CMU Acceptable Use Policy

The intention of this document is to clarify policies and operational practices (hereafter referred to as policies for using information technology) that are consistent with the purposes of Central Michigan University (CMU).

I. INTRODUCTION
A. PURPOSE.
The Central Michigan University Office of Information Technology (OIT) will provide computing and networking facilities, resources and services for faculty, staff and students of CMU. Many of these resources are provided without charge for purposes of teaching and learning, scholarly activity, and administrative data processing.
 
B. SCOPE. These policies are applicable to all campus units as well as all users who operate or use any of the computing systems and networks of the university. The policies below are intended to supplement other existing university and external policies, regulations and laws. Campus units that manage their own computers or networks may add, with the approval of the appropriate senior officer of CMU, individual guidelines which supplement but do not change the intent of these policies. The Assistant Vice President of Information Technology may at any time determine whether particular uses of information technology are or are not in the interest of CMU.
 
C. ACCEPTANCE OF POLICIES. Users of CMU's computing and networking facilities agree by using these facilities that they will comply with and be subject to these policies and conditions of use. Changes in policies ordinarily occur in the summer, but may occur at any time. OIT will publicize these changes via campus media, and make the current version available on the OIT web site at www.oit.cmich.edu.
 
D. EXTERNAL NETWORK POLICIES. Any faculty, staff or student connected to the CMU campus backbone network and any other networks which are used as a result of their CMU network connection (e.g., INTERNET, MichNet) must comply with these policies and the stated purposes and acceptable use policies of any other networks used.
 
E. ELIGIBILITY FOR SERVICES. Any CMU faculty or staff member (including emeritus faculty and staff) is permitted, upon proper validation by Information Technology, to use these facilities for purposes described in Section I.A. except as described in Section I.G. Registered students and recent alumni (as explained below) are also eligible for computing and networking services provided they have paid any required technology fee. The facilities available to an individual user are determined by the intended use and the resources available.

User IDs for all CMU graduates who were validated at the time of graduation for computer and Internet access will be kept active for six months from their commencement. Validation for returning students who are preregistered for fall semester will be kept active on the system during the summer. For other students, the current validation expires thirty days after the end of the semester or session. Facilities are not provided for use by spouses, parents, children, or friends of validated users. Use by others or for other purposes (e.g., commercial use) is prohibited unless authorized in writing by the Assistant Vice President of Information Technology.

F. SUSPENSION OF SERVICES. If OIT becomes aware of possible inappropriate action, or detects illegal usage or practices designed to operate to the detriment of the user community, it will take immediate corrective action. Such action may include suspension of services to the user(s) determined to be at fault, who may also be subject to university disciplinary action through appropriate channels. In extreme situations, services could be suspended for a group of users or subnetwork. OIT will inform the user(s) involved. Suspended services will be restored only when it is again safe or appropriate, or in some cases, only upon successful appeal to the Assistant Vice President for Information Technology or it’s designee.

G. UNIVERSITY SOFTWARE LICENSING AGREEMENTS. The user community must adhere to the licensing agreements that the university has with its vendors.

Some software installed on university-owned computer systems is restricted by contract to "educational use only by CMU faculty, staff and students," and may not be used for commercial purposes. For example, SPSS and IFPS are purchased with substantial academic discounts and are usage-restricted in this manner. University employees performing external contracting, as well as outside users, may not be allowed to use the software. Also, by contract with IBM, 80% of the VM operating system must be used for instruction and research support. Commercial uses are permitted only as exceptions for limited periods of time and at the pleasure and convenience of CMU. Examples of copyright violations include: transferring copyrighted software to others, and making illegal text copies. Faculty who require substantial computer resources as part of grants and consulting contracts may be required to reimburse CMU for a portion of the resource costs.

II. OWNERSHIP, PRIVACY, AND FREEDOM OF EXPRESSION
A. OWNERSHIP OF STORAGE MEDIA
. The contents of all storage media associated with OIT facilities may be considered property of CMU unless the contents are licensed software, licensed databases (e.g., InfoShare), intellectual property owned by others, or protected by CMU's Intellectual Property Rights Policy. The university has the right of access to the contents at any time for any legitimate purpose including moving or deleting files to preserve system security and performance, or examining files when there is a legitimate "need to know."
 
B. Owning a copy does not imply ownership of the copyright.
 
C. PRIVACY. Users have the right to expect that their computer uses are confidential from other individual users, and CMU users who invade the privacy of others may have their access suspended and may also be subject to university disciplinary action through appropriate channels. CMU will make reasonable efforts to maintain the confidentiality of the storage contents and to safeguard the contents from loss, but cannot be held liable for the inadvertent or unavoidable loss or disclosure of the contents, or for disclosure resulting from the unlawful acts of others. CMU has the right of access to the contents only in those cases where it has a legitimate "need to know."
 
D. Examples of situations where the university may access and review the computer records of users include those where there is evidence that a user: is using email to threaten or harass someone; is causing disruption to the network or other shared resources; is violating these policies or laws another user's rights; an employee is devoting excessive amounts of work time to personal email or other personal computer work; a student is engaged in academic dishonesty. The university may also access the computer records of users to comply with a Freedom of Information Act request, a subpoena or a discovery request. In addition, email system postmasters may see the contents of email due to serious addressing errors or as a result of maintaining the email system. Normally, the only "need to know" access to storage media contents will be conducted by the Director, Associate Directors or systems administrators of OIT and have the pre-approval of the Assistant Vice President of Information Technology. If access provides evidence of violation of law, these rules or other university rules, the results of such access may be shared with other appropriate officials of the university.
 
E. FREEDOM OF EXPRESSION. System administrators will not remove any information from individual accounts or from electronic bulletin boards unless the information involves illegality, endangers computing resources or the information of others, is inconsistent with the general mission of the university, or creates a substantial risk of liability for the university.

III. INDIVIDUAL RESPONSIBILITIES
A. PERSONAL RESPONSIBILITY.
All responsibility for statements made in public computer mediated communication rests with the individual posting the statements. Statements do not represent the opinions of the supervisor or employer of that person or anyone involved with the networks that comprise the CMU network.
 
B. COMPUTER MEDIATED COMMUNICATION. At a minimum, users will respect the privacy of other users and employ appropriate standards of civility when using electronic systems to communicate with other individuals.
 
C. CMU provides the capacity for its faculty, staff and students to engage in computer mediated communication that includes the use of bulletin boards, computer lists, email, and various servers including web servers and gopher servers. CMU does not undertake any responsibility to review the contents of messages sent and received but, if an abuse or a violation of law or university policy is identified, CMU may take steps to intercept or remove the message, and may remove access by the user.
 
D. MISREPRESENTATION OF IDENTITY. Representing yourself as someone else is prohibited.
 
E. USE OF COMPUTER STORAGE. Users are provided with limited amounts of computer storage space for personal files. Other computer storage space is used for system software or system administration functions. Use of such system storage space is restricted to OIT managed processes and hence, unauthorized use for additional personal file storage will be considered misuse of computer facilities.
 
F. If additional storage is required, users can obtain such temporary increases with a variety of utilities for allocating temporary storage on disk or tape. Increases in permanent disk space must be approved by OIT management. These storage policies are under continuing review because of rapidly changing resource requirements and capacities.
 
G. COPYRIGHT. All users must respect the protection provided by copyright, licenses to programs and data, and other applicable laws and treaties.
 
H. Examples of copyright violations include: transferring copyrighted software to others, and making illegal text copies.
 
I. ILLEGAL USES. Use of the facilities for illegal purposes is prohibited. Use of the facilities by unauthorized persons is theft and is illegal under existing law.
 
J. Examples of illegal purposes include: copyright violations, exchanging stolen credit card numbers through bulletin boards and email systems, transmitting pornographic material, defamation, harassment.
 
K. HARASSMENT. Harassment or destructive use is not acceptable.
For example, users shall not develop or use programs or communications that: harass other users; infiltrate a computer, computing system or network; damage or alter the hardware or software components of a computer, computing system or network; degrade system performance.

IV. SECURITY
A. INDIVIDUAL USER ID
. Each user of a particular operating system may have one and only one user name.
 
B. A user may be validated under many different accounts, but it is important to resource management that each user be uniquely identifiable.
 
C. DEPARTMENTAL USER ID. Certain departmental user IDs may exist for the purpose of allowing offices or organizations to have an email address for the office, but the individual logged in under the departmental user ID must still have a valid user ID and password and supply it when requested.
 
D. PASSWORD. It is of utmost importance that the user changes her/his password frequently and takes all possible precautions to safeguard it.
 
E. CMU operates under the premise that the user of any computer system under a valid user ID and password is one and the same as the individual originally given that user ID. It is in your interest to not disclose your user ID and password because you are responsible for your account and you will lose your privacy.
 
F. REVIEW OF AUDIT RECORDS. Users of OIT facilities must realize that most multiple-user computer systems maintain audit trail files or log files.
User identification, date and time of the session, software used, files used, computer time and storage used, user account, and other run-related information, are normally available for diagnostic, accounting, and load analysis purposes. Audit records may also be used in situations where it is necessary to determine what has occurred to cause a particular system problem at a particular time. Information Technology normally retains the information contained in these files for up to one year. Access to OIT computer system audit records will be conducted by the personnel listed in Section II.B. The review of audit information will be performed only when there is a legitimate "need to know" and a request from a senior officer of CMU and approved from the Assistant Vice President of Information Technology. In such cases, a written record will be maintained of the occasion, including the name of the person accessing the audit records, the date and time of access, whose records were accessed, the extent (date and time range) of the information retrieved, and the circumstances occasioning the access. This record will be kept in the Information Technology administrative manual files under the designation "Computer Systems Audit Record Accesses."

V. SYSTEM MAINTENANCE AND PERFORMANCE
A. BACKUPS. Backups of system disk space are performed at least once a day and retained for up to sixty days. During backups, files are sometimes unavailable.
 
B. RETENTION OF SPOOL FILES. To maintain the use of spool space at a reasonable level, all spool files over two weeks old will be deleted.
 
C. Files, including email, that have been electronically sent but not yet received are stored on a computer storage area known as a spool.
 
D. MAINTENANCE OF EMAIL LISTS. It is imperative that subscribers to email discussion lists unsubscribe from these lists when they will be away from campus for more than two weeks.
 
E. Instructions for how to unsubscribe are provided electronically by the list server when a new subscription request is processed. It is important for users to keep these instructions.
 
F. NETWORK ADDRESSES. All static network addresses and domain names of the form 141.209.xxx.xxx must be registered with OIT.
Computers attached to the campus network require a network address. Most network addresses are dynamically assigned by a network server each time the user establishes a functional network connection. Occasionally individual computers need to have a manually assigned, "static," network address.

VI. EXAMPLES OF USES
A. ACCEPTABLE USES
. Use in support of teaching and learning, or scholarly activity at CMU. Use in support of administrative data processing at CMU. Communications in support of a recognized CMU student organization. Routine correspondence and publication by faculty, staff and students.
 
B. UNACCEPTABLE USES.

1. Unsolicited advertising via email.
 
2. Commercial solicitation.
 
3. Any communication or posting which violates applicable laws and regulations.
 
4. Posting of information on the CMU network is to be viewed as similar to publication. Because of this, do not post instructions for how to do some illegal act (e.g., using a stolen telephone calling card number); do not ask how to do illegal acts by posting to the network; do not post messages that are libelous, harassing, or an invasion of someone's privacy.
 
5. Using foul or obscene language, posting obnoxious or inappropriate announcements, or making defamatory statements.
 
6. Misrepresenting your identity in email or composing email that appears to originate from someone else ("spoofing").
 
7. Also, as a matter of email etiquette, you should not quote people without their explicit permission. Private email and messages sent to you should not be broadcast without the sender's permission. Note, however, that messages sent or received as university business are public records; they can be obtained under the Freedom of Information Act or by subpoena, unless they are covered by some exemption in the law.
 
8. Sending "chain letter," "spam" or "broadcast" messages to lists or individuals, and other types of use which would cause network congestion or otherwise interfere with the work of others.
 
9. Performing repeated, unsolicited and unwanted communication of an intrusive nature.
 
10. For example, continuing to send email messages to an individual after being asked to stop is not acceptable.
 
11. Most political advocacy is unacceptable. However, to encourage and stimulate discussion and dialogue on issues of public concern, CMU employees and students may correspond via email with "cmu.issues" which is an internal electronic bulletin board (public newsgroup). This bulletin board is not to be used by employees on work time, and users are forbidden from implying that their views in any way represent official university policy.