Acceptable Use Policy

It is the policy of The College of Saint Rose to maintain access for its community to local, national and international sources of information and to provide an atmosphere that encourages the free exchange of ideas and sharing of information. Access to this environment and the College's information technology resources is a privilege and must be treated according to the highest ethical standards.

The College expects all members of the community to use computing and information technology resources in a responsible manner and respect the public trust through which these resources have been provided, the rights and privacy of others, the integrity of facilities and controls, and all pertinent laws and College policies and standards.

This policy outlines the standards for acceptable use of Academic Computing and Information Technology Resources, which include, but are not limited to, equipment, software, networks and data whether owned, leased, or otherwise provided by The College of Saint Rose.

This policy applies to all users of Academic Computing and information technology resources, including faculty, staff, students, and guests accessing external network services, such as the Internet via College facilities.

Preserving the access to information resources is a community effort that requires each member to act responsibly and guard against abuses. Therefore, both the community as a whole and each individual user have an obligation to abide by the following standards of acceptable and ethical computer use:

" Use only those computing and information technology resources for which you have authorization.
" Use computing and information technology resources only for their intended purpose.
" Protect the access and integrity of computing and information technology resources.
" Abide by applicable laws and college policies and respect the copyrights and intellectual property rights of others, including the legal use of copyrighted software.
" Respect the privacy and personal rights of others.

Failure to comply with the appropriate use of these resources threatens the atmosphere for the sharing of information, the free exchange of ideas and the secure environment for creating and maintaining information property. Any member of the College community found using information resources for unethical or unacceptable practices has violated this policy and is subject to disciplinary proceedings including suspension of system privileges, dismissal from the College, termination of employment and/or legal action as may be appropriate.

The College of Saint Rose reserves the right to limit or restrict the use of its computing and information technology resources based on institutional priorities and financial considerations, as well as when it is presented with evidence of a violation of College policies, contractual agreements, or applicable state and federal laws. Although all members of the College have an expectation of privacy, if a user is suspected of violating this policy, his or her right to privacy may be superseded by the College's requirement to protect the integrity of information technology resources, the rights of all users and the property of the College. The College, thus, reserves the right to examine material stored on or transmitted through its facilities if there is reasonable cause to believe that the standards for acceptable and ethical computer use are being violated by a member of the College community. A reasonable attempt will be made to notify end users if a violation of these or other College policies is known or suspected before any specific action is taken.


Guidelines for Interpretation and Administration of the Acceptable Use Policy for Computing and Information Technology Resources:

These guidelines are intended to assist the College community in the interpretation and administration of the Acceptable Use Policy for Computing and Information Technology Resources. They outline the responsibilities each member of the College accepts when using computing and information technology resources. This is put forth as a minimum set of standards for all areas of the College and may be supplemented with unit specific guidelines. However, such additional guidelines must be consistent with this policy and cannot supersede this document.

User Responsibilities:

Use of Academic Computing and information technology resources is granted based on acceptance of the following specific responsibilities:
" Use only those computing and information technology resources for which you have authorization.

For example: it is a violation
o to use resources you have not been specifically authorized to use
o to use someone else's account and password or share your account and password with someone else
o to access files, data or processes without authorization
o to purposely look for or exploit security flaws to gain system or data access

" Use computing and information technology resources only for their intended purposes.

For example: it is a violation
o to use electronic resources for harassment or to stalk other individuals
o to send bomb threats or "hoax messages"
o to send chain letters
o to intercept or monitor any network communications not intended for you
o to use computing or network resources for consulting, advertising or other commercial purposes
o to attempt to circumvent security mechanisms
o to use privileged access for other than official duties
o to use former privileges after graduation, transfer or termination

" Protect the access and integrity of computing and information technology resources.
For example: it is a violation
o to release a virus or worm that damages or harms a system or network
o to prevent others from accessing an authorized service
o to send email bombs that may cause problems and disrupt service for other users
o to attempt to deliberately degrade performance or deny service
o to corrupt or misuse information
o to alter or destroy information without authorization

" Abide by applicable laws and university policies and respect the copyrights and intellectual property rights of others, including the legal use of copyrighted software.
For example: it is a violation
o to make more copies of licensed software than the license allows
o to download, use or distribute pirated software
o to operate or participate in pyramid schemes
o to distribute pornography to minors
o to upload, download, distribute or possess child pornography

" Respect the privacy and personal rights of others.
For example: it is a violation
o to tap a phone line or run a network sniffer without authorization
o to access or attempt to access another individual's password or data without explicit authorization
o to access or copy another user's electronic mail, data, programs, or other files without permission

System Administrator Responsibilities:

System Administrators and providers of Academic Computing and information technology resources have the additional responsibility of ensuring the integrity, confidentiality, and availability of the resources they are managing. Persons in these positions are granted significant trust to use their privileges appropriately for their intended purpose and only when required to maintain the system. Any private information seen in carrying out these duties must be treated in the strictest confidence, unless it relates to a violation or the security of the system.

Security Caveat:

Be aware that although computing and information technology providers throughout the College are charged with preserving the integrity and security of resources, security sometimes can be breached through actions beyond their control. Users are therefore urged to take appropriate precautions such as safeguarding their account and password, taking full advantage of file security mechanisms, backing up critical data and promptly reporting any misuse or violations of the policy.

Violations:
Every member of the College community has an obligation to report suspected violations of the above guidelines or of the Acceptable Use Policy for Academic Computing and Information Technology Resources. Reports should be directed to the area responsible for the particular system involved.

If a suspected violation involves a student, a referral may be made to the Director of Academic Computing at the College. The Student Handbook should be referenced regarding the College's judicial process. If a suspected violation involves a staff or faculty member, a referral will be made to the individual's supervisor.

In addition to this document, specific computers and labs may have additional rules in association with their use. These rules should be posted clearly at the facility, or pointers included in the login message. Violations of those rules are considered violations of Acceptable Use, and may be reported using the procedure in this document.
Specific Interpretations Interfering with Other Systems

Problems often occur when someone creates a program that does something many times. For example, if you write a program that looks at the same web page thousands of times, this will normally cause a problem. Both the servers that handle web pages, and the network that gets the pages to you, are designed for normal human use. They are not designed to cope with programs that ask for the same thing many times.

Similarly, sending the same request via email a large number of times (even in the same email message) will often cause problems. So will repeatedly opening and closing network connections, continuously sending "ping" packets, etc.

Networks can only handle a limited amount of traffic. If you start writing programs or scripts that use these tools repeatedly or in unusual ways, it is your responsibility to make sure that what you are doing will not cause trouble for the rest of the network.

Commercial Use

Commercial use is covered in both the policy and guidelines document. It is being mentioned here simply because commercial use is one of the most common violations of acceptable use. Here are some of the most common examples of things we consider commercial use:

" Using a Saint Rose system to host a web page for any business, including your private consulting practice, unless given permission to do so.
" Referring people to a Saint Rose email address for commercial use (e.g. in print ads or commercial web pages).
Email to large numbers of users

Currently, the academic systems are not configured to handle bulk email. Sending email to large numbers of users can cause significant problems for the system. Bulk email (except to people who have requested it) is also considered a violation of good network citizenship. Therefore, it is considered a violation of acceptable use to send substantially the same email message to more than 50 users. Exceptions are:

" When the use has been approved by the system administrator.
" When the mail uses majordomo, listserv, or another facility that has been specifically engineered to handle mailing lists without causing problems for the receiving system. In almost all cases these systems will also allow users to join and leave lists themselves.

Even for email to fewer than 50 users, you must abide by other restrictions. This includes the restriction against commercial use, and the general requirement that all activities must abide by the law. There are now laws against unsolicited commercial email in some areas.
Chain letters

[This text is from the US Postal Inspection Service web site.]

A chain letter is a "get rich quick" scheme that promises that your mailbox will soon be stuffed full of cash if you decide to participate. You're told you can make thousands of dollars every month if you follow the detailed instructions in the letter.

A typical chain letter includes names and addresses of several individuals whom you may or may not know. You are instructed to send a certain amount of money--usually $5--to the person at the top of the list, and then eliminate that name and add yours to the bottom. You are then instructed to mail copies of the letter to a few more individuals who will hopefully repeat the entire process. The letter promises that if they follow the same procedure, your name will gradually move to the top of the list and you'll receive money -- lots of it.

There's at least one problem with chain letters. They're illegal if they request money or other items of value and promise a substantial return to the participants. Chain letters are a form of gambling, and sending them through the mail (or delivering them in person or by computer, but mailing money to participate) violates Title 18, United States Code, Section 1302, the Postal Lottery Statute. (Chain letters that ask for items of minor value, like picture postcards or recipes, may be mailed, since such items are not things of value within the meaning of the law.)

Recent Internet chain letters often start out by saying "this is absolutely legal", or "I used to think this was illegal, but I checked with a lawyer and it's not". The USPS and FBI say that this is false. These schemes (and various related ones, including some multilevel marketing scams) are considered to violate Federal laws against both gambling and wire fraud.

Cooperation with System Administrators

From time to time activities may interfere with operation of the system, even though they may not clearly be prohibited by the Acceptable Use Policy. In such cases, the system administrator or other College staff person may contact you and ask you to stop doing something. You are expected to comply with such instructions. Once you have received such a warning, any further activity of the same kind will be treated as a violation of Acceptable Use.
If you think the staff member has acted inappropriately in asking you to stop something, you may ask either the Director of Administrative Information Systems or the Director of Academic Computing to review the decision. However you will be expected to comply with the ruling of the staff while this review occurs.

How to Report Infractions Involving Academic Computing Systems

The majority of reports should be made through normal College support channels. (e.g, the Academic Computing web site). For more serious incidents, you may prefer to contact the Director of Academic Computing or the Director of Administrative Information Systems.

For certain kinds of incidents, special reporting channels are appropriate. However if you have trouble determining what approach to use, it is always appropriate to consult Academic Computing information channels, the Director of Academic Computing, or The College of Saint Rose Director of Safety and Security.