Guidelines for Responsible Computing

I. SUMMARY

The computing resources at Montclair State support the instructional, research and administrative activities of the University. Examples of these computing resources include, but are not limited to, the central computing facilities, the campus-wide network, local-area networks, electronic mail, access to the Internet, the World Wide Web, voice mail, departmental networks, the public computing facilities and related services. Users of these services and facilities have access to valuable University resources, to sensitive data and to external networks. Consequently, it is appropriate for all users to behave in a responsible, ethical and legal manner. In general, appropriate use means respecting the rights of other computer users, the integrity of the physical facilities and all applicable license and contractual agreements. The regulations described in the Guidelines for Responsible Computing apply to all computing systems owned or managed by Montclair State. Individual departments may have additional guidelines regarding computing equipment held in those departments. Interested parties should contact the department chair for more information about computing guidelines in a specific department.

Access to the University’s computing facilities is a privilege granted to University students, faculty and staff. Data owners – whether departments, units, faculty, students or staff – may allow individuals other than University faculty, staff and students access to information for which they are responsible, so long as such access does not violate any license or contractual agreement; University policy or guidelines; or any federal, state, county or local law or ordinance.

The University vests the responsibility for ensuring the integrity and performance of its computing systems in various system administrators. While respecting the rights of all users, when the integrity of the system is threatened, systems administrators are authorized to take those actions necessary to maintain the system and are fully accountable for their actions.

II. AUTHORIZED USE

These guidelines apply to all users of computing resources owned or managed by Montclair State, including but not limited to faculty and visiting faculty, staff, students, guests of the administration, external individuals or organizations and individuals accessing external network services, such as the Internet, via Montclair State’s computing facilities.

III. RIGHTS, PRIVILEGES and RESPONSIBILITIES

1. ACCESS TO COMPUTING RESOURCES

Central time-sharing computing facilities
Faculty, graduate and undergraduate students, and University employees may use the central computing facility for activities related to research, instruction or University administration.

Other computing resources
Montclair’s computing facilities and services – such as the public computing labs, consulting services and training – are available to members of the University community.

Departmental and School computing resources
For information on access to departmental and school computing resources, contact the appropriate department chair or Dean.

2. DATA SECURITY AND INTEGRITY

Users should use all available methods to protect their files, including the frequent changing of their passwords, encryption of data where appropriate, and storing backup copies of information off-site. In the event that data have been corrupted as a result of intrusion, a system administrator should be notified immediately. Every reasonable attempt will be made to restore files to their status prior to intrusion. However, full restoration cannot be guaranteed.

Montclair State provides reasonable security against intrusion and damage to files stored on campus computing facilities. The University provides some facilities for archiving and retrieving files specified by users, and for recovering files after accidental loss of data. However, neither Montclair State nor its computing staff can be held accountable for unauthorized access by other users, nor can they guarantee protection against media failure, fire, floods, or other disasters.

Although the University backs up some departmental servers and makes reasonable attempts to protect those servers from intrusion, it does not provide the same level of protection or offer restoration of files stored on departmental servers or personal computers. Therefore, it is especially important that users back up their files and use all available means to protect their data on departmental systems.

3. PRIVACY

Montclair State participates in a range of computing networks, and many members of the community regularly use these networked computers in their work. Statements in public (i.e., not private) files in this medium are protected by the same laws, policies and guidelines, and are subject to the same limitations, as communications in other media. The same holds true for electronic personal files and communications (e.g. email). However, users should exercise caution when committing confidential information to electronic media, because the confidentiality of such material cannot be guaranteed. For example, routine maintenance or system administration of a computer may result in the contents of files and communications being inadvertently seen.

Network and system administrators are expected to treat the contents of electronic files as private and confidential and to respect the privacy of all users. Members of the computing staff are forbidden to log on to a user account or to access a user’s files unless the user gives explicit permission (for example, by setting file access privileges).

An exception to these privacy guidelines may be made, however, when a program or individual is suspected of threatening the integrity of the network or other shared services. Examples of such programs include worms or viruses. In such instances, the system administrator will immediately notify either the Associate Vice President for Information Technology or the Director of Academic Computing and a decision will be made as to whether the threat requires immediate action. If an immediate response is required, it will be undertaken and careful records will be kept as to the accounts and files examined. Once the threat is removed and system integrity restored, the Associate Vice President for Information Technology or the Director of Academic Computing will consult with the appropriate senior officer of the University and a written and an oral report will be forwarded to everyone involved in a timely fashion.

If the instance does not require immediate action but privacy must still be breached, then reasonable attempts will be made to contact the file-owner by telephone and e-mail. If the attempts are not successful or the file-owner refuses permission, the system administrator in conjunction with either the Vice President for Information Technology or the Director of Information Technology, after consultation with an appropriate senior officer of the University, is permitted to examine the accounts and files involved. Afterward, a written report will be forwarded to everyone involved in a timely manner.

Any inspection of electronic files, and any action based upon such inspection, will be limited to what is necessary to restore the integrity of the system and will be governed by all applicable federal and New Jersey laws.

4. TEMPORARY DENIAL OF SERVICE.

Similar principles and procedures apply to the temporary denial of service. In particular, a system manager cannot deny access to a user without following the due process procedures outlined above. An exception to these procedures may be made for routine maintenance and system administration; however, every effort will be made to perform such activities during off-hours. Any extended denial of access can only result from a fair hearing in accordance with University judicial procedures.

5. UNIVERSITY RESPONSIBILITY FOR ERRORS IN SOFTWARE, HARDWARE AND CONSULTING.

Montclair State makes every effort to maintain an error-free hardware and software environment for users and to ensure that the computing staff are properly trained. Nevertheless, it is impossible to ensure that hardware or system software errors will not occur or that staff will always give correct advice. Montclair State presents no warranty, either expressly stated or implied, for the services provided. Damages resulting directly and indirectly from the use of these resources are the responsibility of the user.

6. CHANGES IN THE COMPUTING ENVIRONMENT

When significant changes in hardware, software or procedures are planned, the University community will be notified through electronic and other media to ensure that all users have enough time to prepare for the changes and to voice any concerns that they might have.

IV. GUIDELINES FOR APPROPRIATE COMPUTING BEHAVIOR

Those who avail themselves of the campus and network computing resources are required to behave in their use of the technology in a manner consistent with Montclair State’s codes of conduct.

The University subscribes to the statement on software and intellectual rights distributed by EDUCAUSE, the non-profit consortium of colleges and universities committed to the use and management of information technology in higher education, and the Information Technology Association of America (ITAA), a computer software and services industry association:

“Respect for intellectual labor and creativity is vital to academic discourse and enterprise. This principle applies to work of all authors and publishers in all media. It encompasses respect for the right to acknowledgment, right to privacy, and right to determine the form, manner, and terms of publication and distribution.”

“Because electronic information is volatile and easily reproduced, respect for the work and personal expression of others is especially critical in computer environments. Violations of authorial integrity, including plagiarism, invasion of privacy, unauthorized access, and trade secret and copyright violations, may be grounds for sanctions against members of the academic community.”

The University is a “carrier” of information via electronic channels rather than a “publisher” (except with regard to official University publications) and therefore not expected to be aware of, or directly responsible for, material any individual member of the University community posts, sends, or publishes via the World Wide Web or Internet groups.

The following list does not cover every situation which pertains to proper, or improper, use of computing resources, but it does suggest some of the responsibilities which you accept if you choose to use a computing resource or the network access which the University provides.

1. If you have any computer account, you are responsible for the use made of that account. You should set a password which will protect your account from unauthorized use, and which will not be guessed easily. If you discover that someone has made unauthorized use of your account, you should change the password and report the intrusion. You should change your password on a regular basis, to assure continued security of your account. You should only use a computer account or an ID that belongs to you.
2. You must not intentionally seek information about, browse, obtain copies of, or modify files, passwords, images, music, sound or tapes belonging to other people, whether at Montclair State or elsewhere, unless specifically authorized to do so by those individuals. (Note: if an individual has explicitly and intentionally established a public server, or explicitly designated a set of files as being for shared public use, others may assume authorization to use that server or those files.)
   Concerning material on the World Wide Web, you must first obtain permission of the owner or copyright holder of any image, background pattern, section of text or musical, film or video selection you may want to use on your Web site. You are free to create links to other Web pages, but you may not copy the work of others to publish yourself on the World Wide Web (or elsewhere) or redistribute the work of others via servers, email or other means without authorization and proper attribution. The University’s requirements and standards for acknowledgment of sources in academic work, as stated in the Student’s Rights and Responsibilities and the Faculty Handbook, apply to all electronic media.
3. You must not attempt to decrypt or translate encrypted material to which you are not entitled. Nor may you seek to obtain system privileges to which you are not entitled. Attempts to do any of these things will be considered serious transgressions.
4. If you encounter or observe a gap in system or network security, you must report the gap to a system or network administrator. You must refrain from exploiting any such gaps in security.
5. You must refrain from any unauthorized action which deliberately interferes with the operating system or accounting functions of the systems or that is likely to have such effects.
6. You must be sensitive to the public nature of shared facilities, and take care not to display on screens in such locations images, sounds or messages which could create an atmosphere of discomfort or harassment for others. You must also refrain from transmitting to others in any location inappropriate images, sounds or messages which might violate the University statements on harassment.
7. You must avoid the following activities: tying up shared computing resources for excessive game playing or other trivial applications; sending frivolous or excessive mail or messages locally or over an affiliated network; or printing excessive copies of documents, files, images or data. You must refrain from using unwarranted or excessive amounts of storage; printing documents or files numerous times because you have not checked thoroughly for all errors and corrections; or deliberately running grossly inefficient programs when you know that efficient ones are available. You must be sensitive to special needs for software and services available in only one location, and cede place to those whose work requires the special items.
8. You must not prevent others from using shared resources by running unattended processes or placing signs on devices to reserve them without authorization. Your absence from a public computer or workstation should be very brief. A device unattended for more than ten minutes may be assumed to be available for use, and any process running on that device terminated. You must not lock a workstation or computer which is in a public facility. You must also be sensitive to performance effects of remote login to shared workstations: when there is a conflict, priority for use of the device must go to the person seated at the keyboard rather than to someone logged on remotely.
9. The University presents for your use many programs and data which have been obtained under contracts or licenses saying they may be used, but not copied, cross-assembled, or reverse-compiled. You are responsible for determining that programs or data are not restricted in this manner before copying them in any form, or before reverse-assembling or reverse-compiling them in whole or in any part. If it is unclear whether you have permission to copy such software or not, assume that you may not do so.
10. Messages, sentiments, and declarations sent as electronic mail or sent as electronic postings must meet the same standards for distribution or display as if they were tangible documents or instruments. You are free to publish your opinions, but they must be clearly and accurately evident, as coming from you, or, if you are acting as an authorized agent of a group recognized by the University, as coming from the group you are authorized to represent. Attempts to alter the From line or other attribution of origin in electronic mail, messages, or postings, will be considered transgressions of University rules.
11. If you create, alter, or delete any electronic information contained in, or posted to, any campus computer or affiliated network, it will be considered forgery if it would be considered so on a tangible document or instrument.
12. You must not create and send, or forward, electronic chain letters.
13. You shall not use any Montclair State system as a staging ground to enter other systems without authorization.
14. In general, University-owned hardware, software, manuals, and supplies must remain at campus computing sites. Any exception to the rule requires proper authorization.

Privately-owned computer systems, when attached to the University’s data network and/or other campus resources, are subject to the same responsibilities and regulations as pertain to University-owned systems. You are responsible for protecting the University’s property, license agreements, and good name from damage by others to whom you might provide access, and for assuring that no copyrighted material is published on, or distributed from, that system without permission of the copyright holder.

You should be aware that there are other federal, state and sometimes local laws which govern certain aspects of computer, broadcast video, and telecommunications use. Additional legislation is emerging. Members of the University community are expected to respect and comply with the federal, state and local laws in use of the campus technologies and University-provided network access, as well as to observe and respect University-specific rules and regulations.

V. VIOLATIONS OF THESE GUIDELINES

Violations of the University Guidelines for Responsible Computing are treated like any other ethical violation as outlined in the Student Handbook, relevant contractual agreements, and applicable faculty and staff handbooks. Violators may also be subject to prosecution under applicable Federal and New Jersey statutes.

ACKNOWLEDGMENT

This document contains excerpts and paraphrased sections from similar documents prepared by Brown University, Princeton University, University of Delaware, University of Illinois at Champaign-Urbana, Iowa State University and the Electronic Frontier Foundation. We gratefully acknowledge their contributions.