1. Background and Purpose
The ethical principles that apply to everyday academic community life
also Furthermore, everything that is technically possible is not necessarily
ethical or legal. Anyone who uses Rensselaer's computer systems and
networks is For examples illustrating applications of the policy, see Examples.
(Links to other documents are for reference and are not to be considered
part of this document.)
To participate in community life, we expect for ourselves and extend
to The privilege of access to Rensselaer's computer systems and networks
This document outlines the privileges, responsibilities, and obligations
of those who participate in Rensselaer's electronic community. It
constitutes an Institute-wide policy intended to allow for the proper
use of all Rensselaer's computer systems and networks, effective protection
of individual users, equitable access, and proper management of those
resources. It should be taken in the broadest possible sense and applies
to Rensselaer network usage even in situations where it would not
apply to the computer(s) in use (for example, student-owned computers
attached to the campus network). The policy is intended to supplement,
not replace, all existing laws, regulations, agreements, contracts
and Rensselaer policies that currently apply to these services.
Campus units that operate their own computers or networks may add,
with the approval of the unit head, individual guidelines which supplement,
but do not relax, this policy. In such cases, the unit should inform
their users and the Computing and Information Services Security Team
(security@rpi.edu) prior to implementation.
The remainder of this document is organized as follows:
Authorized use of Rensselaer computer systems and networks is consistent
with the education, research, and service mission of the Institute,
and consistent with this policy. Authorized users are: (1) current faculty, staff, and students
of the Institute; (2) others whose access is consistent with the
mission of the Institute and whose usage does not interfere with
other users' access to resources. All users must be authorized to
use a particular computing or network resource by the campus unit
responsible for operating the resource. The following individual privileges empower each of us to be productive
members of the Rensselaer community. These privileges are conditional
upon accepting and complying with the accompanying responsibilities.
Rensselaer acknowledges that privacy is an important value for
educational
institutions.
Creative, innovative, and risky thought, as
well as scholarship and educational accomplishment all depend on
interacting in a communication context in which individuals feel free to
express and transmit their opinions and ideas. Thus, Rensselaer
extends to its students, faculty, and staff a reasonable expectation of
privacy in the communication that they conduct via Rensselaer's computer systems
and networks. However, everyone should recognize that privacy cannot
be guaranteed, even when it is intended, and should, therefore,
exercise reasonable caution in
electronic communication.
Although the privacy of electronic mail, files, and data is protected
in normal circumstances, when, upon the judgment of the appropriate
authorities, there is reason to believe the law or Institute policies
have been violated, Rensselaer may access or disclose the electronic
files, mail, or electronic discussions stored or transmitted by
a student, staff member, or faculty member of the Institute. In
these cases, the determination will be made by an individual with
appropriate administrative responsibility. For example, for students,
it will be determined by the Dean of Students' office; for staff,
by the relevant Vice-President or designee; for the faculty, by
the chief academic officer of the Institute or designee; and, in
cases that may be a violation of the Institute Affirmative Action
policy, the Affirmative Action Advisor to the President. In keeping with its long tradition of academic freedom, Rensselaer
supports free inquiry and expression by the users of its computer
systems and networks. Rensselaer, however, reserves the right to
take action against or deny access to its facilities to those whose
use is not consonant with the purposes of the university or infringes
on the rights of others.
3.3. Ownership of intellectual works People creating intellectual works using Rensselaer computer systems
or networks, including but not limited to software, should consult
Rensselaer's Intellectual Property Policy.
All members of the campus have the right not to be harassed by
others. This includes harassment via the computer or network usage
of others. (See 4.1.3.)
Just as certain privileges are given to each member of the campus
community, each of us is held accountable for our actions as a condition
of continued membership in the community. The interplay of privileges
and responsibilities engenders the trust and intellectual freedom
that form the heart of our community. To maintain this trust and
freedom, each person must develop the skills necessary to be an
active and contributing member of the community.
4.1. Common courtesy and respect for rights of others
No one should monitor, access, copy, print, alter, transmit or
destroy anyone else's electronic files without explicit permission
(unless authorized or required to do so by law, policy, or regulation).
Simply being able to access a file or other information does not
necessarily imply permission to do so.
Similarly, no one should connect to a host on the network without
advance authorization in some form. An uninvited connection is generally
considered to be an invasion of privacy and potential security threat.
(Such applications as web pages and anonymous ftp sites are by their
nature intended for public use and do not require explicit permission.)
You are responsible for recognizing (attributing) and acquiring
appropriate permission to use the intellectual property of others
and for not violating copyrights. For more details see:
No one may, under any circumstances, use Rensselaer's computer
systems or networks to libel, slander, or harass any other person.
Computer Harassment includes, but is not limited to, using Rensselaer's
computer systems or networks: (1) to annoy, harass, terrify, intimidate,
threaten, offend or bother another person (for example, by conveying
abusive, profane, defamatory or offensive messages, obscene language,
pictures, or other materials, or threats of bodily harm); (2) to
contact another person repeatedly to annoy, harass, or bother, whether
or not any actual message is communicated, and/or where no purpose
of legitimate communication exists, and where the recipient has
expressed a desire for the communication to cease; (3) to contact
another person repeatedly regarding a matter for which one does
not have a legal right to communicate, once the recipient has expressed
a desire for such communication to cease; (4) to disrupt or damage
the academic, research, administrative, or related pursuits of another;
(5) to invade or threaten to invade the privacy, academic or otherwise,
of another.
4.2. Responsible use of resources No member of the community should engage in acts that waste or
prevent others from using electronic resources, for instance, forwarding
chain mail, sending mass mailings, or knowingly engaging in other
activities that degrade service.
If you are not sure whether an activity you are planning would
affect service, you may contact the system administrator (of departmental
systems) or the ARC Help Desk in the VCC.
Public computer rooms that have been officially scheduled as classrooms
are for use of the scheduled class. When not all of the computers
are being used by the class, they may be used by other members of
the campus community at the discretion of the instructor. Requests
should be made before the class begins and should not interrupt
class activities.
Limited recreational game playing that is not part of an authorized
and assigned research or instructional activity is tolerated (within
the parameters of each unit's rules). Game-playing that consumes
excessive Institute computing and network resources is prohibited.
Recreational game players occupying a seat in a public computing
facility must give up that seat when others who need to use the
facility for academic or research purposes are waiting.
It is your responsibility to be aware of the potential for and
possible effects of manipulating information, especially in electronic
form, to understand the changeable nature of electronically stored
information, and to verify the integrity and completeness of information
that you compile or use. When in doubt, verify electronic communications
with the person you believe to have sent them.
Employees are responsible for following their unit's procedures
for the security and integrity of Institute information stored on
their personal desktop system. This responsibility includes making
regular disk backups, controlling physical and network access to
the machine, and installing and using virus protection software.
Avoid storing passwords or other information that can be used to
gain access to other campus computing resources.
4.6. Access to facilities and information
Computer accounts, passwords, and other types of authorization
are assigned to individual users and, in general, are not intended
to be shared with others. There may be times when you need to share
your password with a member of your family, secretary, or friend,
but you will remain responsible for any use of your account. Likewise,
you are responsible for any activities on your personal computer
attached to the Rensselaer network. Passwords should be changed
periodically and after every disclosure to a third party.
4.6.2. Permitting unauthorized access You may not run or otherwise configure software or hardware to
intentionally allow users to circumvent account privileges and security
mechanisms.
4.6.3. Use of privileged access Special access to information or other special computing privileges
are to be used in performance of official duties only. Information
that you obtain through special privileges is to be treated as private
and confidential.
When you cease being a member of the campus community (e.g., graduate,
withdraw, or terminate employment), or if you are assigned a new
position and/or responsibilities within the Institute, your access
authorization must be reviewed. You must not use facilities, accounts,
access codes, privileges, or information for which you are not authorized
in your new circumstances.
4.7. Attempts to circumvent security You are prohibited from attempting to circumvent or subvert any
system's security measures. (The list below does not prohibit authorized
use of security tools by system administration personnel.) You are
encouraged to inform system administrators of any loopholes you
discover and cooperate in implementing security procedures.
4.7.1. Decoding access control information You are prohibited from intercepting, accessing, printing, transmitting,
copying, or decoding passwords or similar access control information,
whether by means of using any computer program or device or by deception
or observation of other users.
Deliberate attempts to degrade the performance of a computer system
or network or to deprive authorized personnel of access to any Institute
computer system or network are prohibited.
Harmful activities are prohibited; such activities include, but
are not limited to: creating or propagating viruses, worms, or trojan
horses; disrupting services; damaging files; intentional destruction
of or damage to equipment, software, or data belonging to Rensselaer,
other entities, or individual users. In addition, you may not:
4.7.4. Unauthorized monitoring You may not use Rensselaer's computer systems and networks for
unauthorized monitoring, accessing or disclosure of electronic communications.
Use of Rensselaer's computer systems and networks for commercial
activity is prohibited. It is acceptable to use designated news
groups and other electronic communication for the occasional sale
of personal items or to announce services that are part of the business
of the Institute (Book Store, Food Service, etc.) But it is not
acceptable to use Rensselaer facilities to run a business or otherwise
to sell or advertise goods and/or services to the general public.
Rensselaer's computer systems and networks may not be used in
connection with compensated outside work nor for the benefit of
organizations not related to Rensselaer, except: in connection with
scholarly pursuits (such as faculty publishing activities); or in
a purely incidental way. This and any other incidental use (such
as electronic communications, storing data on single-user machines,
volunteer work or political activities) must not interfere with
other users' access to resources (computer cycles, network bandwidth,
disk space, printers, etc.) and must not be excessive.
You should not use electronic communication in an attempt to impersonate
another user or otherwise misrepresent yourself to others. Although
there are instances in which anonymous communication is acceptable,
it is generally advisable to identify yourself accurately. It is
not acceptable to use anonymity to harass, threaten, or deceive
others.
Rensselaer may allocate resources at its discretion in order to
achieve its overall mission.
5.2. Control of access to information Rensselaer may control access to its information and the devices
on which it is stored, manipulated, and transmitted, in accordance
with the laws of New York and the United States and the policies
of the Institute.
In accordance with Institute procedures, Rensselaer may impose
sanctions on anyone who is found to have violated the policies of
the Institute regarding computer and network usage.
Rensselaer may restrict the use of its computers and network when
there is evidence of violations of Institute policies or
local, state or federal laws.
Specifically, the Institute reserves the
right to limit access to its network through Institute-owned or
other computers, and to remove or limit access to material posted
on Institute-owned computers. Access will be restored as determined
to be appropriate, unless access is to remain suspended as a result
of formal disciplinary action determined by the Dean of Students
Office (for students), the employee's department in consultation
with the Office of Human Resources (for staff), or the chief academic
officer of the Institute or designee (for faculty).
In addition, Rensselaer reserves the right to terminate any computer
network connection without notice should it be determined that network
traffic generated from this connection inhibits or interferes with
the use of the network by others.
5.4. System administration access A system administrator (i.e., the person responsible for the technical
operations of a particular machine) may access others' files for
the maintenance of networks and computer and storage systems, such
as to create backup copies of media. However, in all cases, all
individuals' privileges and rights of privacy are to be preserved
to the extent possible (subject to Section 3.1).
5.5. Monitoring of usage, inspection of files Units of Rensselaer operating computers and networks may routinely
monitor and log usage data, such as network session connection times
and end-points, CPU and disk utilization for each user, security
audit trails, network loading, etc. These units may review this
data for evidence of violation of law or policy, and other purposes.
When necessary, these units may monitor all the activities of
and inspect the files of specific users on their computers and networks.
Any person who believes such monitoring or inspecting is necessary
must obtain the concurrence of the unit head and other appropriate
authorities. In all cases all individuals' privileges and right
of privacy are to be preserved to the greatest extent possible.
Rensselaer has the responsibility to develop policies and procedures
to support the integrity of individual and institutional information,
however stored, and to impose appropriate penalties when these policies
and procedures are violated.
6.2. Anti-harassment procedures Rensselaer has the responsibility to develop, implement, maintain,
and enforce appropriate procedures to discourage harassment by use
of its computers or networks and to impose appropriate penalties
when such harassment is found to have taken place.
6.3. Upholding of copyrights and license provisions Rensselaer has the responsibility to uphold all copyrights, laws
governing access and use of information, and rules of organizations
supplying information resources to members of the community (e.g.,
acceptable use policies for use of Internet).
6.4. Individual unit responsibilities Each unit has the responsibility of:
If you are contacted by a representative from an external organization
(i.e., District Attorney's Office, FBI, other law enforcement agency,
or telecommunications service provider) who is conducting an investigation
of an alleged violation involving Rensselaer computer systems and
networks, inform the Division of the Chief Information
Officer immediately. That office will provide guidance regarding
the appropriate actions to be taken. In these cases, the determination
of how to proceed will be made by an individual with appropriate
administrative responsibility. For example, for students, it will
be determined by the Dean of Students' office; for staff, by the
relevant Vice-President or designee; for the faculty, by the chief
academic officer of the Institute or his/her designee; and, in cases
that may be a violation of the Institute Affirmative Action policy,
the Affirmative Action Advisor to the President.
7.2. Responding to security and abuse incidents All users and units have the responsibility to report any discovered
unauthorized access attempts or other improper usage of Rensselaer
computer systems and networks. If you observe, or have reported
to you (other than as in 7.1 above), a security or abuse problem
with any Institute computer or network facilities, including violations
of this policy:
7.3. Range of disciplinary sanctions Persons in violation of this policy are subject to the full range
of sanctions, including, but not limited to, the loss of computer
or network access privileges, disciplinary action, dismissal from
the Institute, and legal action. Some violations may constitute
criminal offenses and be subject to local, state, and/or federal
prosecution.
Appeals should be directed through the procedures outlined in
the Student and Faculty Handbooks and guidelines established by
the Office of Human Resources and Institute Diversity.
Approved: April 13, 1998
2. Authorized Users
3. Individual Privileges
4. Individual Responsibilities
You are prohibited from using, accessing, copying, printing, and storing
copyrighted computer programs and other material, in violation of
copyright. No software may be installed, copied, accessed, printed,
transmitted or used on Rensselaer's computer systems and networks
except as permitted by the owner of the software. Software subject
to licensing must be properly licensed and all license provisions
(installation, use, copying, number of simultaneous users, term of
license, etc.) must be strictly adhered to.
by using knowledge of a special password, loopholes in computer security
systems, another user's password, access abilities you used during
a previous position at the Institute, or any other means.
5. Rensselaer Privileges
Our society depends on institutions like Rensselaer to educate our
citizens and advance the development of knowledge. Therefore, Rensselaer
assumes certain privileges regarding the information necessary to
accomplish its goals and the equipment and physical assets used in
its mission.
6. Rensselaer Responsibilities
Departments are responsible for educating the users of department-owned
desktop computers and providing a reasonable level of security for
sensitive information. Departments with their own local area networks
or a significant number of desktop computers should appoint a system
administrator (or other contact person) and identify this person to
the Division of the Chief Information Officer. The system administrator should
be knowledgeable about the department's computing environment and
about central resources and services. This position will serve
7. Procedures and Sanctions
The Security Team will coordinate the technical and administrative
response to such incidents. Reports of all incidents will be forwarded
to the Dean of Students Office (for students) or the unit head (for
employees).
This policy is adapted from a policy statement written at Georgia
Institute of Technology and used with permission.