In response to the request for site-specific policies and procedures, here is the first draft of a policy that we are putting in place here. This policy has not yet been approved by the dean, the head of academic computing, the provost, or the university lawyers, so I expect there will be a number of changes before it is actually enacted and distributed. It should be a useful starting point for others embarking on the same process. --------------------------------------------------------------------------- College of Engineering Computer Use Policy John Lees, Manager Systems and Network Software Services A. H. Case Center for CAE/M College of Engineering, Michigan State University 112 Engineering Building, East Lansing, MI 48824-1226 lees@egr.msu.edu, lees@msuegr.bitnet, CompuServe 74106,1324 ABSTRACT This DRAFT Computer Use Policy applies specifi- cally to the facilities in the College of Engineering operated by the Case Center for use by all College of Engineering students, faculty, and staff. Facilities within the College operated by individual departments or research groups may have more stringent use poli- cies. This policy was drafted by the Ethics Subcommit- tee of the Case Center Advisory Committee during the 1989/90 academic year. The members of the Committee were: Dr. Erik Goodman, Dr. Robert Barr, John Lees, Fred Hall, Steve Southward, and William Su. A person in violation of this policy may be subject to adminis- trative action, with a penalty of a fine, restitution for ser- vices used, or loss of computer privileges. Some actions covered by this policy are also covered by University regulations or all-University policies, the violation of which could lead to academic judicial proceedings. Some actions covered by this pol- icy are also covered by City, State, or Federal law, the viola- tion of which could lead to civil or criminal prosecution. For the purposes of this policy, a user is any person consuming computer resources; a staff member is a person acting in an offi- cial capacity as a staff member. The same person may be a staff member during part of the day and a user during other parts of the day. The terminology used in this policy tends to reflect the UNIX operating system, which is used on the majority of computers in the College of Engineering, but is intended to apply to all operating systems in use in the College. 1. User Responsibilities A user of College of Engineering computer facilities should obey the following general guidelines. 1.1 Files owned by individual users or staff members are to be considered as private, whether or not they are accessible by other users. 1.1.1 That you can read a file does not mean that you may read a file. Files belonging to individuals are to be considered private property. 1.1.2 Under no circumstances should you alter a file that does not belong to you. The ability to alter a file does not give you the right to alter a file. 1.1.3 The United States Government [citation needed] includes electronic mail (email) in the same category as messages delivered by the United States Postal Ser- vice. This means that tampering with email, interfer- ing with the delivery of email, and the use of email for criminal purposes may be felony offenses. 1.2 Many resources, such as file space, CPU cycles, printer queues, batch queues, login sessions, and software licenses, are shared by all users. No user should monopolize these shared resources. 1.2.1 Use as little file space as practical, making use of available means for compressing and archiving files. 1.2.2 Terminate all "background" jobs before logging out. Long running, non-interactive jobs should be run in batch queues (if available). 1.2.3 Read and follow the posted policies on printer use. 1.2.4 Make appropriate use of batch queues and job priori- ties. Do not load the system in such a way that oth- ers cannot perform useful work. 1.2.5 Do not tie up resources with multiple, unused login sessions. 1.2.6 Relinquish licensed software, such as FrameMaker, when you no longer are using the license. 1.2.7 Respect the resources of workstations located in pub- lic labs. Do not login to such a workstation and run jobs that would interfere with use of that workstation by a person sitting in the lab. 1.3 Not all the computer facilities in the College of Engineer- ing are public resources (public to the College of Engineer- ing community). Users found using non-public facilities may be summarily logged-off those resources. 1.3.1 Some machines are designated as "file servers", and carry login messages asking users to not use these machines for login purposes. 1.3.2 Workstations on faculty and staff desks should not be used as login resources without the specific permis- sion of the faculty or staff who use those machines. 1.3.3 Printers and other peripheral devices not located in public labs and advertised as available should not be used without specific permission. 1.4 Because this is an educational environment, computer systems are generally open to perusal and investigation by users. This access must not be abused either by attempting to harm the systems, or by stealing copyrighted or licensed software. 1.4.1 System-level files (not owned by individuals) may be used and viewed for educational purposes if their access permissions so allow. 1.4.2 Most system-level files are part of copyrighted or licensed software, and therefore you should not make your own copies of these files, in whole or in part, except as needed as part of an educational exercise. Removing copies of copyrighted software from the sys- tem on which it is licensed may be a violation of the copyright or license. 1.4.3 The same standards of intellectual honesty and pla- giarism apply to software as to other forms of pub- lished work. Treat system software is if it were a library you were browsing. Acknowledge borrowing code, algorithms, or data structures from the work of other people. 1.4.4 Making your own copies of software having a restricted use license is theft. So is figuring out how to "beat" the license. 1.4.5 Deliberate alteration of system files is vandalism or malicious destruction of University property. 1.5 College of Engineering computing facilities are provided for academic uses (instruction and research) and some adminis- trative uses. 1.5.1 The license agreements for some pieces of software may specifically restrict the software to instructional use. Please check with the Case Center before you use licensed software for research or administrative tasks. 1.5.2 Do not make use of any University computing facilities for any activity that is commercial in nature without first obtaining written approval to do so. Commercial activities include: consulting, developing software for sale, and in general any activity for which you are paid from non-University funds. 1.6 Facilities are often available on an unmonitored basis. It is the responsibility of every user to act in such a manner as to not cause damage to the physical equipment. Accidental damage, or damage caused by other parties, should be reported as soon as possible so that corrective action can be taken. College facilities are paid for and operated in part with student money. Please help take care of them! Please bring problems to staff attention! 2. User Rights A user of College of Engineering computer facilities has the fol- lowing rights and privileges. 2.1 You should not be denied access to facilities by someone who is not using the facilities for research or instructional purposes, or who is not a student, faculty, or staff member of the College of Engineering. You have the right to ask an appropriate staff member to remove such a person so you can use the facilities. 2.2 You have the right to not be harassed while using College of Engineering facilities, whether it be physical, verbal, electronic, or any other form of abuse. You have the right to ask an appropriate staff member to take steps to end any abuse to which you are subjected. 3. Staff Responsibilities In general, the staff of the College of Engineering computer facilities has the responsibility of enforcing the rights and responsibilities of the users of those facilities to the best of their ability. Several specific staff responsibilities are listed below. 3.1 Staff should not make use of facilities intended for instructional purposes unless this is necessary to correct an urgent problem. Instructional facilities should never be used for day-to-day staff work unless these facilities are currently being under-utilized by students. 3.2 Staff should at all times respect the privacy of user files, mail, and printer listings (but see Staff Rights below). 4. Staff Rights The staff in general have the right to do whatever is necessary to carry out their responsibility to keep the College computing resources operating and available. 4.1 The networked computer environment in the College of Engineering is a facility provided to faculty, staff, and students to enable them to accomplish certain tasks required by their roles within the College and the University. There is an acknowledged trade-off between the absolute right of privacy of a user, and the need of the staff to gather necessary information to insure the continued functioning of this College-wide resource. In the normal course of system administration, the staff may have to examine files, mail, and printer listings to gather sufficient information to diagnose and correct problems with system software, or to determine if a user is acting in vio- lation of the policies set forth in this document. The staff has the right to do this. As mentioned in Staff Responsibilities, above, the staff has an obligation to maintain the privacy of a user's files, mail, and printer listings. 4.2 Because this is an educational institution, some behavior is tolerated, even encouraged, that would not be allowed at a "normal" commercial site. This, combined with the fact that there is relatively free and uncontrolled access to our sys- tems via network connections around the world, causes spe- cial problems for the staff. In general, the staff allows the users great freedom in use of the facilities. However, there are certain kinds of threatening or damaging behavior against which the staff will take action. For example: owning or using burglar's tools, worms, viruses, or trojan horses. Any such action will be taken carefully, because there may be legitimate reasons for people to have such objects in their possession. Staff will normally take action only if there is clear and convincing reason to believe that a user is violating the policies outlined in this document. A user who feels that s/he has legitimate reason to experi- ment with security-related aspects of the computer facili- ties should discuss the project with staff before embarking on the experiment. This will help prevent a perhaps embar- rassing intervention by the staff. 5. Bibliography We will attach a bibliography of pertinent University publica- tions in which to find official rules and regulations.