I.T. Times - October 1993 Unacceptable Uses of Systems

Volume 2. No 1

Information Technology News of the University of California, Davis

October 1993

Unacceptable Uses of Campus Systems and Network

Editor's Note: The following information is from UCD - Computer Use Policy, a document adapted in large part from UC Berkeley's Computer Use Policy. The UCD document was approved for dissemination and implementation on an interim basis by the Computing Administrative Advisory Committee/Academic Senate Committee on Computing at its June 11, 1993 meeting.

Computers and networks can provide access to resources on and off campus, as well as the ability to communicate with other users worldwide. Such open access is a privilege, and requires that individual users act responsibly. Users must respect the rights of other users, respect the integrity of the systems and related physical resources, and observe all relevant laws, regulations, and contractual obligations.

Existing Legal Context

All existing laws (federal and state) and University regulations and policies apply, including those that are specific to computers and networks, as well as those also those that may apply generally to personal conduct.

Misuse of computing, networking or information resources may result in the loss of privileges on those resources that IT administers, and those that may exist in other departments associated with UC Davis and connected to its network. Also, misuse can be prosecuted under applicable statutes. Users may be held accountable for their conduct under all applicable University or campus policies, procedures, or collective bargaining agreements. Complaints alleging misuse of IT resources will be directed to those responsible for taking appropriate disciplinary action as specified under Enforcement below. Illegal reproduction of software protected by US Copyright Law is subject to civil damages and criminal penalties including fines and imprisonment.

Other organizations operating computing and network facilities that are reachable via the UC Davis network may have their own policies governing the use of those resources. When accessing remote resources from UC Davis facilities, users are responsible for obeying both the policies set forth in this document and the policies of the other organizations.

Examples of Misuse

Here are guidelines to determine when misuse of UCD computer systems and the campus network has occurred. Examples of misuse include the activities in the following list.

Using a computer account that you are not authorized to use, and/or obtaining a password for a computer account without the consent of the account owner. If you, as an authorized user, give out your account and password to another individual, you can still be held accountable for any actions that may arise from use of your account.
Using the campus network to gain unauthorized access to any computer system.
Knowingly or carelessly performing an act that will interfere with the normal operation of computers, terminals, peripherals, or networks.
Knowingly or carelessly running or installing on any computer system or network, or giving to another user, a program intended to damage or to place excessive load on a computer system or network. This prohibition includes programs known as computer viruses, Trojan Horses, and worms.
Attempting to circumvent data-protection schemes or uncover security loopholes, including creating and/or running programs designed to identify security loopholes and/or decrypt intentionally secure data. This proscription includes programs contained within an account, or under ownership of an account, that are designed or associated with security cracking.
Violating terms of applicable software licensing agreements or copyright laws.
Deliberately wasting or overloading computing resources. This prohibition includes printing multiple copies of a document or printing large documents that may be available online or, if printed, that may impact significantly on other users' printing resources.
Using electronic mail to harass other persons.
Creating mail or electronic distribution lists larger than 10 addressees that send electronic communications to other accounts without prior permission of the receiving individuals.
Moving large files across networks during peak usage periods or prime hours such that it degrades resource performance. Prime hours will be considered to be Monday through Friday from 1:00 to 5:00 p.m.
Storing large files on the systems that could compromise system integrity or preclude other users right of access to disk storage. The IT staff may remove or compress disk files that are consuming large amounts of disk space, with or without prior notification. Total space allocated to an account on IT machines is currently one megabyte (allocation may vary on machines administered by other departments). The sum of all files stored on disk may not exceed this amount without prior approval of authorized IT staff.
Masking the identity of an account or machine. This prohibition includes sending mail anonymously.
Using your account for any activity that is commercial in nature, i.e., paid for by non-University funds. Commercial activities include, but are not limited to, consulting, typing services, and developing software for sale.
Posting materials that violate existing laws or the University's codes of conduct on electronic bulletin boards.
Posting information that may be slanderous or defamatory in nature on Internet services. This proscription includes posting of said type of material on Usenet News.
Displaying sexually explicit, graphically disturbing, or sexually harassing images or text in a public computer facility or other location that can potentially be in view of other individuals.
Attempting to monitor or tamper with another user's electronic communications, or reading, copying, changing, or deleting another user's files or software without the explicit agreement of the owner. Files owned by individual users are to be considered private property, whether or not they are accessible by other users.

Activities will not be considered misuse when authorized in writing by appropriate University officials for security or performance testing.

Enforcement

Penalties may be imposed under one or more of the following: University of California regulations, UC Davis regulations, California law, the laws of the United States. Minor infractions of this policy, such as poorly chosen passwords, overloading systems, excessive disk space consumption, and so on are typically handled internally to IT in an informal manner by electronic mail or in-person discussions. More serious infractions are handled via formal procedures.

Infractions such as sharing accounts or passwords, harassment, or repeated minor infractions may result in the temporary or permanent loss or modification of IT access privileges. Additionally, notification will be made to a student's academic advisor and/or Student Judicial Affairs, or the department chairperson in the case of staff or faculty.

More serious infractions, such as unauthorized use, attempts to steal passwords or data, unauthorized use or copying of licensed software, violations of University policies, or repeated violations as described in the above paragraph may result in the temporary or permanent loss of IT access privileges. In all cases, the offender's associated school or department will be notified of the infraction. If the offender is a student at the University, the case will also be referred to the Student Judicial Board for appropriate action.

Offenses which are in violation of local, state or federal laws will result in the immediate loss of all IT computing privileges, and will be reported to the appropriate University and law enforcement authorities.

ietpubs@ucdavis.edu