Guidelines for Responsible Computing Policy

The computing resources at Montclair State University support the instructional, research, and administrative activities of the University. Examples of these computing resources include, but are not limited to, the central computing facilities, the campus-wide network, local-area networks, electronic mail, access to the Internet, the World Wide Web, voice mail, departmental networks, public computing facilities, and related services. Users of these services and facilities have access to valuable University resources, to sensitive data, and to external networks. Consequently, it is appropriate for all users to behave in a responsible, ethical, and legal manner. In general, appropriate use means respecting the rights of other computer users, the integrity of the physical facilities, and all applicable license and contractual agreements. The regulations described in the Guidelines for Responsible Computing apply to all computing systems owned or managed by Montclair State. Individual departments may have additional guidelines regarding computing equipment held in those departments. Interested parties should contact the department chair for more information about computing guidelines in a specific department.

Access to the University's computing facilities is a privilege granted to University students, faculty, and staff. Data owners - whether departments, units, faculty, students, or staff - may allow individuals other than University faculty, staff, and students access to information for which they are responsible, so long as such access does not violate any license or contractual agreement, University policy or guidelines, or any federal, state, county, or local law or ordinance.

The University vests the responsibility for ensuring the integrity and performance of its computing systems in various system administrators. While respecting the rights of all users, when the integrity of the system is threatened, system administrators are authorized to take those actions necessary to maintain the system and are fully accountable for their actions.

Authorized Use
These guidelines apply to all users of computing resources owned or managed by Montclair State University, including but not limited to faculty and visiting faculty, staff, students, guests of the administration, external individuals or organizations, and individuals accessing external network services, such as the Internet, via Montclair State's computing facilities.

Rights, Privelges and Responsibilities
Access to Computing Resources
Central Time-Sharing Computing Facilities

Faculty, graduate and undergraduate students, and University employees may use the central computing facility for activities related to research, instruction, or University administration.

Other Computing Resources
Montclair's computing facilities and services - such as the public computing labs, consulting services, and training - are available to members of the University community.

Departmental and School Computing Resources
For information on access to departmental and school computing resources, contact the appropriate department chair or dean.

Data Security and Integrity
Users should use all available methods to protect their files, including the frequent changing of their passwords, encryption of data where appropriate, and storing of back-up copies of information off site. In the event that data have been corrupted as a result of intrusion, a system administrator should be notified immediately. Every reasonable attempt shall be made to restore files to their status prior to intrusion. However, full restoration cannot be guaranteed.

Montclair State University provides reasonable security against intrusion and damage to files stored on campus computing facilities. The University provides some facilities for archiving and retrieving files specified by users, and for recovering files after accidental loss of data. However, neither Montclair State nor its computing staff can be held accountable for unauthorized access by other users, nor can they guarantee protection against media failure, fire, floods, or other disaster.

Although the University backs up some departmental servers and makes reasonable attempts to protect those servers from intrusion, it does not provide the same level of protection or offer restoration of files stored on departmental servers or personal computers. Therefore, it is especially important that users back up their files and use all available means to protect their data on departmental systems.

Privacy
Montclair State University participates in a range of computing networks, and many members of the community regularly use these networked computers in their work. Statements in public (i.e., not private) files in this medium are protected by the same laws, policies, and guidelines, and are subject to the same limitations, as communications in other media. The same holds true for electronic personal files and communications (for example, e-mail). However, users should exercise caution when committing confidential information to electronic media, because the confidentiality of such material cannot be guaranteed. For example, routine maintenance or system administration of a computer may result in the contents of files and communications being inadvertently seen.

Network and system administrators are expected to treat the contents of electronic files as private and confidential and to respect the privacy of all users. Members of the computing staff are forbidden to log on to a user's account or to access a user's file unless the user gives explicit permission (for example, by setting file access privileges).

An exception to these privacy guidelines may be made, however, when a program or individual is suspected of threatening the integrity of the network or other shared services. Examples of such programs include worms or viruses. In such instances, the system administrator shall immediately notify the Associate Vice President for Information Technology and a decision shall be made as to whether the threat requires immediate action. If an immediate response is required, it shall be undertaken and careful records shall be kept as to the accounts and files examined. Once the threat is removed and system integrity restored, the Associate Vice President for Information Technology shall consult with the appropriate senior officer of the University and a written and an oral report shall be forwarded to everyone involved in a timely manner.

If the instance does not require immediate action but privacy must still be breached, then reasonable attempts shall be made to contact the file-owner by telephone and e-mail. If the attempts are not successful or the file-owner refuses permission, the system administrator in conjunction with the Associate Vice President for Information Technology, after consultation with an appropriate senior officer of the University, is permitted to examine the accounts and files involved. Afterward a written report shall be forwarded to everyone involved in a timely manner.

Any inspection of electronic files, and any action based upon such inspection, shall be limited to what is necessary to restore the integrity of the system and shall be governed by all applicable federal and New Jersey laws.

Temporary Denial of Service
Similar principles and procedures apply to the temporary denial of service. In particular, a system manager cannot deny access to a user without following the due process procedures outlined above. An exception to these procedures may be made for routine maintenance and system administration; however, every effort shall be made to perform such activities during off hours. Any extended denial of access can only result from a fair hearing in accordance with University judicial procedures.

University Responsibility for Errors in Software, Hardware, and Consulting
Montclair State University makes every effort to maintain an error-free hardware and software environment for users and to ensure that the computing staff are properly trained. Nevertheless, it is impossible to ensure that hardware or system software errors will not occur or that staff will always give correct advice. Montclair State University presents no warranty, either expressly stated or implied, for the services provided. Damages resulting directly and indirectly from the use of these resources are the responsibility of the user.

Changes in the Computing Environment
When significant changes in hardware, software or procedures are planned, the University community shall be notified through electronic and other media to ensure that all users have enough time to prepare for the changes and to voice any concerns that they might have.

Guidelines for Appropriate Computing Behavior
Those who avail themselves of the campus and network computing resources are required to behave in their use of the technology in a manner consistent with Montclair State University’s codes of conduct.

The University subscribes to the statement on software and intellectual rights distributed by EDUCOM, the non-profit consortium of colleges and universities committed to the use and management of information technology in higher education, and the Information Technology Association of America (ITAA), a computer software and services industry association: "Respect for intellectual labor and creativity is vital to academic discourse and enterprise. This principle applies to work of all authors and publishers in all media. It encompasses respect for the right to
acknowledgment, right to privacy, and right to determine the form, manner, and terms of publication and distribution."

"Because electronic information is volatile and easily reproduced, respect for the work and personal expression of others is especially critical in computer environments. Violations of authorial integrity, including plagiarism, invasion of privacy, unauthorized access, and trade secret and copyright violations, may be grounds for sanctions against members of the academic community."

The University is a "carrier" of information via electronic channels rather than a "publisher" (except with regard to official University publications) and therefore not expected to be aware of, or directly responsible for, material any individual member of the University community posts, sends, or publishes via the World Wide Web or Internet groups.

The following list does not cover every situation that pertains to proper or improper, use of computing resources, but it does suggest some of the responsibilities that employees and students accept when choosing to use a computing resource or the network access that the University provides.

If employees and students have any computer accounts, they are responsible for the use made of those accounts. Employees and students should set a password that will protect their accounts from unauthorized use, and that will not be guessed easily. If an employee of student discovers that someone has made unauthorized use of the account, the employee or student should change the password and report the intrusion. Employees and students are encouraged to change passwords on a regular basis, to assure continued security of accounts. Employees and students should only use computer accounts or IDs that belong to the employee or student.

Employees and students must not intentionally seek information about, browse, obtain copies of, or modify files, passwords, images, music, sound, or tapes belonging to other people, whether at Montclair State University or elsewhere, unless specifically authorized to do so by those individuals. (Note: If an individual has explicitly and intentionally established a public server, or explicitly designated a set of files as being for shared public use, others may assume authorization to use that server or those files.)

Concerning material on the World Wide Web, employees and students must first obtain permission of the owner or copyright holder of any image, background pattern, section of text or musical, film or video selection you may want to use on your Web site. Employees and students are free to create links to other Web pages, but may not copy the work of others to personally publish on the World Wide Web (or elsewhere) or redistribute the work of others via servers, e-mail or other means without authorization and proper attribution. The University's requirements and standards for acknowledgment of sources in academic work, as stated in the Student's Rights and Responsibilities and the Faculty Handbook, apply to all electronic media.

Employees and students must not attempt to decrypt or translate encrypted material to which they are not entitled. Nor may they seek to obtain privileges to systems for which they are not entitled. Attempts to do any of these things shall be considered serious transgressions.

If employees and students encounter or observe a gap in system or network security, they must report the gap to a system or network administrator. Employees and students must refrain from exploiting any such gaps in security.

Employees and students must refrain from any unauthorized action that deliberately interferes with the operating system or accounting functions of the systems or that is likely to have such effects.

Employees and students must be sensitive to the public nature of shared facilities, and take care not to display on screens in such locations images, sounds, or messages that could create an atmosphere of discomfort or harassment for others. Employees and students must also refrain from transmitting to others in any location inappropriate images, sounds, or messages that might violate the University statements on harassment.

Employees and students must avoid the following activities: tying up shared computing resources for excessive game playing or other trivial applications; sending frivolous or excessive mail or messages locally or over an affiliated network; or printing excessive copies of documents, files, images, or data. Employees and students must refrain from using unwarranted or excessive amounts of storage; printing documents or files numerous times because they have not been checked thoroughly for all errors and corrections; or deliberately running grossly inefficient programs when efficient ones are available. Employees and students must be sensitive to special needs for software and services available in only one location, and cede place to those whose work requires the special items.

Employees and students must not prevent others from using shared resources by running unattended processes or placing signs on devices to reserve them without authorization. Absence from a public computer or workstation should be very brief. A device unattended for more than 10 minutes may be assumed to be available for use, and any process running on that device terminated. Employees and students must not lock a workstation or computer that is in a public facility. They must also be sensitive to performance effects of remote log-in to shared workstations; when there is a conflict, priority for use of the device must go to the person seated at the keyboard rather than to someone logged on remotely.

The University presents many programs and data that have been obtained under contracts or licenses saying they may be used but not copied, cross-assembled, or
reverse-compiled. Employees and students are responsible for determining that programs or data are not restricted in this manner before copying them in any form, or before reverse-assembling or reverse-compiling them in whole or in any part. If permission to copy such software is unclear, the employee or student should assume that he/she may not do so.

Messages, sentiments, and declarations sent as electronic mail or sent as electronic postings must meet the same standards for distribution or display as if they were tangible documents or instruments. Employees and students are free to publish personal opinions, but they must be clearly and accurately identified, or, if the employee or student is acting as the authorized agent of a group recognized by the University, as coming from the group the employee or student is authorized to represent. Attempts to alter the “From” line or other attribution of origin in electronic mail, messages, or postings, shall be considered transgressions of University rules.

If employees or students create, alter, or delete any electronic information contained in, or posted to, any campus computer or affiliated network, it will be considered forgery if it would be considered so on a tangible document or instrument.

Employees and students must not create and send, or forward, electronic chain letters.

Employees and students shall not use any Montclair State University system as a staging ground to enter other systems without authorization.

In general, University-owned hardware, software, manuals, and supplies must remain at campus computing sites. Any exception to the rule requires proper authorization.

Privately owned computer systems, when attached to the University's data network and/or other campus resources, are subject to the same responsibilities and regulations as pertain to University-owned systems. Employees and students are responsible for protecting the University's property, license agreements, and good name from damage by others to whom they might provide access, and for assuring that no copyrighted material is published on, or distributed from, that system without permission of the copyright holder.

Employees and students should be aware that there are other federal, state, and sometimes local laws that govern certain aspects of computer, broadcast video, and telecommunications use. Additional legislation is emerging. Members of the University community are expected to respect and comply with the federal, state, and local laws in use of the campus technologies and University-provided network access, as well as to observe and respect University-specific rules and regulations.

Violations of The Guidelines
Violations of the University Guidelines for Responsible Computing are treated like any other ethical violation as outlined in the Student Handbook, relevant contractual agreements, and applicable faculty and staff handbooks. Violators may also be subject to prosecution under applicable federal and New Jersey statutes.

Acknowlegement
This document contains excerpts and paraphrased sections from similar documents prepared by Brown University, Princeton University, University of Delaware, University of Illinois at Champaign-Urbana, Iowa State University, and the Electronic Frontier Foundation. We gratefully acknowledge their contributions.

The most current guidelines for responsible computing can be found online at:

OIT Guidelines

Computer resources for Faculty and Staff can be found online at: