Responsible Computing at
Walla Walla College
May 5, 1995
Walla Walla College
College Place, Washington 99324
Table of Contents
Scope, Audience, and Authority
This document describes policies for use of college computer systems by faculty, staff, and
students. The creation of these policies involved broad input from the computer users of
Walla Walla College. The policies have been adopted by these campus groups: the
Campus Computer Center, the Computer Users Committee, the Student Senate, the
Faculty Senate, and the President's Cabinet.
Readers are also referred to several other documents concerning policies and procedures
for campus computer resources -- including the Computer Center System Backup Policy,
the Computer Center Basic Services Guide, the section in the Governance Handbook
regarding the Computer Users Committee, the section on Software in the College
Copyright Policy, the Computer Primer, the Academic Computing Handbook, and the
Walla Walla College maintains computers, computer software, computerized data,
computer networks, and connections to external networks, collectively referred to as
computer facilities, for the purpose of fostering the instruction, research, and the
administrative functions of the college.
Computing facilities are provided for use by WWC students, faculty, and staff in support
of the activities of the college. All students, faculty and staff are responsible for seeing
that these computing facilities are used in an effective, efficient, ethical, and lawful
These policies establish rights, responsibilities, and restrictions regarding the access and
use of college-owned computer facilities. These policies apply to centrally administered
computer systems, departmental computer systems, and college-owned personal
computers. They include all means of accessing these, as well as all computerized
institutional data regardless of the office in which it resides or the format in which it is
All computer users have two basic rights -- a reasonable expectation of privacy and a fair
share of the resources. Consequently, computer users have the responsibility to help
ensure that others also experience those rights. The following policies are intended to
ensure these rights.
2. General Policies
2.1 Ownership of Resources
Computer facilities and data owned by the college are to be used solely for college-related
activities. All access to centralized computer systems shall be approved through the
Computer Center. Access to departmental computer systems shall be approved by the
department chairman or authorized representative.
Computerized Institutional Data
All computerized institutional data is considered to be an asset of the college and shall be
protected from loss, corruption, misuse, and inappropriate disclosure. Certain
computerized institutional data, by law or by college policy, is confidential and may not
be released without permission. Users of college computer resources are responsible for
the privacy and protection of data over which they have control.
2.2 Authorized Users
Computer facilities are provided to support the instructional, research, and
administrative functions of the college. Students, staff members, and faculty members
(including emeritus faculty and members of the Board of Trustees), are permitted, upon
proper validation, to use the academic portion of these facilities without charge. The
facilities available will be determined by the intended use of the facilities and the
resources available at the time. Because of limited resources the college does not provide
computer facilities for use by relatives or friends who do not otherwise qualify as users.
2.3 General Policies
Policy: Computer users may log in only to their own computer accounts
System managers are more able to make systems run smoothly when they
know who is using the system. Users are less likely to interfere with each
other if they each have their own account. Unauthorized users can then
be identified more readily. On systems that charge for computer
resources, one user may be paying for the computer usage of another.
Some systems limit the number of simultaneous users of a single account.
Private information is available to the legitimate owner of an account.
- Some systems have generic accounts (e.g., guest) that almost anyone is
authorized to use.
Policy: Computer users must ensure that their work does not
interfere with others
Students, faculty, and staff depend on reliable and
efficient computer systems to do work and schoolwork. Disrupting
computer systems causes lost productivity and frustration.
Nearly everyone, from time to time, unknowingly does something on the
computer that has an adverse effect on the network, the hard drive space,
or some other shared resource. This is usually quite innocent and
unintentional. Users are responsible for educating themselves regarding
their computer work, so as to have a minimum of impact on other users.
The Computer Center will help with that educational process by making
users aware of resource-consuming activities when they are discovered.
Exceeding assigned disk quotas
Attaching incompatible equipment to the campus network
Releasing a virus program
Sending harassing messages
Policy: Computer users may not examine, copy, modify, or delete files belonging
to other users without their consent.
Computer users have a reasonable expectation of privacy for their data
stored on campus computer systems. Most systems have security
protections in place to make it difficult for users to look where they have no
permission to look. This policy applies to System Managers as well as
regular computer users.
Attempting to discover other users' or system passwords.
Attempting to read or modify other users' files without their permission.
Attempting to circumvent data protection schemes or uncover security
Attempting to read or modify another's E-mail.
Attempting to modify system software or configuration files.
Users who encounter or observe a gap in system security should report it to
the Computer Center.
It is generally considered acceptable for work supervisors to access the
work-related files in the accounts of their employees when necessary. This
is one reason why student employees are encouraged to keep their work
files separate from their personal files. Of course, guidelines for these
practices will vary between departments.
Policy: Computer users must not waste computer resources
Wasting computer resources that could be used by others hurts everyone.
Good computer citizens will not use more than their fair share of the
Examples of wasting resources: generating unnecessary printer output,
using unwarranted or excessive amounts of disk storage, creating
unnecessary processes on multi-user systems, propagating electronic chain
letters, sending frivolous E-mail to large groups, or creating or posting
inappropriate messages to news or list groups, posting messages to
multitudinous news groups, creating unnecessary network traffic.
Policy: Computer users must not use WWC computer facilities to gain
unauthorized access to remote networks or systems or violate the use
policies of any remote system.
System managers on the Internet depend on each other's cooperation to
enforce policies and keep general order. If a Walla Walla College computer
user were to use our facilities to disrupt the operation of remote systems,
the only recourse for the remote system manager might be to terminate all
access from WWC computers. This could cause the disruption of many
Internet facilities upon which our users depend. In addition, if government
systems were involved, the user might be in violation of United States
and/or Washington State Law (refer to the Washington State Criminal
2.4 Use and Storage of Potentially Dangerous Programs
The introduction of worm or virus programs into the computer systems can be
particularly disruptive. Because of this, the existence of such software as well as other
software intended to break security is regulated.
Possession of computer software used to discover passwords or otherwise scan for
security loopholes may be allowed for legitimate academic purposes, but must be
registered with and approved by the Computer Center before storing it on a college-
owned computer system or system connected to a campus network. To protect the
integrity of the network, unregistered copies of such software discovered on campus
systems will be promptly removed .
2.5 Privacy Issues
The College makes every reasonable effort to ensure the integrity of its various systems.
All computer systems available to users offer some form of data protection which can be
modified by an authorized user as needed. However, due to a number of technical, legal,
and economic reasons, no system will offer absolute security. Thus, users should never
place highly sensitive or confidential information on any computer, especially a
networked one, without understanding the risks involved. Steps can be taken by users to
improve the security of their data through publicly available cryptographic technologies.
Users are encouraged to use these techniques when appropriate.
Privacy and Confidentiality of User Data
Programs and files stored in users' private directories are considered private unless their
owners have explicitly made them available. However, in the case of system problems or
clear policy violations, system managers (as authorized below) may examine user files
and system logs in order to gather sufficient information to diagnose and correct system
problems and investigate policy violations.
The following policies are intended to create a balance between users' rights to privacy
and the right to a smoothly-functioning computer system, free of disruption.
Note that not all data created by users is considered personal. In particular, logs of user
activity created automatically by system programs (such as login) are not considered
personal or private.
- Personal user files -- whether stored on disk or backup tape -- are considered private
and will not be scanned or read by computer center staff except as specifically
authorized below. If System Managers discover private information as an incidental
result of performing their duties, they are obligated to keep this information
confidential. However, such information, if evidence of policy violations, may be used
in disciplinary proceedings.
- System Managers are authorized to examine user files or processes only as far as
necessary to ensure reliable and secure system operation. If reliable system operation
is in jeopardy, system operators are also authorized to kill or suspend user processes,
move user files to alternate storage media or delete files that can be easily recovered
(for instance, from off the Internet). The users affected will be promptly notified of
the actions taken and the reasons why. System Managers will make every reasonable
attempt to assist users in recovering work files that were destroyed in the process of
attempting to keep the system running properly.
- System Managers are authorized to examine user files to collect evidence of specific
college policy violations, provided that probable cause exists for such a search. Any
examination of this sort must be reported promptly to the Director of Computing.
Some systems run programs which periodically scan disk volumes looking for problem
files such as viruses and large graphical images. The system program will report these
potential problems to the System Manager. Private disk volumes not mounted on the
network are never scanned.
Being Logged In is Considered Public Information
Most systems have publicly available software that can be used to list the user names of
currently logged-in users, and on some systems the last command executed by each user.
On some systems, this information is available even from off-campus computers. In short,
being logged into a system is considered public information.
Disclaimer for Loss of Data
The College disclaims liability for the loss of data or interference with files resulting from
its efforts to maintain the operation, privacy, and security of the computer facilities. For
additional information regarding procedures in place to protect system and user data,
refer to the Computer Center Backup Policy.
2.6 Copyright Policies
Many copyrighted programs are made available on campus systems under license
agreements with the publishers. These license agreements generally do not allow campus
computer users to make copies of these programs. Unless otherwise specified, users are
not allowed to make personal copies of software stored on central systems. For additional
information refer to the WWC Copyright Policy.
2.7 Non-Commercial Use Policy
College computer accounts are to be used for the college-related activities for which they
are assigned. College computing resources are not to be used for commercial activities
without written authorization from the college administration. In these cases, the college
will require payment of appropriate fees.
2.8 Electronic Mail Policies
Electronic mail, once received, belongs to the recipient. A user's mailbox is treated in the
same manner as any other file belonging to that user, and is subject to the same privacy
protections as regular files.
The college will not attempt to regulate the content of electronic mail except for cases
involving violations of other college policies. The college accepts no liability for the
content of users' electronic mail. The college has policies against racism, sexism, and
sexual harassment; if necessary, individuals may direct their concerns to the appropriate
3. Policies Specific to Computer Labs
Several clusters of public-access computers are available on campus and are commonly
referred to as computer labs. While primarily intended for students to use for course
work, faculty and staff are also welcome to use the facilities on an equal basis with
Faculty May Reserve the Computer Labs
Faculty wishing to reserve a computer lab for a class or seminar must contact the office of
the Director of Academic Computing at least one week before the event. Such requests
are generally granted on a first-come first-served basis. Generally the labs should not be
reserved during evening hours nor all at the same time.
Any workstation left unattended for more than fifteen minutes may be appropriated by
Playing recreational games in a computer lab is prohibited. Any exceptions to this policy
must be approved in writing by the Computer Users Committee.
Other Non-Academic Computer Use
Computer lab facilities are intended for educational and research purposes, and these
have higher priority than other types of use (for example, composing personal electronic
messages or reading electronic news). A user engaging in non-academic activities while
other users are waiting to use a terminal, is expected to yield the terminal. As a matter of
courtesy, give up the terminal voluntarily without having to be asked.
Experimenting with graphics (non-course work), reading news, and writing personal
correspondence are considered to have educational value; however, they should not be
performed during peak lab hours.
Manuals for most common software are available in the labs. Do not remove these
manuals or other computer supplies without authorization.
4. Penalties and Due Process
Depending on the nature and severity of the policy violation, the College may take one or
more of the following disciplinary actions:
Warnings and temporary suspension of accounts may be issued by the appropriate
System Manager. Restricting or revoking computer privileges for more than three days
requires the approval of the Director of Computing. Termination of computer privileges
permanently or indefinitely requires action by the college administration.
- Send a verbal, written, or electronic mail warning
- Allow only restricted computer privileges
- Temporarily suspend the computer account (typically 1 to 10 weeks)
- Revoke all computer privileges
Supervisors have authority over their workers' accounts -- to activate or terminate as
necessary. Supervisors on administrative systems also determine what specific data access
rights their workers are granted. When someone ceases to be an employee of the College,
the supervisor or department head should promptly notify the Computer Center so that
the account can be disabled.
In cases where the integrity or functionality of the network or a multi-user system is in
jeopardy, the system administrator is authorized to take immediate steps to prevent
further damage -- up to and including disabling user accounts and disconnecting a user's
workstation from the campus network. In the event that the user's account is being used
by someone other than the true owner, this policy may prevent damage to the legitimate
owner's data. The system administrator will promptly notify the account owner of the
When an account cannot be accessed, the user should immediately contact Computer
Support for an explanation of the situation. Quite often, temporary revocation is the
result of a minor or unintentional violation of the policies; it is customary to restore the
account after the staff has discussed the situation with the user.
Procedures for Students
Students who are for any reason dissatisfied by the application of this policy have a right
to appeal under the procedures specified in the Student Handbook. For severe infractions
the matter will be remanded to the Vice President for Student Administration for
disciplinary procedures under the Student Handbook.
If the Vice President for Student Administration initiates disciplinary action, the
Computer Center may be able to provide computing access on a restricted basis during
disciplinary proceedings. This restricted access will depend upon the severity of the
infraction and the technical feasibility of providing such access. The level of access will be
determined by the college administration.
If the Vice President for Student Administration chooses not to bring disciplinary action,
or if the judicial proceedings are resolved in the defendant's favor, computer access will
be restored immediately.
Procedures for Employees
Employees who are for any reason dissatisfied by the application of this policy have a
right to appeal under the procedures specified in the Governance Handbook. For severe
infractions, the matter will be remanded to the vice president of the department. The vice
president in consultation with the Director of Computing will decide what temporary
computer access is appropriate during the disciplinary proceedings.
The Washington State Criminal Code defines Computer Trespass in the first degree as a
class C felony, punishable by fines of up to $10,000 and imprisonment for up to 5 years.
Title 18 of the United States Code as amended in 1994 also includes fines and
imprisonment for "Computer Abuse." Copies of the relevant sections of the code are
available in the Appendix.
Parts of this document were adapted and ideas taken from the computer policies of the
Columbia University; California State University, Fresno; University of Hawaii,
Manoa; Iowa State University; University of Kentucky; Louisiana Tech University;
Princeton University; Rice University, University of Delaware.
Computer Users Committee: Voted to Recommend to Senate: November 29, 1994
Amendments approved February 2, 1995
Faculty Senate: First Reading: December 1, 1994
Second Reading and
Voted to Recommend to Student
Senate and Faculty: January 5, 1995
Amendments approved March 2, 1995
Student Senate: Approved with Amendments February 2, 1995
Faculty & Staff Meeting: First Reading April 3, 1995
Second Reading and Adoption May 1, 1995
Revised Code of Washington
9A.52.110 Computer trespass in the first degree.
(1) A person is guilty of computer trespass in the first degree if the person,
without authorization, intentionally gains access to a computer system or
electronic data base of another; and
(a) The access is made with the intent to commit another crime; or
(b) The violation involves a computer or data base maintained by a government agency.
(2) Computer trespass in the first degree is a class C felony. [1984 c 273 1.]
A class C felony is punishable by fines of up to $10,000 and imprisonment for up to 5
9A.52.120 Computer trespass in the second degree.
(1) A person is guilty of computer trespass in the second degree if the person,
without authorization, intentionally gains access to a computer system or
electronic data base of another under circumstances not constituting the offense in
the first degree.
(2) Computer trespass in the second degree is a gross misdemeanor. [1984 c 273 2.]
A gross misdemeanor is punishable by fines of up to $5,000 and imprisonment for up to
Oregon Criminal Code
164.377 Computer Crime.
(3) Any person who knowingly and without authorization alters, damages or
destroys any computer, computer system, computer network, or any computer
software, program, documentation or data contained in such computer, computer
system or computer network, commits [a Class C felony punishable by up to five
years in prison and $100,000 in fines].
(4) Any person who knowingly and without authorization uses, accesses or
attempts to access any computer, computer system, computer network, or any
computer software, program, documentation or data contained in such computer,
computer system or computer network, commits [a Class A misdemeanor
punishable by up to 1 year in jail and $5,000 in fines].
Summary of The Computer Fraud and Abuse Statute
Whoever knowingly and without authorization causes loss or damage to a computer,
network, information ,data, or program used in interstate commerce or
communications (including loss of use of the system by the rightful users), of value
aggregating $1,000 or more during any 1-year period shall be punished by fines and
imprisonment of not more than five years (ten years for repeat offenders).
Title 18 of the United States Criminal Code
18 USC Chapter 47 Sec 1030 Fraud and related activity in connection with
As amended by the 1994 Omnibus Crime Bill
The complete text of the statute is available electronically in WordPerfect 5.1 format
in the file HAL/SYS:APP\CLASS\POLICIES\COMPUTER\STATUTES\USCODE.WP.
File name: ...\policies\cccpol7.wpd
First Draft: July 22, 1993
Revised: May 12, 1994
Revised: November, 1994
Revised: March 30, 1995
Printed: 04/11/96 3:56 PM
HTML: April 23, 1996