Institute for Advanced Study Computing Policies and Guidelines
Revised September 16, 2004
- 1 Introduction
- 2 Policies
- 3 User guidelines
- 4 IAS web policy
- 5 Revisions to IAS computing use policies
- 6 Questions regarding IAS computing usepolicy
- 7 Definitions
All users of the Institute's information technology resources are expected to comply with the terms of the Institute's Computing Policy.
These policies and guidelines apply to all electronic resources at the Institute for Advanced Study, hereafter referred to as IAS. These resources consist of computer systems and other computer peripherals that are attached to and use IAS resources, its computer networks and the various software applications that they support such as electronic mail, access to the Internet, word processing and data storage. These resources are the property of IAS, access to these resources is provided as both a courtesy and privilege and is subject to IAS policies as well as local, state, federal and international laws and regulations. In order for these resources to operate at a reasonable and dependable level of service, it is essential that every user exercise responsible and ethical behavior when using them. Misuse, intentional or otherwise, by just one user has the potential to disrupt the academic and research work of the faculty and visiting scholars as well as IAS business.
Since it is nearly impossible to anticipate or predict all of the various ways that current and/or future users may misuse these resources, these policies and guidelines focus on, but are not limited to, a few general rules and the principles behind them.
Regardless of where a user is located or how they are connecting to IAS information technology resources, all users are expected to use these resources in an ethical, respectful and responsible fashion. All users that make use of IAS information technology resources are governed by IAS policies and guidelines as well as all local, state, federal and international laws.
The policies and guidelines outlined in this document are applicable to the following:
- All users affiliated with the IAS including, but not limited to, all IAS trustees, faculty, research assistants and associates, members, visitors, guests, vendors and staff. Partners or spouses and other family members are entitled to use IAS's information technology resources so long as the official IAS user they are affiliated with agrees to be responsible for their compliance with the policies and guidelines outlined in this document.
- All centrally administered computer networking systems and departmental computer systems, including all methods and mediums used for accessing them.
- All electronic data transmitted across IAS's computer network regardless of the location or computer system in which it resides or the format in which it is used.
- All aspects of information technology resource security including, but not limited to, accidental or unauthorized destruction, disclosure, misuse, or modification of or access to IAS information technology resources. In addition to or in lieu of the above:
- Use of information technology resources that are entrusted to IAS by other institutions or organizations (i.e., foundations, government agencies, libraries) is governed by the terms and conditions agreed upon with those institutions or organizations.
- Use of all copyrighted data, software, and materials is governed by the terms and conditions of the copyright.
- Use of all external resources accessed via IAS's information technology resources is subject to the usage guidelines established by those external resources.
- Use of IAS's information technology resources is subject to all other applicable IAS information technology policies (i.e., supplemental policies specific to the computer usage in specific schools, programs and/or departments and Employee Handbook) as well as all local, state, federal and international laws and regulations. IAS accepts no responsibility or liability for the specific acts of any user that violate any policy or guideline outlined in this document.
2.1 Appropriate use
IAS makes information technology resources available to its users for scholarly and administrative purposes. Appropriate use of these resources should always be ethical, reflect academic honesty, adhere to copyright laws, and respect all users' rights to privacy and freedom from any form of harassment or intimidation. Appropriate use of IAS's information technology resources applies to, but is not limited to, the following:
- Independent study and research.
- Official work of the offices and departments of IAS.
- Any other activity that is not prohibited by the policies outlined in this document or any supplemental school, program or departmental information technology resource policies. IAS staff employees should also reference the ``Computer Use Guidelines'' from the Employee Handbook.
The unauthorized use of IAS's information technology resources is prohibited and, in some cases, may be a violation of a local, state, federal or international laws and regulations. Inappropriate use of IAS's information technology resources includes, but is not limited to, the following:
Use of an alternate Internet Service Provider:
- All Internet connectivity for computers on campus and in housing is provided by the IAS. Contracting for private Internet connectivity (including but not limited to dial-up, DSL and Cable connections) is strictly prohibited.
Unauthorized commercial activities:
- Using IAS's information technology resources for any commercial purposes.
- Making fraudulent offers to sell or buy products, items, or services or to advance any type of financial scam for the purpose of financial gain.
Harassing or threatening specific users or ethnic groups:
- Transmitting defamatory, threatening, obscene, or harassing materials or messages of any sort about others.
- Transmitting unsolicited information that contains obscene, indecent, lewd or lascivious material.
- Transmitting unsolicited information that promotes bigotry, sexism or other forms of prohibited discrimination.
- Posting any of the previously mentioned items on a web page or website hosted by IAS.
Interference or impairment to the activities of others:
- Interfering with or disrupting network users, services and/or equipment. Disruptions include, but are not limited to, distribution of unsolicited e-mail advertising, initiating or facilitating in any way mass unsolicited email messages , propagation of computer worms and viruses, deliberately causing any denial of service attacks and using IAS computer networks to make unauthorized entry to any other computer system.
- Using computer systems in any way that compromises the performance, security or integrity of IAS's information technology resources or other computers on the Internet.
Unauthorized access and use of the resources of others:
- Using IAS's information technology resources to gain unauthorized access to resources of this or other institutions, organizations, or individuals.
- Using any means to decode or otherwise obtain restricted passwords or access control information.
- Attempting to spoof an IP or MAC address.
- Attempting to circumvent or subvert system or network security measures. This includes, but is not limited to, decrypting intentionally secure data and deliberately looking for security loopholes or vulnerabilities without first being granted proper authorization.
- Transporting information technology resources without prior authorization.
- Attempting to impersonate any person by using forged headers or other identifying information in an effort to deceive or mislead.
- Using network ``sniffer'' applications on IAS's computer network.
- Providing network services to any other users computer outside your household.
- Authorizing another person or organization to use an IAS supplied user account or computer. All IAS users are responsible for all use of their accounts. Users must take all reasonable precautions, including password maintenance and file protection measures, to prevent unauthorized use of their user account.
- Installing any system or software on IAS owned equipment without prior approval.
- Transmitting personal statements in a manner that may be mistaken as the position of IAS unless authorized.
Damage or defacement of IAS resources:
- Damaging any IAS-owned computer system, cutting any cables connecting to an IAS-owned computer system or making unauthorized modifications to IAS data.
- Installing any software systems or hardware that will install a virus, Trojan horse, worm or any other destructive mechanism.
- Defacing any web page or website that is hosted on any IAS computer system.
Violation of IAS policies and local, state or international laws:
- Transmitting any electronic data that, intentionally or unintentionally, violates any applicable local, state, federal or international law.
- Violating any laws or participating in the commission or furtherance of any crime or other unlawful or improper purpose.
- Making unauthorized copies of copyrighted materials. Copyrighted materials include, but are not limited to, computer software, audio and video recordings, photographs, and written material. Copying or downloading copyrighted materials without the authorization of the copyright owner is against the law, and may result in civil and criminal penalties, including fines and imprisonment.
- Transmitting any material that infringes any copyright, trademark, patent, trade secret, or other proprietary rights of any third party.
IAS reserves the right to protect its information technology resources from threats of immediate harm. Potential actions that may be taken include activities such as disconnecting an offending computer system from the computer network, disabling a user account, terminating a remote computing session, terminating a job running on a computer system, or taking other appropriate actions. These actions will remain in effect until the situation is corrected.
If you are unsure whether an action you are considering is an unacceptable use of IAS's information technology resources, please write to the Strategic Planning Committee for Computing, Telecommunications and Networking (hereafter referred to as the ``SPC''), firstname.lastname@example.org, or contact your computer support department.
2.3 How to report appropriate usage policy violations
The use of IAS's information technology resources is a courtesy and privilege. These resources are the property of IAS. The SPC requests that anyone who believes that there is a violation of any policy in this document direct the information to them at email@example.com.
IAS seeks to maintain user privacy and to minimize any unnecessary interruption of user activities; however, IAS reserves the right to investigate unauthorized or improper use of IAS resources. All illegal activities will be reported to local, state or federal authorities, as appropriate, for further investigation and possible prosecution.
2.4 Sanctions for inappropriate use
The IAS Security Officer will investigate cases of possible inappropriate use. Individuals who are suspected of violating any portion of an IAS policy may be subject to disciplinary actions. IAS will take any one or more of the following action which may include but is not limited to the following:
- Verbal or written warnings.
- Suspend or terminate the user's account.
- Disciplinary probation.
- Bill the user for any charges related to correcting and/or repairing any damaged information technology resources.
- Initiate legal action against the violator.
3 User guidelines
3.1 Use of copyrighted materials
IAS provides the members of the IAS community with access to numerous electronic resources under contract or license. Use of the IAS's computer and network resources to copy and/or transmit any software programs, documents or other information protected by copyright laws may be prohibited by local, state, federal or international law. Special rules apply to the export of computer software outside the United Sates. If permission to copy and/or export an electronic resource is unclear, contact an IAS computer manager for advice.
3.2 Electronic data and email
All electronic data stored on IAS's computer network including, but not limited to, e-mail messages and electronic files, are considered the property of IAS. As such, IAS reserves the right to access, inspect, and monitor the usage of all of its information technology resources, in compliance with the intellectual rights policies.
3.3 Data backups
Each computing support department provides its users with network storage space for storing their electronic files while they are at the IAS. These network storage spaces are backed up regularly by each of the computing support departments, according to a policy developed by that department. IAS will not be held responsible for any lost data.
3.4 Network Availability
IAS network staff strive for maximum network uptime, however, the IAS network is not a mission critical infrastructure. IAS takes no responsibility for any inconvenience caused by a network outage.
3.5 User account privacy, passwords and security
The use of networked computers, either owned by the IAS or the user, encourages free exchange of information but also requires respect for privacy rights and intellectual property law.
The security of the IAS's information technology resources depends upon the cooperation of each user that is given authorization to use it. Each user is responsible for the information in their private user accounts and the electronic data that their user account transmits across the IAS's computer network. Users should not assume that their data is private, and should consult with the support staff about enhancing their data security using methods such as file encryption. Those using the IAS's computer network are required to set a unique1 password on their user account to prevent unauthorized access to their account. Computing staff should be consulted about password security issues.
Individual passwords do not prevent authorized IAS representatives from accessing files pursuant to IAS policy. Users that suspect someone may have discovered or guessed their password should immediately change their password and notify their computing support department. If the security of a computer system appears to be compromised, any user's files may be examined but, only after consultation with the executive officer of the appropriate school, program and/or the IAS Director. General IAS policy as well as all applicable local, state and federal law will govern inspection of electronic files, and any action based upon such inspection.
3.6 Personal web pages
IAS provides storage space for hosting websites created and maintained by all academic and administrative departments or programs affiliated with the IAS. As an academic courtesy, storage space is also provided for members of the IAS community that desire to create and maintain their own web pages while they are affiliated with the IAS. These individual web pages are subject to the relevant departmental or school policies as well as all state and federal law. The content of individual home pages and the links they provide are the sole responsibility of that individual and not of the IAS. The presence of an individual's web page on any computing equipment owned by the IAS does not constitute endorsement or approval by the IAS. IAS disclaims any responsibility for any statement or information found on these pages. Personal web pages may not contain any material previously prohibited in section 2.2. IAS retains the right at its sole discretion and without prior notice or liability to terminate the availability of this service.
3.7 Personal computer equipment
By connecting their personal computers to the IAS's computer network and gaining access to the Internet, users acknowledge and/or agree to the following:
- The user agrees to register their name and the hardware address of their personal computer system with the IAS's computer support departments.
- The user is strongly advised to install a current virus protection program and keep the virus definition files up to date.
- The user agrees to install the latest critical and security updates on their computer systems.
- The user may receive or be exposed to material that they consider to be improper, inaccurate, misleading, defamatory, obscene or otherwise offensive. These users agree that the IAS will not have obligation to take action with respect to such material that they may receive or be exposed to through their connection to the IAS's computer network.
- IAS will not be held responsible for harm caused to the user's personal computer equipment by connecting it to the IAS's computer network and the Internet. These users will be responsible for taking all the appropriate measures to safeguard their personal computer equipment from events including, but not limited to, incidences of lightning, voltage spikes, computer viruses, harmful software code and other such events over which the IAS has no control.
- Equipment connected to the IAS network is subject to periodic scan for security purposes. Compromised machines will be disconnected.
- IAS reserves the right to suspend or terminate network access at any time without prior warning.
Wireless networking is provided throughout campus and the housing complex. Personal access points are prohibited due to interference such devices cause to the IAS supplied access points. The wireless network is less secure than the wired network, unencrypted information sent via the wireless network may be intercepted in transit.
3.9 Personal equipment configurations
All users are permitted to connect their personal computer systems to the IAS's computer networks so long as doing so will not adversely affect other IAS users and/or computer systems. Users wishing to connect their personal computer systems to the IAS's computer networks must have a properly installed, configured, and working Ethernet card in their computer in order to proceed.
Users are responsible for any hardware, software configurations or installations that are necessary to connect their equipment to the IAS's network.
3.10 Personal equipment repairs
IAS's computing support departments are not responsible for providing computer repair services to any computer system or peripheral not owned by the IAS. IAS support staff may not be held liable for any damage to personal equipment resulting from offering their assistance. If your personal computer system or peripherals are in need of a service or repairs, please contact the original equipment manufacturer to determine if the equipment is eligible for a repair under its original warranty.
4 IAS web policy
The Office of the Director is responsible for the style and content that appears on the IAS's home page. Decisions on areas and departments permitted on the IAS's home page are guided by SPC recommendations, which are based on appropriateness and considerations of space and design. In addition, the SPC is also responsible for maintaining the overall operation of the IAS's home page. In order to achieve consistency and coherence between the IAS's home page and subsequent IAS web pages, the SPC will provide recommendations on the format and content of information presented on web pages with links on the IAS's home page. The format and content of pages without links on the IAS's home page are the responsibility of the specific group or department. All text and photographs appearing on any official IAS web page are copyrighted and should not be reproduced without written permission from an appropriate IAS official.
5 Revisions to IAS computing use policies
The policies highlighted in this document do not constitute a contract between the users of the IAS's information technology resources and the IAS. Users of this technology are ultimately responsible for their own actions. IAS and the SPC reserve the right to revise, amend, or modify these computer usage policies and any other policies and agreements related to it at any time and in any manner. Notice of any revision, amendment, or modification will be posted on this website - http://URL.
6 Questions regarding IAS computing use policy
The examples of acceptable and unacceptable use of the IAS's information technology resources are not meant to be exhaustive and final. Any questions regarding the policies stated here should be referred to the SPC, firstname.lastname@example.org or the appropriate computing support department manager.
Drafted in the summer of 1994;
adopted in the summer of 1995;
revised in 1996, 1997, 1999, 2004
- computer hardware
- The physical equipment in a computerized accounting information system. This includes the computer processor, a monitor, keyboard and a mouse. Other pieces of hardware that can be attached or built into a computer are peripheral devices - these include printers, disk drives, scanners and compact disk drives.
- computer software
- Anything that can be stored electronically is software (i.e. Computer programs or data).
- Also known as electronic mail, is an application that enables users to send messages and files over their computer networks. Email can range from a simple text-based system to a messaging system that accommodates graphics, faxes, forms-processing, work-flow, and more.
- electronic mail
- see email.
- extended service set identifier. An ESSID is the name of a wireless local area network (WLAN). Wireless devices on a WLAN must employ the same ESSID in order to communicate with each other.
- Ethernet address
- see Hardware address.
- hardware address
- Also called Media Access Control (MAC) address or Ethernet address. A hardware address uniquely identifies each node of a network. It is the physical address for the NIC (network interface card).
- IEEE 802.11a/b/g
- Standards for providing wireless Ethernet connectivity.
- home page
- the main page of a web site. Typically, the home page serves as an index or table of contents to other documents stored at the site. The home page generally serves as a gateway to the rest of the Web site by providing links to the other pages.
- IAS networks
- IAS's campus and housing networks.
- IP address
- an identifier for a computer or device on a TCP/IP network. Networks using the TCP/IP protocol route messages based on the IP address of the destination.
- MAC address
- see Hardware address.
- network sniffer
- a hardware and software diagnostic tool that can also be used to decipher passwords, which may result in unauthorized access to network accounts.
- Network Services
- specified sets of information transfer capabilities furnished to users between telecommunications network points of termination. Network services categories include access and transport, public and private, and switched and non-switched.
- confidential authentication information, usually composed of a string of characters used to provide access to a computer resource.
- email equivalent of junk mail. It is unsolicited bulk email, usually advertising, sent to large numbers of people.
- web browser
- The program that allows you to view documents on the World Wide Web.
- web page
- a web document, the basic data storage and display unit of the World Wide Web. A web page can be accessed by a uniform resource locator (URL) on the World Wide Web and viewed via a web browser.
- wireless local area network (WLAN)
- an IEEE 802.11a/b/g based system consisting of Wireless User Devices and one or more Access Points that provide wireless based Ethernet connectivity to the University Enterprise Wired Data Network (as defined in the Network Policy).
- wireless device
- end user system or device that accesses the WLAN for data communications purposes. This will normally be a personal computer or personal digital assistant containing an appropriate wireless network interface card (NIC).
- ... unique1
- a password not used for non-IAS accounts the user may have