NUMBER:                              890

SUBJECT:                             USE OF University Information Technology Resources

AUTHORIZING BODY:        PRESIDENT'S CABINET

RESPONSIBLE OFFICE:   UNIVERSITY TECHNOLOGY SERVICES

DATE ISSUED:                     JULY 2003

LAST UPDATE:                     

RATIONALE:  The following policy is intended to protect the wide array of information technology resources provided by the University, and to provide guidelines for the use of those resources. 

POLICY:  

 POLICY FOR USE OF UNIVERSITY INFORMATION TECHNOLOGY RESOURCES

    1.      Background and purpose

    2.      Definitions

    3.      Individual privileges  

    4.      Individual responsibilities

    5.      Access to facilities and information

    6.      Oakland University privileges 

    7.      Public information services

    8.      Procedures and sanctions

 1.      BACKGROUND AND PURPOSE

These policy and procedures are intended to allow for the proper use of all Oakland University computing, data, information, communications, network and information technology resources, effective protection of individual users, equitable access, and proper management of those resources.  This should be taken in the broadest possible sense.  This policy applies to Oakland University network usage even in situations where it would not apply to the computer(s) in use.  These guidelines are intended to supplement, not replace, all existing laws, regulations, agreements, and contracts that currently apply to these services.

Individual units at the University may add individual guidelines that supplement, but do not override or replace, this policy.  In such cases, the unit should inform their users, University Technology Services (UTS) and the General Counsel.

Access to computing, network and information technology resources owned or operated by Oakland University imposes certain responsibilities and obligations and is granted subject to University policies and federal, Michigan and all other applicable laws. Appropriate use is legal, ethical, reflects academic honesty, reflects community standards, and shows restraint in the consumption of shared resources.  It should demonstrate respect for intellectual property; ownership of data; system security mechanisms; and individual rights to privacy and to freedom from intimidation, harassment, and unwarranted annoyance.  Appropriate use of computing and networking resources includes instruction; independent study; authorized research; independent research; communications; and official work of authorized users (see section 2.2). 

2.      DEFINITIONS

2.1.  Authorized use

Authorized use of Oakland University-owned or operated computing, network, and information technology resources is use consistent with the education, research, and service mission of the University, consistent with effective departmental or divisional operations, and consistent with this policy.

     2.2.  Authorized users

Authorized users are: (1) current faculty, staff, and students of the University; (2) anyone connecting to a public information service through the use of University information technology resources (see section 7); (3) others whose access furthers the mission of the University and whose usage does not interfere with general access to resources.  In addition, a user must be specifically authorized to use a particular computing, network or information technology resource by the campus unit responsible for operating the resource.  Divisional leaders, departmental managers and systems administrators are authorized to inspect, use or assign for use, any computing, network or information technology resource in their area of responsibility.

     2.3.  Computing, Network and Information Technology Resources

Computing, Network and Information Technology Resources referred to in this policy and procedures includes any information in electronic format or any hardware or software that makes possible the transmission, storage or use of such information.  As an example, included in this definition are electronic mail, local and enterprise databases, externally accessed databases, CD, recorded computer magnetic media, digital images, digitized information, personal computers, workstations, servers, operational software, network devices and interfaces, electronic storage, messaging, communications devices, test equipment that may be used to intercept information and so on.    

3.      INDIVIDUAL PRIVILEGES

It is the following individual privileges, all of which are currently existent at Oakland University, that empower each of us to be productive members of the campus community.  It must be understood that privileges are conditioned upon acceptance of the accompanying responsibilities.

3.1.  Privacy

To the greatest extent possible in a public setting, we want to preserve the individual's privacy.  Technological methods must not be used to infringe upon privacy.  However, users must recognize that Oakland University computing, network and technology resources are public and subject to the Freedom of Information Act.  Users must also recognize the exceptions provided in paragraph 6 of this policy.  Thus, users utilize such systems at their own risk.

     3.2.  Freedom of expression

The constitutional right to freedom of speech applies to all authorized users of the campus no matter the medium used.

     3.3.  Freedom from harassment and undesired information

All members of the campus community have the right to be free from harassment by computing, network or information technology resource usage.  

4.      INDIVIDUAL RESPONSIBILITIES

Just as certain privileges are given to each member of the campus community, authorized users are held accountable for their actions as a condition of continued membership in the community.

4.1.  Common courtesy and respect for rights of others

Authorized users are expected, as members of the campus community, to respect and value the rights of privacy for all, to behave ethically, and to comply with all legal restrictions regarding the use of information that is the property of others.  Compliance with all University policies regarding sexual, racial, and other forms of harassment and discrimination is required.

     4.2.  Laws, policies, contracts and licenses

Authorized users must comply with all federal, Michigan, and other applicable laws; all generally applicable University rules and policies; and all applicable contracts and licenses.  Examples of such laws, rules, policies, contracts and licenses include the laws of libel, privacy, copyright, trademark, obscenity and child pornography, the Electronic Communications Privacy Act and the Computer Fraud and Abuse act, which prohibit “hacking”, “cracking”, and similar activities; the University’s code of student conduct; the University’s non-discrimination policies; and all applicable software licenses.  Users who engage in electronic communications with persons in other states or countries or on other systems or networks should be aware that they may also be subject to the laws of those other states and countries and the rules and policies of those other systems and networks.  Users are responsible for ascertaining, understanding, and complying with the laws, rules, policies, contracts, and licenses applicable to their particular uses. 

     4.2.1.    Copyright

Copyright law generally gives authors, artists, composers, and other such creators the exclusive right to copy, distribute, modify, and display their works or to authorize other people to do so.  Moreover their works are protected by copyright law from the very moment that they are created – regardless of whether they are registered with the Copyright Office and regardless of whether they are marked with a copyright notice or symbol.  Authorized users may not copy, distribute, modify, or display another’s work unless the copyright owner has given permission to do so; it is in the “public domain”; doing so would constitute “fair user”; or an “implied license” to do so was granted.

     4.2.2.    Harassment

No member of the community may, under any circumstances, use Oakland University's computing, network, or information technology resources to libel, slander, or harass any other person. 

The following shall constitute Computer Harassment:  (1) Intentionally using computing, network or information technology resources to annoy, harass, terrify, intimidate, threaten, offend or bother another person by conveying obscene language, pictures, or other materials or threats of bodily harm to the recipient or others; (2) Intentionally using computing, network or information technology resources to contact another person repeatedly with the intent to annoy, harass, or bother, whether or not any actual message is communicated, and/or where no purpose of legitimate communication exists, and where the recipient has expressed a desire for the communication to cease; (3) Intentionally using computing, network or information technology resources to contact another person repeatedly regarding a matter for which one does not have a legal right to communicate, once the recipient has provided reasonable notice that he or she desires such communication to cease; (4) Intentionally using computing, network or information technology resources to disrupt or damage the academic, research, administrative, or related pursuits of another; (5) Intentionally using computing, network or information technology resources to invade the privacy, academic or otherwise, of another or the threatened invasion of the privacy of another.

     4.3.  Responsible use of resources

Authorized users are responsible for knowing what computing, network and information technology resources are available, remembering that the members of the community share them, and refraining from all acts that corrupt, interfere, waste or prevent others from using these resources or from using them in whatever ways have been proscribed by the University and by federal, Michigan and all other applicable laws.  Individual divisional or departmental managers may establish rules for his/her area of responsibility.  Individual units at the University may add individual guidelines that supplement, but do not override or replace, this policy.  In such cases, the unit should inform their users, University Technology Services and the General Counsel.

     4.4.  Game playing

Limited recreational game playing, that is not part of an authorized and assigned research or instructional activity, is tolerated (within the parameters of each department's or division’s rules).  University computing, network and information technology resources are not to be used for extensive recreational game playing.   The definition of "extensive" may differ depending on relationship to the University, the building or location of the technology used, and the network connection.  Recreational game players occupying a seat in a public computing facility must give up that seat when others who need to use the facility for academic or research purposes are waiting.

     4.5.  Web surfing

Limited recreational web surfing, that is not part of an authorized and assigned research or instructional activity, is tolerated (within the parameters of each department's or division’s rules).  University computing, network, and information technology resources are not to be used for extensive web surfing.  The definition of "extensive" may differ depending on relationship to the University, the building or location of the technology used, and the network connection.    Recreational web surfers occupying a seat in a public computing facility must give up that seat when others who need to use the facility for academic or research purposes are waiting.

     4.6.  Information integrity

Authorized users are responsible for awareness of the potential for and possible effects of manipulating information, especially in electronic form, to understand the changeable nature of electronically stored information, and to verify the integrity and completeness of information compiled or used.  Do not depend on information or communications to be correct when they appear contrary to expectations; verify it with the person believed to have originated the message or data.

     4.7.  Use of desktop systems

Authorized users are responsible for the security and integrity of University information stored on individually assigned personal desktop system.  This responsibility includes making regular disk backups, controlling physical and network access to the machine, and installing and using virus protection software.  Avoid storing passwords or other information that can be used to gain access to other computing, network or information technology resources. 

 5.      ACCESS TO FACILITIES AND INFORMATION

     5.1.  Sharing of access

Computer accounts, passwords, and other types of authorization are assigned to individual users and must not be shared with others.  An authorized user is responsible for any use of the individual account.

     5.2.  Permitting unauthorized access

Authorized users may not run or otherwise configure software or hardware to intentionally allow access by unauthorized users.  

     5.3.  Use of privileged access

Special access to information or other special computing, network or information technology privileges are to be used in performance of official duties only.  Information obtained through special privileges is to be treated as private.

     5.4.  Termination of access

When an authorized user ceases to be a member of the campus community through graduation, failure to enroll, or termination of employment, or if an employee is assigned a new position and/or responsibilities within the University, access and authorization must be reviewed.  An individual must not use facilities, accounts, access codes, privileges, or information without authorization appropriate to the new situation.

     5.5.  Attempts to circumvent security

Authorized users are prohibited from attempting to circumvent or subvert any computing, network or information technology resource security measures.  This section does not prohibit use of security tools by system administration personnel, authorized users, or faculty for research or instructional purposes, as long as those activities do not interfere with appropriate use by others.

     5.6.  Decoding access control information

The Assistant Vice President, University Technology Services, must authorize use of computer programs, processes or devices that intercept or decode passwords or similar access control information. This section does not prohibit use of these tools by system administration personnel, authorized users, or faculty for research or instructional purposes, as long as those activities do not interfere with appropriate use by others.

     5.7.  Denial of service

Deliberate attempts to degrade the performance of a computing, network or information technology resource, or to deprive authorized personnel of resources or access to any University computing, network or information technology resource, is prohibited.  This section does not prohibit use of these tools by system administration personnel, authorized users, or faculty for research or instructional purposes, as long as those activities do not interfere with appropriate use by others.

     5.8.  Harmful activities

The following harmful activities are prohibited, unless authorized by the Assistant Vice President, University Technology Services: creating or propagating viruses; disrupting services; damaging files; intentional destruction of or damage to any computing, network or information technology resource belonging to Oakland University or other users; and the like.

    5.9.  Unauthorized access

Authorized users may not:

• damage computer, network or information technology resources

• obtain unauthorized extra resources

• deprive another user of authorized resources

• gain unauthorized access to resources

by using knowledge of:

• a special password

•  loopholes in computer security systems

• another user's password

•  access abilities used during a previous position at the University

• or by other means

5.10.  Unauthorized monitoring

Use computing, network or information technology resources for unauthorized monitoring of electronic communications is prohibited.

5.11.  Academic dishonesty

Use of computing, network or information technology resources in accordance with the high ethical standards of the University community is required.  Academic dishonesty (plagiarism, cheating) is a violation of those standards.

     5.12.  Use of copyrighted information and materials

Using, inspecting, copying, and storing copyrighted software programs and other material, in violation of copyright, is prohibited.

     5.13.  Use of licensed software

No software may be installed, copied, or used on University computing, network or information technology resources except as permitted by the owner of the software.  Software subject to licensing must be properly licensed and all license provisions (installation, use, copying, number of simultaneous users, term of license, etc.) must be strictly followed.

     5.14.  Political campaigning; commercial advertising

The use of computing, network, or information technology resources in political campaigns or for commercial purposes is forbidden, unless authorized by the President of Oakland University.

     5.15.  Personal business

Computing, network or information technology resources may not be used in connection with compensated outside work nor for the benefit of organizations not related to Oakland University, except in connection with scholarly pursuits (such as faculty publishing activities) or other activities authorized by the President of Oakland University.  This and any other incidental use must not interfere with other users' access to resources and must not be excessive.  State law restricts the use of State facilities for personal gain or benefit.

     5.16.  Prurient interest

The use of computing, network, or information technology resources must not violate any federal, Michigan and all other applicable laws.  To the average person, applying contemporary community standards, the dominant theme of any electronic resource taken as a whole shall not appeal to the prurient interest, such as does pornography. 

 6.      OAKLAND UNIVERSITY PRIVILEGES

     6.1.  Allocation of resources

Oakland University may allocate resources in differential ways in order to achieve its overall mission.

     6.2.  Control of access to information

Oakland University may control access to computing, network, or information technology resources in accordance with the Laws of the State of Michigan and the United States and the policies of the University and the Board of Trustees.

     6.3.  Monitoring and inspection of usage and files 

6.3.1. Oakland University seeks to maintain a secure computing system, but cannot and does not guarantee the security or confidentiality of electronic information. In addition to accidental and intentional breaches of security, Oakland University may be compelled to disclose electronic information as required by law.

6.3.2. As part of its necessary routine operations, Oakland University occasionally gains access to computing, network or information technology resources. Suspected policy violations discovered during such routine operations will be reported to the Assistant Vice President, University Technology Services, and/or law enforcement officials. All other information accessed during such routine operations will be treated as confidential, except as otherwise provided for by this policy or law.

6.3.4. When the University has a good faith belief of suspected violations of this policy or unlawful activity; it may access computing, network or information technology resources necessary to investigate such suspected violations.

6.3.5. For accounts granted to University employees, and for University-owned or -administered computers they use:

6.3.5.1 The employee's department head, may, based on a good faith belief that such action is necessary to respond to an operational or administrative problem or to investigate suspected violations of Oakland University policy or unlawful activity, request access to the employee's computing, network or information technology resources.

6.3.5.2. If required by law or this policy, the user will be notified that his/her computer, network accounts or any other electronic information or technology has been accessed.

     6.4.  Issues of Safety and Well-being

Oakland University may suspend an individual’s access to and the use of computing, network, or information technology resources for reasons relating to his/her physical or emotional safety and well being, or for reasons relating to the safety and well-being of other members of the campus community, or the safety and well-being of University property.  Access will be promptly restored when safety and well-being can be reasonably assured, unless access is to remain suspended as a result of formal disciplinary action.   

 7.      PUBLIC INFORMATION SERVICES

     7.1.  Authorized use

Units and individuals may, with the permission of the appropriate unit head and the appropriate authority and within the constraints of existing laws and policies, configure computing, network and information technology resources to provide information retrieval services to the public at large.    Refer requesting external agencies to the General Counsel; that office will provide guidance regarding the appropriate actions to be taken.  

     7.2.  Requirements for Public Information Services

7.2.1.    The aim of the service must be consistent with the University mission.

7.2.2.   The service may not violate applicable export laws and regulations; must not constitute a copyright or trademark infringement; and must not otherwise violate federal, Michigan and all other applicable laws.

7.2.3.    Use of the service must not interfere with normal University operations.

7.2.4.    Operation of the service must be consistent with all provisions of this policy.

 8.      PROCEDURES AND SANCTIONS

8.1.  Imposition of sanctions

Oakland University may impose sanctions and/or disciplinary action on anyone who violates the policies of the University regarding the use of computing, network, or information technology resources.  This section does not prohibit use by system administration personnel, authorized users, or faculty for research or instructional purposes, as long as those activities do not interfere with appropriate use by others, and as long as those activities comply with all federal, Michigan, and other applicable law; all generally applicable University rules and policies; and all applicable contracts and licenses.

     8.2.  Investigative contact

If contacted by a representative from an external organization (FBI, etc.) or a representative from an internal investigating body conducting an investigation of an alleged violation involving University computing, network or information technology resources, inform the General Counsel immediately.  Refer the requesting agency to the General Counsel; that office will provide guidance regarding the appropriate actions to be taken.

     8.3.  Responding to security and abuse incidents

All users have the responsibility to report any discovered unauthorized access attempts or other improper usage of University computing, network or information technology resources.  Observations and reports (other than as in 8.2 above) of a security, abuse problem or violation of this policy, take immediate steps, depending on the relationship to the University.

     8.3.1.    University Employees

University Employees should review information in the Desktop Emergency Guide under Information Technology Compromises and handle the situation according to the steps in that document.  If a situation is not covered in the Desktop Emergency Guide, report issues to the Helpdesk, University Technology Services (370-4357 or help-desk@oakland.edu). 

8.3.2.   Students

Students should report any issues to the Helpdesk, University Technology Services (370-4357 or help-desk@oakland.edu).

 8.4.  Student Violations

     8.4.1.    First and minor incident

If a student violates this policy, and (1) the violation is deemed minor by a representative of the University Technology Services, and (2) the student has not been implicated in prior incidents, then the incident may be dealt with by a representative of the University Technology Services.  The alleged offender will be furnished a copy of this document and will sign a letter agreeing to conform to the policy to be kept by the University Technology Services. 

             8.4.2.    Subsequent and/or major violations

Student violations will be forwarded to Student Affairs and to General Counsel.

     8.5.  Employee Violations

Reports of violations will be forwarded as determined by the offender’s relationship to the University.  The University Technology Services will first seek to educate those found to be in violation of this policy. 

             8.5.1.    University Employees – Staff

Staff violations will be forwarded to University Human Resources, the employee’s supervisor, and General Counsel.

 8.5.2.    University Employees – Faculty

 Faculty violations will be forwarded to the Office of the Provost and to General Counsel.

8.6.  Violations by other authorized users

     8.6.1.    First and minor incident

If other authorized users violate this policy, and (1) the violation is deemed minor by a representative of the University Technology Services, and (2) the authorized user has not been implicated in prior incidents, then the incident may be dealt with by a representative of the University Technology Services.  The alleged offender will be furnished a copy of this document and will sign a letter agreeing to conform to the policy to be kept by the University Technology Services. 

             8.6.2.    Subsequent and/or major violations

Violations will be forwarded to General Counsel.

     8.7.  Range of disciplinary sanctions

Persons in violation of this policy are subject to the full range of sanctions, including the loss of computing, network or information technology resource access privileges, disciplinary action, dismissal from the University, and legal action.  Some violations may constitute criminal offenses, as outlined by federal, Michigan and all other applicable laws; the University will carry out its responsibility to report such violations to the appropriate authorities.

     8.8.  Appeals

Appeals should be directed through the already-existing procedures established for employees and students.

 9.      Network Connectivity Guidelines

Merit Network, Inc., operates the statewide network MichNet, which provides Internet access for Oakland University.  Merit is a non-profit corporation governed by all thirteen of Michigan’s four-year publicly supported universities, including Oakland University.  Our participation in MichNet and access to the Internet in general is governed by their acceptable use policies found at http://www.merit.edu/policies/.