Authority

This policy is approved by the Chief Information Officer.

Summary

Users of Bowdoin College network and computer resources have a responsibility to properly use and protect those information resources and to respect the rights of others.

The Computer and Network Usage Policy is to help ensure an information infrastructure that supports the missions of the College in teaching, learning and research. Computers and networks are powerful enabling technologies for accessing and distributing the information and knowledge developed at the college and elsewhere. As such, they are strategic technologies for the current and future needs of the College. Because these technologies leverage each individual’s ability to access and copy information from remote sources, users must be mindful of the rights of others to their privacy, intellectual property and other rights. This usage policy codifies what is considered appropriate usage of computers and networks with respect to the rights of others. With the privilege to use the information resources of the College come specific responsibilities outlined in this policy.

Users of College information resources must respect copyrights and licenses, respect the integrity of computer-based information resources, refrain from seeking to gain unauthorized access, and respect the rights of other information resource users. This policy covers the appropriate use of all information resources including computers, networks, and the information contained therein.

Applicability

This policy is applicable to all Bowdoin College students, faculty and staff and to others granted use of Bowdoin College information resources. This policy refers to all College information resources whether individually controlled or shared, stand-alone or networked. It applies to all computer and communication facilities owned, leased, operated, or contracted by the College. This includes but is not limited to networking devices, personal digital assistants, telephones, wireless devices, personal computers, workstations, mainframes, minicomputers and any associated peripherals and software, regardless of whether used for administration, research, teaching or other purposes.

1. Scope

Locally Defined and External Conditions of Use

Individual units within the College may define “conditions of use” for information resources under their control. These statements must be consistent with this overall policy but may provide additional detail, guidelines and / or restrictions. Where such “conditions of use” exist, enforcement mechanisms defined therein shall apply. These individual units are responsible for publicizing both the regulations they establish and their policies concerning the authorized and appropriate use of equipment for which they are responsible. Where use of external networks is involved, policies governing such use also are applicable and must be adhered to.

Legal and College Process

The College does not exist in isolation from other communities and jurisdictions and their laws. Under some circumstances, as a result of investigations, subpoena or lawsuits, the College may be required by law to provide electronic or other records or other information related to those records or relating to use of information resources (“information records”). The College may, in its reasonable discretion, review information records (i.e. for the proper functioning of the College or for internal investigations).

2. Policies

Copyrights and Licenses

Computer users must respect copyrights and licenses to software, entertainment materials, published and unpublished documents, and any other legally protected digital information.

• Copying. Any material protected by copyright must not be copied except as specifically stipulated by the owner of the copyright or otherwise permitted by copyright law. Protected material may not be copied into, from, or by any College facility or system, except pursuant to valid license or as otherwise permitted by copyright law.
• Number of Simultaneous Users. The number and distribution of copies of copyrighted materials must be handled in such a way that the number of simultaneous users in a department does not exceed the number of original copies purchased by that department, unless otherwise stipulated in the purchase contract or as otherwise permitted by copyright law.
• Copyrights. All copyrighted information (text, images, icons, programs, video, audio, etc.) retrieved from computer or network resources must be used in conformance with applicable copyright and other law. Copied material must be properly attributed. Plagiarism of digital information is subject to the same sanctions as apply to plagiarism in any other media.

Integrity of Information Resources

Computer users must respect the integrity of computer-based information systems.

• Modification or Removal of Equipment. Computer users must not attempt to modify or remove computer equipment, software, or peripherals that are owned by others, without proper authorization.
• Encroaching on Others’ Access and Use. Computer uses must not encroach on others’ access and use of the College’s computers, networks, or other information resources, including digital information. This includes, but is not limited to: attempting to access or modify personal, individual or any other College information systems or other information resources for which the individual is not authorized; sending chain-letters, unsolicited bulk electronic mail either locally or off-campus; printing excess copies of documents, files, data or programs; running grossly inefficient programs when efficient alternatives are known by the user to be available; unauthorized modification of system facilities, operating systems, or disk partitions; attempting to crash or tie up a College computer, network or other information resource; or otherwise damaging or vandalizing College computing facilities, equipment, software, computer files or other information resources.
• Unauthorized or Destructive Programs. Computer users must not intentionally develop or use programs which disrupt other computer or network users or which access private or restricted information or portions of a system and / or damage software or hardware components of a system. Computer users must ensure that they do not use programs or utilities, which interfere with other computer users, or which modify normally protected or restricted portions of the system or user accounts. Computer users must not use network links for any use other than those permitted in network guidelines. The use of any unauthorized or destructive program may result in legal civil action for damages or other punitive action by any injured party, including the College, as well as criminal action.
• Academic Pursuits. The College recognizes the value of research on game development, computer security, and the investigation of self-replicating code (i.e. computer viruses and worms). The College may restrict such activities in order to protect College and individual computing environments, but in doing so will take account of legitimate academic pursuits.

Unauthorized Access

Computer users must refrain from seeking to gain unauthorized access to information resources or enabling unauthorized access.

• Abuse of Computing Privileges. Users of College information resources must not access computers, computer software, computer data or information, or networks without proper authorization, or intentionally enable others to do so, regardless of whether the computer, software, data, information, or network in question is owned by the College. For example, abuse of networks to which the College belongs or the computers at other sites connected to those networks, will be treated as an abuse of College computing privileges, and subject to the discipline policies of Human Resources or the Dean of Student Affairs office.
• Reporting Problems. Any defects discovered in system accounting or system security must be reported to the appropriate system administrator so that steps can be taken to investigate and resolve the problem.
• Password Protection. A computer user who has been authorized to use a password, or otherwise protected account, may be subject to the discipline policies of Human Resources or the Dean of Student Affairs office, as well as civil and criminal liability if the user discloses the password or otherwise makes the account available to others without permission of the system administrator.

Usage

Computer users must respect the rights of other computer users. Most College systems provide mechanisms for the protection of private information from examination by others. Attempts to circumvent these mechanisms in order to gain unauthorized access to the system or to another person’s information are a violation of College policy and may violate applicable law. Authorized system administrators may access computer users’ files at any time for maintenance purposes. System administrators will report suspected unlawful or improper activities to the proper authorities.

• Prohibited Use. Use of the College’s computers, network or electronic communication facilities (such as electronic email or instant messaging, or systems with similar functions) to send, view or download fraudulent, harassing, obscene (i.e. pornographic), threatening, or other messages or material that are a violation of applicable law or College policy, such as under circumstances that might contribute to the creation of a hostile academic or work environment, is prohibited.
• Mailing Lists. Users must respect the purpose and charters of computer mailing lists (including local or network news groups and bulletin boards). The user of an electronic mailing list is responsible for determining the purpose of the list before sending messages to or receiving messages from the list. Subscribers to an electronic mailing list will be viewed as having solicited any material delivered by the list as long as that material is consistent with the list’s purpose. Persons sending to a mailing list any materials, which are not consistent with the list’s purpose, will be viewed as having sent unsolicited material.
• Advertisements. In general, the College’s electronic communication facilities should not be used to transmit commercial or personal advertisements, solicitations or promotions (see Commercial Use below). Some public bulletin boards have been designated for selling items by members of the Bowdoin community, and may be used appropriately, according to the stated purpose of the list(s).
• Information Belonging to Others. Users must not intentionally seek or provide information on, obtain copies of, or modify data files, programs, passwords or other digital materials belonging to other users, without the specific permission of those other users.
• Protected Health Information. The Health Insurance Portability and Accountability Act of 1996 (HIPPA) contains standards and rules which govern the treatment of individually identifiable health information. Consult the Health Privacy Officer for more information.

Political, Personal and Commercial Use

The College is a non-profit, tax-exempt organization and, as such, is subject to specific federal, state and local laws regarding sources of income, political activities, use of property and similar matters. It also is a contractor with government and other entities and thus must assure proper use of property under its control and allocation of overhead and similar costs.

• Political Use. College information resources must not be used for partisan political activities where prohibited by federal, state or other applicable laws, and may be used for other political activities only when in compliance with federal, state and other laws and in compliance with applicable College policies.
• Personal Use. College information resources should not be used for personal activities not related to appropriate College functions, except in a purely incidental manner.
• Commercial Use. College information resources should not be used for commercial purposes, except in a purely incidental manner or except as permitted under other written policies of the College or with the written approval of a College officer having the authority to give such approval. Any such commercial use should be properly related to College activities, take into account proper cost allocations for government and other overhead determinations and provide for appropriate reimbursement to the College for taxes and other costs the College may incur by reason of the commercial use. Users are also reminded that the “EDU” domain on the Internet has rules restricting or prohibiting commercial use, and thus activities not appropriately within the EDU domain and which otherwise are permissible within the College computing resources should use one or more other domains, as appropriate.

3. System Administrator Responsibilities

While the College is the legal “owner” or “operator” of all computers and networks purchased or leased with College funds, oversight of any particular system is delegated to the head of a specific division of the College governance structure, such as Dean, Department Chair, Administrative Department Head, or Principal Investigator. For College-owned or leased equipment, that person is the responsible administrator.

The responsible administrator may designate another person to manage the system. This designate is the “system administrator”. The system administrator has additional responsibilities to the College as a whole for the system(s) under their oversight, regardless of the policies of their department or group, and the responsible administrator has the ultimate responsibility for the actions of the system administrator.

College Responsibilities

The system administrator should use reasonable efforts:

• To take precautions against theft of, or damage to, the system component
• To faithfully execute all hardware and software licensing agreements applicable to the system
• To treat information about, and information stored by, the system’s users in an appropriate manner and to take precautions to protect the security of a system or network and the information contained therein.
• To spread information about specific policies and procedures that govern access to and use of the system, and services provided to the users or explicitly not provided. This information should describe the data backup services, if any, offered to the users. A written document given to users or messages posted on the computer system itself shall be considered adequate notice.
• To cooperate with the system administrators of other computers systems or networks, whether within or without the College, to find and correct problems caused on another system by the use of the system under their control.

Policy Enforcement

Where violations of this policy come to his or her attention, the system administrator is authorized to take reasonable actions to implement and enforce the usage and service policies of the system and to provide for security of the system.

Suspension of Privileges

A system administrator may temporarily suspend access privileges if he or she believes it necessary or appropriate to maintain the integrity of the computer system or network.

4. Information Security Officer Responsibilities

The College’s Chief Information Officer (CIO) or the person designated by the CIO shall be the primary contact for the interpretation, enforcement and monitoring of this policy and the resolution of problems concerning it. Any issues concerning law shall be referred to the Legal Office for advice.

Policy Interpretation

The Security Representative shall be responsible for interpretation of this policy, resolution of problems and conflicts with local policies, and special situations.

Policy Enforcement

Where violations of this policy come to his or her attention, the Chief Information Security Officer (CISO) is authorized to work with the appropriate administrative units to obtain compliance with this policy.

Inspection and Monitoring

Inspection and monitoring of network traffic or computer systems, when there is reasonable cause to suspect improper use of the computer or network resources, can be authorized by the College’s Chief Information Officer or Chief Information Security Officer.

Inspection of internal or restricted data, or the monitoring of messages (including electronic mail), when there is reasonable cause to suspect improper use of the computer or network resources can be authorized by the College’s Chief Information Officer or other senior staff.

All information inspected or monitored is treated as confidential by those involved and will have access restricted.

5. Consequences of Misuse of Computing Privileges

A user of College information resources who is found to have purposely or recklessly violated any of these policies will be subject to disciplinary action according to the policies of Human Resources or the Dean of Student Affairs office, up to and including discharge, dismissal, expulsion and / or legal action.

Cooperation Expected

Users, when requested, are expected to cooperate with system administrators in any investigation of system abuse. Users are encouraged to report suspected abuse, especially any damage to, or problems with their files. Failure to cooperate may be grounds for cancellation of access privileges, or other disciplinary actions.

Corrective Action

If system administrators have persuasive evidence of misuse of computing resources, and if that evidence points to the computing activities or the computer files of an individual, they should pursue one or more of the following steps, as appropriate to protect other users, networks and the computer system.

• Provide notification of the investigation to the College’s Chief Information Officer or Chief Information Security Officer, as well as the user’s instructor, department or division chair, or supervisor.
• Temporarily suspend or restrict the user’s computing privileges during the investigation. A student may appeal such a suspension or restriction, and petition for reinstatement of computing privileges through the Dean of Students Office. A staff member may appeal through applicable dispute resolution procedures. Faculty members may appeal through the Academic Deans Office or Department Chair.
• With authorization from the College’s Chief Information Officer or Chief Information Security Officer, inspect the user’s files, diskettes, tapes, and / or other computer accessible storage media on College owned and operated equipment
• Refer the matter for possible disciplinary action to the appropriate College unit (i.e. the Dean of Students Office for students, the supervisor for staff, and the Chair of the relevant department for faculty or other teaching or research personnel.

Definitions

System Administrator. An individual responsible for configuration and maintenance of any device or system connected to the College network. This responsibility may occur at the level of a single device/system or for groups of devices/systems. This pertains to system administrators affiliated with the College as well as to non-college personnel serving the College on an outsourced basis. In the absence of an assigned system administrator, the administrator/owner will be considered to be the system administrator.

Student Honor Code and Fundamental Standard

Unless specifically authorized by a class instructor, all of the following uses of a computer are examples of possible violations of the Honor Code:

• Copying a computer file that contains another student’s assignment and submitting it for credit
• Copying a computer file that contains another student’s assignment and using it as a model for one’s own work
• Collaborating on an assignment, sharing the computer files and submitting the shared file, or a modification thereof, as one’s individual work

In addition, student misuse of a computer, network or system may violate the Fundamental Standard. Examples would be, but are not limited to: theft or other abuse of computer time, including unauthorized entry into a file, to use, read or change the contents; unauthorized use of another person’s identification or password; use of computing facilities to send abusive messages; or use of computing facilities to interfere with the work of another student or the work of a faculty or staff member.

For cases involving a student, referring the case through the Dean of Students Office is the recommended course of action. This ensures that similar offenses may be considered for similar punishments, from semester to semester, year to year, and instructor to instructor. It also allows the detection of repeat offenders.