General Policies on University Computer Resources
The Academic Information Technology Committee recommended on February 23, 1998, to the President and the Academic Senate via the Academic Policy and Planning Committee that the "General Policies on University Computer Resources" be approved. This revision updates the continuing interim document and comprises a unified response to many emerging issues and problems related to information technologies in higher education, including software use, privacy, freedom of speech related to e-mail and the Internet, individual user responsibility to follow the laws, etc. The penultimate draft was broadly circulated on campus for comments and suggestions. AIT Committee attempted to respond to constructive suggestions and questions raised by AP&P.
1. General Statement
1.1 The goal of Information Technology Services and campus departments administering university computer resources is to promote innovation and educational excellence at California State University, Fresno. To achieve this, the computing network must provide quality, equitable, and cost-effective information and communication resources to the members of the university community.
1.2 The University endorses the following statement of Software and Intellectual Rights that was developed through EDUCOM, a non-profit consortium of colleges and universities committed to the use and management of information technology in higher education.
1.2.1 "Respect for intellectual labor and creativity is vital to academic discourse and enterprise. This principle applies to works of all authors and publishers in all media. It encompasses respect for the right to acknowledgment, right to privacy, and right to determine the form, manner, and terms of publication and distribution.
1.2.2 "Because electronic information is volatile and easily reproduced, respect for the work and personal expression of others is especially critical in computer environments. Violations of authorial integrity, including plagiarism, invasion of privacy, unauthorized access, and trade secret and copyright violations, may be grounds for sanctions against members of the academic community."
1.3 The above statement provides a guide for the ethical use of computer facilities whether one is using a microcomputer, minicomputer, mainframe computer or supercomputer, or computer network, and whether the computer files, programs, or data are stored on floppy disk, hard disk, magnetic tape, or other storage media. Computer facilities and files owned by others should be used or accessed only with the owner's permission.
1.4 The University's computing facilities are provided for the use of students, faculty, administration, and staff, and to some extent to members of the wider community, in support of the programs of the University. All students, faculty, administrators, and staff are responsible for seeing that these computing facilities are used in an effective, efficient, ethical and lawful manner.
1.5 The possession of a computer account carries with it certain conditions and responsibilities which this policy statement endeavors to explain. Misuse of accounts or violation of the delineated conditions may result in the termination of the accounts, or, in cases of more serious infractions, the submission of the case to an appropriate disciplinary authority for further investigation. In such cases, because different laws, policies, and procedures govern disciplinary actions involving students, faculty, administrators, or staff, any disciplinary actions must follow the appropriate procedures (for example, the various collective bargaining agreements governs disciplinary actions involving faculty and staff members and specifies specific procedures).
1.6 Computer facilities and accounts are owned by the University and/or its various schools, departments, auxiliary organizations, and programs, and are only to be used for university-related activities. All access to central computer systems, including the issuing of passwords, must be approved through ITS or the designated administrator for the central system. Accounts for other resources, such as department or school-owned resources, are given out by those entities.
1.7 An account assigned to an individual, by ITS or a department, must not be used by others. The individual is responsible for the proper use of the account, including proper password protection.
1.8 The University's intent is to consider programs and files as private and confidential unless they have explicitly been made available to other authorized individuals, but it is impossible to insure such materials against all security violations. As a practical matter, the appropriate systems administrator may access others' files when necessary for the maintenance of central computer systems. When performing maintenance, every effort is made to insure the privacy of a user's files. However, if violations are discovered, they will be reported immediately to the appropriate Vice President.
1.9 Electronic communications cannot be considered either private or secure. E-mail messages can be saved indefinitely on the receiving computer. Copies can easily be made and forwarded to others either electronically or on paper. In addition, messages sent to nonexisting or incorrect usernames are delivered to a person designated as Postmaster for either the remote or local site. In sending e-mail, it is the user and not the University, who assumes responsibility for its contents. E-mail communications may be subject to discovery in civil litigation or in criminal investigations. In most instances, there is no reason for e-mail to be retrieved by anyone other than the intended addressee, but in limited and appropriate circumstances (e.g., in the course of an official investigation of wrongdoing as in Sections 2.4 and 2.5 of this policy), e-mail messages may become subject to internal monitoring by an authorized individual.
1.10 Electronic communications facilities (such as e-mail) are for university related activities only. Fraudulent, harassing or obscene messages and/or materials are not to be sent or stored. No e-mail should be created or sent, nor webpages created, that may constitute intimidating, hostile, or offensive material on the basis of gender, race, color, religion, national origin, sexual orientation or disability. The University’s policies on sexual or other forms of harassment apply fully to the e-mail system, and any violation of those policies may be grounds for discipline, up to and including termination or expulsion.
1.11 California State University, Fresno supports academic freedom and the free exchange of ideas, in conformity with federal and state law. The content of personal home pages on the Internet is solely the responsibility of the authors and does not necessarily reflect policies or opinions of the university. It is unlawful to affix the university seal to any material without prior approval from the university.
1.12 Unmannerly or unprofessional conduct using the computer account is inappropriate; for example, mailing obscene or abusive messages is not considered acceptable behavior. Also disallowed are random mailings (spamming). Internet and other network users must also abide by the respective guidelines for those services.
1.13 No one should deliberately attempt to degrade the performance or capability of a computer system or to deprive authorized personnel of resources or access to any university computer system. Loopholes in the computer system, knowledge, or special passwords shall not be used to damage a system or file, or to change or remove information in a system or file without authorization.
1.14 Attempting to attain unauthorized access to another's directories or files or in any way attempting to "break" system security is deemed unacceptable behavior, even if it is for purposes of "browsing" only and not for acquiring data. If a user is able to circumvent the system security, it should be considered an obligation to inform the department administering the system or other appropriate authority of this possible breach.
1.15 Computer software protected by copyright is not to be copied from, into, or by using campus computing facilities, except as permitted by law or by a license agreement with the owner of the copyright. This means that such computer and microcomputer software may only be copied in order to make back-up copies. The number of copies and distribution of the copies may not be done in such a way that the number of simultaneous users exceeds the number of original copies authorized.
1.16 University computer resources should never be used for purposes intended to incite or commit a crime; for example, it is illegal to post a credit card number, a telephone credit card number, or a computer password. Criminal and illegal use may include obscenity, child pornography, threats, harassment, theft, and unauthorized access. In addition, the networks cannot be used for personal profit; for example, do not use a discussion list to advertise items for sale or to solicit business.
2. Disciplinary Action
2.1 Violations of this policy will result in the appropriate disciplinary action, which may include loss of computing privileges, suspension, demotion, termination, dismissal, or expulsion from the University, and legal action. Disciplinary policies and procedures are different for students, for faculty, for administrators, and for staff.
2.2 Violations of any federal, state, or local law concerning the unauthorized access or use of University computers and computing services will result in the appropriate university disciplinary action up to, and including termination from the University.
2.3 Upon determination that a serious violation has occurred, an individual's computer use privileges may be suspended. Such alleged violations will be confidentially reported to the department administering the system and in cases involving:
2.3.1 students, to the Dean of Students;
2.3.2. faculty, to the Academic Personnel officer for review and recommendation to the Provost; and
2.3.3. staff, to the Director of Human Resources for review and recommendation to the Vice President for Administration.
2.4 The ITS administrative staff or supervising department chair will judge an offense as either major or minor. A first minor offense will normally be dealt with by the appropriate administrative staff or supervising department chair after consultation with the instructor or administrator requesting the account. Additional offenses will be regarded as major offenses. Appeals relating to minor offenses may be made to the supervising Vice Presidents. Major offenses will be dealt with by the supervising Vice Presidents in accordance with the policies and procedures appropriate to the individuals involved. Allegations of possible criminal and illegal use violations will be treated as major.
2.5 Violations of these policies will be dealt with in the same manner as violations of other university policies and may result in disciplinary review. In such a review, the full range of disciplinary sanctions is available including the loss of computer use privileges, dismissal from the University, and legal action. Violations of some of the above policies may constitute a criminal offense. Individuals using campus computer facilities should be familiar with the state laws.
3. State Law
3.1 Abuse of computing services is a felony. If University computers are used illegally, California Penal Code 502 states that the offender may be found guilty of a felony, which is punishable by a fine not exceeding $10,000, or by imprisonment for 16, 24, or 36 months, or by both fine and imprisonment. A person convicted of violating the criminal provisions of the law will also be subject to civil action for compensatory damages. Additionally, University imposed sanctions may also be employed.
3.2 California Penal Code 502 provides for protection to all categories of automated information, including (but not limited to) records, files, and databases; and to information technology facilities, software, and equipment (including personal computer systems) owned or leased by State agencies.
3.3 California Penal Code 502 states that any person is guilty of a public offense who:
3.3.1. knowingly accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network to (A) devise or execute any scheme or artifice to defraud, deceive, or extort, or (B) wrong fully control or obtain money, property, or data.
3.3.2. knowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network, or takes or copies any supporting documentation, whether existing or residing internal or external to a computer , computer system, or computer network.
3.3.3. knowingly accesses and without permission adds, alters, damages, deletes, or destroys any data, computer software, or computer programs which reside or exist internal or external to a computer, computer system, or computer network.
3.3.4. knowingly accesses and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network.
3.3.5. knowingly introduces any computer contaminant to any computer, computer system, or computer network.