Appropriate Use Policy (AUP)
Computing and Network facilities are provided for the use of faculty, staff, and students in support of the mission of the University. The users are responsible for assuring that these resources are used in an effective, ethical, and lawful manner. See the POLICY AND PROCEDURES FOR THE CONDUCT OF RESEARCH - that policy applies to all members of the University community.
The following will serve as a clarification of published policy.
- The Canadian Criminal Code is very clear about the issues of unauthorized access and vandalism of data - criminal behaviour will not be tolerated. University Policy requires further that:
Activities will be conducted in such a manner as to preclude any form of dishonesty, such as theft or misappropriation of money, equipment, supplies, documents, computer programs or computer time.
- Sharing of accounts is not allowed. Accounts are assigned to an individual and only that person may use the service. The policy is clear, it is not acceptable:
To give, sell, or otherwise provide computing resources to individuals or groups which do not have explicit permission to use them from the authority which allocated them.
- Many resources are shared and no user may monopolize these resources.
- Users should consume as little space as is practical. Eg. collecting space intensive images is discouraged unless there is a legitimate academic need.
- Users should not load systems in such a way that others cannot perform useful work. Eg. resource-intensive programs should be executed with care, modems should be released as soon as is practical, and long print jobs should not be printed during peak periods.
- Chain letters (eg. the infamous "good luck" chain letter) are not an appropriate use of the technology and put an undue burden on the system. They were intentionally introduced to disrupt services.
The policy is clear, it is not acceptable:
To engage in any action which denies or restricts the use of computer facilities to other authorized users of those facilities.
- Facilities are provided for academic and administrative use.
- Facilities may not be used for any commercial activity. Eg. consulting, typing services, developing software or Web pages for sale, and in general any activity which is paid for by non-University funds.
- The use of the facilities for anything outside the mission (eg. game playing) should be approached with considerable care and will not be tolerated should it interfere with the legitimate needs.
- Any use outside the mission shall not be of a nature which might reflect discredit upon the University. Eg. "Make Money Fast" pyramid schemes are a fraud and make the Univerity look bad.
The policy is clear:
The University's computing resources have been acquired, and are allocated to groups and individuals, for specific academic purposes. It is against the best interests of the community using Information Technology Services facilities to use University computing resources for purposes different from that for which they are allocated.
See also USE OF UNIVERSITY FACILITIES FOR OTHER THAN REGULARLY SCHEDULED ACADEMIC PURPOSES .
- All data files are the private property of the owner, whether or not they are accessible to others. Property rights must be respected.
- An unlocked door does not implicitly grant permission to strangers to enter your home. Likewise, the ability to read another user's files does not implicitly grant permission.
- Under no circumstances may a user alter a file that does not belong to them without the prior permission of the owner. The ability to alter a file does not implicitly grant permission.
The policy is clear, it is not acceptable:
To inspect, alter, delete, publish, or otherwise tamper with files that the individual is not authorized to access.
- As this is an educational environment, systems are often open to perusal and investigation by users. This access must not be abused either by attempting to harm the system, or by stealing copyrighted or licensed software.
- System files (not owned by individuals) may be used and viewed for educational purposes if their access permissions allow. This does not include the sharing of password files with crackers!
- Deliberate alteration of system files is vandalism or malicious destruction of University property. See also Section 430. of Canadian Criminal Code.
- Most system files are part of copyrighted or licensed software, and may not be copied, in whole or in part, except as needed as part of an educational exercise.
- The same standards of intellectual and academic honesty and plagiarism apply to system software as to other forms of published work. Making copies of licensed software is theft as is any attempt to "beat" the license. See below for more information on copyrights.
- We recognize the academic value of research on computer servers, security and the investigation of self-replicating code. However, these programs can inadvertently affect the operation and integrity of all systems.
- Users may not run any network servers (like IRC, WWW, FTP, Mail, or etc.) on any network facility without the explicit permission of the authority for that network. Eg. network servers of that sort on the residence networks and dialup lines are strictly forbidden.
- Users may not intentionally develop or use programs which harass others (eg. mail bombing).
- Users may not intentionally develop or use programs which attempt to bypass system security mechanisms, steal passwords or data, or "crack" passwords.
- Users may not intentionally develop or use programs that, by design, attempt to consume all of an available system resource.
- Users may not intentionally develop or use programs designed to replicate themselves or attach themselves to other programs (ie. worms or viruses).
- Users may not intentionally develop or use programs designed to evade software licensing or copying restrictions.
Users who believe they have a legitimate need to use or develop these programs must give prior notice and obtain approval. Special arrangements may be made to provide an adequate environment for conducting the research without risking damage to or impairment of other systems.
- Harassing or defamatory material may not be sent by electronic mail or posted to news groups.
The University expects all members of this community to conduct themselves according to standards of professional ethics and behaviour appropriate in an institution of higher learning.
- Facilities may not be used for making unauthorized connections to, breaking into, or adversely affecting the performance of any other systems whether University-owned or not. The ability to connect to other systems via the network does not imply the right to make use of or even connect to these systems unless properly authorized by the owners of those systems.
- Other organizations operating computing and network facilities will have their own policies governing the use of those resources. When accessing remote resources users are responsible for obeying both the policies of this University and the policies of the other organizations.
Software Copyrights and Licenses
The software used on University facilities is provided under license agreements with various vendors. Unless explictily stated otherwise you must assume that all software on all systems is protected by copyright.
- Copyright and patent laws protect the intellectual property of authors, inventors, and software developers. Software license agreements serve to increase compliance with copyright and patent laws.
- It is the policy of the University to comply fully with both the letter and spirit of the law with respect to copyright and patents (e.g. computer software, publications, technology) and thereby honor intellectual property rights.
- Software in use on University facilities, unless it is stored in areas specifically marked as containing copyable software, may not be copied to magnetic tape, hard or floppy disks, or otherwise removed. Except for purposes of backup and recover of what they own, users may not make copies of licensed software.
See also CODE OF CONDUCT re UNIVERSITY DATA AND PHYSICAL RESOURCES
Minor infractions of policy, when likely accidental in nature, such as poorly chosen passwords, overloading systems, excessive disk space consumption, and so on are typically handled internally in an informal manner by electronic mail or in-person discussions. More serious infractions are handled formally:
- Infractions such as sharing accounts or passwords, harassment, or other minor violations of policy may result in the temporary loss of access privileges.
- More serious violations, such as unauthorized use, attempts to steal passwords or data, attempts to steal licensed software, or repeated violations of policy may result in temporary or permanent loss of access privileges. In all cases, the offender's associated department will be notified. If the offender is a student the case will be referred to the appropriate department chair.
- Offenses which are violations of law will result in immediate loss of all privileges, and will be reported to the appropriate University and law enforcement authorities.
- The sanction enforced for a given offense is the responsiblity of the Senior Director of ITS. The Senior Director may delegate this authority.
- Decisions made by the Senior Director involving content may by appealed under the Procedure for Handling Appeals Regarding Content on Any University Computing Resources. Any other decisions by the Senior Director under this policy may be appealed to the Provost.
Much of this document comes from the Purdue/ECN Policy on Access and Usage (1992) with several passages used verbatim. We gratefully acknowledge their work.
and maintained in Cascade CMS.