home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Forum of Incident Response & Security Teams
/
Forum_of_Incident_Response_and_Security_Teams_FIRST_October_1994.iso
/
ethics
/
mcgilldr.txt
< prev
next >
Wrap
Text File
|
1994-07-08
|
7KB
|
167 lines
Below is a DRAFT Computer Usage Policy now being widely circulated
on the McGill University campus in Montreal, Canada.
It has been formulated largely by the Director of the Computing Center
and the University Lawyer and is considered close to the final version
which will come into effect September, 1993.
Presently there is no explicit (campus-wide) policy.
I am inviting thoughtful criticism of this policy. I would like to
collect your comments in order to make concrete suggestions to
possibly revise this policy before it is made official. When you reply,
please include the name of your institution and your position within it.
I look forward to many informed responses,
Prof. David G. Jones djones@lightning.mcrcim.mcgill.edu
McGill University
Dept. of Electrical Engineering
3480 University St.
Montreal, Quebec H3A 2A7
CANADA
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(27 May 1993)
McGill University
Computing Facilities Usage Policy
DRAFT - Revised
The computing facilities at McGill are provided for the use of
McGill students, faculty and staff in support of the programs of
the University. All students, faculty and staff are responsible
for seeing that these computing facilities are used in an
effective, efficient, ethical, lawful and polite manner.
McGill Computing Facilities (MCF) are defined as any computer,
computer-based network, computer peripherals, software or any
combination thereof, owned by McGill University or under the
possession, custody or control of McGill University. All
equipment purchased with research funds administered by McGill
are, by definition, owned by McGill University.
The following policies apply to all users of McGill Computer
Facilities.
1. MCF may be used only with explicit authorization. The
unauthorized use of MCF, as well as the provision of false
or misleading information for the purpose of obtaining
access to MCF, is prohibited. MCF may not be used to gain
unauthorized access to computing facilities of other
institutions, organizations or individuals.
2. Computer and network accounts, passwords or other types of
authorization are assigned to individual users and must not
be shared with others. Users are required to take all
reasonable precautions to protect the accounts allocated to
them.
3. MCF are to be used for authorized purposes and in the
support of university sanctioned activities. Use for
conducting business or for financial gain is specifically
forbidden unless approved in writing.
4. The use of networks external to McGill (such as RISQ,
CA*net, NSFNET) must comply with the policies of acceptable
use promulgated by the organizations responsible for those
networks. Examples of inappropriate behaviour include, but
are not limited to, wide-spread unsolicited mailings and the
use of networks for commercial activities.
5. Users should be aware that data (including e-mail) may, due
to software or hardware failure, be accessible to those who
are not explicitly authorized. Systems management personnel
may also on occasion have access to such data while
performing routine operations or in pursuing apparent
systems problems or user problems. Systems personnel are
required to report any apparent improper or illegal
activities so discovered. No guarantee of complete privacy
is made.
6. To protect the integrity of MCF and the users thereof
against unauthorized or improper use of those facilities,
McGill University reserves the right, without notice, to:
limit or restrict any individual's use, and to inspect,
copy, remove or otherwise alter any data, file, or system
resource which may undermine the authorized use of any
computing facility. McGill also reserves the right to
periodically check any system and reserves any other rights
necessary to protect its computing facilities.
Only explicitly authorized University staff may exercise the
preceding rights and only for reasonable cause. Staff who,
in the course of their jobs, exercise these rights, may only
use the information so obtained if there is evidence of
improper or illegal use of MCF. Any such use of normally
private data must be reported to University officials.
7. It is prohibited to attempt to discover or alter passwords
or to access other information which a user is not duly
authorized to have, as are any attempts to subvert MCF
security. Lack of system protection does not give the right
to do any of these things. Unauthorized monitoring of
electronic communications is expressly forbidden.
8. Intentional unauthorized disruption of MCF is not allowed,
nor is any unauthorized action which intentionally denies
another legitimate user access to MCF.
9. MCF may not be used for any illegal purposes. The law
prohibits unauthorized use of computers; unauthorized access
to information or programs; destruction or alteration of
data or interference with lawful access to data; the use of
a computer system with the intent to commit any of the
above.
Copyright law specifically prohibits copying of any software
except as explicitly allowed in the usage agreement. Unless
the software explicitly states otherwise, ALL software is
copyrighted, even those normally referred to as shareware or
freeware. Copyright law provides similar protection for
data and text.
10. Harassment in any form is not allowed. Messages of any
type, which would be illegal or inappropriate in verbal or
printed form, are considered illegal or inappropriate in
computer-based forms.
11. E-mail or other messages must be signed and traceable to the
originator. Access to remote systems must be similarly
traceable.
12. Users are encouraged to report any violations of this policy
by another individual and any information relating to a flaw
in or bypass of computing facility security to the
appropriate systems manager or the Computing Centre.
13. Individual computing facilities may establish additional
rules and policies as they see fit. Such additions must be
consistent with this policy.
McGill University reserves the right to take disciplinary and/or
legal action in the case of infractions of the preceding.
Due to the diversity in computing facilities across the
University, the preceding policies may not include sufficient
detail. If you have any questions regarding their intention or
the implementation in your area, address your questions to the
people responsible for your local computing facility. Questions
not answered to your satisfaction may be addressed to the
Director of Computing and Telecommunications.
Students, faculty or staff may be required to formally
acknowledge the terms of this policy at the discretion of
individual computing facilities management.
****** END OF POLICY ******