Reviewed 1/11/07

I. BACKGROUND

Computers, networks, and related resources are essential components supporting the University’s mission “that there be fostered respect for the differences among people, the nurture of curiosity, the insistence upon high standards of thoughts, study, communications and the skills that should characterize the educated people” of higher learning.

II. PURPOSE

It is the purpose of this policy to inform users of expected standards of conduct related to the use of University computing facilities and the disciplinary measures for failing to adhere to them.

III. DEFINITIONS

A. Administrative Unit: The department, school/college, office, administrative

    or scientific unit with financial responsibility for the acquisition, operation

    and/or maintenance of a computing or network resource.

B. University Computing Facilities: The University of Miami network and

    any other computing and data resources, including hardware and software,

    owned by the University whether or not such computing resources are

    connected to the University network.

IV. APPLICABLE POLICIES

Users are subject to all policies and procedures of the University, including but not limited to this policy and those policies referenced below.  Copies and updates of University of Miami policies are posted on the World Wide Web and are available by clicking on the University of Miami home page.

V. POLICY

This policy applies to all University employees, scientific and technical staff, administrative staff, students, faculty, guest investigators, visiting professors, as well as to all other users of the University Computing Facilities or those who have contracted for access to such facilities.  Users of University computing facilities are not only subject to University policies, but to applicable local, state, and federal laws.

Open access to University computing facilities is a privilege granted by the University to authorized users and may be administratively suspended with or without notice when, in the University’s judgment, continued use of University resources may interfere with the work of others, places the University or others at risk, or violates University policy.  Proper use of University computing facilities involves only those activities performed in support of University contractual and/or operational requirements.  Determining authorized use is the responsibility of senior management within the individual administrative units.

Other related policies are referenced at the end of this policy. Violations of those policies may also constitute a violation of this policy.


A. Unauthorized or Illegal Use of University Computing Facilities

Unauthorized or illegal use of University computing facilities is prohibited.  This includes, but is not limited to:

    1.  applying for a fraudulent user ID;

    2.  use in violation of the terms included in federal, state and private

      grants and contracts awarded to the University community;

    3.  use for commercial applications unrelated to the University’s

      assigned functions and authorized activities;

    4.  use of computer accounts and/or electronic identification

      addresses without authorization;

    5.  obtaining passwords without the consent of owners or divulging

      any confidential information (including user ID) or passwords to

      any third parties (persons who divulge such information to third

      parties are solely responsible for the actions of such third parties);

    6.  gaining access to any University computer and/or any remote

      computer or network, or to information contained therein, without

      authorized permission;

    7.  intentional or reckless disruption of system or user passwords

      is prohibited;

    8.  intentionally performing acts which interfere with the normal

      operations of computers, terminals, peripherals, or networks;

    9.  attempts to secure a higher level of access or privilege without

      appropriate authorization;

  10. knowingly installing and being on any computer system or

      network or giving to another user a program designed to

      damage or render unusable a computer system or network

      (e.g. viruses);

  11. unauthorized circumvention of system security schemes;

  12. violating terms of software licensing agreements or

      copyright laws;

  13. monitoring or tampering with others’ communications;

  14. reading, copying, changing, or deleting software without

      explicit consent of the owners, without the authorization of the

      appropriate system administrator;

  15. transmitting information which is obscene or otherwise

      prohibited by law;

  16. taking or disclosing, without authorization, data which is

      confidential as provided by law;

  17. modifying or destroying data without authorization;

  18. conducting any activities with are illegal under Federal or

      State Law, or which violate any other University policy.

B. Implementation and Authority of Systems Administrators

Access to the University Computing Facilities increases the vulnerability of equipment and software connected to it.  The University promotes the use of security measures on all of its computer communication facilities.

Security measures must be supported by all users.  Theft, loss, or damage to data, computer/network and software applications - as well as unauthorized access to information - may occur from inadequate system security protection mechanisms, despite efforts to maintain those systems and network security facilities.  The University makes no warranty, either expressed or implied, with respect to security measures implemented on University computing facilities.  System administrators are responsible for implementing measures to protect hardware, software, data and/or security on their individual systems.  Where access to the contents of any individual’s communications or other information stored in the system is required pursuant to a valid subpoena, search warrant or other compulsory process, the University will provide notice to such individuals as provided by the Electronic Communications Privacy Act, 18 U.S.C. ยงยง 2510-2710, et. seq. and other applicable laws.

It is neither University policy nor practice to routinely examine transmissions or files maintained on the University computing facilities. In certain limited circumstances, however, appropriate user files are subject to monitoring or examination for legitimate business purposes at any time by authorized University officials in the ordinary course of their employment, when necessary to protect the integrity of University computing facilities, the rights or property of the University or third parties, or to insure compliance with University policy and applicable law.  Legitimate business purposes shall be determined by the University under the circumstances of each case.  In such cases, the individual whose file or communications contents are reviewed shall be notified after such review has taken place.  In addition, Systems Administrators or employee supervisors may also conduct any monitoring of technical data and network traffic as needed to insure reasonable maintenance and use of system hardware, software, and data.  Any examination of user files, or monitoring of technical data or network traffic, shall be subject to the guidelines of the Systems Administrator Policy.  All University personnel, staff, students, researchers, faculty, guest investigators and visiting professors must cooperate fully with any search conducted by the University for any lawful purpose, including internal audits.


C. Sanctions:

Accounts and network access may be administratively suspended with or without notice by the University when, in the University’s judgment, continued use of the University’s resources may interfere with the work of others, places the University or others at risk, or violates University policy.

Any violation of this policy by a student may lead to disciplinary charges under the appropriate student disciplinary policy.  Faculty and staff violations will be addressed by appropriate disciplinary procedures. All known and/or suspected violations must be reported to the applicable Systems Administrator, who will report, as appropriate, to Information Technology’s Security and Control Department.  All such allegations of misuse will be investigated by the appropriate University administrative office with the assistance of the Department of Information Technology and the Department of Human Resources.  Penalties may include:

*suspension or termination of access to computer and/or network resources;

*suspension or termination of employment;

*expulsion, or suspension of student status;

*breach of contract for computer and/or network services; or

*criminal and/or civil prosecution.