Questions And Answers About Appropriate Use Of University Computing Resources
All users should familiarize themselves with the University's Computing Acceptable Use Policy. The following document is intended to provide guidance to users concerning uses of university-owned computing resources which are normally considered inappropriate, and which may result in disciplinary action.
What constitutes inappropriate use of computing resources?
The University recognizes four categories of inappropriate use:
- any use of the resources which is in violation of the laws of Canada,Ontarioand/or the City ofNorth Bay;
- any activity which jeopardizes the security of the resources or of information stored on or transmitted by the resources, or which degrades system performance to such an extent as to interfere substantially with the ability of the University community to use those resources effectively;
- any use of resources in which the resources required for the activity are significantly disproportionate to the likely potential benefits which may accrue to the performance of the University's primary mission as a result of the activity;
- any use of the resources which may reasonably be considered to offend other members of the community to such an extent that it may hinder them from using the system.
What are some examples of illegal use?
The following list is not exhaustive, but should provide a good idea of the sorts of activities, which are likely to violate one or more laws:
- any violation of copyright, whether owned by the University or a third party;
- any attempt to violate the security of computing resources in an attempt to gain unauthorized access to information, whether the resources are those of the University or not;
- any development, modification, or release using University resources of any software determined to have the characteristics and/or behaviour of software commonly referred to as viruses, trojans, bots, worms, spam, or similar.
- any dissemination or storage of material which violates Canadian and/or Ontariolaw regarding such matters as pornography and hate literature;
- any attempt to destroy or dismantle the computing resources, or use of the resources in an attempt to cause such destruction elsewhere;
- in addition, users should be aware that much of the software installed on university computing resources is governed by specific licensing arrangements which assume that it will be used for educational purposes, and that use of the software for commercial purposes is prohibited. Users who wish to engage in any activity that might be construed as commercial in nature are responsible for ensuring that their activities do not violate the terms of such licensing agreements and that they adhere to the principles and policies of the University. Similar restrictions may also apply to certain components of the resources themselves.
What are some examples of harmful use?
The following list is not exhaustive, but should give a good idea of the sorts of activities which constitute unacceptable risks to the security or to the performance of the resources:
- any attempt to violate the security of computing resources in an attempt to gain unauthorized access to information, whether the resources are those of the University or not;
- any unauthorized disclosure of information, including data stored or transmitted on the resources, access codes or passwords;
creation or dissemination of any file or process which occasions significant degradation of system performance (for example, a process which runs amok and spawns limitless sub-processes, or a submitted print job which causes the print queue to hang and become inoperative).
What are some examples of excessive use?
The following types of activities are examples of activities, which may not be permitted, because they require the allocation of shared resources to a degree which may significantly interfere with the legitimate activities of other users, or which may be considered disproportionate to the benefits likely to be derived from the activity:
- use of shared resources for computer gaming;
- access to music servers, chat servers, or to peer-to-peer services (i.e. KaZaA, AudioGalaxy, etc.) that enable access to large media files (i.e. music, video, etc.);
- origination or forwarding of chain letters, whether or not the mail in question is intended to result in personal gain to the user;
printing of very large documents or of multiple copies of documents.
- use of departmental-specific resources by a user not employed by or enrolled in that department or who has not received permission for use from the department in question.
What constitutes offensive use?
The following are some examples of use likely to be considered offensive by many users:
- use of the resources to harass others;
- use of publicly accessible resources to display material which is likely to conflict with the sensibilities of others, whether such material is in the form of text, image, sound or other digitized data.
What sorts of activities might be included in copyright violations?
Two of the most common electronic copyright violations are the unauthorized reproduction of published material, which has been copyrighted by someone else, and the unauthorized duplication of commercial software (software piracy). For example, many photographs circulating on the Internet have been scanned from published material without authorization, and it may be illegal to store or to disseminate them. Similarly, many digitized sounds may have been reproduced from copyrighted recordings without authorization. If you have any doubt about whether it is permissible to reproduce something, you should first assume that it is copyrighted and then check with the University's Copyright Officer in order to avoid possible problems.
Users who are guilty of software piracy should realize that the penalties for this activity can be very serious; before you accept any software from another user, it is your responsibility to make sure that you are entitled to accept it. The unauthorized duplication of software from university-owned resources will be viewed as an extremely serious offense. In all cases of doubt, you should consult the Chief Operating Officer.
What other laws might be violated?
In addition to legislation concerning pornography and hate literature, users should be aware that the deliberate dissemination of inaccurate or misleading information about other persons may constitute publication, and could lead to proceedings for defamation, libel or slander.
What is an attempt to violate security?
Any attempt by a user to gain unauthorized access to information, or the release by users of information, which they have not been authorized to release. This includes such activities as attempts to 'crack' other users' passwords, attempts to gain access to files or software without authorization, any unauthorized use of computer hardware or software, any attempt to circumvent 'firewalls' or other security measures which may be established by University Technology Services, any attempt to login to systems for which access has not been authorized, and so forth.
Unauthorized release of information may refer to confidential data stored or transmitted on university resources, whether users are required to have access to the data in the course of their duties or studies, gain access to it through accidental means or by the negligence or malicious acts of other users. It may also refer to the disclosure of passwords, which are for individual use only and must not be disclosed to other persons.
Why can't I let my children, spouse, friend, roommate, colleague, research assistant, employee, supervisor, etc. use my computer account?
The security of shared resources depends to a very large extent on the security of passwords. The University is required by Internet RFC1173 to be able to trace back all communications to individual users; this is why individual users are held responsible for any activity associated with their own accounts. Disclosure of passwords, even to someone you trust implicitly, means that you have voluntarily given up control over your account, and means that you have allowed an unauthorized user access to the resources for which you have been entrusted. The same applies to allowing other persons to use your account once you have logged on. In addition, some software in use at the University, including shared databases, is licensed for the sole use of students, staff and faculty of NipissingUniversityand to other authorized users, and its use by any other person constitutes a violation of the University’s licensing agreements.
Do I have to refrain from any activity which might result in financial gain to me?
Not necessarily, but if you intend to charge a fee for any activity conducted using University resources, you must ensure that your use conforms to the terms of licensing agreements between the University and its suppliers. Users who engage in contract research, for example, should check the agreements respecting any resources that they plan to use in the course of their work.
All users should be aware of the provisions of University conflict of interest guidelines.
Why is the question of commercial activity of any interest to the University in the first place?
Much of the software and hardware we use has been purchased, often at greatly reduced cost, under special educational licensing arrangements which stipulate that it will not be used for commercial purposes. Violation of these licenses by users could jeopardize the continued use of this hardware or software by all members of the University community.
Why are computer games and music/video sharing not permitted using University technology resources?
Use of central computing resources for gaming and music/video sharing is not permitted because this activity, by its very nature, tends to use resources in disproportionate quantity to the benefits they provide (as well as potentially violating copyright laws in the case of media sharing).
What is chain mail?
Chain mail is any mail intended to be forwarded indefinitely by every recipient, typically to more than one other person. Many types of chain mail may be recognized as such because they contain an explicit request that you pass them on, often to as many people as possible. The easiest type to recognize and avoid includes 'get rich quick' or 'make money fast' schemes, but some other kinds of chain mail are harder for novice users to detect. For example, many so-called 'virus alert' messages (such as the 'Good Times alert') are nothing more than hoaxes, and propagating them serves only to perpetuate the hoax and clog other users' mailboxes. Many apparent charitable messages are hoaxes or are based on false or outdated information. If you receive any of these types of mail, it is your responsibility to verify their authenticity before forwarding them. The forwarding of multiple copies of jokes is also a form of chain mail.
Why is the origination or forwarding of chain mail considered an offense, if it's used for a good purpose and not for some 'make money fast' pyramid scheme?
Regardless of the purpose, chain e-mail has a catastrophic effect on shared resources. Consider this example: if you sent a letter to 5 friends, and asked each of them to pass it on to five friends, here's how the chain would grow: after two mailings, there would be 25 copies in circulation, but after only 10, there would be 9,765,625. Even with traditional paper mail, exponential growth of this sort can result in the clogging of post office resources, which is why most countries do not permit it. Chain e-mail can clog shared computer systems to such an extent that they crash, causing potentially serious disruption to a large number of users. Since it takes only a single user to start such an exponential progression, certain types of chain e-mail can lie dormant for long periods of time, then suddenly resurface. Users who receive any type of chain e-mail should not forward or answer it; instead, they should notify University Technology Services Helpdesk, which will take steps to deal with it.
What sorts of use would constitute harassment?
The use of resources to send threatening, defaming, hateful or obscene messages, persistent attempts to communicate with users who have made it clear that they do not wish to receive mail from you, and so forth.
What constitutes a publicly accessible area?
Any computing resource generally accessible and intended for use by members of the university community at large may be considered a publicly accessible resource. All equipment in computer labs, for example, falls into this category. Some academic units may operate publicly accessible resources consisting of one or more computer terminals, workstations, microcomputers or associated peripherals. These resources may be less public in that they may be available to only a single concurrent user and situated in an area not normally visible to other people; if so, the requirement to refrain from displaying potentially offensive material may be less stringent. Users should also refrain from posting potentially offensive material in publicly accessible files or web pages without good reason, i.e. for academic purposes.
What sorts of material should I refrain from displaying in publicly accessible areas?
Many users are likely to find the display of sexually explicit, vulgar or blasphemous material offensive in a public place. As a result, you should take steps to ensure that visual, textual, and audible material of a sexually explicit nature, or material likely to offend the religious or moral beliefs of others users is not displayed in publicly accessible areas, unless you are able to take steps to ensure that other users are not disturbed by your actions. This is similar to saying that you should not talk loudly or play loud sounds in public work areas, as these activities are likely to interfere with the work of other users.
Does this mean I can never view anything controversial in a publicly accessible facility?
Not at all. It does mean, however, that you are responsible for ensuring that other users are not disturbed by your actions. The 'in your face' flaunting of potentially offensive material which has little or no connection with a user's academic pursuits is very different from the viewing of potentially controversial material for the purposes of academic research, whether or not the research is taking place in direct connection with a given course assignment. Remember that as a user it is up to you to ensure that your use of the resources is prudent and responsible.
What does 'display' mean?
In this context, it means to cause to appear on a computer monitor (whether attached to the computer currently operated by the user or remote from it), to cause to be played through a loudspeaker attached to a computer, or to cause to be reproduced on a printing device attached to a computer.
Can system administrators look at my files?
Yes, system administrators do have system privileges that enable them to enter user accounts. All system administrators, however, must sign an undertaking of confidentiality, which binds them to respect the privacy of all users. With the exception of certain system-related files' which must be generally accessible (these are usually files containing public information or settings for applications or shells, such as .cshrc, .forward, .plan, .pinerc), all files in users' accounts and user data transmitted on a network are considered private, and system administrators will not examine this material in normal circumstances, except as required by their job duties. You should realize, however, that if activity within your account is responsible for an incident of inappropriate use, it may be necessary for a system administrator to take immediate steps to deal with it without notifying you in advance, and that these steps may include examination or deletion of problematic processes or files which are causing system degradation, for example by clogging mail or print queues or causing system failures, or disconnection of problematic hosts, network devices, or networks.
Is my mail private?
You should not entrust to unencrypted e-mail anything which you would be uncomfortable making generally known. While attempts to read other users' mail are strictly prohibited, mail messages can sometimes go astray (because of a wrong address or the results of an email-borne virus, for example). These messages may end up in the mailbox of some unintended recipient, or may have to be dealt with by the 'system postmaster': a system administrator with specific responsibility for the mail. In these cases, privacy of mail cannot be guaranteed. Users should also be aware that copies of electronic mail may be kept by recipients or in backups for long periods of time, and that electronic mail is consequently vulnerable to breaches of security. As a general rule, you should consider it unwise to commit to electronic mail (or to unencrypted storage generally) anything which you would not want to see generally known and attributed to you.
What happens if I do something which contravenes the policy on inappropriate use?
A log is kept of all incidents of suspected inappropriate use. If your account is the source of such an incident, you will be contacted and asked to provide an explanation. An account which is the source of a security problem or a problem which prevents other users from working may be locked in order to prevent the problem from becoming more serious. If your account is locked for any reason, you will be informed. Please note, should any incident of inappropriate use be deemed to be in possible violation to civil law, the University will be forced to turn the matter over to the local city police, Ontario Provincial Police or the R.C.M.P.
What should I do if I have a question which is not answered here, or if I'm in doubt about whether a given use is appropriate, or if I stumble across what I think is a case of inappropriate use?
You should immediately seek the assistance of the system administrator, or report the incident to the Chief Operating Officer.