SUNY Ulster Technology Policy

Page 1

SUNY Ulster Technology Policy
Authorized Use
Unethical Use
Copyrights and License Agreements
Modifying Software or Hardware
Publishing Web Pages
Office of Information Technology
Reporting Violations
Appendix: Local, state and federal law
Child Pornography
Distribution of Pornography
Scams and Pyramid Schemes
Copyright Infringement
Software Piracy
Sound Recording Piracy
Federal Computer Security Violations
Bomb Threats and Hoaxes

Page 2

(1) Computers and network systems offer powerful tools for communication among members of the Ulster community and of communities outside of the College. When used appropriately, these tools can enhance dialog and communications. The College expects all members of its community to use electronic resources in an ethical and responsible manner.

(2) The College reserves the right to place limited restrictions on the use of its computers and network systems in response to complaints presenting evidence of violations of College policies or codes, or state or federal laws. Once evidence is established, the College authorities responsible for overseeing these policies and codes will be consulted on the appropriateness of specific restrictions, which could include the removal of material posted on a computer and/or limiting access to the College's networks. In exceptional cases, Office of Information Technology (OIT) staff may detect evidence of a violation while performing his or her duties operating or maintaining a system. In such instances, the OIT staff member should contact the Director of Library & Information Services for further guidance.

(3) No one shall use any College computer or network facility without proper authorization. No one shall assist in, encourage, or conceal from authorities any unauthorized use, or attempt an unauthorized use, of any of the College's computers or network facilities. Computers and networks are just like any other College facilities - they are to be used only by people who have permission.

(4) No one shall knowingly endanger the security of any College computer or network facility, nor willfully interfere with others' authorized computer usage. Many of the guidelines outlined here deal with specific acts of this kind. You should not assume that other malicious acts or deliberate security violations are permissible merely because there is no specific rule against them.

(5) No one shall use the College's communication facilities to attempt unauthorized use, nor to interfere with others' legitimate use, of any computer or network facility anywhere. State and federal laws forbid malicious disruption of computers. Ulster County Community College does not tolerate individuals who invade others' privacy, steal computer services, or commit misrepresentation or fraud; nor pranksters who attempt to disrupt computers or network facilities for any other purpose. Also, you should be aware that ability to use a remote computer does not constitute permission. Some computer services are open to the public, and clearly identify themselves as such, but the lack of security measures does not mean that a computer is open to anyone who wishes to use it.

(6) No one shall connect any computer to any of the College's networks unless it meets technical and security standards set by the College administration. The applicable requirements depend on what kind of connection is being made. For example, dialing up with an ordinary asynchronous modem does not require any special authorization, but connecting to the campus-wide Ethernet cable does, because one improperly configured machine on a network can cause widespread disruption.

(7) Users shall share computing resources in accordance with policies set for the computers involved, giving priority to more important work and cooperating fully with the other users of the same equipment. If you need an unusual amount of disk space, CPU time, or other resources, check with the OIT technical director rather than risk disrupting others' work. When resources are tight, work that is necessary to the College's mission must take priority over computing that is done to pursue personal interests or self-training on side topics. Also, no matter how important your work may be, you are only entitled to one person's fair share of the machine unless additional resources are available and appropriate permission has been granted.

(8) The College grants the use of its facilities to numerous organizations whose activities contribute to its mission, such as student organizations. It is improper to use the College's computers for political campaigns, commercial enterprises, mass mailings, or other outside activities that have not been granted the use of the College's facilities.


Page 3

(9) Computing resources and network capacity should be used in accordance with the highest ethical standards. Examples of unethical use follow; some of them may also be illegal.

(10) No one shall give any password for any College computer or network facility to any unauthorized person, nor obtain any other person's password by any unauthorized means whatsoever. Only those authorized to assign passwords should do so. This does not include changing your own personal password, which is good practice. Passwords protect the College network, not just the individual machines to which they apply. The College insists that each account be used only by the person to whom it belongs, so that if problems are detected or abuse is alleged, the responsible person can be identified. Each department and its members has the responsibility to keep its passwords secure. In general, you should never share your password with anyone else. Likewise, you must never use or disclose a password that was given to you improperly. In some situations the College authorizes more than one person to share a single account, but this is seldom the best way to conduct collaborative work. Instead, use file sharing, groups, and related features of the system you are using.

(11) No one shall misrepresent his or her identity or relationship to the College when obtaining or using College computer or network privileges.

(12) No one without specific authorization shall read, alter, or delete any other person's computer files or electronic mail. This rule applies regardless of whether the operating system of the computer permits these acts.

(13) No one shall copy, install, or use any software or data files in violation of applicable copyrights or license agreements. If strangers show up at your computer site saying they are there to check software licenses, you should immediately contact OIT and your supervisor. After hours, contact Campus Security. Software licenses do not normally authorize these surprise inspections, and there is a substantial risk that the "inspectors" are not legitimate.

(14) No one without proper authorization shall modify or reconfigure the software or hardware of any College computer or network facility. Do not modify the hardware, operating system, or application software of a College computer unless you have been given permission to do so by the department or other administrative unit that is in charge of the machine. The other users with whom you share the machine, and the technicians on whom you rely for support, are expecting to find it set up exactly the way they left it.

(15) No one shall create, install, or knowingly distribute any program, especially a computer virus or other surreptitiously destructive program on any College computer or network facility, regardless of whether any demonstrable harm results.


Page 4

(16) Users shall not place confidential information in computers without protecting it appropriately. The College cannot guarantee the privacy of computer files, electronic mail, or other information stored or transmitted by computer unless special arrangements are made. Ordinary electronic mail is not private. Do not use it to transmit computer passwords, credit card numbers, or information that would be damaging if made public. Bear in mind that students' educational records are required by law, and by Ulster policy, to be kept confidential. It is also necessary to protect confidential information about employees, such as performance evaluations. This applies not only to networked computers, but also to computers, tapes, or disks that could be stolen.

The College will normally respect your privacy but cannot guarantee it absolutely. There are many ways a normally private file can end up being read by others. If a disk is damaged, OIT staff may have to read all the damaged files and try to reconstruct them. If email is mis-addressed, it may go to one or more "postmasters" who will read it and try to correct the address. For your own protection, OIT staff may have to look at unusual activity to insure the integrity of the system.

(17) Users shall take full responsibility for messages that they transmit through the College's computers and network facilities. No one shall use the College's computers to transmit fraudulent, defamatory, harassing, obscene, or threatening messages or any communications prohibited by law. Users have exactly the same responsibilities on the computer network as when using other forms of communication. Users must obey laws against fraud, defamation, harassment, obscenity, solicitation of illegal acts, threatening or inciting violence, etc.. Bear in mind that uninvited amorous or sexual messages are likely to be construed as harassment. If you are bothered by uninvited email, ask the sender to stop, and then, if necessary, contact the OIT technical director. Use of the computers to circulate chain letters and pyramid schemes is not permitted. If someone says, "Forward a copy of this to everyone you know on the Internet," don't. Such messages often contain misunderstood or outdated information, or even outright hoaxes. Even when the information is legitimate, chain forwarding is a needlessly expensive way to distribute it. It is considered good practice to use your real name, rather than a nickname or pseudonym, in the headers of all outgoing communications. Users should be aware that there is fake electronic mail. There is no guarantee that electronic mail actually came from the person or site indicated. If in doubt, please contact OIT. Use prudent caution when sending out any message that appears to be on the College's letterhead or an official communication from the College. If the header identifies your message as coming from an administrative office or from the office of someone other than yourself such as a dean's office, recipients will presume that you are speaking for that office or person.


Page 5

(18) Those who publish World Wide Web pages or similar information resources on College computers shall take full responsibility for what they publish; shall respect the acceptable-use conditions for the computer on which the material resides; shall obey all applicable laws; and shall not publish commercial advertisements without prior authorization. References and links to commercial sites are permitted, but advertisements, and especially paid advertisements, are not. Users shall not accept payments, discounts, free merchandise or services, or any other remuneration in return for placing anything on their web pages or similar facilities.

Web pages on the College's network are subject to the same rules as other uses of the same facilities. Web pages are to be coordinated by the College's Coordinator of Web Services.

When you publish something on the World Wide Web, you are putting it before a potential audience of millions. You have the same responsibilities as if you were publishing a newspaper. If the content is libelous or deceptive, people can sue you and you can be held personally liable.

Since there are laws against distributing obscene material (not just creating it), a link to an obscene web site can be a violation of the law. This is true regardless of the status of the Communications Decency Act or other new laws that specifically mention computers.

There is no College rule that prohibits you from viewing any web page anywhere. However, the College's sexual harassment policy prohibits you from displaying sexually explicit material which interferes with anyone's work or academic performance or creates an intimidating, hostile, or offensive working or academic environment. That is why we do not permit the display of erotic images on screens visible to others.

If you want to reproduce copyrighted pictures, cartoons, or comic strips on your web page, you must have the copyright owner's permission. It is not sufficient to reproduce the owner's copyright notice; you must actually obtain permission for yourself, just as if you were publishing the same material in a newspaper. Brief textual quotations do not always require permission as long as the source is acknowledged and you are not reproducing a complete work (poem, essay, etc.).

You are welcome to include links to businesses and commercial sites for their information value, as long as your links do not constitute advertisements. If you are personally connected with an outside business, you may mention the connection briefly on your College web page so that people who are looking for you can find you. (For example, authors of books can include links to their publishers; consultants can include links to their consulting firms; and College units can advertise publications, software, and similar materials produced in connection with their work.) However, you must not solicit outside business or publish commercial advertisements or advertising graphics on a College computer.

You must not accept payments, discounts, or anything of value in return for placing anything on your web page. The College's disk space and communication capacity are not yours to sell. This applies to all computers directly connected to the College's network cables, even if they are privately owned.

(19) Users shall comply with the regulations and policies of discussion groups, mailing lists, and other public forums through which they disseminate messages. When participating in public forums, you must respect their policies and practices, for two reasons: 
(a) To join these networks, the College has to agree to abide by their policies. Misuse would endanger the College's eligibility to participate. 
(b) Always assume that everyone in the entire world can read what you are posting, that permanent copies will be kept at several sites, and that you will be expected to take full responsibility for everything you say. Do not post anything that you would not want to see quoted in a major newspaper.

Remember that electronic discussion groups are not confined to the United States and are certainly not confined to students.

Page 6

(20) OIT staff will perform their duties fairly, in cooperation with the user community, College administration, College policies, and funding sources. OIT staff shall respect the privacy of users as far as possible and shall refer all disciplinary matters to appropriate authorities.

The first responsibility of OIT staff is to serve the user community. But regardless of what the users want, OIT staff is not free to violate copyrights, software licenses, other legal restrictions, or obligations undertaken by the College in order to obtain funding.

Although computer users' privacy is never perfect, OIT staff is expected to respect this privacy as far as possible and refrain from unnecessary snooping. Staff who must read users' files for administrative reasons must be prepared to justify their actions the College administration and to the user community.

OIT staff should not normally interfere with users' electronic communication, especially in any way that could be interpreted as favoring one side of a controversy or suppressing an unpopular opinion or topic. As far as possible, decisions affecting access to online information services should be made in full consultation with the user community, taking into account the cost of the computer resources involved.

(21) Electronic mail (e-mail) is intended for communication between individuals and clearly identified groups of interested individuals, not for mass broadcasting. The College reserves the right to discard incoming mass mailings ("spam") without notifying the sender or intended recipient. For its own protection, the College reserves the right to block all Internet communications from sites that are involved in disruptive or damaging practices, even though this may leave College computer users unable to communicate with those sites.


Violations of these policies incur the same types of disciplinary measures as violations of other College policies or state or federal laws, including criminal prosecution in serious cases.

Reporting Violations

If you believe that a violation of this policy has occurred, contact your supervisor or the appropriate unit dean.

Page 7


Local, state and federal laws referenced in document
Any activity that is illegal is a violation of UCCC policy. Alleged violations will be referred to the appropriate campus official. In addition, offenders may be investigated and/or prosecuted by the appropriate local, state or federal authorities.

Child pornography 
Child pornography, material that depicts minors in a sexually explicit way, is illegal. Under the federal child pornography statute (18 USC section 2252), anyone under the age of 18 is a minor. States also have child pornography statues and the age of minority varies by state. Knowingly uploading or downloading child pornography is a federal offense. It is also illegal to advertise or seek the sale, exchange, reproduction or distribution of child pornography. Lewd exhibition of genitals can constitute sexual conduct and therefore, any graphic files containing images of naked children could violate the federal child pornography statute.

Distribution of pornography to minors,br> Possession of non-obscene adult pornography is legal, but it is illegal to distribute to minors.

Obscenity is illegal. Virtually every state and municipality has a statute prohibiting the sale and distribution of obscenity, and the federal government prohibits its interstate transportation. The Supreme Court in Miller v. California, 413 U.S. 15, (1973), narrowed the permissible scope of obscenity statutes and applied this three part test to determine constitutionality: (a) whether the average person applying contemporary community standard would find the work, taken as a whole, appeals to the prurient interest; (b) whether the work depicts or describes in a patently offensive way sexual conduct specifically defined in applicable state law; and (c) whether the work taken as a whole lacks serious literary, artistic, political, or scientific value.

The contemporary community standard is historically the standard of the community in which the material exists. Many on-line activists argue that the contemporary community standard in cases that arise on-line ought to be determined by the on-line community. However, a federal prosecution of a California couple that offered a members-only bulletin board service, concentrating on pornography, resulted in a conviction of the California couple under the federal obscenity statute and Tennessee community standards. In that case a postal worker in Memphis downloaded some material from this California bulletin board service. See United States v. Thomas, 1996 U.S. App. LEXIS 1069 (6th Cir. Jan. 29,1996).

Scams and pyramid schemes
Beware of money-making "opportunities" on the Internet. A common scam is the pyramid scheme. You get an email message with a subject like "MAKE MONEY FAST" and it instructs you to send money to the people on the list and then add your name to the bottom of the list and send it on to some number of people. This is considered chain mail, but it is also illegal under 18 U.S.C section 1302. The US Postal Service and the Federal Trade Commission provide information to help individuals identify scams and report them. Pyramid schemes that use US Postal mail to send money are considered mail fraud and can be reported to the USPS.

Copyright infringement 
Almost all forms of original expression that are fixed in a tangible medium are subject to copyright protection, even if no formal copyright notice is attached. Written text (including email messages and news posts), recorded sound, digital images, and computer software are some examples of works that can be copyrighted. Unless otherwise specified by contract, the employer generally holds the copyright for work done by an employee in the course of employment.

Copyright holders have many rights, including the right to reproduce, adapt, distribute, display, and perform their work. Reproducing, displaying or distributing copyrighted material without permission infringes on the copyright holder's rights. However, "fair use" applies in some cases. If a small amount of the work is used in a non-commercial situation and does not economically impact the copyright holder it may be considered fair use. For example, quoting some passages from a book in a report for a class assignment would be considered fair use. Linking to another web page from your web page is not usually considered infringement. However, copying some of the contents of another web page into yours or use of video clips without permission would likely be infringement.

Page 8

Software piracy
Unauthorized duplication, distribution or use of someone else's intellectual property, including computer software, constitutes copyright infringement and is illegal and subject to both civil and criminal penalties. The ease of this behavior on-line causes many computer users to forget the seriousness of the offense. As a result of the substantial amounts of money the software industry loses each year from software piracy, the software companies enforce their rights through courts and by lobbying for and getting stiffer criminal penalties. It is a felony to reproduce or distribute ten illegal copies of copyrighted software with a total value of $2,500 within a 180 day period. Penalties for a first time felony conviction of software piracy include a jail term of up to ten years and fines up to $250,000.

Sound recording piracy
Another form of copyright infringement is the unauthorized duplication and distribution of sound recordings. Online piracy is increasing as many people use the Internet to illegally distribute digital audio files (e.g. MP3 format). The Recording Industry Association of America (RIAA) monitors the Internet daily and scans for sites that contain music. They have been successful in getting the sound recordings removed from those sites. You can report violations to the RIAA.

Federal copyright law grants the copyright owner in a sound recording (typically, a record company) the exclusive right to reproduce, adapt, distribute and, in some cases, digitally transmit their sound recordings. Therefore, the following activities, if unauthorized by the copyright owner, may violate their rights under federal law:

If you reproduce or offer full-length sound recordings for download without the authorization of the copyright owner, you are in violation of federal copyright law and could face civil as well as criminal penalties. Placing statements on your web site, such as "for demo purposes only" or that the sound files must be "deleted with 24 hours," does not prevent or extinguish this liability.

There are several entities you may need to contact before you can use recorded music online. First, you should understand that the copyright in a sound recording is distinct from the copyright in the recording's underlying musical composition. Thus, even if you have secured the necessary licenses for publicly performing musical compositions (from, for example, ASCAP, BMI and/or SESAC) or for making reproductions of musical compositions (from, for examples, the Harry Fox Agency), these licenses only apply to the musical composition, not the sound recording. Licenses to utilize particular sound recordings must be secured from the sound recording copyright owners -- generally the record company that released the recording.

Federal computer security violations 
The primary federal statute regarding computer fraud 18 U.S.C section 1030 was amended in October, 1996 to protect computer and data integrity, confidentiality and availability. Examples of violations are:

Bomb threats and hoaxes
It is illegal to send a message via e-mail that threatens other persons or property. While this might seem obvious, every year a number of individuals send what they believe are "hoax messages". Such messages may be investigated by federal authorities with the result that the senders end up with their names in the files of the FBI and/or CIA. This is not an exaggeration!

It also violates College policies and the Campus Code of Conduct to send certain kinds of hoax messages (for example, April Fool's jokes that appear to be from a professor or some other College official). Such hoaxes constitute forgery and will be referred for appropriate disciplinary action.

Acknowledgements: This policy was compiled from documents produced by the University of Georgia, Cornell University and Indiana University. The body of the policy draws primarily from a University of Georgia document titled University of Georgia Policies on Use of Computers ( The appendix is taken from a Cornell University document titled Information Technology Rights and Responsibilities, What is Illegal under Local, State and Federal Laws ( ). Indiana University's documents titles Indiana University Appropriate Technology Use Policies and Computer Users' Privileges and Responsibilities were also drawn from ( and (