home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Forum of Incident Response & Security Teams
/
Forum_of_Incident_Response_and_Security_Teams_FIRST_October_1994.iso
/
ethics
/
uofdelaw.txt
< prev
next >
Wrap
Text File
|
1994-07-08
|
20KB
|
470 lines
DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT
A Guide to Responsible Computing at the University of Delaware
Draft June 6, 1990
Prepared by staff in Academic Computing Support and
Computing and Network Services
Table of Contents
Policy for Responsible Computing Use 1
User Responsibilities 2
System Administrator Responsibilities 3
Misuse of Computing Resources and Privileges 5
Consequences of Misuse of Computing Resources 6
and Privileges
Academic Honesty 7
Works Consulted 8
DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT
Policy for Responsible Computing Use
The University of Delaware aims to provide the best possible computing
services to staff, faculty, and students with the fewest restrictions.
The University manages these resources for the mutual benefit of all
students, staff, and faculty.
Access to the University's computing facilities is a privilege granted
to members of the University community. Computer equipment and
accounts are to be used only for the purpose for which they are
assigned. The University reserves the right to limit or restrict
access to its computer systems. All users of University-owned or
University-leased computing systems, whether the system(s) are operated
by Academic Computing and Instructional Technology (ACIT), by Computing
and Network Services (CNS), or by any other University department, must
conduct their computing activities in a responsible manner, respecting
the rights of other computing users and respecting all computing
license agreements.
Computer facilities and accounts are owned by the University and are to
be used for University-related activities only. Computing resources
are not to be used for commercial purposes or non-university related
activities without written authorization from ACIT or CNS and/or
without the payment of appropriate fees to the University in the case
of commercial use. All University-owned microcomputers and advanced
workstations are also to be used only for University-related purposes.
All access to central computing systems must be approved by ACIT or
CNS. All access to departmental computer systems must be approved by
the department chair, director, or his or her authorized
representative.
Unauthorized access to information stored on a computer and
unauthorized use of University computing resources are both direct
violations of the University's standards for ethical conduct as
outlined in the University of Delaware Policy Manual, the Personnel
Policies and Procedures for Professional and Salaried Staff, the
Faculty Handbook, and the Student Guide to Policies. The University of
Delaware treats the abuse of computing facilities, equipment, software,
information, networks, or privileges as seriously as it treats other
violations of its codes of conduct.
Computer abuse is a crime in the State of Delaware. Individuals who
abuse University computing resources may be subject to prosecution
under Title 11, $931 -- $939 of the Delaware Code.
If you have any questions, please consult with your system
administrator, with the staff in ACIT or CNS, or with your dean,
project director, supervisor, chairman, or advisor.
DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT
User Responsibilities
If you use the University's computing resources or facilities, you have
the following responsibilities:
% Use the University's computing facilities, including hardware,
software, networks, and computer accounts, responsibly and
appropriately, respecting the rights of other computing users and
respecting all computing license agreements.
% Use only those computers and computer accounts for which you
have authorization.
% Use mainframe accounts only for the purpose(s) for which they
have been issued. Use University-owned microcomputers and advanced
workstations for University-related projects only.
% Be responsible for all use of your accounts and for protecting
each account's password. In other words, do not share computer
accounts. If someone else learns your password, you must change it.
% Report unauthorized use of your accounts to your project
director, instructor, supervisor, system administrator, or other
appropriate University authority.
% Make backup copies of your data, files, programs, diskettes,
and tapes.
% Cooperate with system administrator requests for information
about computing activities. Under certain unusual circumstances, a
system administrator is authorized to access your computer files.
If you are a project director for a group of mainframe computing users,
a supervisor whose staff use computers, or a faculty member whose
students use computers, you must help your project members, staff, or
students learn more about ethical computing practices.
DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT
System Administrator Responsibilities
This document uses the phrase system administrator to refer to all of
the following University personnel:
% systems programmers employed by CNS
% other staff employed by CNS whose responsibilities include
system, site, or network administration
% staff employed by ACIT whose responsibilities include system,
site, or network administration
% staff employed by other University departments whose duties
include system, site, or network administration.
A system administrator's use of the University's computing resources is
governed by the same guidelines as any other user's computing
activity. However, a system administrator has additional
responsibilities to the users of the network, site, system, or systems
he or she administers:
% A system administrator ensures that all users of the systems,
networks, and servers that he or she administers have access to the
appropriate software and hardware required for their University
computing.
% A system administrator is responsible for the security of a
system, network, or server.
% A system administrator must make sure that all hardware and
software license agreements are faithfully executed on all systems,
networks, and servers for which he or she has responsibility.
% A system administrator must take reasonable precautions to
guard against corruption of data or software or damage to hardware or
facilities.*
Footnote text:
* The University is not responsible for loss of information from
computing misuse, malfunction of computing hardware, malfunction
of computing software, or external contamination of data or
programs. The staff in ACIT and CNS and all other system
administrators must make every effort to ensure the integrity of
the University's computer systems and the information stored
thereon. However, users must be aware that no security or
back-up system is 100.00% foolproof.
% A system administrator must treat information about and
information stored by the system's users as confidential.
In discharging his or her duties to protect the security and integrity
of a network, system, or server and to allow users reasonable access to
the hardware and software they require, a system administrator may need
to examine user information, files, diskettes, or tapes. This
extraordinary step is justified when a system administrator
% is an eyewitness to a computing abuse,
% or notices an unusual degradation of service or other aberrant
behavior on the system, network, or server,
% or receives a complaint of computing abuse or degradation of
service,
% and has evidence that leads to a user's computing activity as
the probable source of the problem or abuse under investigation.
While investigating a suspected abuse of computing; a suspected
hardware failure; or a suspected bug in an application program,
compiler, network, operating system, or system utility, a system
administrator should ordinarily ask a user's permission before
inspecting that user's files, diskettes, or tapes. However, in cases
that the system administrator judges to be serious or in cases in which
the user is not available in a timely fashion, the system administrator
may inspect the information in question so long as he obtains
permission from at least one of the following:
% the user's supervisor, project director, dean, or academic
advisor
% the system administrator's own administrative officer (e.g.,
department director, chair, or other individual designated by the
administrative officer)
% the University Provost, Associate Provost for ACIT, Associate
Vice President for CNS, or other individual designated by these
University officers.
In addition, if a system administrator has evidence that a system or
network for which he or she is responsible is in grave, imminent danger
of crashing, sustaining damage to its hardware or software, or
sustaining damage to user jobs, he or she may take whatever steps
maintaining the integrity of the system requires. In the event that he
or she has had to inspect user files in the pursuit of this important
responsibility, he or she must notify one of the following of his or
her action and the reasons for taking those actions:
% the user or users whose files were inspected
% the user's supervisor, project director, dean, or academic
advisor
% the system administrator's own administrative officer (e.g.,
department director, chair, or other individual designated by the
administrative officer)
% the University Provost, Associate Provost for ACIT, Associate
Vice President for CNS, or other individual designated by these
University officers.
Any department may, at the discretion of its director or chair, extend
more authority to its system administrators as circumstances warrant.
DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT
Misuse of Computing Resources and Privileges
Misuse of computing resources and privileges includes, but is not
restricted to, the following:
% attempting to modify or remove computer equipment, software, or
peripherals without proper authorization
% accessing computers, computer software, computer data or
information, or networks without proper authorization, regardless of
whether the computer, software, data, information, or network in
question is owned by the University (That is, if you abuse the networks
to which the University belongs or the computers at other sites
connected to those networks, the University will treat this matter as
an abuse of your University of Delaware computing privileges.)
% using a computer or computer data for purposes other than that
for which it was intended or authorized
% sending fraudulent computer mail or breaking into another
user's electronic mailbox
% violating any software license agreement or copyright,
including copying or redistributing copyrighted computer software,
data, or reports without proper, recorded authorization
% violating the property rights or copyrights of software holders
or the holders of computer-generated data or reports without proper,
recorded authorization
% harassing or threatening other users or interfering with their
access to the University's computing facilities
% taking advantage of another user's naivete or negligence to
gain access to any computer account, data, software, or file other than
your own
% encroaching on others' use of the University's computers (e.g.,
tying up a computer with excessive game playing; sending frivolous or
excessive messages, either locally or off-campus; printing excess
copies of documents, files, data, or programs; running grossly
inefficient programs when efficient alternatives are available;
modifying system facilities, operating systems, or disk partitions;
attempting to crash or tie up a University computer; damaging or
vandalizing University computing facilities, equipment, software, or
computer files)
% disclosing or removing proprietary information, software,
printed output or magnetic media without the explicit permission of the
owner
% reading other users' data, information, files, or programs on a
display screen, as printed output, or via electronic means, without the
owner's explicit permission.
DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT
Consequences of Misuse of Computing Resources and Privileges
Abuse of computing privileges is subject to disciplinary action. If
system administrators or the staff in ACIT, CNS, or the Department of
Public Safety have strong evidence of misuse of computing resources,
and if that evidence points to the computing activities or the computer
files of an individual, they have the obligation to pursue any or all
of the following steps to protect the user community:
% Notify the user's project director, instructor, dean, or
supervisor of the investigation.
% Suspend or restrict the user's computing privileges during the
investigation. A user may appeal such a suspension or restriction and
petition for reinstatement of computing privileges through the
University's judicial system or through the grievance procedures
outlined in the faculty collective bargaining agreement.
% Inspect that user's files, diskettes, and/or tapes. System
administrators must be certain that the trail of evidence leads to the
user's computing activities or computing files before inspecting the
user's files.
% Refer the matter for processing through the University's
judicial system. If necessary, staff members from ACIT and CNS as well
as faculty members with computing expertise may be called upon to
advise the University judicial officers on the implications of the
evidence presented and, in the event of a finding of guilt, of the
seriousness of the offense.
Disciplinary action may include the loss of computing privileges and
other disciplinary sanctions. In some cases, an abuser of the
University's computing resources may also be liable for civil or
criminal prosecution.
It should be understood that these regulations do not preclude
enforcement under the laws and regulations of the State of Delaware,
any municipality or county therein, and/or the United States of
America.
DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT
Academic Honesty
Faculty and students are reminded that computer-assisted plagiarism is
still plagiarism. Unless specifically authorized by a class
instructor, all of the following uses of a computer are violations of
the University's guidelines for academic honesty and are punishable as
acts of plagiarism:
% copying a computer file that contains another student's
assignment and submitting it as your own work
% copying a computer file that contains another student's
assignment and using it as a model for your own assignment
% working together on an assignment, sharing the computer files
or programs involved, and then submitting individual copies of the
assignment as your own individual work
% knowingly allowing another student to copy or use one of your
computer files and to submit that file, or a modification thereof, as
his or her individual work.
For further information on this topic, students are urged to consult
the University of Delaware Student Guide to Policies, to consult with
their individual instructors, and to refer to the pamphlet "Academic
Honesty & Dishonesty: Important information for faculty and students."
DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT
Works Consulted
Baylor University. Computer Policies. 1989. Copy located in the
computer file ethics/Baylor.policy on ariel.unm.edu.
Catholic University of America, The. Statement of Ethics in the Use of
Computers. 1988. [Reprinted in ACM SIGUCCS Newsletter. Volume 19,
Number 1. 1989.]
Chapman, Gary. CPSR [Computer Professionals for Social Responsibility]
Statement on the Computer Virus. Communications of the ACM. Volume
32, Number 6. 1989.
Colgate University. Agreement for use of Computing Facilities. 1989.
Copy located in the computer file ethics/ColgateU.policy on
ariel.unm.edu.
Columbia University. Administrative Policies [of the Center for
Computing Activities]. No date. Copy located in the computer file
ethics/ColumbiaU.policy on ariel.unm.edu.
Delaware Code (Annotated). Computer Related Offenses. Title 11,
$931 -- $939. 1987.
Delaware Code (Annotated), 1989 Supplement. Computer Related
Offenses. Title 11, $937. 1989.
Ermann, M. David; Mary B. Williams; and Claudio Gutierrez. Computers,
Ethics, and Society. Oxford University Press. 1990.
Faculty Senate of the University of Delaware. Ethetical [sic] Conduct
in Computing. Unpublished draft statement discussed by Faculty Senate
in 1989.
Farber, David J. NSF [National Science Foundation] Poses Code of
Networking Ethics. Communications of the ACM. Volume 32, Number 6.
1989.
Hoffman, W. Michael and Jennifer Mills Moore, eds. Ethics and the
Management of Computer Technology: Proceedings of the Fourth National
Conference on Business Ethics Sponsored by the Center for Business
Ethics, Bentley College. Oelgeschlager, Gunn, and Hain. 1982.
Indiana University, Academic Computing Policy Committee, Subcommittee
on Ethical Use of Computers. Computer Users' Privileges and
Responsibilities: Indiana University. 1990. Copy received via
electronic mail April 25, 1990, from Mark Sheehan, Indiana University
Computing Services.
Internet Activities Board. Ethics Policy Statement. 1988. [Reprinted
in Purdue University's PUCC Newsletter. March 1989.]
Johnson, Deborah G. Computer Ethics. Prentice Hall. 1985.
Lees, John. [Michigan State University] College of Engineering
Computer Use Policy - DRAFT. 1990. Received via electronic mail April
23, 1990, from John Lees.
Parker, Donn B.; Susan Swope; and Bruce N. Baker. Ethical Conflicts in
Information and Computer Science, Technology, and Business. QED
Information Sciences, Inc. 1990.
Ryland, Jane N. SecurityQA Sleeper Issue Comes into its Own.
CAUSE/EFFECT. Volume 12, Number 4. 1989.
Temple University. Rules of Conduct for Using Computing Resources at
Temple University. 1988.
University of Delaware. Academic Honesty & Dishonesty: Important
information for faculty and students. 1989.
University of Delaware. Code of Conduct. Student Guide to Policies.
1989.
University of Delaware. Code of Ethics. Personnel Policies and
Procedures for Professional and Salaried Staff. 1989.
University of Delaware. Misconduct in Research. University of
Delaware Policy Manual. Policy 6-11. 1989.
University of Delaware. University of Delaware Faculty Handbook. 1990
[on-line edition consulted].
University of Delaware. 1989-1990 Residence Halls Handbook. 1989.
University of Delaware Libraries. Circulation Procedures and
Services. No date.
University of New Mexico. UNM Ethics Code for Computer Use [Draft].
1989. Copy located in the computer file ethics/UofNewMexico.policy on
ariel.unm.edu.
Weissman, Ronald F. E. Ethical and Responsible Computing. The OPEN
WINDOW (Brown University), Volume 3, Number 1. 1989. [Cited in
Ryland's article.]
DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT DRAFT
Submitted for comments by
Richard Gordon
Manager, Non-Numerical Applications
ACS, University of Delaware