Syracuse University Computing and Network Use Policy Overview The purpose of this policy is to ensure an information technology

infrastructure that promotes the basic missions of the University in teaching, learning, research, and administration. In particular, this policy aims to promote the following goals: To ensure the integrity, reliability, availability, and superior performance of IT systems; To ensure that use of IT systems is consistent with the principles and values that govern use of other University facilities and services; To ensure that IT systems are used for their intended purposes; and To establish authority for addressing violations of this policy.

Access to and use of the University's IT systems and resources is a privilege granted to Syracuse University students, faculty, staff, and certain visitors. The computing and networking resources provided by Syracuse University are to be used responsibly in an efficient, ethical and legal manner consistent with the objectives of University. It is the responsibility of all users of the systems to notify ITS about violations of laws and University policies in connection with the use of these systems, as well as about potential loopholes in the security of the University computers and network. The user community is expected to cooperate with ITS in its operation of information technology systems, as well as in the investigation of misuse or abuse. The University: 1. Reserves the right to limit access to its networks when applicable University policies, contractual obligations or state or federal laws are violated, but does not generally restrict the content of material transported across those networks. 2. Reserves the right to remove or limit access to material posted on University-owned computers when applicable University policies, contractual obligations or state or federal laws are violated, but does not monitor the content of material posted on University-owned computers. 3. Does not monitor or generally restrict material residing on University computers housed within a private domain or on non-university computers, whether or not such computers are attached to campus networks. 4. Restricts monitoring of traffic on University networks to that required for ensuring the security of University systems, ensuring adequate system and network performance, and as part of University or law enforcement authorized investigations. Policy Syracuse University expects all members of its community to use electronic communications (computing, network and associated resources) in a responsible manner. The University may also investigate, restrict, or eliminate any use that interferes with the proper operation of its systems. Background This policy applies to all users of Information Technology (IT) systems and resources, including but not limited to Syracuse University students, faculty, and staff. It applies to the use of systems,

networks, and facilities administered by central computing groups, and those administered by individual schools, departments, units, University laboratories, and other University-based entities. Use of equipment connected to the campus networks, even when carried out on a privately owned computer that is not managed or maintained by Syracuse University, is governed by this policy. Computer/Network Accounts and Use No one shall use another individuals computer user ID unless explicitly permitted to do so by the authorized user of that ID. Due diligence must be exercised before assigning to anyone else user IDs that can access sensitive information. Files and Programs Information integrity must be protected on all systems. All users share in the responsibility of protecting University-owned or other sensitive data from unauthorized access. Users shall not intentionally seek information on, obtain copies of, or modify files, tapes, diskettes, passwords or any type of data belonging to other users unless specifically authorized to do so. Similarly, individuals shall not use University computing and networking resources to develop or execute programs that could harass others, deny service to other users, infiltrate computing or network systems, gather unauthorized information or damage or alter any software components. Intentional distribution of malicious software (malware), such as viruses and worms, is prohibited. The unauthorized use of programs that scan networks for vulnerabilities and or alter network security is prohibited. Resource Use Respect the finite capacity of technological resources and avoid excessive use of resources. Personal computers, servers and networked applications, printers, and data networks are resources that must be shared in an equitable manner to meet the demands of the campus. If demand for computing resources exceeds capacity, priorities and limits may be established by the information technology resource administrators. Users shall not use the network and computing resources to harass others, violate others privacy, tamper with security provisions, attempt entry to non-public hosts or perform illegal acts. Harassing others by sending annoying, abusive, profane, threatening, defamatory or offensive messages is prohibited. Attempts to impersonate others or commit fraudulent acts such as altering the "From:" line or disguising or hiding the author or origin of electronic messages are prohibited. Other violations include the creation and dissemination of electronic chain mail, and the inappropriate sending of "broadcast or other large-scale distribution of messages. Personal, Political and Commercial Use Information technology resources and services are provided to employees for business use. Personal use is permitted when it does not interfere with normal business activities and when it otherwise complies with this policy. Personal use must not involve solicitation, personal financial gain, outside business activities, or political campaigning. Additional limits may be imposed upon personal use by the specific supervisor. The University is a non-profit, tax-exempt organization and, as such, is subject to specific federal, state, and local laws regarding sources of income, political activities, use of property, and similar matters. Commercial use of IT systems and resources for non-University purposes is generally prohibited. Use of IT systems in a way that suggests University endorsement of any political candidate or ballot initiative is also prohibited. Users must refrain from using IT systems for the purpose of lobbying that connotes University involvement, except for authorized lobbying through or in consultation with the University's General Counsel's Office. 2

Responsibility for Content Official University information may be published in a variety of electronic forms. The unit, department, or individual under whose auspices the information is published is responsible for the content of the published document. Proprietary Software and Copyrighted Materials Software programs are protected by Section 117 of the 1976 Copyright Act. Software may not be used without a documented license. Users do not have the right to make and distribute copies of programs without specific permission of the copyright holder. Unauthorized copying and use of copyrighted material is specifically prohibited. This prohibition extends to using a single-licensed copy on more than one computer system or willfully exceeding the number of permitted simultaneous users on a multi-user license unless specifically permitted in the software copyright agreement. The use of copyrighted materials on the network, systems, Web pages, etc. is prohibited unless such use is covered by federal fair use guidelines or has the permission of the copyright owner. Security and Privacy The University employs various measures to protect the security of its information technology resources and of its users' accounts. However, the University's measures do not always guarantee security or privacy. Users should exercise caution in using University resources to transmit or store confidential data. Unauthorized access to systems and data is prohibited. Attempts to breach the security of systems and data by employees will result in disciplinary actions and possible criminal prosecution. The University reserves the right for designated technology administrators to access users stored information during normal system performance monitoring and maintenance and when investigating cases of computing abuse. The University, at its discretion, may use the results in disciplinary proceedings with University personnel or law enforcement agencies.