The University of Utah provides information technology resources to a large number and variety of users-faculty, staff, students, and outside clients. As members of the University of Utah community, and in accordance with the Proper Use policy, all users have the responsibility to use those services in an effective, efficient, ethical, and legal manner.
Ethical and legal standards that apply to information technology resources derive directly from standards of common sense and common courtesy that apply to the use of any shared resource. The campus computing community depends first upon the spirit of mutual respect and cooperation that has been fostered at the University of Utah to resolve differences and ameliorate problems that arise from time to time.
These guidelines are published in that spirit. Their purpose is to specify user responsibilities in accordance with the Proper Use policy and to promote the ethical, legal, and secure use of computing resources for the protection of all members of the University of Utah computing community. The University extends membership in this community to its students and employees with the stipulation that they be good citizens, and that they contribute to creating and maintaining an open community of responsible users.
Appropriate and Responsible Use
Central to appropriate and responsible use is the stipulation that, in general, computing resources shall be used in a manner consistent with the instructional, public service, research, and administrative objectives of the University. Use should also be consistent with the specific objectives of the project or task for which such use was authorized. All uses inconsistent with these objectives are considered to be inappropriate use and may jeopardize further access to services.
Although service providers provide and preserve security of files, account numbers, authorization codes, and passwords, security can be breached through actions or causes beyond their reasonable control. You are urged, therefore, to safeguard your data, personal information, passwords and authorization codes, and confidential data; to take full advantage of file security mechanisms built into the computing systems; to choose your passwords wisely and to change them periodically; and to follow the security policies and procedures established to control access to and use of administrative data.
When you use the University of Utah's computing services, you accept the following specific responsibilities:
1.To respect the privacy of other users; for example, you shall not intentionally seek information on, obtain copies of, or modify files, tapes, or passwords belonging to other users or the University, shall not represent others, unless authorized to do so explicitly by those users, nor shall you divulge sensitive personal data to which you have access concerning faculty, staff, or students without explicit authorization to do so.
2.To respect the rights of other users; for example, you shall comply with all University policies regarding sexual, racial, and other forms of harassment. The University of Utah is committed to being a racially, ethnically, and religiously heterogeneous community.
3.To respect the legal protection provided by copyright and licensing of programs and data; for example, you shall not make copies of a licensed computer program to avoid paying additional license fees or to share with other users.
4.To respect the intended usage of resources; for example, you shall use only those resources (username and password, funds, transactions, data, processes, etc.) assigned to you by service providers, faculty, unit heads, or project directors for the purposes specified, and shall not access or use other such resources unless explicitly authorized to do so by the appropriate authority. You may not use University resources assigned to you or others for profit-making or fund-raising activities unless explicitly authorized to do so by the appropriate authority.
5.To respect the shared nature of resources; for example, you shall avoid activities that unreasonably tax system resources or that, through frivolous use, go beyond the intended use of the system.
6.To respect the intended usage of systems for electronic exchange (such as e-mail, IRC, Usenet News, World Wide Web, etc.); for example, you shall not send forged electronic mail, mail that will intimidate or harass other users, chain messages that can interfere with the efficiency of the system, mass mailings not related to the topic(s) of the addressed group(s), or promotional mail for profit-making purposes. Also, you shall not break into another user's electronic mailbox or read someone else's electronic mail without his/her permission.
7.To respect the integrity of the system or network; for example, you shall not intentionally develop or use programs, transactions, data, or processes that harass other users or infiltrate the system or damage or alter the software or data components of a system. Alterations to any system or network software or data component shall be made only under specific instructions from authorized faculty, unit heads, project directors, or management staff.
8.To respect the financial structure of a computing or networking system; for example, you shall not intentionally develop or use any unauthorized mechanisms to alter or avoid charges levied by the University for computing, network, and data processing services.
9.To adhere to all general University policies and procedures including, but not limited to, policies on proper use of information resources, information technology, and networks; acquisition, use, and disposal of University-owned computer equipment; use of telecommunications equipment; ethical and legal use of software; and ethical and legal use of administrative data.
Service Provider Responsibilities
All service providers have the responsibility to offer service in the most efficient, reliable, and secure manner while considering the needs of the total user community. At certain times, the process of carrying out these responsibilities may require special actions or intervention by service provider staff. In such circumstances, service providers are bound by the policies governing their actions. At all other times, staff have no special rights above and beyond those of other users; they are required to follow the same policies and conditions of use that other users must follow. Every effort shall be made to ensure that persons in positions of trust do not misuse computing resources or data or take advantage of their positions to access information not required in the performance of their duties.
Service providers are not responsible for policing user activity. However, when they become aware of violations, either through the normal course of duty or by a complaint, it is their responsibility to initiate an investigation. At the same time, to forestall an immediate threat to the security of a system or its users, service providers may suspend access of the people involved in the violation while the incident is being investigated. They may also take other actions to preserve the state of files and other information relevant to an investigation.
Service providers will act in accordance with existing policy governing privacy of user information by seeking permission to examine the content of e-mail and other private files. In instances where user permission cannot be obtained and the content of files may jeopardize the security of systems, safety of users, or ability of the University or its constituent parts to conduct necessary business, service providers must obtain authorization from a higher administrative authority to examine content.
Violations of Guidelines
Violations of any of the above guidelines are certainly unethical and may be violations of University policy or criminal offenses. You are expected to report information you may have concerning instances in which the above guidelines have been or are being violated.
In accordance with established University practices, policies, and procedures, confirmation of inappropriate use of University of Utah technology resources may result in termination of access, disciplinary review, expulsion, termination of employment, legal action, or other disciplinary action. Service providers will, when necessary, work with other University offices in the resolution of problems.
Other Responsible Use Guidelines for Specific Services
Additional responsible use guidelines applying to the use of networks and telecommunications services and administrative data processing systems and services can be found in the Standard Practice Guide online.
Also, other external networks to which the University of Utah maintains connections have established acceptable use standards (see the World Wide Web for details). It is your responsibility to adhere to the standards of such networks. The University cannot and will not extend any protection to you should you violate the policies of an external network.
Copyright © 1999. University of Michigan Regents