Guidelines for Responsible Computing

Found at: 0x1bi.net:70/textfiles/file?hacking/POLICIES/udel.1

Responsible Computing
at the
University of Delaware
September 1991
Computing and Network Services
University of Delaware
The computer has become a common denominator that knows no
ntellectual, political, or bureaucratic bounds; the Sherwin Williams
of necessity that covers the world, spanning all points of view.
. . . I wish that we lived in a golden age, where ethical behavior was
assumed; where technically competent programmers respected the privacy
of others; where we didn't need locks on our computers. . . .
Fears for security really do louse up the free flow of information.
Science and social progress only take place in the open.  The paranoia
that hackers leave in their wake only stifles our work.
-Cliff Stoll, in The Cuckoo's Egg: Tracking a spy through
 the maze of computer espionage
One of the interesting facets of Cliff Stoll's The Cuckoo's Egg is his
each other.  It is our hope that this set of Guidelines can foster that
nformation resources realize how much these resources require
nformation resources we use.
Universities do try to promote the open exchange of ideas; however, an
open, cooperative computing network can be vulnerable to abuse or
misuse.  As more and more schools, colleges, universities, businesses,
than ever that this University educate its students, faculty, and staff
about proper ethical behavior, acceptable computing practices, and how
"computer vandalism" interferes with the exchange of ideas that is
ntegral to a modern education.
The first item in the body of this document is the University's Policy
for Responsible Computing Use, passed by the Faculty Senate of the
University of Delaware on (date will go here).  The remainder of this
Computing and Network Services, or with your dean, project director,
Table of Contents
Definition of Terms	 iii
User Responsibilities	 2
System Administrator Responsibilities	 3
Misuse of Computing and Information Resource Privileges	 4
User Confidentiality and System Integrity	 5
	Resource Privileges
Academic Honesty	 7
Works Consulted	 8
Definition of Terms
Administrative Officer:  vice-president, dean, chair, or director to
Computer Account:  the combination of a user number, username, or
userid and a password that allows an individual access to a mainframe
computer or some other shared computer.
Data Owner:  the individual or department that can authorize access to
nformation, data, or software and that is responsible for the
ntegrity and accuracy of that information, data, or software.
Specifically, the data owner can be the author of the information,
negotiated a license for the University's use of the information, data,
or software.
Desktop Computers, Microcomputers, Advanced Workstations:  different
classes of smaller computers, some shared, some single-user systems.
connected to a University-owned, leased, or operated network, use of
these computers is  covered by the Policy for Responsible Computing
that data or information available to users.
Mainframe Computers:  "central" computers capable of use  by several
Network:  a group of computers and peripherals that share information
electronically, typically connected to each other by either cable or
Normal Resource Limits:  the amount of disk space, memory, printing,
etc. allocated to your computer account by that computer's system
computer network--for example, printers, scanners, plotters, etc.
computer accounts and the computing resources used by the people using
those computer accounts.
Server:  a computer that contains information shared by other computers
on a network.
Software:  programs, data, or information stored on magnetic media
(tapes, disks, diskettes, cassettes, etc.).  Usually used to refer to
computer programs.
System Administrator: staff employed by a central computing agency such
as Computing and Network Services whose responsibilities include
University departments whose duties include system, site, or network
administration.  Note that if you have a computer on your desk, you may
be considered that system's system administrator.
the University of Delaware provides access to computing and information
All members of the University community who use the University's
computing and information resources must act responsibly.  Every user
s responsible for the integrity of these resources.  All users of
University-owned or University-leased computing systems must respect
the rights of other computing users, respect the integrity of the
contractual agreements.  It is the policy of the University of Delaware
that all members of its community act in accordance with these
Access to the University's computing facilities is a privilege granted
to University students, faculty, and staff.  Access to University
nformation resources may be granted by the owners of that information
based on the owner's judgement of the following factors: relevant laws
and contractual obligations, the requestor's need to know, the
nformation's sensitivity, and the risk of damage to or loss by the
The University reserves the right to limit, restrict, or extend
computing privileges and access to its information resources.  Data
owners--whether departments, units, faculty, students, or staff--may
allow individuals other than University faculty, staff, and students
access to information for which they are responsible, so long as such
access does not violate any license or contractual agreement;
University policy; or any federal, state, county, or local law or
Computing facilities and accounts are owned by the University and are
to be used for the University-related activities for which they are
assigned.  University computing resources are not to be used for
commercial purposes or non-University-related activities without
University will require payment of appropriate fees.  This policy
applies equally to all University-owned or University-leased
Users and system administrators must all guard against abuses that
the University and those on networks to which the University's systems
are connected.  Access to information resources without proper
authorization from the data owner, unauthorized use of University
computing facilities, and intentional corruption or misuse of
nformation resources are direct violations of the University's
Manual, the Personnel Policies and Procedures for Professional and
Salaried Staff, the Faculty Handbook, and the Official Student Handbook
and may also be considered civil or criminal offenses.
The University of Delaware treats access and use violations of
computing facilities, equipment, software, information resources,
networks, or privileges seriously.  Disciplinary action resulting from
action--including prosecution under Title 11, $931-$939 of the Delaware
Code, the Computer Fraud and Abuse Act of 1986, or other appropriate
                                                        May 31, 1991
User Responsibilities
the following responsibilities:
-       Use the University's computing facilities and information
accounts, responsibly and appropriately, respecting the rights of other
computing users and respecting all contractual and license agreements.1
-       Use only those computers and computer accounts for which you
-       Use mainframe accounts only for the purpose(s) for which they
-       Be responsible for all use of your accounts and for protecting
each account's password.  In other words, do not share computer
accounts.  If someone else learns your password, you must change it.
-       Report unauthorized use of your accounts to your project
appropriate University authority.
-       Cooperate with system administrator requests for information
about computing activities.  Under certain unusual circumstances, a
-       Take reasonable and appropriate steps to see that all hardware
and software license agreements are faithfully executed on any system,
network, or server that you operate.
Each user is ultimately responsible for his or her own computing and
their data, files, programs, diskettes, and tapes, particularly those
created on microcomputers and those used on individually- or
computers or other computers that they operate themselves must remember
that they may be acting as the system administrators for those
computers and need to take that responsibility very seriously.
a supervisor whose staff use computers, or a faculty member whose
computing practices and data management.
the University for your use.  As a result, its use may be subject to
certain limitations.
System Administrator Responsibilities
This document uses the phrase system administrator to refer to all of
the following University personnel:
-       staff employed by a central computing agency such as Computing
and Network Services whose responsibilities include system, site, or
network administration 
-       staff employed by other University
A system administrator's use of the University's computing resources is
activity.  However, a system administrator has additional
-       A system administrator manages systems, networks, and servers
to provide available software and hardware to users for their
University computing.
-       A system administrator is responsible for the security of a
-       A system administrator must  take reasonable and appropriate
faithfully executed on all systems, networks, and servers for which he
or she has responsibility.
-       A system administrator must take reasonable precautions to
-       A system administrator must treat information about and
nformation stored by the system's users as confidential.
As an aid to a better understanding of responsible computing practices,
all departments that own or lease computing equipment are encouraged to
operate and to make these "Conditions Of Use" documents available to
users.  These documents should be consistent with the University of
Delaware Policy for Responsible Computing Use (reprinted on page 1 of
these Guidelines) and should be approved by the department's
administrative officer or other individual designated by that
administrative officer.
computing misuse, malfunction of computing hardware, malfunction of
computing software, or external contamination of data or programs.  The
and all other system administrators must make every effort to ensure
the integrity of the University's computer systems and the information
back-up system is 100.00% foolproof.
Misuse of Computing and Information Resource Privileges
The University characterizes misuse of computing and information
cause for taking disciplinary action.  Misuse of computing and
nformation resources and privileges includes, but is not restricted
to, the following:
-       attempting to modify or remove computer equipment, software, or
-       accessing computers, computer software, computer data or
nformation, or networks without proper authorization, regardless of
question is owned by the University (That is, if you abuse the networks
to which the University belongs or the computers at other sites
connected to those networks, the University will treat this matter as
an abuse of your University of Delaware computing privileges.)
-       circumventing or attempting to circumvent normal resource
limits, logon procedures, and security regulations
-       using computing facilities, computer accounts, or computer data
for purposes other than those for which they were intended or
-       sending fraudulent computer mail, breaking into another user's
electronic mailbox, or reading someone else's electronic mail without
-       sending any fraudulent electronic transmission, including but
not limited to fraudulent requests for confidential information,
fraudulent submission of electronic purchase requisitions or journal
vouchers, and fraudulent electronic authorization of purchase
-       violating any software license agreement or copyright,
ncluding copying or redistributing copyrighted computer software,
-       violating the property rights of copyright holders who are in
-       harassing or threatening other users or interfering with their
access to the University's computing facilities
-       taking advantage of another user's naivete or negligence to
your own
-       encroaching on others' use of the University's computers (e.g.,
frivolous or excessive messages, either locally or off-campus; printing
excess copies of documents, files, data, or programs; modifying system
facilities, operating systems, or disk partitions; attempting to crash
or tie up a University computer; damaging or vandalizing University
computing facilities, equipment, software, or computer files)
-       disclosing or removing proprietary information, software,
-       reading other users' data, information, files, or programs on a
owner's explicit permission.
User Confidentiality and System Integrity
notices an unusual degradation of service or other aberrant behavior on
the system, network, or server for which he or she is responsible; or
or she should investigate and take steps to maintain the integrity of
the system(s).  If  a system administrator has evidence that leads to a
user's computing activity as the probable source of a problem or abuse
under investigation, he or she must weigh the potential danger to the
While investigating a suspected abuse of computing; a suspected
application program, compiler, network, operating system, or system
utility, a system administrator should ordinarily ask a user's
The next two paragraphs outline exceptions to this rule.
one user threatens other users or if a system or network for which the
crashing, sustaining damage to its hardware or software, or sustaining
to inspect user files in the pursuit of this important responsibility,
administrative officer or other individual designated by that
administrative officer of his or her action and the reasons for taking
that action.  The administrative officer needs to be certain that one
of the following are also notified:  the user or users whose files were
nspected; the user's supervisor, project director, administrative
officer, or academic advisor.  It is a departmental responsibility that
this notification occur, not a personal responsibility of the system
nvestigation of serious computer abuse, the system administrator may
nspect the information in question so long as he notifies his or her
own administrative officer or other individual designated by the
administrative officer of his or her actions and the reasons for taking
those actions.  The administrative officer needs to be certain that the
user's supervisor, project director, administrative officer, or
academic advisor is notified of the situation.  In the case of
Department of Public Safety.
A system administrator may find it necessary to suspend or restrict a
user's computing privileges during the investigation of a problem.  The
officer or other person designated by that administrative officer
before taking this step.  A user may appeal such a suspension or
through the University's judicial system, through the grievance
by petition to the Dean of Students.
-	protect the integrity of the system entrusted to his or her care
-       respect the confidentiality of the information users have
-       notify appropriate individuals when the above two aims have
come into conflict
-       assist his or her administrative officer in referring cases of
Abuse of computing privileges is subject to disciplinary action.  If
a preponderance of evidence that intentional or malicious misuse of
computing resources has occurred, and if that evidence points to the
computing activities or the computer files of an individual, they have
the obligation to pursue any or all of the following steps to protect
the user community:
-       Notify the user's project director, instructor, academic
advisor, or administrative officer of the investigation.
-       Refer the matter for processing through the University's
agency such as Computing and Network Services as well as faculty
members with computing expertise may be called upon to advise the
University judicial officers on the implications of the evidence
of the offense.
-       Suspend or restrict the user's computing privileges during the
nvestigation.  A user may appeal such a suspension or restriction and
University's judicial system, through the grievance procedures outlined
n the faculty collective bargaining agreement, or by petition to the
Dean of Students.
-       Inspect that user's files, diskettes, and/or tapes.  System
administrators must be certain that the trail of evidence leads to the
user's computing activities or computing files before inspecting the
user's files.
Ordinarily, the administrative officer whose department is responsible
for the computing system on which the alleged misuse occurred should
nitiate proceedings.  As the case develops, other administrative
officers may, by mutual agreement, assume the responsibility for
Disciplinary action may include the loss of computing privileges and
other disciplinary sanctions up to and including non-reappointment,
the University's computing resources may also be liable for civil or
criminal prosecution.
enforcement under the laws and regulations of the State of Delaware,
any municipality or county therein, and/or the United States of
America.   For example, if you are found guilty of committing a
computer crime as outlined in Title 11 $932-$936 of the Delaware Code,
you could be subject to the penalties for a class B felony.
Academic Honesty
Faculty and students are reminded that computer-assisted plagiarism is
nstructor, all of the following uses of a computer are violations of
the University's guidelines for academic honesty and are punishable as
acts of plagiarism:
-       copying a computer file that contains another student's
assignment and submitting it as your own work
-       copying a computer file that contains another student's
assignment and using it as a model for your own assignment
-       working together on an assignment, sharing the computer files
or programs involved, and then submitting individual copies of the
assignment as your own individual work
-       knowingly allowing another student to copy or use one of your
computer files and to submit that file, or a modification thereof, as
For further information on this topic, students are urged to consult
the University of Delaware Official Student Handbook, to consult with
their individual instructors, and to refer to the pamphlet "Academic
Honesty & Dishonesty: Important information for faculty and students."
Faculty members are urged to develop specific policies regarding all
aspects of academic honesty and to communicate those policies to their
Works Consulted
Augustine, Charles.  The Pieces of a Policy: Categories for Creation of
a Computer Ethics Policy.  Capitalizing on Communication:  Proceedings
of ACM SIGUCCS User Services Conference XVII.  1989.
Baylor University.  Computer Policies.  1989.  Copy located in the
computer file ethics/Baylor.policy on ariel.unm.edu.
Catholic University of America, The.  Statement of Ethics in the Use of
Computers.  1988.  [Reprinted in ACM SIGUCCS Newsletter.  Volume 19,
Number 1.  1989.]
Chapman, Gary.  CPSR [Computer Professionals for Social Responsibility]
Statement on the Computer Virus.  Communications of the ACM.  Volume
Colgate University.  Agreement for use of Computing Facilities.  1989.
Copy located in the computer file ethics/ColgateU.policy on
Columbia University.  Administrative Policies [of the Center for
Computing Activities].  No date.  Copy located in the computer file
ethics/ColumbiaU.policy on ariel.unm.edu.
Corporation for Research and Educational Networking.  Acceptable Use of
CSNET and BITNET.  1990.  Received via electronic mail from Bernard A.
Galler, March 23, 1990.
Delaware Code (Annotated).  Computer Related Offenses.  Title 11,
$931-$939.  1987.
Delaware Code (Annotated), 1989 Supplement.  Computer Related
Offenses.  Title 11, $937.  1989.
EDUCOM and ADAPSO.  Using Software: A guide to the ethical and legal
use of software for members of the academic community.  EDUCOM.  1987.
Eichin, Mark W. and Jon A. Rochlis.  With Microscope and Tweezers: An
Analysis of the Internet Virus of November 1988.  Paper presented at
n the file  pub/virus/mit.PS on bitsy.mit.edu.
Ermann, M. David; Mary B. Williams; and Claudio Gutierrez.  Computers,
Ethics, and Society.  Oxford University Press.  1990.
Faculty Senate of the University of Delaware.  Ethetical [sic] Conduct
n Computing.  Unpublished draft statement discussed by Faculty Senate
n 1989.
Farber, David J.  NSF [National Science Foundation] Poses Code of
Networking Ethics.  Communications of the ACM.  Volume 32, Number 6.
Fraser Valley College.  DRAFT: Fraser Valley College Computing and
Ethics Policy, April 23, 1991.  Copy received via electronic mail,
April 24, 1991, from Paul Herman, Fraser Valley College.
Hafner, Katie and John Markoff.  Cyberpunk: Outlaws and Hackers on the
Computer Frontier.  Simon and Schuster.  1991.
Hoffman, W. Michael and Jennifer Mills Moore, eds.  Ethics and the
Management of Computer Technology: Proceedings of the Fourth National
Conference on Business Ethics Sponsored by the Center for Business
Ethics, Bentley College.  Oelgeschlager, Gunn, and Hain.  1982.
on Ethical Use of Computers.  Computer Users' Privileges and
Responsibilities: Indiana University.  1990.  Copy received via
electronic mail April 25, 1990, from Mark Sheehan, Indiana University
Computing Services.
n Purdue University's PUCC Newsletter.  March 1989.]
file  pub/ssphwg/rfc1244.txt on cert.sei.cmu.edu.
Johnson, Deborah G.  Computer Ethics.  Prentice Hall.  1985.
Lees, John.  [Michigan State University] College of Engineering
Computer Use Policy - DRAFT.  1990.  Received via electronic mail April
Mason, Margaret Loy.  Students, Ethics & Electronic Communication: An
Adventure in User Education.  New Centerings in Computing Services:
National Science Foundation.  NSFNET Interim Conditions of Use Policy.
LINK LETTER.  Volume 3, Number 3.  1990.  Also available in the file
nsfnet/netuse.txt on nis.nsf.net.
Ryland, Jane N.  Security--A Sleeper Issue Comes Into its Own.
CAUSE/EFFECT.  Volume 12, Number 4.  1989.
Software Publishers Association.  Software Use and the Law: A guide for
ndividuals, educational institutions, user groups, and corporations.
No date.
Spafford, Eugene H.  Some Musings on Ethics and Computer Break-Ins.
Stoll, Cliff.  The Cuckoo's Egg: Tracking a spy through the maze of
computer espionage.  Doubleday.  1989.
Syracuse University.  Computer Use Policy.  No date.
Temple University.  Rules of Conduct for Using Computing Resources at
Temple University.  1988.
University of Delaware.  Academic Honesty & Dishonesty: Important
nformation for faculty and students.  1989.
University of Delaware.  Code of Conduct.  Official Student Handbook.
University of Delaware.  Code of Ethics.  Personnel Policies and
University of Delaware.  Computer Software.  University of Delaware
University of Delaware.  Misconduct in Research.  University of
Delaware Policy Manual.  Policy 6-11.  1989.
University of Delaware.  University of Delaware Faculty Handbook.  
University of Delaware.  1989-1990 Residence Halls Handbook.  1989.
University of Delaware Libraries.  Circulation Procedures and
Services.  No date.
University of Michigan, Ann Arbor.  Think About It: The Proper Use of
University of Michigan.  No Date.
University of New Mexico.  UNM Ethics Code for Computer Use [Draft].
Weissman, Ronald F. E. Ethical and Responsible Computing.  The OPEN
WINDOW (Brown University),  Volume 3, Number 1.  1989.   [Cited in
Ryland's article.]