Policies For
Responsible Computing at
Walla Walla College

May 5, 1995
Walla Walla College
College Place, Washington 99324

Table of Contents

Scope, Audience, and Authority

Readers are also referred to several other documents concerning policies and procedures for campus computer resources -- including the Computer Center System Backup Policy, the Computer Center Basic Services Guide, the section in the Governance Handbook regarding the Computer Users Committee, the section on Software in the College Copyright Policy, the Computer Primer, the Academic Computing Handbook, and the Internet Primer.

Philosophy

Computing facilities are provided for use by WWC students, faculty, and staff in support of the activities of the college. All students, faculty and staff are responsible for seeing that these computing facilities are used in an effective, efficient, ethical, and lawful manner.

These policies establish rights, responsibilities, and restrictions regarding the access and use of college-owned computer facilities. These policies apply to centrally administered computer systems, departmental computer systems, and college-owned personal computers. They include all means of accessing these, as well as all computerized institutional data regardless of the office in which it resides or the format in which it is used.

All computer users have two basic rights -- a reasonable expectation of privacy and a fair share of the resources. Consequently, computer users have the responsibility to help ensure that others also experience those rights. The following policies are intended to ensure these rights.

Computerized Institutional Data

Policy: Computer users may log in only to their own computer accounts

Rationale:

System managers are more able to make systems run smoothly when they know who is using the system. Users are less likely to interfere with each other if they each have their own account. Unauthorized users can then be identified more readily. On systems that charge for computer resources, one user may be paying for the computer usage of another. Some systems limit the number of simultaneous users of a single account. Private information is available to the legitimate owner of an account.

Exceptions:

Some systems have generic accounts (e.g., guest) that almost anyone is authorized to use.

Policy: Computer users must ensure that their work does not interfere with others

Rationale:

Students, faculty, and staff depend on reliable and efficient computer systems to do work and schoolwork. Disrupting computer systems causes lost productivity and frustration.

Exceptions:

Nearly everyone, from time to time, unknowingly does something on the computer that has an adverse effect on the network, the hard drive space, or some other shared resource. This is usually quite innocent and unintentional. Users are responsible for educating themselves regarding their computer work, so as to have a minimum of impact on other users. The Computer Center will help with that educational process by making users aware of resource-consuming activities when they are discovered.

Examples:

Exceeding assigned disk quotas
Attaching incompatible equipment to the campus network
Releasing a virus program
Sending harassing messages

Policy: Computer users may not examine, copy, modify, or delete files belonging to other users without their consent.

Rationale:

Computer users have a reasonable expectation of privacy for their data stored on campus computer systems. Most systems have security protections in place to make it difficult for users to look where they have no permission to look. This policy applies to System Managers as well as regular computer users.

Examples:

Attempting to discover other users' or system passwords.
Attempting to read or modify other users' files without their permission.
Attempting to circumvent data protection schemes or uncover security loopholes.
Attempting to read or modify another's E-mail.
Attempting to modify system software or configuration files.

Users who encounter or observe a gap in system security should report it to the Computer Center.

Exceptions:

It is generally considered acceptable for work supervisors to access the work-related files in the accounts of their employees when necessary. This is one reason why student employees are encouraged to keep their work files separate from their personal files. Of course, guidelines for these practices will vary between departments.

Policy: Computer users must not waste computer resources

Rationale:

Wasting computer resources that could be used by others hurts everyone. Good computer citizens will not use more than their fair share of the computer resources.

Examples of wasting resources: generating unnecessary printer output, using unwarranted or excessive amounts of disk storage, creating unnecessary processes on multi-user systems, propagating electronic chain letters, sending frivolous E-mail to large groups, or creating or posting inappropriate messages to news or list groups, posting messages to multitudinous news groups, creating unnecessary network traffic.

Policy: Computer users must not use WWC computer facilities to gain unauthorized access to remote networks or systems or violate the use policies of any remote system.

Rationale:

System managers on the Internet depend on each other's cooperation to enforce policies and keep general order. If a Walla Walla College computer user were to use our facilities to disrupt the operation of remote systems, the only recourse for the remote system manager might be to terminate all access from WWC computers. This could cause the disruption of many Internet facilities upon which our users depend. In addition, if government systems were involved, the user might be in violation of United States and/or Washington State Law (refer to the Washington State Criminal Code).

Possession of computer software used to discover passwords or otherwise scan for security loopholes may be allowed for legitimate academic purposes, but must be registered with and approved by the Computer Center before storing it on a college- owned computer system or system connected to a campus network. To protect the integrity of the network, unregistered copies of such software discovered on campus systems will be promptly removed .

Security

Privacy and Confidentiality of User Data

The following policies are intended to create a balance between users' rights to privacy and the right to a smoothly-functioning computer system, free of disruption.

• Personal user files -- whether stored on disk or backup tape -- are considered private and will not be scanned or read by computer center staff except as specifically authorized below. If System Managers discover private information as an incidental result of performing their duties, they are obligated to keep this information confidential. However, such information, if evidence of policy violations, may be used in disciplinary proceedings.
• System Managers are authorized to examine user files or processes only as far as necessary to ensure reliable and secure system operation. If reliable system operation is in jeopardy, system operators are also authorized to kill or suspend user processes, move user files to alternate storage media or delete files that can be easily recovered (for instance, from off the Internet). The users affected will be promptly notified of the actions taken and the reasons why. System Managers will make every reasonable attempt to assist users in recovering work files that were destroyed in the process of attempting to keep the system running properly.
• System Managers are authorized to examine user files to collect evidence of specific college policy violations, provided that probable cause exists for such a search. Any examination of this sort must be reported promptly to the Director of Computing.

Some systems run programs which periodically scan disk volumes looking for problem files such as viruses and large graphical images. The system program will report these potential problems to the System Manager. Private disk volumes not mounted on the network are never scanned.

Being Logged In is Considered Public Information

Disclaimer for Loss of Data

The college will not attempt to regulate the content of electronic mail except for cases involving violations of other college policies. The college accepts no liability for the content of users' electronic mail. The college has policies against racism, sexism, and sexual harassment; if necessary, individuals may direct their concerns to the appropriate administrator.

Faculty May Reserve the Computer Labs

Unattended Workstations

Computer Games

Other Non-Academic Computer Use

Experimenting with graphics (non-course work), reading news, and writing personal correspondence are considered to have educational value; however, they should not be performed during peak lab hours.

Manuals

Available Penalties

• Send a verbal, written, or electronic mail warning
• Allow only restricted computer privileges
• Temporarily suspend the computer account (typically 1 to 10 weeks)
• Revoke all computer privileges

Supervisors have authority over their workers' accounts -- to activate or terminate as necessary. Supervisors on administrative systems also determine what specific data access rights their workers are granted. When someone ceases to be an employee of the College, the supervisor or department head should promptly notify the Computer Center so that the account can be disabled.

In cases where the integrity or functionality of the network or a multi-user system is in jeopardy, the system administrator is authorized to take immediate steps to prevent further damage -- up to and including disabling user accounts and disconnecting a user's workstation from the campus network. In the event that the user's account is being used by someone other than the true owner, this policy may prevent damage to the legitimate owner's data. The system administrator will promptly notify the account owner of the action taken.

When an account cannot be accessed, the user should immediately contact Computer Support for an explanation of the situation. Quite often, temporary revocation is the result of a minor or unintentional violation of the policies; it is customary to restore the account after the staff has discussed the situation with the user.

Procedures for Students

If the Vice President for Student Administration initiates disciplinary action, the Computer Center may be able to provide computing access on a restricted basis during disciplinary proceedings. This restricted access will depend upon the severity of the infraction and the technical feasibility of providing such access. The level of access will be determined by the college administration.

If the Vice President for Student Administration chooses not to bring disciplinary action, or if the judicial proceedings are resolved in the defendant's favor, computer access will be restored immediately.

Procedures for Employees

Statutory Provisions

Columbia University; California State University, Fresno; University of Hawaii, Manoa; Iowa State University; University of Kentucky; Louisiana Tech University; Princeton University; Rice University, University of Delaware.

Computer Users Committee:	Voted to Recommend to Senate:	November 29, 1994

				Amendments approved		February 2, 1995
Faculty Senate:			First Reading:		December 1, 1994
				Second Reading and
				Voted to Recommend to Student
				Senate and Faculty:		January 5, 1995
				Amendments approved		March 2, 1995

Student Senate:			Approved with Amendments	February 2, 1995

President's Cabinet:

Faculty & Staff Meeting:   	First Reading			April 3, 1995
				Second Reading and Adoption	May 1, 1995

Revised Code of Washington
Computer Statutes

9A.52.110 Computer trespass in the first degree.

(1) A person is guilty of computer trespass in the first degree if the person, without authorization, intentionally gains access to a computer system or electronic data base of another; and
(a) The access is made with the intent to commit another crime; or (b) The violation involves a computer or data base maintained by a government agency.
(2) Computer trespass in the first degree is a class C felony. [1984 c 273 1.]

A class C felony is punishable by fines of up to $10,000 and imprisonment for up to 5 years.

9A.52.120 Computer trespass in the second degree.

(1) A person is guilty of computer trespass in the second degree if the person, without authorization, intentionally gains access to a computer system or electronic data base of another under circumstances not constituting the offense in the first degree.
(2) Computer trespass in the second degree is a gross misdemeanor. [1984 c 273 2.]

A gross misdemeanor is punishable by fines of up to $5,000 and imprisonment for up to one year.

Oregon Criminal Code
Computer Statutes

164.377 Computer Crime.

(3) Any person who knowingly and without authorization alters, damages or destroys any computer, computer system, computer network, or any computer software, program, documentation or data contained in such computer, computer system or computer network, commits [a Class C felony punishable by up to five years in prison and $100,000 in fines].

(4) Any person who knowingly and without authorization uses, accesses or attempts to access any computer, computer system, computer network, or any computer software, program, documentation or data contained in such computer, computer system or computer network, commits [a Class A misdemeanor punishable by up to 1 year in jail and $5,000 in fines].

Summary of The Computer Fraud and Abuse Statute
Title 18 of the United States Criminal Code
18 USC Chapter 47 Sec 1030 Fraud and related activity in connection with computers.
As amended by the 1994 Omnibus Crime Bill

The complete text of the statute is available electronically in WordPerfect 5.1 format in the file HAL/SYS:APP\CLASS\POLICIES\COMPUTER\STATUTES\USCODE.WP.

Document Identification

	File name:	...\policies\cccpol7.wpd
	First Draft:	July 22, 1993
	Revised: 	May 12, 1994
	Revised: 	November, 1994
	Revised: 	March 30, 1995
	Printed:  	04/11/96 3:56 PM
	Converted to
	HTML:		April 23, 1996