The University of Scranton: Code of Responsible Computing



		MAIN PAGE
		Buy Textbooks
		Shop the Bookstore!
		Hours & Directions



		MAIN PAGE
		University Admin.
		Depts. & Divisions
		Services & Resources
		Human Resources
		Employment Opportunities
		Public Safety
		Univ. Committees
		Univ Planning Committee



		Small Business Development Center
		IMBM
		Internet2
		University Press
		WiScranton



		MAIN PAGE
		Technology Support Center
		Royal Card
		Information Resources
		Internet2
		Internet2 Support for University Faculty & Students
		Web Services
		Staff
		IR Guidebook
		Custom Home Pages



		Art Gallery
		Performance Music
		Performing Arts Series
		University Players

CODE OF RESPONSIBLE COMPUTING

All users of any computer resource at the University of Scranton are bound by the policies stated in the Code Of Responsible Computing. This code provides guidelines for the use and administration of all computing resources. Copies of the Code of Responsible Computing are available at the DIR Technology Support Center, Alumni Memorial Hall as well as on the DIR WWW Server. It is important that all users read and understand the Code of Responsible Computing before using resources.

Forward

The development of a policy on computer use is considered important for various reasons. It is clear that abuses have already occurred and that in the absence of any policy they have been handled in an ad hoc (although not necessarily inappropriate) manner. The growing use of and dependence upon computing resources creates an increased potential for serious abuse. The emphasis on and growth of network and remote access to computing resources increases the potential even further.

It appears that there are three aspects which need to be addressed. The nature of what constitutes an abuse is of primary importance; the policy must in some way define or clarify what is considered inappropriate use of computing resources. Secondly, the investigation of a suspected abuse must be conducted in a manner which is effective but still carefully safeguards the rights of all users. Finally, there must be a mechanism to judge whether or not an individual is guilty and to allow for some sort of punitive action to be taken.

The documents put forth by the Subcommittee on Computer Users' Rights and Responsibilities deal with the first two of these three aspects. The Code of Responsible Computing expresses the nature of what constitutes an abuse of computing resources, and places itself within the larger context. The Investigation Guidelines for the Code of Responsible Computing provides a framework within which investigations may be conducted and establishes a standing committee, the Computer Use Board, with both informal and formal roles to play in the process of investigations.

The sub-committee felt that the University already had effective mechanisms to judge and punish academic dishonesty and other such abuses. These mechanisms attempt to handle problems, at the most immediate level possible, through dialogue with suspects through progressively higher levels of authority. Thus, the Computer Use Board is not intended to be a judicial board. Rather, it serves as a technically qualified "third party (observer/advocate)" for both administrators and users of computing resources.

The Code of Responsible Computing is purposefully short. After research on similar documents and efforts undertaken elsewhere and after some debate, the subcommittee decided that any attempt to develop a detailed statement of specific abuses would not best serve the anticipated need. Rather the subcommittee endeavored to write a policy which would state general principles in a form that could be (and hopefully would be) easily read and appreciated.

The Investigation Guidelines for the Code of Responsible Computing provides specific guidelines for what were considered the two most sensitive actions of any investigation of a suspected abuse of computing resources, the denial of access to computing resources, and the inspection of computer information. The formation of a Computer Use Board was considered important for two reasons. First, the growing decentralization of computing resources means that those individuals who administer resources are from different departments within the University. The Computer Use Board could serve as a common ground for these individuals who will have the responsibility of investigating suspected abuses. Secondly, it was felt that a degree of technical expertise was necessary in order to fully interpret the policy. The Computer Use Board provides such technical expertise.

Although these documents rely upon commonly accepted definitions, certain terms require clarification. The working definitions of the subcommittee are expected to be the ones initially adopted by the Computer Use Board as it interprets the policy. These definitions follow:

Administrator (of a computing resource) -: the designated person or persons, through potential levels of authority, who engage in the activities involved with making a computing resource usable by those authorized to use it. Every computing resource should have a clearly identifiable administrator. For example, designated individuals on the staff of Systems and Software Resources, ultimately reporting to their director, serve as administrators of the Alpha 2100 academic computer system. At another extreme, a single faculty member may serve as the administrator of the personal computer system in his/her office; that same person may also be the only authorized user of that computing resource.

Computing Resource -: any hardware or software which is used in some way to accomplish or augment computing activities. "Computing resources include timesharing systems, workstations, personal computers, networks, peripheral equipment, laboratories, and software." Thus, the Alpha 2100 computer system, a particular account on the Alpha 2100, a particular file directory on the Alpha 2100, a floppy diskette, and Alumni Memorial Hall AMH105 may each be considered computing resources.

Authorization (to use a computing resource) -: refers to the permission given by the administrator of a computing resource to an "individual, department, or school" which sanctions the use of that resource. Authorization to use one resource may imply authorization to use other resources out of necessity. For example, when one is authorized to use the Alpha 2100 academic computer system one is explicitly given a user-id and initial password, and it is assumed that numerous other computing resources, such as the default system printer, and common software are also authorized. However, it may not be assumed that every resource accessible from the Alpha 2100 is also authorized. For example, authorization to use particular printers or even software may not be included.

Investigation (of a suspected abuse) -: refers to the actions taken by an administrator of a computing resource for the purpose of determining if an abuse of that resource has occurred or for the purpose of accumulating evidence to document a suspected abuse.

Inspection of computer information (or data) -: refers to the actual examination of the contents of computer files or directories that exist on any computing resource or medium.

This policy provides guidelines for the administration and use of all computing resources at the University of Scranton. Computing resources include timesharing systems, workstations, personal computers, networks, peripheral equipment, laboratories, and software. They are available for use by authorized individuals including students, faculty, staff, and administrators in compliance with the policy outlined below. Each computing resource has a designated system administrator, who may define additional policies of use.

Each user shall act in an ethical manner consistent with the stated goals and mission of the University of Scranton.

Each authorization, including access code, password, file directory and file contents is intended for use by the individual, department, or school receiving the authorization. Each user accepts responsibility for her/his use of computing resources and for those resources assigned or authorized to him/her. Users should take adequate precautions against the misuse of computing resources.

The information created, transmitted, or stored on University of Scranton computing resources is presumed to be confidential subject to the intent of the authorization.

The University has responsibility to provide appropriate security, to maintain reliability and data integrity, and to enforce this policy. However, privacy and confidentiality cannot be guaranteed because of the nature of the resources involved.

Unauthorized use of a computing resource includes but is not limited to the following or any deliberate attempt to accomplish the following

unauthorized copying of software which is licensed or protected by copyright.
any unauthorized commercial use
use of a resource without authorization
damaging equipment
degrading performance
harassment of other users
depriving users of their access to computing resources
preventing the university from fulfilling its responsibilities under this policy
any use of University Computing Resources which would constitute a violation of federal, state, or local laws

Unauthorized use or any violation of this policy is subject to investigation and enforcement as outlined in the "INVESTIGATION GUIDELINES FOR THE 'CODE OF RESPONSIBLE COMPUTING'". Investigation may require the suspension of access to computer resources and inspection of files. Enforcement of this policy with regard to due process may lead to University disciplinary action, and/or prosecution under federal, state, and/or local laws.

It is the responsibility of all users of computing resources to understand and abide by this document and the aforementioned related document. Copies of both documents may be obtained from the Office of the Associate Provost for Information Resources.

Investigation Guidelines for the Code of Responsible Computing

Investigations of suspected computer abuse should be conducted with every effort to assure the proper balance of duties and rights of all parties involved. These guidelines provide certain procedures to follow during an investigation. They also provide for the establishment of a Computer Use Board, which will assist with the interpretation of the code but will NOT actively participate in the investigation.

Denial of access to computing resources
A system administrator may deny access in the following specific cases. This denial of access may continue until the matter is resolved. However, an individual whose access has been denied has the right to meet with the system administrator at the earliest opportunity.
1. In cases where a system administrator may reasonably judge that a computing resource is in jeopardy due to the actions traced to a particular authorization, that authorization may be immediately suspended.
2. In cases where a system administrator may reasonably judge that other users are being deprived of their legitimate use of the computing resource due to actions traced to a particular authorization, that authorization may be immediately suspended.
3. In cases not covered by {A} and {B}, where a system administrator may reasonably judge that a violation of the code is traced to a particular authorization, the normal procedure shall be to attempt to contact the authorized user to set up a meeting to discuss the problem. If, after one week from the initial attempt to contact the user, the meeting has not taken place, authorization may be suspended.
Inspection of computer information

During the course of an investigation of a suspected violation, it may be judged necessary to inspect information created, transmitted, or stored on university computer resources. Since this is a very sensitive issue which deserves careful consideration, files may be inspected only with the expressed consent of the Computer Use Board and with at least one member of CUB present at the inspection. Furthermore, the user whose files are to be inspected must be given ample opportunity to be present at the time the files are inspected.

It should be noted that in accordance with FAC wishes, the Faculty representative on the Computer Use Board will be exempt from granting or denying access to any other faculty member's file. In instances where a faculty member is being investigated, the non-faculty members of CUB will be responsible for taking any such action.

It should be made clear that the archiving of all files -- suspicious or not, without inspection, is normally done as a routine part of system maintenance and may be done as a routine part of investigation. Archived information may provide material for investigation. It is hoped that the actual inspection of files may be avoided except in extreme cases where it may be necessary.

Actions taken under guidelines I and II are not sanctions but a way of handling an immediate problem. They are taken to assure the quality of computing for the whole university community. Whenever action is taken under these guidelines, the system administrator shall submit a report to the Computer Use Board.

The Computer Use Board shall consist of one person from the following constituencies who will serve two year terms.

Information Resources (Appointed by the Associate Provost for Information Resources)
Student body (Appointed by the Vice-President of Student Affairs)
Administration or non-IR Clerical/Professional staff (Appointed by the Provost)
Faculty (Appointed by the Faculty Senate)
The Computer Use Board shall elect its own chair.

The Computer Use Board (CUB) shall act:
1. as a clearing house of information on various ways in which system administrators have dealt with computer abuse problems;
2. as a review board to recommend changes in the Code of Responsible Computing and the Investigation Guidelines contained in this document;
3. and as a third party (observer/advocate) where required or requested in investigations of suspected violations of the University of Scranton Code of Responsible Computing. In all cases, a written report which specifies the procedures utilized in the investigation shall be submitted by the board to the Associate Provost for Information Resources.

Violations of the Code of Responsible Computing by students will result in referral to the University of Scranton Judicial System for disciplinary actions. Students found guilty of violating this policy shall face penalties including fines, participation in community service work, residential or disciplinary probation, residential eviction, required residence in University-approved housing as a condition of continued enrollment, suspension, or expulsion.

Members of the University Community who are employed at the University and who violate this policy will be handled by the appropriate supervisor or office responsible for that individual or group, who will utilize the appropriate policies.

Non-students having no affiliation with the University and who have violated these regulations shall be referred to the relevant civil and/or criminal authorities for appropriate action.

Search / Site Map / Ask Scranton
Choosing Scranton / My.Scranton / Campus Contacts

Disclaimer: The University of Scranton does not endorse views or opinions
found on pages directly or indirectly accessed from our Web site.

© 2008 The University of Scranton