment, the user agrees to abide by the policies described within this document. A person in violation of this policy may be subject to administrative action and penalties, discussed in detail in the final section of this document.

For the purposes of this policy, a user is any person consuming computer resources; a staff member is a person acting in an official capacity as a member of the Computing and Networking Group. The same person may be a staff member during part of the day and a user during other parts of the day.

The terminology used in this policy tends to reflect the UNIX operating system, which is used on the majority of computers in the School of Engineering, but is intended to apply to all operating systems in use in the School.

This document was prepared by John Simonson, the Manager of School Computing and Networking, in consultation with the HHSEAS Committee on School Computing. This document is based on an earlier version prepared by Dikran Kassabian, the former Manager of School Computing The Computer Use Policy, and therefore this document, will evolve over time and so is subject to change without notice. An up to date copy will be kept online at all times, and paper copies will be made available upon request. Users are encouraged to bring to the attention of the writers any corrections or omissions they deem appropriate.

A user of School of Engineering computer facilities should obey the following general guidelines.

2.1 Users may not use School of Engineering computer facilities in any way that would be in violation of University regulations or City, State, or Federal law.

2.2 A user account assigned to an individual should not be used by others. The individual is responsible for the proper use of the account, including proper password protection.

2.2.1 You should use only those computer accounts which have been authorized for your use. The unauthorized use of another's account, as well as the providing of false or misleading information for the purpose of obtaining access to computing facilities is prohibited.

2.2.2 You may not authorize anyone to use your account(s) for any reason. You are responsible for all use of your accounts. You must take all reasonable precautions, including password maintenance and file protection measures, to prevent use of your accounts by unauthorized persons.

2.2.3 You should make reasonable efforts to use a secure password. The CNG staff routinely runs a series of security programs which, among other things, attempt to guess user passwords. If your password is discovered in this way, you will be notified by electronic mail. In that event, please respect the notification and change your password. Having a vulnerable password is not only a danger to you and your files; it is a danger to our entire network of systems, and to some extent, a danger to the entire worldwide Internet.

2.2.4 You may not harass other users on School of Engineering facilities (or on any other computer facilities including those outside the School of Engineering).

2.2.5 You may not misrepresent your identity in using or communicating with School of Engineering facilities. Efforts made to hide your identity or to impersonate other users for any purpose is a direct violation of policy.

2.2.6 You should read and follow the posted rules in the public computer labs.

2.3 Files owned by individual users or staff members are to be considered as private, whether or not they are accessible by other users. Users are expected to use the computer systems in a manner that preserves and respects the privacy of others. At the same time, security is the responsibility of the user who owns the file and the Computing and Networking Group.

2.3.1 That you can read a file does not mean that you may read a file. Files belonging to individuals are to be considered private property.

2.3.2 Under no circumstances should you alter a file that does not belong to you without the explicit permission of the owner of that file. The ability to alter a file does not give you the right to alter a file.

2.3.3 Users of UNIX systems should familiarize themselves with the use of software tools such as chgrp(1) and chmod(1) in order to specify file access permissions to their own files.

2.3.4 The United States Government recognizes electronic mail (email) as protected private correspondence. This means that tampering with email, interfering with the delivery of email, and the use of email for criminal purposes may be felony offenses.

2.3.5 The University of Rochester's legal office has directed us to protect the privacy of users. Specifically, we are unable to provide access to files without the written authorization of the owner of the files. Thus, we are unable to hand over research material, theses, etc., of one member of HHSEAS to any other member of HHSEAS without written authorization from the owner (owner in terms of the systems identification of owner). For example, a student may complete work for a faculty member, and be paid for this work, and store the work on a computer funded by that faculty member. If the student closes down the permissions of any of that material, we cannot unilaterally grant access to the faculty member. Written authorization must come from the owner (the student in this example) or from the University of Rochester counsel's office.

This is based on the University's interpretation of the federal ECPA and FIREP laws. You should provide this written authorization before your leave the University or research group; faculty and researchers should take measures to obtain written authorization from all of their students and staff. The CNG can provide authorization forms for this purpose.

2.4 Many resources, such as file space, workstations, CPU cycles, network bandwidth, printer and batch queues, login sessions, and software licenses, are shared by all users. No user should monopolize these shared resources.

2.4.1 Use as little file space as is practical, making use of available means for compressing and archiving files. Those wishing to store files off-line on tape or optical disk may contact a CNG staff member for assistance. The CNG staff will be glad to tell you where to purchase storage media and will assist you in finding a way to create your own archives.

2.4.2 Do not over-burden resources with multiple login sessions. Avoid leaving idle login sessions on any computer for more than about 30 minutes.

2.4.3 Exercise care in the use of printers and other hardcopy output devices. Avoid wasting paper by proofing text and graphics before printing. When possible, use reduced-size fonts to print text.

2.4.4 Make appropriate use of batch queues and job priorities. Do not load the system in such a way that others cannot perform useful work. Use the batch(1) facility anytime you have more than one non-interactive job running at a time. UNIX provides facilities such as cron(1) and at(1) which can be used by all users to schedule program runs.

2.4.5 Do not login to the console of more than one workstation in a public lab at any time. Do not remain logged on to a lab workstation when leaving the lab for an extended period (over 20 minutes). For shorter absences, use a "screenlock" program to protect your account from unauthorized use.

2.4.6 Relinquish licensed software when you no longer are using the license so that others may use it.

2.4.7 Respect the resources of workstations located in public labs. Do not remote-login to such a workstation and run jobs that would interfere with use of that workstation by a person sitting in the lab. If you need extended access to a workstation in a public lab, make arrangements with the CNG (who may need to make arrangements with the sponsoring department) prior to any such use.

2.5 Not all the computer facilities in the School of Engineering are general access resources. Those found using restricted-access facilities may have their computer processes on that facility terminated without warning.

2.5.1 Some machines are intended for use only by members of a specific research group, and should not be used without the specific permission of the appropriate faculty member.

2.5.2 Some machines are intended for use as "file servers" or "communications servers", and carry login messages asking users to not use these machines for login purposes.

2.5.3 Workstations on faculty and CNG staff desks should not be used as login resources without the specific permission of the faculty or CNG staff who use those machines.

2.5.4 Printers and other peripheral devices not located in public labs and advertised as available should not be used without specific permission.

2.6 Because this is an educational environment, computer systems are generally open to perusal and investigation by users. This access must not be abused either by attempting to harm the systems, or by stealing copyrighted or licensed software.

2.6.1 System-level files (not owned by individuals) may be used and viewed for educational purposes if their access permissions so allow.

2.6.2 Most system-level files are part of copyrighted or licensed software, and therefore you should not make your own copies of these files, in whole or in part, except as needed as part of an educational exercise. Removing copies of copyrighted software from the system on which it is licensed may be a violation of the copyright or license.

2.6.3 The same standards of intellectual honesty and plagiarism apply to software as to other forms of published work. Treat system software as if it were a library. Acknowledge borrowing code, algorithms, or data structures from the work of other people.

2.6.4 Making your own copies of software having a restricted use license is theft. So is figuring out how to "beat" the license. In addition, deliberate alteration of system files is vandalism or malicious destruction of University property, and will be treated as such.

2.7 School of Engineering computing facilities are provided for academic uses (instruction and research) and some administrative uses.

2.7.1 The license agreements for some pieces of software may specifically restrict the software to instructional use. Please check with the Computing and Networking Group before you use licensed software for research or administrative tasks.

2.7.2 Do not make use of any University computing facilities for any activity that is commercial in nature without first obtaining written approval to do so. Commercial activities include: consulting, developing software for sale, and in general any activity for which you are paid from non-University funds.

2.8 School of Engineering computing facilities are configured by CNG staff members. Tampering with hardware and software configurations can cause severe problems.

2.8.1 You should not power-cycle, re-cable, move, or otherwise modify computer or network hardware without a CNG staff member's approval. This includes altering the network interface hardware.

2.8.2 You should not add equipment to any HHSEAS network without a CNG staff member's approval. This includes new equipment, replacement equipment, and re-deployed equipment.

2.8.3 The HHSEAS/CNG cannot provide for support for all operating systems (OS). That support ability is critical to ensure the safe and reliable operation of the entire HHSEAS computing and networking environment. Thus only CNG-authorized operating systems will be allowed on the HHSEAS network. Unsupported OS/hardware combinations will be permitted only on systems that are not attached to the network. Contact the CNG for information regarding which OS/hardware combinations are supported.

2.8.4 No system on the HHSEAS network may offer network services without the written approval off the CNG. The CNG will manage all such services. Specifically, web/gopher/wais services, ftp services, and login services (and all other remote access services) must be managed by the CNG on CNG-specified and CNG-managed hosts.

2.8.5 HHSEAS members should contact CNG staff members prior to any purchase, as not all hardware/OS combinations will be allowed on the HHSEAS network.

2.8.6 Some systems (e.g., Sun, SGI, IBM) require yearly maintenance/support fees. These fees are the responsibility of the nominal owner of each system. For many systems types, these fees are coordinated through the Academic Technology Services (formerly the University Computing Center ) via the CNG staff. These support fees give us (the CNG staff) the ability to obtain and install required patches, upgrades etc. Without these required patches, systems fall below minimum acceptable standards for security purposes. Systems deemed as security risks will be removed from the HHSEAS network until they can be brought up to acceptable patch levels.

2.8.7 Equipment connected to the HHSEAS network must be University of Rochester and HHSEAS property. The CNG will not maintain privately owned equipment, and equipment not maintained by the CNG is not allowed on the HHSEAS network. Equipment purchased via grant or departmental funding are considered UR/HHSEAS equipment.

2.8.8 Multi-user systems (e.g., UNIX, Windows XP/2000/NT, MacOS 10) on the HHSEAS network shall be administered solely by the CNG staff. Full root/Administrator access will not be granted to non-CNG staff members. Partial administrative access may be granted if deemed practicable and necessary by the CNG.

2.9 Facilities are often available on an un-monitored basis. It is the responsibility of every user to act in such a manner as to not cause damage to the physical equipment.

Accidental damage, or damage caused by other parties, should be reported to a staff member as soon as possible so that corrective action can be taken. Similarly, any equipment which appears to be missing from the public labs should be reported immediately.

School facilities are paid for and operated in part with student money. Please help take care of them and bring any problems to staff attention.

3. User Rights

A user of School of Engineering computer facilities has the following rights and privileges.

3.1 You should not be denied access to facilities by someone who is not using the facilities for research or instructional purposes, or who is not a student, faculty, or staff member of the School of Engineering. You have the right to ask an appropriate staff member to remove such a person so you can use the facilities.

3.2 You have the right to expect not to be harassed while using School of Engineering facilities. You have the right to ask an appropriate staff member to take steps to attempt to end any abuse to which you are subjected.

3.3 You have the right to expect some privacy of files (but see staff rights and responsibilities). Specifically, you should expect that your files will not be turned over to other users without your written permission.

In general, the staff of the School of Engineering computer facilities has the responsibility of enforcing the rights and responsibilities of the users of those facilities to the best of their ability. Several specific staff responsibilities are listed below.

4.1 Staff should not make use of facilities intended for instructional purposes unless this is necessary to correct an urgent problem. Instructional facilities should never be used for day-to-day staff work unless these facilities are currently being under-utilized by students.

4.2 Staff should at all times respect the privacy of user files, mail, and printer listings (but see Staff Rights below).

5. Staff Rights

In general, the staff has great latitude to protect the interests of the School and to carry out their responsibility to keep the School computing resources operating and available.

5.1 The networked computer environment in the School of Engineering is a facility provided to faculty, staff, and students to enable them to accomplish certain tasks required by their roles within the School and the University. There is an acknowledged trade-off between the users' right of privacy and the need of the staff to gather necessary information to ensure the continued functioning of this School-wide resource.

In the normal course of system administration, the staff has the right to examine files, mail, and printer listings to gather sufficient information to diagnose and correct problems with system software, or to determine if a user is acting in violation of the policies set forth in this document.

As mentioned in Staff Responsibilities, above, the staff has an obligation to maintain the confidentiality of a user's files, mail, and printer listings, except in those cases where the situation warrants notification to the HHSEAS Committee on School Computing (See Due Process, below).

5.2 Because this is an educational institution, some behavior is tolerated, even encouraged, that would not be allowed at a commercial site. This, combined with the fact that there is relatively free and uncontrolled access to our systems via network connections around the world, causes special problems for the staff.

In many ways the staff allows the users great freedom in use of the facilities. However, there are certain kinds of threatening or damaging behavior against which the staff will take action. For example: owning or using burglar's tools, worms, viruses, or Trojan horses. Any such action will be taken carefully, because there may be legitimate reasons for people to have such objects in their possession. Staff will normally take action only if there is clear and convincing reason to believe that a user is violating the policies outlined in this document.

Suspicious activity may result in the staff suspending an account's access to computing facilities while investigation takes place into whether the activity is actually a violation.

Minor violations will be handled in most cases by the staff. Those violations which are obviously unintentional or which are neither malicious nor damaging and have been performed by a first-time violator will usually be handled by taking a complete statement from the violator and giving a warning. In many cases no further action will be taken.

Serious violations of policy will be brought to the HHSEAS Committee on School Computing. This Committee will examine the evidence and will hear testimony from the staff and the accused, after which a decision will be made as to further handling.

Some actions covered by this policy are also covered by University regulations, the violation of which could lead to academic judicial proceedings. Some actions covered by this policy are also covered by City, State, or Federal law, the violation of which could lead to civil or criminal prosecution.