Skip to main content
more options

University-wide Policies and Codes

Campus Code of Conduct

The Campus Code of Conduct sets forth standards of behavior that apply to all faculty, students, staff, and university-registered organizations. The Board of Trustees and the University Assembly each have authority over different sections of the Code, and the Code is amended from time to time to foster a safe and productive learning and living environment. Regarding computer usage, the Code of Conduct specifically makes it a violation "to recklessly or maliciously interfere with or damage, in violation of university rules, computer or network resources or computer data, files, or other information." The Code also makes it clear that "misappropriation of data or copyrighted materials, including computer software, may constitute theft." Violations of university policies, including computer usage policies, also constitute violations of the Code of Conduct.

Violations of the Campus Code of Conduct are handled by the Office of the Judicial Administrator according to the procedures defined in the Code. More serious incidents (e.g., felonies) may be turned over to local and/or federal law enforcement agencies, as appropriate. Individuals who feel they have been victimized by computer abuse violations may choose to refer the matter to the JA, or may choose to pursue the matter outside the university (for example, through the civil or criminal courts).

All violations listed under the Policy Regarding Abuse of Computers and Network Systems and the Responsible Use of Electronic Communications Policy are also violations of the Campus Code of Conduct. To direct reports to the most appropriate place, see the specific examples under the policies below. In most cases, reports regarding alleged computer or network related violations involving members of the Cornell community can be made directly to the Office of the Judicial Administrator or to OIT or the CIT HelpDesk.

Code of Academic Integrity

The Code of Academic Integrity was adopted by the Faculty Council of Representatives and applies to all students. It prescribes adherence to a set of values, expected not only in coursework, but also in the use of university resources. The code includes computer and network related concepts and examples of violations, such as: initiating or encouraging the promulgation of chain letters and other types of electronic broadcast messages, tapping phone lines or other network cables, subverting or obstructing a computer or network by introducing a worm or virus, supplying false or misleading information to access computer or network systems, improperly obtaining or using another's password to access computers or network systems, and unauthorized access to data, computers or networks.

Violations of the Code of Academic Integrity are handled by the Dean of the appropriate college according to the procedures defined in the code. The computer and network related violations are also covered under the Policy Regarding Abuse of Computers and Network Systems and the Responsible Use of Electronic Communications Policy. Refer to the examples listed below under these policies to determine where to direct reports of incidents.

Policy Regarding Abuse of Computers and Network Systems

The Policy Regarding Abuse of Computers and Network Systems was developed in 1990 and applies to all faculty, students and staff. It expands on the principles of behavior that were incorporated into the Code of Academic Integrity for guiding the use of computers and networks. The basic premise is that legitimate use of a computer or network does not extend to whatever an individual is capable of doing with it. Just because you are able to circumvent restrictions or security, doesn't mean that you are allowed to do so.

Violations of the Policy Regarding Abuse of Computers and Network Systems are handled by the Office of the Judicial Administrator according to the procedures defined in the Campus Code of Conduct. Alleged violations of this policy can be reported directly to the Office of the Judicial Administrator or to abuse@cornell.edu. If the person responsible is not affiliated with the university, or cannot be identified, the incident should be reported to abuse@cornell.edu. In addition, some instances may violate federal law. See Federal computer security violations for more information.

Examples (not a comprehensive list) of policy violations include:

  • accessing, or attempting to access, another individual's data or information without proper authorization (e.g. using another's NetID and password to look at their personal information)

  • obtaining, possessing, using, or attempting to use someone else's password regardless of how the password was obtained (e.g. password sharing)

  • tapping phone or network transmissions, including wireless transmissions (e.g. running network sniffers without authorization)

  • making more copies of licensed software than the license allows (i.e. software piracy)

  • sending a crippling number of files across the network (e.g. e-mail "bombing" or "spamming")

  • releasing a virus, worm or other program that damages or otherwise harms a system or network

  • preventing others from accessing services (e.g. allowing a file-sharing application, such as KaZaA or Morpheus, to generate a volume of traffic that cripples other users' network access)

  • unauthorized use of university resources (e.g. using someone else's EZ-Remote dial-up access or borrowing their NetID and password to access the library systems)

  • sending forged messages under someone else's NetID (e.g. sending hoax messages, even if intended to be a joke)

  • using university resources for unauthorized purposes (e.g. using personal computers connected to the campus network to set up web servers for illegal, commercial or profit-making purposes)

  • unauthorized access to data or files even if they are not securely protected (e.g. breaking into a system by taking advantage of security holes, or defacing someone else's web page)

Responsible Use of Electronic Communications

In 1995 Responsible Use of Electronic Communications became an official university policy that applies to the entire Cornell community. It attempts to deal with some of the newer problems resulting from widespread use of the Internet. As stated in the policy, The university cherishes the diversity of values and perspectives endemic in an academic institution and so is respectful of freedom of expression. The university does not condone censorship, nor does it endorse the inspection of electronic files other than on an exceptional basis. As a result, the university cannot protect individuals against the existence or receipt of material that may be offensive to them. The university encourages individuals to use electronic communications in a responsible manner. Finally, the policy includes information about behavior that would constitute a violation and contains a set of procedures for reporting incidents.

Policy violations fall into four categories that involve the use of electronic communications to:

  • harass, threaten, or otherwise cause harm to a specific individual(s); for example, sending an individual repeated and unwanted (harassing) e-mail or using e-mail to threaten or stalk someone.
    Alleged violations of this type can be reported directly to the Office of the Judicial Administrator or to the Cornell police if the situation is potentially serious and requires immediate attention. If the person responsible is not affiliated with the university or if it is not possible to identify the individual, the incident can still be reported to the JA or to the police. These offices can assist by referring to appropriate sources of help outside the university. Save electronic copies of all correspondence for evidence.

  • impede, interfere with, impair, or otherwise cause harm to the activities of others; for example, propagating electronic chain mail, or sending forged or falsified e-mail.
    Alleged violations of this type can be reported to abuse@cornell.edu. If the person responsible is not affiliated with the university, the incident should be reported to the site that provides the individual with Internet access (see Reporting incidents to other sites). If it is not possible to identify the origin, contact the CIT HelpDesk for assistance. Save electronic copies of anything that can be used as evidence.

  • download or post to university computers, or transport across university networks, material that is illegal, proprietary, in violation of university contractual agreements, or otherwise is damaging to the institution; for example, launching a computer virus, distributing child pornography via the web, distributing copyrighted musical recordings via a file-sharing application, or posting a university site-licensed program to a public bulletin board.
    Alleged violations of this type can be reported directly to abuse@cornell.edu.

  • harass or threaten classes of individuals.
    Alleged violations of this type can be reported directly to the Office of Human Relations. If the person responsible is not affiliated with the university, the incident should be reported to the site that provides the individual with Internet access (see Reporting incidents to other sites). If it is not possible to identify the origin, contact the CIT HelpDesk for assistance. Save electronic copies of anything that can be used as evidence.