Guidelines for Units Implementing The Policy for Responsible Computing at William Paterson University

Prepared by staff of Instruction and Research Technology, William Paterson University
Adapted with thanks from the Delaware Guidelines, Copyright February 2, 1993

Table of Contents

Preface

Definition of Terms

Policy for Responsible Computing at William Paterson University

User Responsibilities

System Administrator Responsibilities

Misuse of Computing and Information Resource Privileges

User Confidentiality and System Integrity

Judicial Process for Cases of Alleged Misuse of Computing and Information Resource Privileges and Penalties for Misuse of Computing and Information Resource Privileges

Academic Honesty

Works Consulted

Preface

[Table of Contents]

The computer has become a common denominator that knows no intellectual, political, or bureaucratic bounds; the Sherwin Williams of necessity that covers the world, spanning all points of view.

. . . I wish that we lived in a golden age, where ethical behavior was assumed; where technically competent programmers respected the privacy of others; where we didn't need locks on our computers. . . .

Fears for security really do louse up the free flow of information. Science and social progress only take place in the open. The paranoia that hackers leave in their wake only stifles our work.

-Cliff Stoll, in The Cuckoo's Egg: Tracking a spy through the maze of computer espionage

One of the interesting facets of Cliff Stoll's The Cuckoo's Egg is his growing awareness of the responsibilities all computer users have to each other. It is our hope that this set of Guidelines can foster that same understanding in the William Paterson University community.

It is imperative that all users of the University's computing and information resources realize how much these resources require responsible behavior from all users. Simply put, we are all responsible for the well-being of the computing, network, and information resources we use.

Colleges do try to promote the open exchange of ideas; however, an open, cooperative computing network can be vulnerable to abuse or misuse. As more and more schools, colleges, universities, businesses, government agencies, and other enterprises become attached to the world-wide computing and information networks, it is more important than ever that this University educate its students, faculty, and staff about proper ethical behavior, acceptable computing practices, and copyright and licensing issues. A modern university must also educate its students, faculty, and staff about how how computer abuse can interfere with the exchange of ideas that is integral to a modern education.

The first item in the body of this document is the Policy for Responsible Computing at the William Paterson University, under review for acceptance by the Faculty Senate and the Student Government. The remainder of this document consists of recommended guidelines for implementing this policy. If you have any questions about the policy or the guidelines, please consult with the staff in Information and Research Technology (Coach House).

Definition of Terms

[Table of Contents]

Administrative Officer:

vice-president, dean, chair, or director to whom an individual reports.

Computer Account:

the combination of a user number, username, or userid and a password that allows an individual access to the WP, Deathstar, or Frontier computers or some other shared computer or network owned by the University.

Data Owner:

the individual or department that can authorize access to information, data, or software and that is responsible for the integrity and accuracy of that information, data, or software. The data owner can be the author of the information, data, or software or can be the individual or department that has negotiated a license for the University's use of the information, data, or software.

Desktop Computers, Microcomputers, Advanced Workstations:

different classes of smaller computers, some shared, some single-user systems. If owned or leased by the University or if owned by an individual and connected to a University-owned, leased, or operated network, use of these computers is covered by the Policy for Responsible Computing.

Information Resources:

In the context of these Guidelines, this phrase refers to data or information and the software and hardware that makes that data or information available to users.

Network:

a group of computers and peripherals that share information electronically, typically connected to each other by either cable or satellite link.

Normal Resource Limits:

the amount of disk space, memory, printing, etc. allocated to your computer account by that computer's system administrator.

Peripherals:

special-purpose devices attached to a computer or computer network--for example, printers, scanners, plotters, etc.

Server:

a computer that contains information shared by other computers on a network . These include fileservers and multi-user hosts such as: Deathstar, Discovery, Frontier, Pioneer, and WP .

Software:

programs, data, or information stored on magnetic media (tapes, disks, diskettes, cassettes, etc.). Usually used to refer to computer programs.

Student Technology Consultant:

See "Systems Administrator," below.

System/Server Administrator:

staff employed by a campus-wide computing unit such as Instruction and Research Technology, whose responsibilities include system, site, or network administration and staff employed by other University departments whose duties include system, site, or network administration. IRT employs the Student Technology Consultants who act as Systems Administrators for the duration and the location of their scheduled shifts. System administrators perform functions including, but not limited to, installing hardware and software, managing a computer or network, and keeping a computer operational. If you have a computer on your desk, you may be acting, in whole or in part, as that system's system administrator.

User:

someone who does not have system administrator responsibilities for a computer system or network but who makes use of that computer system or network. A user is still responsible for his or her use of the computer and for learning proper data management strategies.

Policy for Responsible Computing at the William Paterson University

[Table of Contents]

Preamble

In support of its mission of teaching, research, and public service, the William Paterson University provides access to computing and information resources for students, faculty, and staff, within institutional priorities and financial capabilities.

The Policy for Responsible Computing at the William Paterson University contains the governing philosophy for describing faculty, student, and staff rights and responsibilities associated with use of the University's computing resources. It spells out the general principles regarding appropriate use of equipment, software, and networks. By adopting this policy, the University recognizes that all members of the community are also bound by local, state, and federal laws relating to copyrights, security, and other statutes existing and future regarding electronic media.

Policy - Appropriate Use

All members of the University community who use the University's computing and information resources must act responsibly. These responsibilities include respect for the rights of other computing users, respect for the integrity of the physical facilities and controls, and compliance with all pertinent license and contractual agreements. It is the policy of the William Paterson University that all members of its community act in accordance with these responsibilities, relevant laws and contractual obligations, and the highest standard of ethics.

University computing facilities and accounts are to be used for the University-related activities for which they are assigned. University computing resources are not to be used for commercial purposes or non-University-related activities without written authorization from the University. In these cases, the University will require payment of appropriate fees. This policy applies equally to all University-owned or University-leased computers.

Access to the University's computing facilities is a privilege granted to University students, faculty, and staff. Access to University information resources may be granted by the stewards of that information based on the steward's judgement of the following factors: University policies, relevant laws and contractual obligations, the requestor's need to know, the information's sensitivity, and the risk of damage to or loss by the University.

The University reserves the right to limit, restrict, or extend computing privileges and access to its information resources. Data stewards--whether departments, units, faculty, students, or staff--may allow individuals other than University faculty, staff, and students access to information for which they are responsible, so long as such access does not violate any license or contractual agreement; University policy; or any relevant laws.

All users are responsible to protect systems from abuses that disrupt or threaten appropriate use of computing resources, including those at the University and those on networks to which the University's systems are connected. Access to information resources without proper authorization from the data steward, unauthorized use of University computing facilities, and intentional corruption or misuse of information resources are direct violations of the University's standards for conduct as outlined in this document, and the University Policy Manual, current edition, and the Student Handbook and may also be considered civil or criminal offenses.

Implementation

Appropriate University administrators will adopt guidelines for the implementation of this policy and regularly revise these guidelines as circumstances, including--but not limited to--changes in technology, warrant. The directors of the campus-wide computing units shall, from time to time, issue recommended guidelines to assist departments and units with this effort.

Enforcement

Alleged violations of this policy shall be processed according to the judicial processes outlined in the William Paterson University Policy Manual, the Faculty and Staff Handbook, University collective bargaining agreements, and the Student Handbook. The William Paterson University treats access and use violations of computing facilities, equipment, software, information resources, networks, or privileges seriously and may also prosecute abuse under the appropriate State and Federal laws.

Drafted, WP: November, 1995
(University of Delaware: May, 1993)

User Responsibilities

[Table of Contents]

If you use the University's computing resources or facilities, you have the following responsibilities:

Use the University's computing facilities and information resources, including hardware, software, networks, peripherals and computer accounts, responsibly and appropriately, respecting the rights of other computing users and respecting all contractual and license agreements.

Use only those computers and computer accounts for which you have authorization.

Use server accounts only for the purpose(s) for which they have been issued. Use University-owned microcomputers and advanced workstations for University-related projects only.

Be responsible for all use of your accounts and for protecting each account's password. In other words, do not share computer accounts. If someone else learns your password, you must change it.

Report unauthorized use of your accounts to your project director, instructor, supervisor, system administrator, or other appropriate University authority.

Cooperate with system administrator requests for information about computing activities. Under certain unusual circumstances, a system administrator is authorized to access your computer files.

Take reasonable and appropriate steps to see that all hardware and software license agreements are faithfully executed on any system, network, or server that you operate.

Each user is ultimately responsible for his or her own computing and his or her own work using a computer. Take this responsibility seriously. For example, users should remember to make backup copies of their data, files, programs, diskettes, and tapes, particularly those created on microcomputers and those used on individually- or departmentally-operated systems. Furthermore, users with desktop computers or other computers that they operate themselves must remember that they may be acting as the system administrators for those computers and need to take that responsibility very seriously.

If you are a project director for a server group users, a supervisor whose staff use computers, or a faculty member whose students use computers, you must help your project members, staff, or students learn more about ethical computing practices. You should also help your project members, staff, or students learn about good computing practices and data management.

System Administrator Responsibilities

[Table of Contents]

This document uses the phrase system administrator to refer to all of the following University personnel:

staff employed by a computing agency such as Instruction and Research Technology whose responsibilities include system, site, or network administration

staff employed by other University departments whose duties include system, site, or network administration.

A system administrator's use of the University's computing resources is governed by the same guidelines as any other user's computing activity.

However, a system administrator has additional responsibilities to the users of the network, site, system, or systems he or she administers:

A system administrator manages systems, networks, and servers to provide available software and hardware to users for their University computing.

A system administrator is responsible for the security of a system, network, or server.

A system administrator must take reasonable and appropriate steps to see that all hardware and software license agreements are faithfully executed on all systems, networks, and servers for which he or she has responsibility.

A system administrator must take reasonable precautions to guard against corruption of data or software or damage to hardware or facilities.

A system administrator must take reasonable precautions to guard against abuse of peripherals, including all lab-based printers, paper and toner.

A system administrator must treat information about and information stored by the system's users as confidential.

As an aid to a better understanding of responsible computing practices, all departments that own or lease computing equipment are encouraged to develop "Conditions Of Use" or "Guidelines for Responsible Computing" documentation for all systems that they operate and to make these documents available to users. These documents should be consistent with the "Policy for Responsible Computing at the William Paterson University " (reprinted on pages 1-2 of these Guidelines) and should be approved by the department's administrative officer or other individual designated by that administrative officer.

Misuse of Computing and Information Resource Privileges

[Table of Contents]

The University characterizes misuse of computing and information resources and privileges as unethical and unacceptable and as just cause for taking disciplinary action. Misuse of computing and information resources and privileges includes, but is not restricted to, the following:

attempting to modify or remove computer equipment, software, or peripherals without proper authorization

accessing computers, computer software, computer data or information, or networks without proper authorization, regardless of whether the computer, software, data, information, or network in question is owned by the University (That is, if you abuse the networks to which the University belongs or the computers at other sites connected to those networks, the University will treat this matter as an abuse of your William Paterson University computing privileges.)

circumventing or attempting to circumvent normal resource limits, logon procedures, and security regulations,

using computing facilities, computer accounts, or computer data for purposes other than those for which they were intended or authorized

unauthorized 'broadcast' distribution of email messages to users on or off campus

sending fraudulent computer mail, breaking into another user's electronic mailbox, or reading someone else's electronic mail without his or her permission

sending any fraudulent electronic transmission, including but not limited to fraudulent requests for confidential information, fraudulent submission of electronic purchase requisitions or journal vouchers, and fraudulent electronic authorization of purchase requisitions or journal vouchers

violating any software license agreement or copyright, including copying or redistributing copyrighted computer software, data, or reports without proper, recorded authorization

violating the property rights of copyright holders who are in possession of computer-generated data, reports, or software

using the University's computing resources to harass or threaten other users

taking advantage of another user's naivete or negligence to gain access to any computer account, data, software, or file that is not your own and for which you have not received explicit authorization to access

physically interfering with other users' access to the University's computing facilities

encroaching on others' use of the University's computers (e.g., disrupting others' computer use by excessive game playing; by sending excessive messages, either locally or off-campus [including but not limited to electronic chain letters]; printing excessive copies of documents, files, data, or programs; modifying system facilities, operating systems, or disk partitions; attempting to crash or tie up a University computer; damaging or vandalizing University computing facilities, equipment, software, or computer files)

disclosing or removing proprietary information, software, printed output or magnetic media without the explicit permission of the owner

reading other users' data, information, files, or programs on a display screen, as printed output, or via electronic means, without the owner's explicit permission.

User Confidentiality and System Integrity

[Table of Contents]

If a system administrator is an eyewitness to a computing abuse; notices an unusual degradation of service or other aberrant behavior on the system, network, or server for which he or she is responsible; or receives a complaint of computing abuse or degradation of service, he or she should investigate and take steps to maintain the integrity of the system(s). If a system administrator has evidence that leads to a user's computing activity as the probable source of a problem or abuse under investigation, he or she must weigh the potential danger to the system and its users against the confidentiality of that user's information.

While investigating a suspected abuse of computing; a suspected hardware failure; a disruption of service; or a suspected bug in an application program, compiler, network, operating system, or system utility, a system administrator should ordinarily ask a user's permission before inspecting that user's files, diskettes, or tapes. The next two paragraphs outline exceptions to this rule.

If, in the best judgement of the system administrator, the action of one user threatens other users or if a system or network for which the system administrator is responsible is in grave, imminent danger of crashing, sustaining damage to its hardware or software, or sustaining damage to user jobs, the system administrator should act quickly to protect the system and its users. In the event that he or she has had to inspect user files in the pursuit of this important responsibility, he or she must notify, as soon as possible, his or her own administrative officer or other individual designated by that administrative officer of his or her action and the reasons for taking that action. The administrative officer needs to be certain that one of the following are also notified as soon as practical (ordinarily within one business day): the user or users whose files were inspected; the user's supervisor, project director, administrative officer, or academic advisor.

In cases in which the user is not available in a timely fashion, in which the user is suspected of malicious intent to damage a computer system, or in which notifying the user would impede a sensitive investigation of serious computer abuse, the system administrator may inspect the information in question so long as he notifies his or her own administrative officer or other individual designated by the administrative officer of his or her actions and the reasons for taking those actions. The administrative officer needs to be certain that the user's supervisor, project director, administrative officer, or academic advisor is notified of the situation. In the case of suspected malicious intent, the administrative officer may also need to refer the matter to the appropriate University judicial body or to the Campus Police.

A system administrator may find it necessary to suspend or restrict a user's computing privileges during the investigation of a problem. The system administrator should confer with his or her administrative officer or other person designated by that administrative officer before taking this step. A user may appeal such a suspension or restriction and petition for reinstatement of computing privileges through the University's judicial system, through the grievance procedures outlined in University collective bargaining agreements, or by petition to the Dean of Students.

In general, then, a system administrator should

protect the integrity of the system entrusted to his or her care

respect the confidentiality of the information users have stored on the system

notify appropriate individuals when the above two aims have come into conflict

assist his or her administrative officer in referring cases of suspected abuse to the appropriate University judicial process.

Judicial Process for Cases of Alleged Misuse of Computing and Information Resource Privileges and Penalties for Misuse of Computing and Information Resource Privileges

[Table of Contents]

If staff Campus Police or system administrators have a preponderance of evidence that intentional or malicious misuse of computing resources has occurred, and if that evidence points to the computing activities or the computer files of an individual, they have the obligation to pursue any or all of the following steps to protect the user community:

Take action to protect the system(s), user jobs, and user files from damage.

Notify the alleged abuser's project director, instructor, academic advisor, dean, or administrative officer of the investigation.

Refer the matter for processing through the appropriate University judicial system. If necessary, staff members from a campus-wide computing agency such as Instruction and Research Techology as well as faculty members with computing expertise may be called upon to advise the University judicial officers on the implications of the evidence presented and, in the event of a finding of guilt, of the seriousness of the offense.

Suspend or restrict the alleged abuser's computing privileges during the investigation and judicial processing. A user may appeal such a suspension or restriction and petition for reinstatement of computing privileges through the University's judicial system, through the grievance procedures outlined in University collective bargaining agreements, or by petition to the Dean of Students.

Inspect the alleged abuser's files, diskettes, and/or tapes. System administrators must be certain that the trail of evidence leads to the user's computing activities or computing files before inspecting any user's files. (See "User Confidentiality and System Integrity" of these Guidelines for more information.)

Ordinarily, the administrative officer whose department is responsible for the computing system on which the alleged misuse occurred should initiate judicial proceedings. As the case develops, other administrative officers may, by mutual agreement, assume part of the responsibility for prosecuting the case.

Abuse of computing privileges is subject to disciplinary action. Disciplinary action may include the loss of computing privileges and other disciplinary sanctions up to and including non-reappointment, discharge, and/or dismissal. An abuser of the University's computing resources may also be liable for civil or criminal prosecution.

It should be understood that nothing in these guidelines precludes enforcement under the laws and regulations of the State of New Jersey, any municipality or county therein, and/or the United States of America.

Academic Honesty

[Table of Contents]

Faculty and students are reminded that computer-assisted plagiarism is still plagiarism. Unless specifically authorized by a class instructor, all of the following uses of a computer are violations of the University's guidelines for academic honesty and are punishable as acts of plagiarism:

copying a computer file that contains another student's assignment and submitting it as your own work

copying a computer file that contains another student's assignment and using it as a model for your own assignment

working together on an assignment, sharing the computer files or programs involved, and then submitting individual copies of the assignment as your own individual work

knowingly allowing another student to copy or use one of your computer files and to submit that file, or a modification thereof, as his or her individual work.

For further information on this topic, students are urged to consult the William Paterson University Student Handbook, and to consult with their individual instructors.

Faculty members are urged to develop specific policies regarding all aspects of academic honesty and to communicate those policies to their students in writing.

Works Consulted

[Table of Contents]

• Augustine, Charles. The Pieces of a Policy: Categories for Creation of a Computer Ethics Policy. Capitalizing on Communication: Proceedings of ACM SIGUCCS User Services Conference XVII. 1989.

• Baylor College. Computer Policies. 1989. Copy located in the computer file ethics/Baylor.policy on ariel.unm.edu.

• Catholic College of America, The. Statement of Ethics in the Use of Computers. 1988. [Reprinted in ACM SIGUCCS Newsletter. Volume 19, Number 1. 1989.]

• Chapman, Gary. CPSR [Computer Professionals for Social Responsibility] Statement on the Computer Virus. Communications of the ACM. Volume 32, Number 6. 1989.

• Colgate College. Agreement for use of Computing Facilities. 1989. Copy located in the computer file ethics/ColgateU.policy on ariel.unm.edu.

• Columbia College. Administrative Policies [of the Center for Computing Activities]. No date. Copy located in the computer file ethics/ColumbiaU.policy on ariel.unm.edu.

• Corporation for Research and Educational Networking. Acceptable Use of CSNET and BITNET. 1990. Received via electronic mail from Bernard A. Galler, March 23, 1990.

• EDUCOM and ADAPSO. Using Software: A guide to the ethical and legal use of software for members of the academic community. EDUCOM. 1987.

• Eichin, Mark W. and Jon A. Rochlis. With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988. Paper presented at 1989 IEEE Symposium on Research in Security and Privacy. Copy located in the file pub/virus/mit.PS on bitsy.mit.edu.

• Ermann, M. David; Mary B. Williams; and Claudio Gutierrez. Computers, Ethics, and Society. Oxford College Press. 1990.

• Faculty Senate of the William Paterson College . Ethetical [sic] Conduct in Computing. Unpublished draft statement discussed by Faculty Senate in 1989.

• Farber, David J. NSF [National Science Foundation] Poses Code of Networking Ethics. Communications of the ACM. Volume 32, Number 6. 1989.

• Fraser Valley College. DRAFT: Fraser Valley College Computing and Ethics Policy, April 23, 1991. Copy received via electronic mail, April 24, 1991, from Paul Herman, Fraser Valley College.

• Hafner, Katie and John Markoff. Cyberpunk: Outlaws and Hackers on the Computer Frontier. Simon and Schuster. 1991.

• Hoffman, W. Michael and Jennifer Mills Moore, eds. Ethics and the Management of Computer Technology: Proceedings of the Fourth National Conference on Business Ethics Sponsored by the Center for Business Ethics, Bentley College. Oelgeschlager, Gunn, and Hain. 1982.

• Indiana College, Academic Computing Policy Committee, Subcommittee on Ethical Use of Computers. Computer Users' Privileges and Responsibilities: Indiana College. 1990. Copy received via electronic mail April 25, 1990, from Mark Sheehan, Indiana College Computing Services.

• Internet Activities Board. Ethics Policy Statement. 1988. [Reprinted in Purdue College's PUCC Newsletter. March 1989.]

• Internet Engineering Task Force. Site Security Handbook: RFC 1244. P. Holbrook and J. Reynolds, eds. July 1991. Copy located in the file pub/ssphwg/rfc1244.txt on cert.sei.cmu.edu.

• Johnson, Deborah G. Computer Ethics. Prentice Hall. 1985.

• Lees, John. [Michigan State College] College of Engineering Computer Use Policy - DRAFT. 1990. Received via electronic mail April 23, 1990, from John Lees.

• Mason, Margaret Loy. Students, Ethics & Electronic Communication: An Adventure in User Education. New Centerings in Computing Services: Proceedings of ACM SIGUCCS User Services Conference XVIII. 1990.

• National Science Foundation. NSFNET Interim Conditions of Use Policy. LINK LETTER. Volume 3, Number 3. 1990. Also available in the file nsfnet/netuse.txt on nis.nsf.net.

• Parker, Donn B.; Susan Swope; and Bruce N. Baker. Ethical Conflicts in Information and Computer Science, Technology, and Business. QED Information Sciences, Inc. 1990.

• Ryland, Jane N. Security--A Sleeper Issue Comes into its Own. CAUSE/EFFECT. Volume 12, Number 4. 1989.

• Software Publishers Association. Software Use and the Law: A guide for individuals, educational institutions, user groups, and corporations. No date.

• Spafford, Eugene H. Some Musings on Ethics and Computer Break-Ins. 1989. Copy located in the file pub/virus/spaf.PS.Z on bitsy.mit.edu.

• Stoll, Cliff. The Cuckoo's Egg: Tracking a spy through the maze of computer espionage. Doubleday. 1989.

• Syracuse College. Computer Use Policy. No date.

• Temple College. Rules of Conduct for Using Computing Resources at Temple College. 1988.

• William Paterson College . Academic Honesty; Dishonesty: Important information for faculty and students. 1989.

• William Paterson College . Code of Conduct. Official Student Handbook. 1991.

• William Paterson College . Code of Ethics. Personnel Policies and Procedures for Professional and Salaried Staff. 1991.

• William Paterson College . Computer Software. William Paterson College Policy Manual. Policy 6-9. 1989.

• William Paterson College . Misconduct in Research. William Paterson College Policy Manual. Policy 6-11. 1989.

• William Paterson College . William Paterson College Faculty Handbook. 1991 [on-line edition consulted].

• William Paterson College . 1989-1990 Residence Halls Handbook. 1989.

• William Paterson College Libraries. Circulation Procedures and Services. No date.

• College of Michigan, Ann Arbor. Think About It: The Proper Use of Information Resources, Information Technology, and Networks at the College of Michigan. No Date.

• College of New Mexico. UNM Ethics Code for Computer Use [Draft]. 1989. Copy located in the computer file ethics/UofNewMexico.policy on ariel.unm.edu.

• Weissman, Ronald F. E. Ethical and Responsible Computing. The OPEN WINDOW (Brown College), Volume 3, Number 1. 1989. [Cited in Ryland's article.]

The software made available by the University has been licensed by the University for your use. As a result, its use may be subject to certain limitations.

The University is not responsible for loss of information from computing misuse, malfunction of computing hardware, malfunction of computing software, or external contamination of data or programs. The staff in campus-wide computing units such as Information Systems and all other system administrators must make every effort to ensure the integrity of the University's computer systems and the information stored thereon. However, users must be aware that no security or back-up system is 100.00% foolproof.

William Paterson University Home Page

Please direct questions to Robert A. Harris