Wesleyan Computer Usage Policy
Table of Contents
Introduction and Scope
Purpose and Use of University Systems
University User Privileges
Responsibilities for all Users
Contracts and Records
Amendment: Web 2.0 Tools
Digital Millennium Copyright Act (DMCA)
The purpose of the Wesleyan Computer Usage Policy is to help ensure that all technology use fully respects applicable laws, the rights of the University and its community members. Consequently, the policy draws upon existing policies and principles (as represented in The Faculty Handbook) which protect the freedom of expression and privacy of University students, faculty, staff, prospective students, alumni and guests.
Wesleyan's Information Technology Policies apply to all University Systems and their use. The use of University Systems, even when carried out on a privately owned computer that is not managed or maintained by the University, is governed by this policy. This document does not waive any claim that Wesleyan University may have to ownership or control of any hardware, software, or data created on, stored on, or transmitted through University Systems.
The purpose of University Systems is to further the research, education, and administrative functions of Wesleyan University. To achieve this purpose, these policies intend to:
- ensure the integrity, reliability, and good performance of University Systems;
- ensure that the Wesleyan community understands and follows technology practices which will safeguard the rights of all members;
- ensure that University Systems are used for their intended purposes;
- establish sanctions and processes for addressing violations.
Proper Authorization and Appropiate Use
Use of non-public University Systems is restricted to University users. University Systems may be used only for their intended, authorized purposes. For example, privately owned computers may not host sites for non-Wesleyan organizations across the Wesleyan network without specific authorization.
Without specific authorization, activities using University Systems for non-Wesleyan commercial purposes are prohibited. This is not meant to restrict normal communications and exchange of electronic data, consistent with the University's education and research roles, that may have a financial benefit for an external organization. For example, it is appropriate to discuss products or services with companies doing business with Wesleyan or to contribute to on-line forums discussing issues relating to commercial products. Inappropriate use would include activities such as using a Wesleyan-based web site to run a personal for profit business.
System Administrators and University users make all reasonable efforts to maintain the confidentiality of systems and their data. However, limits and risks do apply to confidentiality, due, for example, to technical limitations, software bugs or system failures.
Whenever possible and appropriate, ITS will attempt to notify users of any unusual access to their data. However, the University (following carefully prescribed procedures see Enforcement Procedures) may determine that certain broad concerns outweigh the value of a user’s expectation of privacy and warrant University access to relevant systems without the prior notification of the user.
The following conditions are examples of data access without user notification.
- When necessary to identify or diagnose system or security problems.
- When required by federal, state or local law.
- When the University has been informed that a violation of law or University Policy may have taken place and inspection or monitoring may produce evidence related to the misconduct.
- When required to preserve public health or safety.
University users have the right to fair process in cases of discipline resulting from policy violations. See Enforcement Procedures.
Personal Account Responsibility
Users are responsible for the security of their University System accounts and passwords. Any user password changes must follow published guidelines for passwords. Accounts and passwords are normally assigned to single users and are not to be shared with any other person. For more information, please refer to Accounts and Passwords.
Users are responsible for any activity carried out under their University System accounts.
University users must work with ITS to create temporary guests accounts for their visitors. This is an important provision for Wesleyan (and all higher education institutions)to comply with the Communications Assistance for Law Enforcement Act (CALEA). More details can be found at: http://www.educause.edu/library/calea.
Users must not permit or assist any unauthorized person to access University Systems. Non-public University Systems may not be used by any non-Wesleyan organization, for example, without appropriate authorization.
Responsibility for Content
Representatives of Wesleyan University publish institutional information in a variety of electronic forms. Such institutional information will normally be identified by a statement of the Certifying Authority publishing the information. A Certifying Authority is that University department or individual who certifies the accuracy of an electronic document and its appropriateness for the conduct of University business. Examples of such data would be a University Transcript, Admission Letter of Acceptance or W2 Tax Form.
Users also publish information in electronic forms on Wesleyan equipment and/or over Wesleyan's networks. Wesleyan has no intention or opportunity to screen such private material and thus cannot assure its accuracy or assume any responsibility for this material. Any electronic publication provided on or over Wesleyan equipment and/or networks which is not identified by a Certifying Authority is the private speech of an individual User.
Users must observe intellectual property rights including, in particular, copyright laws as they apply to software and electronic forms of information. Additional details can be found at DMCA and at Wesleyan's Intellectural Property Site.
With the proliferation of privately-owned mobile devices including laptops, smartphones and tablets; users need to remove any personal or institutional data before disposal or recycling.
Users must not defeat or attempt to defeat any University System's security, for example, by 'cracking' or guessing User identifications or passwords.
Unauthorized Data Access
Users must not access or attempt to access or change data on a University System they are not authorized to access or change. Users must not intercept or attempt to intercept data communications not intended for that user's access, for example, by inappropriate network sniffing, monitoring or wiretapping.
Users must not conceal their identity when using University Systems. For example, users must not masquerade as or impersonate others.
Denial of Service
Users must not deny or interfere with or attempt to deny or interfere with service to other users by means of "resource hogging," distribution of computer worms or viruses, etc. Knowing or reckless distribution of unwanted mail or other messages is prohibited.
Uses of computer resources that may cause excessive network traffic or computing load are prohibited. For example, a User sending out thousands of emails which included a large attachment would seriously compromise the performance of the email system.
Illegal sharing of copyrighted material including music or video is a violation.
Modification of Data or Equipment
Without specific authorization, users of University Systems must not cause, permit, or attempt any destruction or modification of data or computing or communications equipment, including but not limited to alteration of data, reconfiguration of control switches or parameters, or changes in firmware. This rule protects data, computing, and communications equipment owned by Wesleyan University, or any other person or entity. 'Specific authorization' refers to permission by the Systems Administrator of the equipment or data to be destroyed or modified.
Threats and Harassment
Users may not use a University System to threaten or harass any person. Upon request to University Authorities, a User must cease sending messages or interfering in any way with another User's normal use of University Systems.
Removal of Equipment or Documents
Without specific authorization by the System Administrator, users must not remove any University-owned or administered equipment or documents from a University System.
Unauthorized Computer Equipment
Without specific authorization by the System Administrator, users must not physically or electrically attach any foreign network device including, but not limited to routers, hubs, or wireless access points to the University System.
Reporting of Violations
Users must not conceal or help to conceal or "cover up" violations by any party.
Users are expected to report any evidence of actual or suspected violation of these policies to the Systems Administrator of the facility most directly involved. In case of doubt, the report should be made to the VP for Information Technology.
Users of University Systems must show identification including University affiliation upon request by a System Administrator or other University authority.
Access to Data
Users must allow systems administration personnel access to data files on University Systems for the purpose of making backups, diagnosing system problems and investigating policy violations.
University staff are authorized to investigate alleged or apparent violations of University policy or applicable law involving University Systems using whatever means appropriate.
Systems Administrators are authorized by the University to investigate policy violations and apply temporary reduction or elimination of access privileges while the matter is under review. These temporary sanctions may apply to computing accounts, networks, University-administered computing rooms, and other services or facilities.
When a Systems Administrator believes it necessary to preserve the integrity of facilities, user services, or data, he or she may suspend any account or limit account privileges, whether or not the account owner (the User) is suspected of any violation. The System Administrator will attempt to notify the User of any such action.
When informed of copyright violations by the copyright holders or their representatives the University will comply with their requests to identify the individuals responsible and stop the illegal activity. Additional details can be found at DMCA.
Depending on the role of the individual, authorization by the appropriate University Office will be sought before any access to electronic data occurs In the case of students, the Dean of the College would be consulted. For faculty, permission would be obtained from the VP for Academic Affairs and for staff, the appropriate University Officer would be notified.
A University User accused of a violation will be notified of the charge and will have an opportunity to respond to the University disciplinary body appropriate to the violator's status, before a final determination of any penalty. In addition to discipline by Wesleyan University, users may be subject to criminal prosecution, civil liability, or both, for unlawful use of any University systems.
All use of University Systems must be consistent with all contractual obligations of the University, including limitations defined in software and other licensing agreements.
Record retention should follow the guidelines of the General Counsel's Record Retention Policy as found at: http://www.wesleyan.edu/generalcounsel/policies.html.
Faculty, staff and students may request a blog or wiki for use in conjunction with their individual or group work. Group blogs/wikis can be used in courses, research, department websites, student groups and collaborative projects for students, faculty and staff. The actual requestor will be the owner of the blog and assumes responsibilities as defined by the computer usage policies.
Please be aware of the following:
Anonymous postings to blogs and wikis are not permitted. Owners of blogs and wikis may not reconfigure the system to allow anonymous postings.
- Comments are an integral part of Web 2.0. All comments will be run through a SPAM engine. An individual making a comment is required to provide a valid email address before entering comments. The blog owner is responsible to review each comment before posting it to the blog for others to see. The blog owner reserves the right not to publish individual comments. The blog owner may opt to require Wesleyan password authentication before comments can be submitted. Unmoderated comments are allowed only on course blogs that are private to the students and faculty with authenticated access (i.e., that have no public access).
- Faculty and staff members may request additional Wesleyan computer accounts for collaborators from other institutions for participation in Web 2.0 activities, and their use will be covered by the computer usage policies.
- Students should expect their blogs to be deleted upon graduation or separation from Wesleyan. Owners can export their blog posts/pages to move them to a different server.
At the discretion of the VP for ITS, blogs created by Wesleyan-provided software can be available on a web page or RSS syndication.
Wesleyan does not guarantee that it will provide ancillary software, such as databases and script languages, that authors may wish to use in their blogs or wikis.
Any social media accounts including Facebook, Twitter etc. which are created for a Wesleyan entity remain the property of Wesleyan University.