Policy on Ethical Use of Computers in the CIS Department at KSU
The intent of this statement is to promote ethical use of CIS department computing facilities by CIS faculty, staff, and students for educational and research purposes. For the purposes of this document, CIS department computing resources include computers, networks, datafiles, software systems, terminals, workstations, documentation, and any other hardware or software device attached to CIS computing resources. The goal is to make all members of the CIS user community aware of their rights and responsibilities when using CIS department computing facilities. It is NOT our goal to reduce the capability of the systems for responsible users since preventing access to computing resources with sophisticated security measures is counterproductive in all but the most data-sensitive cases. Thus, an ethical computing attitude is promoted among the user community.
Ethical behavior cannot be mandated by a specific set of rules. Each computer user must make judgments for themselves. In general, the following two maxims provide good insight into ethical behavior. "Treat the University's computing resources the way you would want a friend to treat your computer system." Also, "If you want to hide something you are doing on the computer, it is probably unethical." While it is impossible to list all rules defining ethical computing, we provide a set of guidelines for faculty, staff, and students in the next section.
Use responsibility is the only ultimate safeguard against misuse. However, when misuse is discovered, punitive measures will be taken against the misusers. As with all matters of law and ethics, ignorance of the rules does not excuse the violation. We feel that if these measures are well publicized, the users will be careful to use the computer only for valid purposes in a legal and ethical manner that minimizes the impact on other users.
General Guidelines for Computing Facility Users
- Users are expected to follow normal standards of ethics and polite conduct in their use of the computing resources. Responsible user behavior includes consideration for other users, as well as efficient use of the computing resources. It is expected that users will behave responsibly, ethically, and politely even in the absence of reminders or enforcement.
Computing accounts and other data required for access to computing services are not transferable. DO NOT let anyone else use your account!
- Users cannot use the CIS facilities for personal use or financial or commercial gain. Kansas Board of Regents Policy prohibits use of university facilities for anything other than the mission for which it is intended--research and education.
- Computer login names, data switch addresses, telephone numbers, network addresses, passwords, accounting data, systems programs, and other data required for access to computing and communications services are to be used for the sole purpose for which they were assigned. The person to which these resources were assigned is responsible for safeguarding them and for using them for the specific project for which they were allocated. In other words, if you get an account for research, use it for research. If you get an account for a CIS class, use it for that class and not a class for another department.
- It is against policy to continue to use an account assigned to you after the purpose for which that account was assigned to you is no longer applicable. Specifically, you can not use the account even if it still exists after you have withdrawn from the course that required the account, you complete the course, you withdraw from the University, graduate, switch majors, or the like.
All users should take care to protect the integrity of the passwords, files, programs, network addresses, telephone numbers, and encryption algorithms assigned to them for academic work. DO NOT give your password to anyone else, change it frequently, and don't use common names in it (i.e., make it hard to guess). Lack of proper security for these objects is the source of most computer security intrusions. In the same way, do not attempt to discover another user's password.
All computing resources assigned to the user, such as data, programs, other types of files, login names, passwords, etc., are property of the state of Kansas. They are NOT your own private property. However, you should treat resources assigned to other users' as private property. For example, don't read or copy someone else's files unless you have explicit permission to do so, even if the system security does not deny access. Information you have not been invited to use is not yours to access. Also, treat e-mail and printer listings as private. The exception to this is that system administrators may access other users' resources when carrying out their responsibilities for maintaining a secure, efficient, reliable system. It would indeed be unethical for them to arbitrarily snoop in a user's files out of curiosity, but it is perfectly acceptable for them to look at the same files when trying to track a system problem or gather evidence on suspected violation of computer use policy.
- Electronic communications such as electronic mail messages (e-mail) are also not private property. Since they are stored and delivered on computer facilities owned by the state of Kansas, they are state property. Again, system administrators will not arbitrarily read your e-mail, but may view it in order to track a problem. A good guideline for e-mail is to "not send anything you want your mother to read."
- Respect the intellectual property rights of other users.
- Do not monopolize computer resources and thereby deny other users. This includes locking a Windows or Sun console while unattended, very large printouts, large files that fill a disk partition, multiple CPU or memory intensive programs, using more than one terminal or workstation or using them for frivolous use while others are waiting, and the like. Printing personal pictures, banners, or posters on CIS department printers is likewise inappropriate.
- Computer users must avoid trying to "break the system" or "bring it to its knees" with invasive software such as viruses, worms, Trojan horses, etc. Computing resources are valuable resources and no user has the right to deny or degrade any service or interfere in any way with another valid user. Users must also take care not to inadvertently introduce such software to the system by infected disks or infected files downloaded over the network, or by whatever means. Practice safe computing!
- Use only the type and amount of computing resources appropriate for the task at hand. Experimentation with different types of computer resources must be related to classroom or research activity. Computing resources are valuable public commodities and excessive use for "playing around" is unethical.
- Users must respect the computing needs of others and not overload systems without prior approval from the CIS department head or system administrator.
- Computing and communications utilities are not toys to be used to harass other users. Do not use these facilities to send abusive remarks (even in jest), to degrade others, to make threatening or obscene remarks, or to generate derogatory, obscene, or vulgar output.
- People who use software that is protected by U.S. copyright laws bear the responsibility to protect this software from being copied. Specifically, if you are using such software, do not copy it yourself or let anyone else use your access to the software to copy it. All software which is public domain, and therefore not copyrighted, will be so designated. Thus, assume all other software is copyrighted.
- Computer games and the like are only permitted when explicit authorization is provided by the CIS department head or systems administrator.
- Do not smoke, eat, or drink in the computer laboratories or around any terminal, microcomputer, printer, or any other computer equipment.
- Do not tamper with any terminal, microcomputer, printer, or other computer equipment. Please report failures or broken equipment to the CIS department system administrators or main office.
- Computing resource users must not load software on public use directories unless explicitly permitted under authority of an instructor, CIS department head, or systems administrator.
- Not all computer facilities in the CIS department are public resources (public to the CIS user community, anyway; none of the facilities are public to the campus user community). For example, do not use workstations or terminals in faculty and staff offices without specific permission to do so. Also, printers and other peripheral devices not located in public labs and advertised as available should not be used without specific permission.
System Administrator Rights and Responsibilities
- Computing system administrators must likewise abide by the general guidelines stated above.
- Computing system administrators also have the responsibility of enforcing the rights and responsibilities of all other users. Thus, these staff members should respect the rights of all other users and not take for themselves special privileges that do not pertain to their work assignment. They should make every effort to insure the privacy of a user's files, e-mail, and printer listings.
- Computing system administrators have the right to terminate user programs or jobs which unfairly deny other users access to computing resources. This will not be done arbitrarily, however. The staff members will attempt to work with the users to accommodate legitimate needs that may under normal circumstances deny access to other users.
Conditions of User and Disclaimers
To protect the integrity of the computer system against unauthorized or improper use, and to protect authorized users from the effects of such misuse, the CIS department resources the rights to: limit or restrict any account holders usage, inspect, copy, remove or otherwise alter any dat, file, or system resources which may undermine the authorized use of the system with or without notice to the user. The CIS department also reserves the right to periodically check the system and any other rights necessary to protected the department computer facilities.
The CIS department disclaims responsibility for any damage, loss of data, or interference with files arising directly or indirectly from the use of these facilities. The CIS department and Kansas State University cannot be held liable for any losses or for any claims or demands against eh user by any other part. Likewise, they cannot be held responsible for any damages due to the loss of output, loss of data, time delay, software performance, incorrect advice from a consultant, or any other damages arising from the use of CIS's computing facilities.
Users of the CIS department's facilities are required to comply with the Policy on Ethical User of Computers (this document), and by using the system, the user agrees to comply with and be subject to the Policy on Ethical User of Computers and these Conditions of Use.
The CIS department reserves the right to amend this statement at any time with or without notice.
Computing and Information Technology Misuse
In the following paragraphs, we define six types of computer misuse, along with additional University punitive measures.
This is computing unrelated to the educational, research, or service purposes of a university computer system. In the absence of a specific purpose, as stated by the head of the CIS department, all computing use should advance the educational research goals of the student and faculty, or the administrative tasks of staff. No personal use is allowed unless prior arrangement has been made to reimburse the University at a "fair market value" for the computing resources used. The penalty for unauthorized use can be loss of use of the computing facility and repayment of funds expended in unauthorized usage.
This type of access is enumerated in three categories:
- The first category is defined to include access by a user to an account, password, system routine, network address, phone number, or data file of another user for the purposes of copying the contents and representing it as his/her own work. This is to be interpreted as plagiarism and is therefore subject to Kansas State University's Academic Ethics Behavior and Grievance Procedures. It is also a violation of the Student Conduct Code. Examples of this misuse include copying of other's programs and/or reports and representing them as one's own. In this situation, academic dishonesty procedures defined by the department must be followed.
- The second category is access to another user's assigned computing resources to avoid use of one's own assigned resources. This is considered theft and is prosecutable as such under Kansas law.
- The third type of misuse is access to another user's account and/or files or electronic mail for the purpose of invading an individual's privacy. This is considered breach of privacy and is prosecutable under Kansas law.
Unauthorized Copying of Software
With the increase in use of personal computers and workstations, there is substantial danger that the University could be held liable for copying of software which is protected by license or copyright, particularly if it is subsequently sold or given away. Any unauthorized copying of licensed or copyrighted software is therefore considered theft from the University and a violation of the copyright laws.
Harassment Using a Computing and Information Technology
The use of computer messages, electronic mail, unethically acquired user names, unethically acquired data files, and illegally accessed system software for the purpose of harassing other users is considered misuse of the computing facility. The punitive measure is loss of access to the computing resource. The aggrieved party also has a right to pursue legal action through Kansas law.
Degradation or Denial of Service Due to Computer Misuse
This type of misuse includes actions which either make a computing resource unusable or which cause the system to be degraded to a point such that other users are denied equitable access to the resource for valid academic and administrative pursuits. Users who intentionally overload computing facility, explicitly make it difficult or inconvenient to use, explicitly interfere with the security of the system, covertly destroy data or programs, covertly propagate erroneous or degraded computing behavior (as in computer virii or worms), and/or purposefully "crash" the system will be penalized through administrative penalties. If the magnitude of the loss of the computing facility is large enough, it will be considered for penalties under Kansas law.
Deliberate Destruction of Data or Environment
This type of explicit and intentional effort to destroy data files, user programs, or system programs is a common result of invasive computer programs such as virii and worms. While this may appear as a prank to some, destruction of computer data or programs, considered value property according to Kansas law, is therefore punishable under such law.