1. Background and Purpose
The ethical principles that apply to everyday academic community life also apply to the use of information and computing resources. Every member of the Rensselaer community has basic rights and responsibilities. It is unethical for anyone to violate these rights or ignore these responsibilities.
Furthermore, everything that is technically possible is not necessarily ethical or legal. Anyone who uses Rensselaer's computer systems and networks is responsible for meeting the standards outlined in this policy.
For examples illustrating applications of the policy, see Examples. (Links to other documents are for reference and are not to be considered part of this document.)
To participate in community life, we expect for ourselves and extend to others the freedom to express ideas and a respect for privacy, for property and for the environment in which we work. In community life, these expectations are reflected in the privileges and responsibilities afforded to each of its members.
The privilege of access to Rensselaer's computer systems and networks imposes certain responsibilities and obligations and is granted subject to Institute policies and local, state, and federal laws. (The phrase "Rensselaer's computer systems and networks" as it is used in this document refers to all Rensselaer-owned and operated computer equipment and software, the campus computer network, and all computers connected to the campus network.) Appropriate use should always be ethical, reflect academic honesty and community standards, show restraint in the consumption of shared resources, and be in compliance with Rensselaer's policies and state and federal law. It should demonstrate respect for intellectual property; ownership of data; system security mechanisms; and individuals' rights to privacy and to freedom from intimidation, harassment, and unwarranted annoyance. Appropriate use of Rensselaer's computer systems and networks includes instruction; independent study; authorized research; independent research; communication; and official work of the offices, units, recognized student and campus organizations, and agencies of the Institute.
This document outlines the privileges, responsibilities, and obligations of those who participate in Rensselaer's electronic community. It constitutes an Institute-wide policy intended to allow for the proper use of all Rensselaer's computer systems and networks, effective protection of individual users, equitable access, and proper management of those resources. It should be taken in the broadest possible sense and applies to Rensselaer network usage even in situations where it would not apply to the computer(s) in use (for example, student-owned computers attached to the campus network). The policy is intended to supplement, not replace, all existing laws, regulations, agreements, contracts and Rensselaer policies that currently apply to these services.
Campus units that operate their own computers or networks may add, with the approval of the unit head, individual guidelines which supplement, but do not relax, this policy. In such cases, the unit should inform their users and the Computing and Information Services Security Team (firstname.lastname@example.org) prior to implementation.
The remainder of this document is organized as follows:
- Section 2. Authorized Users
- Section 3. Individual Privileges
- Section 4. Individual Responsibilities
- Section 5. Rensselaer Privileges
- Section 6. Rensselaer Responsibilities
- Section 7. Procedures and Sanctions
Authorized use of Rensselaer computer systems and networks is consistent with the education, research, and service mission of the Institute, and consistent with this policy.
Authorized users are: (1) current faculty, staff, and students of the Institute; (2) others whose access is consistent with the mission of the Institute and whose usage does not interfere with other users' access to resources. All users must be authorized to use a particular computing or network resource by the campus unit responsible for operating the resource.
The following individual privileges empower each of us to be productive members of the Rensselaer community. These privileges are conditional upon accepting and complying with the accompanying responsibilities.
Rensselaer acknowledges that privacy is an important value for educational institutions. Creative, innovative, and risky thought, as well as scholarship and educational accomplishment all depend on interacting in a communication context in which individuals feel free to express and transmit their opinions and ideas. Thus, Rensselaer extends to its students, faculty, and staff a reasonable expectation of privacy in the communication that they conduct via Rensselaer's computer systems and networks. However, everyone should recognize that privacy cannot be guaranteed, even when it is intended, and should, therefore, exercise reasonable caution in electronic communication.
Although the privacy of electronic mail, files, and data is protected in normal circumstances, when, upon the judgment of the appropriate authorities, there is reason to believe the law or Institute policies have been violated, Rensselaer may access or disclose the electronic files, mail, or electronic discussions stored or transmitted by a student, staff member, or faculty member of the Institute. In these cases, the determination will be made by an individual with appropriate administrative responsibility. For example, for students, it will be determined by the Dean of Students' office; for staff, by the relevant Vice-President or designee; for the faculty, by the chief academic officer of the Institute or designee; and, in cases that may be a violation of the Institute Affirmative Action policy, the Affirmative Action Advisor to the President.
In keeping with its long tradition of academic freedom, Rensselaer supports free inquiry and expression by the users of its computer systems and networks. Rensselaer, however, reserves the right to take action against or deny access to its facilities to those whose use is not consonant with the purposes of the university or infringes on the rights of others.
People creating intellectual works using Rensselaer computer systems or networks, including but not limited to software, should consult Rensselaer's Intellectual Property Policy.
All members of the campus have the right not to be harassed by others. This includes harassment via the computer or network usage of others. (See 4.1.3.)
Just as certain privileges are given to each member of the campus community, each of us is held accountable for our actions as a condition of continued membership in the community. The interplay of privileges and responsibilities engenders the trust and intellectual freedom that form the heart of our community. To maintain this trust and freedom, each person must develop the skills necessary to be an active and contributing member of the community.
You are responsible to all other members of the campus community in many ways. This responsibility includes respect for the rights of privacy for all, respect for the diversity of the population and opinion in the community, ethical behavior, and compliance with all legal and Institute restrictions regarding the use of information that belongs to others.
No one should monitor, access, copy, print, alter, transmit or destroy anyone else's electronic files without explicit permission (unless authorized or required to do so by law, policy, or regulation). Simply being able to access a file or other information does not necessarily imply permission to do so.
Similarly, no one should connect to a host on the network without advance authorization in some form. An uninvited connection is generally considered to be an invasion of privacy and potential security threat. (Such applications as web pages and anonymous ftp sites are by their nature intended for public use and do not require explicit permission.)
You are responsible for recognizing (attributing) and acquiring appropriate permission to use the intellectual property of others and for not violating copyrights. For more details see:
- Rensselaer's Intellectual Property Policy (2007) (pdf file) (for works created by members of the Rensselaer community)
- Intellectual Property Issues in Electronic Communication
- Trade Secrets
- Guidelines for Putting Borrowed Material on the Web
You are prohibited from using, accessing, copying, printing, and storing copyrighted computer programs and other material, in violation of copyright. No software may be installed, copied, accessed, printed, transmitted or used on Rensselaer's computer systems and networks except as permitted by the owner of the software. Software subject to licensing must be properly licensed and all license provisions (installation, use, copying, number of simultaneous users, term of license, etc.) must be strictly adhered to.
No one may, under any circumstances, use Rensselaer's computer systems or networks to libel, slander, or harass any other person.
Computer Harassment includes, but is not limited to, using Rensselaer's computer systems or networks: (1) to annoy, harass, terrify, intimidate, threaten, offend or bother another person (for example, by conveying abusive, profane, defamatory or offensive messages, obscene language, pictures, or other materials, or threats of bodily harm); (2) to contact another person repeatedly to annoy, harass, or bother, whether or not any actual message is communicated, and/or where no purpose of legitimate communication exists, and where the recipient has expressed a desire for the communication to cease; (3) to contact another person repeatedly regarding a matter for which one does not have a legal right to communicate, once the recipient has expressed a desire for such communication to cease; (4) to disrupt or damage the academic, research, administrative, or related pursuits of another; (5) to invade or threaten to invade the privacy, academic or otherwise, of another.
No member of the community should engage in acts that waste or prevent others from using electronic resources, for instance, forwarding chain mail, sending mass mailings, or knowingly engaging in other activities that degrade service.
If you are not sure whether an activity you are planning would affect service, you may contact the system administrator (of departmental systems) or the ARC Help Desk in the VCC.
Public computer rooms that have been officially scheduled as classrooms are for use of the scheduled class. When not all of the computers are being used by the class, they may be used by other members of the campus community at the discretion of the instructor. Requests should be made before the class begins and should not interrupt class activities.
Limited recreational game playing that is not part of an authorized and assigned research or instructional activity is tolerated (within the parameters of each unit's rules). Game-playing that consumes excessive Institute computing and network resources is prohibited. Recreational game players occupying a seat in a public computing facility must give up that seat when others who need to use the facility for academic or research purposes are waiting.
It is your responsibility to be aware of the potential for and possible effects of manipulating information, especially in electronic form, to understand the changeable nature of electronically stored information, and to verify the integrity and completeness of information that you compile or use. When in doubt, verify electronic communications with the person you believe to have sent them.
Employees are responsible for following their unit's procedures for the security and integrity of Institute information stored on their personal desktop system. This responsibility includes making regular disk backups, controlling physical and network access to the machine, and installing and using virus protection software. Avoid storing passwords or other information that can be used to gain access to other campus computing resources.
Computer accounts, passwords, and other types of authorization are assigned to individual users and, in general, are not intended to be shared with others. There may be times when you need to share your password with a member of your family, secretary, or friend, but you will remain responsible for any use of your account. Likewise, you are responsible for any activities on your personal computer attached to the Rensselaer network. Passwords should be changed periodically and after every disclosure to a third party.
Special access to information or other special computing privileges are to be used in performance of official duties only. Information that you obtain through special privileges is to be treated as private and confidential.
When you cease being a member of the campus community (e.g., graduate, withdraw, or terminate employment), or if you are assigned a new position and/or responsibilities within the Institute, your access authorization must be reviewed. You must not use facilities, accounts, access codes, privileges, or information for which you are not authorized in your new circumstances.
You are prohibited from attempting to circumvent or subvert any system's security measures. (The list below does not prohibit authorized use of security tools by system administration personnel.) You are encouraged to inform system administrators of any loopholes you discover and cooperate in implementing security procedures.
You are prohibited from intercepting, accessing, printing, transmitting, copying, or decoding passwords or similar access control information, whether by means of using any computer program or device or by deception or observation of other users.
Harmful activities are prohibited; such activities include, but are not limited to: creating or propagating viruses, worms, or trojan horses; disrupting services; damaging files; intentional destruction of or damage to equipment, software, or data belonging to Rensselaer, other entities, or individual users. In addition, you may not:
- damage computer systems
- obtain extra resources not authorized to you
- deprive another user of authorized resources
- gain unauthorized access to systems
Use of Rensselaer's computer systems and networks for commercial activity is prohibited. It is acceptable to use designated news groups and other electronic communication for the occasional sale of personal items or to announce services that are part of the business of the Institute (Book Store, Food Service, etc.) But it is not acceptable to use Rensselaer facilities to run a business or otherwise to sell or advertise goods and/or services to the general public.
Rensselaer's computer systems and networks may not be used in connection with compensated outside work nor for the benefit of organizations not related to Rensselaer, except: in connection with scholarly pursuits (such as faculty publishing activities); or in a purely incidental way. This and any other incidental use (such as electronic communications, storing data on single-user machines, volunteer work or political activities) must not interfere with other users' access to resources (computer cycles, network bandwidth, disk space, printers, etc.) and must not be excessive.
You should not use electronic communication in an attempt to impersonate another user or otherwise misrepresent yourself to others. Although there are instances in which anonymous communication is acceptable, it is generally advisable to identify yourself accurately. It is not acceptable to use anonymity to harass, threaten, or deceive others.
Our society depends on institutions like Rensselaer to educate our citizens and advance the development of knowledge. Therefore, Rensselaer assumes certain privileges regarding the information necessary to accomplish its goals and the equipment and physical assets used in its mission.
Rensselaer may control access to its information and the devices on which it is stored, manipulated, and transmitted, in accordance with the laws of New York and the United States and the policies of the Institute.
In accordance with Institute procedures, Rensselaer may impose sanctions on anyone who is found to have violated the policies of the Institute regarding computer and network usage.
Rensselaer may restrict the use of its computers and network when there is evidence of violations of Institute policies or local, state or federal laws. Specifically, the Institute reserves the right to limit access to its network through Institute-owned or other computers, and to remove or limit access to material posted on Institute-owned computers. Access will be restored as determined to be appropriate, unless access is to remain suspended as a result of formal disciplinary action determined by the Dean of Students Office (for students), the employee's department in consultation with the Office of Human Resources (for staff), or the chief academic officer of the Institute or designee (for faculty).
In addition, Rensselaer reserves the right to terminate any computer network connection without notice should it be determined that network traffic generated from this connection inhibits or interferes with the use of the network by others.
A system administrator (i.e., the person responsible for the technical operations of a particular machine) may access others' files for the maintenance of networks and computer and storage systems, such as to create backup copies of media. However, in all cases, all individuals' privileges and rights of privacy are to be preserved to the extent possible (subject to Section 3.1).
Units of Rensselaer operating computers and networks may routinely monitor and log usage data, such as network session connection times and end-points, CPU and disk utilization for each user, security audit trails, network loading, etc. These units may review this data for evidence of violation of law or policy, and other purposes.
When necessary, these units may monitor all the activities of and inspect the files of specific users on their computers and networks. Any person who believes such monitoring or inspecting is necessary must obtain the concurrence of the unit head and other appropriate authorities. In all cases all individuals' privileges and right of privacy are to be preserved to the greatest extent possible.
Rensselaer has the responsibility to develop policies and procedures to support the integrity of individual and institutional information, however stored, and to impose appropriate penalties when these policies and procedures are violated.
Rensselaer has the responsibility to develop, implement, maintain, and enforce appropriate procedures to discourage harassment by use of its computers or networks and to impose appropriate penalties when such harassment is found to have taken place.
Rensselaer has the responsibility to uphold all copyrights, laws governing access and use of information, and rules of organizations supplying information resources to members of the community (e.g., acceptable use policies for use of Internet).
Each unit has the responsibility of:
- enforcing this policy
- providing for security in their areas
- providing individuals equipped with Institute-owned desktop systems with resources for regular disk backups (software, hardware, media, and training) and for virus protection
- taking responsibility for the appropriate use of sponsored guest accounts
Departments are responsible for educating the users of department-owned desktop computers and providing a reasonable level of security for sensitive information. Departments with their own local area networks or a significant number of desktop computers should appoint a system administrator (or other contact person) and identify this person to the Division of the Chief Information Officer. The system administrator should be knowledgeable about the department's computing environment and about central resources and services. This position will serve
- as the first point of contact for unit personnel seeking problem resolution, information, and other assistance regarding computing and networking
- to facilitate interaction between the unit and Computing and Information Services staff on security matters.
If you are contacted by a representative from an external organization (i.e., District Attorney's Office, FBI, other law enforcement agency, or telecommunications service provider) who is conducting an investigation of an alleged violation involving Rensselaer computer systems and networks, inform the Division of the Chief Information Officer immediately. That office will provide guidance regarding the appropriate actions to be taken. In these cases, the determination of how to proceed will be made by an individual with appropriate administrative responsibility. For example, for students, it will be determined by the Dean of Students' office; for staff, by the relevant Vice-President or designee; for the faculty, by the chief academic officer of the Institute or his/her designee; and, in cases that may be a violation of the Institute Affirmative Action policy, the Affirmative Action Advisor to the President.
All users and units have the responsibility to report any discovered unauthorized access attempts or other improper usage of Rensselaer computer systems and networks. If you observe, or have reported to you (other than as in 7.1 above), a security or abuse problem with any Institute computer or network facilities, including violations of this policy:
- Take immediate steps as necessary to ensure the safety and well-being of information resources. For example, if warranted, a system administrator should be contacted to temporarily disable any offending or apparently compromised computer accounts, or to temporarily disconnect or block offending computers from the network (see section 5.5).
- Ensure that the following people are notified: (1) your unit head, (2) your system administrator, (3) the DotCIO Security team (email@example.com).
The Security Team will coordinate the technical and administrative response to such incidents. Reports of all incidents will be forwarded to the Dean of Students Office (for students) or the unit head (for employees).
Persons in violation of this policy are subject to the full range of sanctions, including, but not limited to, the loss of computer or network access privileges, disciplinary action, dismissal from the Institute, and legal action. Some violations may constitute criminal offenses and be subject to local, state, and/or federal prosecution.
Appeals should be directed through the procedures outlined in the Student and Faculty Handbooks and guidelines established by the Office of Human Resources and Institute Diversity.
This policy is adapted from a policy statement written at Georgia Institute of Technology and used with permission.
Approved: April 13, 1998