General Statement
As a part of the institutional infrastructure, Tufts University acquires, develops, and maintains computers, computer systems, and networks. These computing resources are intended for University-related purposes, including direct and indirect support of the University's instruction, research, and service missions; of University administrative functions; of student and campus life activities; and of the free exchange of ideas among members of the University community and between the University community and the wider local, national, and world communities.
Applicability
This policy applies to all users of University computing resources, whether affiliated with the University or not, and to all uses of those resources, whether on campus or from remote locations. Additional policies may apply to specific computers, computer systems, or networks provided or operated by specific units of the University. Consult the operators or managers of the specific computer, computer system, or network in which you are interested for further information.
The University may also take action relating to a student's use of University or non-University computer resources, either on campus or elsewhere, when such behavior may involve the commission of a crime or poses a danger to others.
Policy on the Use of University Computing Resources
- Users must comply with all federal, Commonwealth of Massachusetts and other applicable law; as well as all generally applicable University rules and policies. Examples of such potentially applicable laws, rules and policies include the laws of libel, privacy, copyright, trademark, obscenity and child pornography; the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act, which prohibit "hacking", "cracking", and similar activities; the Massachusetts Computer Crime Law; the University's Eligibility Policy for Information Technology, the University's code of student conduct, the University's Business Conduct Policy, and the University's sexual harassment policy. Users who engage in electronic communications with persons in other states or countries or on other systems or networks should be aware that they may also be subject to the laws of those other states and countries and the rules and policies of those other systems and networks. Users must be sure that the use of any downloaded material (including print, audio, and video) stored on University or personal computers is not in violation of copyright laws.
- Users are responsible for complying with the requirements of the contracts and licenses applicable to the software files and other data they install on University or personal systems. Proof of legal licensing should be available upon request.
- Users may utilize only those computing resources that they are authorized to use and use them only in the manner and to the extent authorized. Ability to access computing resources does not, by itself, imply authorization to do so. Users are responsible for ascertaining what authorizations are necessary and for obtaining them before proceeding. Accounts and passwords may not, under any circumstances, be shared with, or used by, persons other than those to whom they have been assigned by the University not even with family members or a partner.
- Users must respect the privacy of other users and their accounts, regardless of whether those accounts are securely protected. Again, ability to access other persons' accounts does not, by itself, imply authorization to do so.
- Users must respect the finite capacity of those resources and limit use so as not to consume an unreasonable amount of those resources or to interfere unreasonably with the activity of other users. Although there is no set bandwidth, disk space, CPU time, or other limit applicable to all users of University computing resources, the University may require users of those resources to limit or refrain from specific uses in accordance with this principle. The reasonableness of any particular use will be judged in the context of all the relevant circumstances.
- Tufts computing and network resources and services may be used only by authorized persons for Tufts University-related purposes, including those listed in the General Statement above. For definition of authorized persons, refer to Eligibility Policy for Information Technology at Tufts University. These resources may not be used for other purposes except as authorized by Tufts University. For example, the reselling of network services or other uses of computer resources for personal financial gain is not permitted. Use of computers and networks for personal purposes such as e-mail and web access is allowed, as long as it does not interfere with work responsibilities and does not place a burden on resources. Users are expected to respect the priority of University business and keep personal use to a minimum. Mass e-mailing or spamming of sub-populations in the Tufts community are not allowed, except as authorized by appropriate administrators. The use of automated scripting programs to generate address lists for mass mailings is not allowed, except for staff and faculty who secure permission for the mailing from Human Resources, or for student organizations which secure permission from their school's Dean of Students (for Arts and Sciences, from the Director of Student Activities). Please refer to the Tufts University E-mail Policy.
- Individuals may not state or imply that they speak on behalf of the University and may not use University trademarks and logos without authorization to do so. Affiliation with the University does not, by itself, imply authorization to speak on behalf of the University. Authorization to use University trademarks and logos on University computing resources must be obtained prior to their use. The use of appropriate disclaimers is encouraged e.g. "the thoughts expressed here are my personal opinion and do not represent the position of Tufts University in any way."
Enforcement
The University may temporarily suspend or block access to an account, prior to the initiation or completion of an investigation, when it reasonably appears necessary to do so in order to protect the integrity, security, or functionality of University or other computing resources or to protect the University from liability. The University may also refer suspected violations of applicable law to appropriate law enforcement agencies.
Users who violate this policy may be subject to disciplinary action, and may be denied further access to University computing resources.
Security and Privacy
The University employs various measures to protect the security of its computing resources and of their users' accounts. Users should be aware, however, that the University cannot guarantee such security. Users should therefore engage in "safe computing" practices by establishing appropriate access restrictions for their accounts, guarding their passwords, and changing them regularly.
Users should also be aware that their uses of University computing resources are not completely private. While the University does not routinely monitor individual usage of its computing resources, the normal operation and maintenance of the University's computing resources require the backup and caching of data and communications, the logging of activity, the monitoring of general usage patterns, and other such activities that are necessary for the provision of service. The University may also specifically monitor the activity and accounts of individual users of University computing resources, including individual login sessions and communications, without notice, when:
- The user has voluntarily made them accessible to the public, as by posting to Usenet or a web page
- It reasonably appears necessary to do so to protect the integrity, security, or functionality of University or other computing resources or to protect the University from liability
- There is reasonable cause to believe that the user has violated, or is violating, this policy
- An account appears to be engaged in unusual or unusually excessive activity, as indicated by the monitoring of general activity and usage patterns
- It is otherwise required or permitted by law.
The University, at its discretion, may disclose the results of any such general or individual monitoring, including the contents and records of individual communications, to appropriate University personnel and/or state or federal law enforcement agencies and may use those results in appropriate University disciplinary proceedings or in litigation.
Implementation and Revisions
University Information Technology (UIT) is responsible for implementing this policy, in cooperation with the following:
- Information Technology Council
- Dean(s) of Faculty and the Dean of Students for each school
- Vice President of Human Resources
- University Counsel
The University has the right to change this policy as necessary; the Information Technology Council will oversee and approve changes to the policy in consulation with the aforementioned groups and individuals. The Provost and Executive Vice President must jointly approve changes to policy; final authority rests with the President.
For useful information about the terms used in this policy, please refer to "An Overview of Your Rights and Responsibilities in Cyberspace " on the Tufts website. Note that while the overview may be helpful in understanding the Policy, it is not in itself part of the Policy.
Tufts' Information Technology Responsible Use Policy is adapted from material prepared by Steven J. McDonald, Associate Legal Counsel for The Ohio State University. We wish to thank Mr. McDonald and the Ohio State University for permission to use the material.
