IT Policy

The 1990 Policy Regarding Abuse of Computers and Network Systems promulgates four important principles of information technology: privacy of communications; integrity of data and systems; intellectual property rights, and responsible use of network resources.

Excerpts from that policy are offered below, with examples to illustrate the principles.

The use of the network^* in no way exempts any member of the university community from the normal requirements of ethical or legal behavior. Data, software, and computer and network capacity have value and must be treated accordingly. Access to the network grants rights and bestows responsibilities on users.

Legitimate use of a computer or network system does not extend to whatever an individual is capable of doing with it. Although some rules are built into the architecture, these restrictions do not always limit what an individual can access. Network use requires that each user be identified to it, and users are responsible for their actions in the use of it.

Users must also observe policies and procedures governing:

• the privacy of or other restrictions placed upon data or information stored or transmitted across computers and network systems, even if data or information is not securely protected;
  
  Violations of this policy include, but are not limited to:
  
  Accessing, or attempting to access, another individual's or entity's data or information without proper authorization regardless of the means by which this access is attempted or accomplished; giving another individual the means to access data or information they are not authorized to access; obtaining, possessing, using, or attempting to use passwords^** or other information about someone else's account; inspecting, modifying, distributing, or copying data, mail, messages, or software without proper authorization, or attempting to do so; tapping phone or data lines; accessing files by circumventing privacy or security restrictions.
• an owner's interest in proprietary software or other assets pertaining to computers or network systems, even when such software or assets are not securely protected;
  
  Violations of this policy include, but are not limited to:
  
  Making more copies of software than the license allows; duplicating someone else's copy of proprietary software with or without that person's permission; inspecting, modifying, distributing, or copying data or software without proper authorization, or attempting to do so; giving another individual the means by which to inspect, modify, distribute, or copy proprietary data or software; theft of phone services.
• the finite capacity of computers or network systems by limiting use of computers and network systems so as not to interfere unreasonably with the activity of other users.
  
  Violations of this policy include, but are not limited to:
  
  Knowingly tampering with, obstructing, or impairing the availability of the network, or attempting to do so; using network resources without proper authorization; knowingly sending a crippling number of files around a network; introducing damaging, self-propagating, or otherwise harmful software into a machine or a network; hoarding computer or network resources in ways that interfere with the operation of the system; attempting to remove or modify computer or network equipment or software without proper authorization; altering wire, telephone sets, wireless access points, or associated equipment for any illegitimate purpose.

Members of the University community also are expected to follow all other policies, rules, or procedures established to manage computers or network systems, including those established to control access to, or the use of, computer data, files, or other information.

Violations of this policy include, but are not limited to:

Using network resources without proper authorization or for unauthorized purposes, or attempting to do so; using network resources to violate university, local, federal, or state regulations; supplying false or misleading information or identification in order to access network resources, or attempting to do so; sending electronic mail, messages, or facsimile transmissions as pranks or in a threatening or harassing manner; using campus phones or networks to harass or threaten others; using the network for commercial purposes unless explicitly authorized; using campus phones or the network for fraudulent purposes.

Violators will be subject to federal, state, and local laws as well as university policy.

Violations will be referred to the Cornell Judicial Administrator and/or to the appropriate Cornell body adjudicating academic integrity.

FOOTNOTES

*For supporting voice or data communications. (Go back to policy section)

**Note: This prohibition on the sharing of passwords does not create a right of privacy for password-protected electronic material. The university reserves the right to access material such as employee e-mail when needed for business reasons. (Go back to policy section)