Rules for Computing Use at the University of Missouri - Columbia


Campus Computing · University of Missouri - Columbia · 200 Heinkel Building · 314-882-2000

Update 23 June 1994 by ccpaulh@monad.missouri.edu. Subject to change!

SUMMARY OF RULES

Abuse of computing resources may result in restriction or revocation of computer access, in termination, academic probation, or prosecution under federal or state law. If you have questions or wish to report suspicious activity, contact your advisor or the Campus Computing Help Desk at (314) 882-5000.


DISCUSSION AND LEGAL DETAILS

At the University of Missouri-Columbia, computing resources areavailable as a privilege to members of the faculty, staff, and studentbody in a manner similar to resources in the library. With theprivilege of access, however, comes responsibility. As with any shared,finite resource, frivolous use of computing resources is unwise andunfair to others. Computer resources on campus are meant to be used astools to enhance educationÐnot to play games or cause mischief.

PRIMARY LEGAL CONCEPTS

Three legal concepts lie behind much of the following code. It isunethical and illegal, without proper and valid authorization, to:

The Code is divided into three types of abuse: (A) Abuse of Federal andState Laws: Access, Privacy, Harassment, and Tampering, (B) Abuse ofCopyrights and Plagiarism, and (C) Waste and Frivolity. The rules below are vigorously enforced by Campus Computing. Users whodo not comply may have their user ID's restricted or revoked or theiraccess curtailed. Severe cases of abuse may result in prosecution,termination, or academic probation.

ABUSE OF FEDERAL AND STATE LAWS: ACCESS AND PRIVACY

Rule #1: Never use the University's computing facilities to gain unauthorized access to a computer system.

Title 18, Section 1030, of the U.S. Code, which was added by the"Counterfeit Access Device and Computer Fraud and Abuse Act of 1984,"outlawed unauthorized access to any computer owned or used by thefederal government, and to records or credit histories held byfinancial institutions. The "Computer Fraud and Abuse Act of 1986," refined Section 1030 to makeit apply to federal government computers and computer systems, computersused to commit a crime across state lines, and computers belonging tomajor financial institutions. According to Section 1030, unauthorized access to classified informationis a felony (Class D), which can carry a fine of $250,000 and a prisonterm of 10 years for a first-time offender. Section 1030 also makes the following actions felonies (Class E), whichcan carry a fine of $250,000 and a prison term of five years for afirst-time offender:

Rule #2: Never infringe on the privacy rights of others.

The "Freedom of Information Act of 1966 (FOIA) set guidelines on whatinformation can and cannot be released by the federal government. The"Privacy Act of 1974" (with amendments in 1988 and 1989) added therequirement that the government cannot release information about aperson without written authorization from that person. The Act,codified at Title 5, Section 552a, makes obtaining personal data underfalse pretenses a misdemeanor subject to a $5000 fine.

Unauthorized interception of messages became a crime by way of the"Electronic Communications Privacy Act of 1986." The Act revisedseveral sections, beginning with Section 2510 (Title 18, U.S.C.), alsoknown as the "Omnibus Crime Control and Safe Streets Act of 1968," whichauthorized wiretapping of U.S. telephone lines by government, understringent rules (and with few exceptions). The new 1986 act gave the same protection to electronic communicationthat the 1968 Act had given to verbal and wire communications. Section2511(4) (a) of Title 18 makes unauthorized interception of anelectronic communication a felony with a possible sentence of five yearsin prison and a fine of $250,000. The 1986 Act also:

ABUSE OF FEDERAL AND STATE LAWS: HARASSMENT AND TAMPERING

Rule #3: Never use computing facilities or resources to harass other users or to do mischief: Do not send messages to unwilling recipients. Do not unnecessarily prevent other authorized users from using a terminal or other resource. Do not distribute a program that can damage the user or system environment.

Rule #4: Never use any ID, account or file without proper authorization. Do not use or intentionally seek access to a userid or other resource that is not yours.

Sections 569.093 to 569.099 of the Revised Statutes of Missouri definethree types of illegal computer "tampering":

"Tampering with computer data" includes the following actions taken without proper authorization:

"Tampering with computer users" includes the following actions takenwithout proper authorization: All three types of tampering are Class A misdemeanors for first-timeoffenders, and can carry a prison sentence of one year and fine of$1000. If an offender gains $150 or more from the offense, however, theoffense becomes a Class D felony, which can carry a prison sentence offive years and fine of $5000. If an individual found guilty of tamperingwith computer equipment causes $1000 or more in damages, the offensebecomes a Class C felony, which can add 2 years to the prison sentence. In addition to the penalties mentioned above, the offender may also befined up to twice the money gained by the offense to a limit of $20,000, and, as stated in Section 537.525, a civil suit for compensatory damagesand legal fees may be brought against an offender.

PENDING LEGISLATION

As of May 1990, three bills responding to recent activities of computer"hackers" are being studied by committees in the U.S. House ofRepresentatives: "H.R. 55" provides penalties for people who use programs that containhidden, harmful commands which interfere with the operations ofcomputers. "H.R. 287" creates penalties for people or entities that intentionallyalter computer hardware or software in order to disable a computerthrough the loss of stored data or interference with its properfunctioning. "H.R. 3524" prohibits the use of interstate communication networks todistribute computer viruses.

PRINCIPLES FOR PREVENTING ABUSE

Rule #5: Never run a program sent to you unless you know what it does and thoroughly trust its source. This rule applies to both the mainframe and microcomputers. In therecent past, such "gifts" have been known to act like Trojan horsesÐsending obscene messages in the recipient's name to other users,replicating and spreading viruses, or destroying data that may havetaken years to compile. Campus Computing keeps a log of networking, inter-user communications,logon attempts, printing, "links" and other activities. These logs areused to reveal usage trends and to verify complaints. Tape backups ofdisk files are also made, mainly to protect users from accidents, butalso to trace an abuse long after it occurs.

Rule #6: Always carefully protect ID's, accounts, files, printouts and other computer resources from unauthorized users. Never share your password or user ID.

No computer system can protect someone who fails to conceal his or herpassword. Leaving a terminal without logging off is like leaving yourfront door unlocked and open. Using an obvious or easy-to-guesspassword is like hiding the key to your front door under the "welcome"mat. Physically protect your session by logging off the computer,choosing a password at random, and never recording thepassword where someone might find it. If you suspect your password has been compromised, change it. If yoususpect another user's password has been compromised, report it to theuser or the Help Desk. Researchers who need to share data should use individual ID's and linkto each others' disks rather than share one user ID.

When someone is caught sharing a user ID with someone else, both partieslose their computing privileges. There are several reasons for not sharing your password with anyone. Besides the possibility that they could damage your files, they might share your password with yet another person who could damage your files. If they abuse electronic mail or other resources, you are liable. The number of active users may be used by administrators to determine how much money to spend on maintaining or improving computing.

PLAGIARISM AND ABUSE OF COPYRIGHTS

Rule #7: Never copy data or software without proper authorization. Never distribute a copy of a computer program to someone else without proper authorization.

At present, computer programs are protected by federal copyright law,which protects the portion of a computer program that can be written,and only allows the making of backup copies by a purchaser withpermission of the software company. If passed, two related bills being studied by committees in the U.S.House and Senate (1990), "H.R. 2740" and "S. 198," would also makeselling, lending or leasing software without permission from thesoftware company illegal.

Although copyright protection covers only that part of a computerprogram which can be written down, software companies protect theirprograms by designating them to be "trade secrets," which are protectedby tort laws (Section 757, "Restatement of Torts"). A program canreceive trade secret protection if the company can prove that theprogram is a secret (or was a secret before the alleged tort occurred). The following are considered torts (acts of wrongdoing addressed througha civil action by the harmed party):

Finally, companies also use contracts and legal licensing agreements tofurther protect their software. Most software programs available atUniversity sites or through University computing facilities areprotected by licensing agreements. In most licensing agreements, special provisions may have been made forcopying software. When copying software, the user is responsible tofollow the provisions and to be aware of the restrictions for anysoftware he or she uses on any system. Ignorance of the restrictions isnot a legally valid excuse when a provision is broken.

Rule #8: Never use computing facilities to plagiarize the work of others.

Copying someone else's work is relatively easy, but so is detecting andproving plagiarismÐ and prosecuting those who practice it. Thestandard academic penalties for plagiarism are severe. Guilty studentshave not only lost computing privileges, but have failed courses andhave been placed on probationÐeven students who completed a courseand shared their work with others in a subsequent semester.

Carelessness can encourage plagiarism. Be sure to pick up all yourprinted output and discard it carefully. Report individuals who arerummaging through new or discarded output.

WASTE AND FRIVOLOUS USE

Rule #9: Always conserve resources, such as disk and tape storage, CPU time, memory, paper, plotter supplies, etc. Never use electronic mail or send messages frivolously. Do not spend excessive time playing games on campus computers.

The most common abuse of MU's computing resources is excessivemessage-sending and game-playing. The University allows message-sendingand game-playing because communication programs and games introducepeople to computers and because most users eventually move on to moreproductive use of electronic mail and other computing resources. Unfortunately, some people have become addicted to Bitnet, Relay, andZork. The problem with this compulsion is that, with the finite numberof terminals available, it is sometimes difficult for users withlegitimate needs to find an unoccupied terminal. Anyone who observes such unnecessary usage should not hesitate to askthe user to stop or to report the problem to a User Consultant or theHelp Desk, which will hear and verify specific complaints. Rather thanlimit everyone's use of computing resources, Campus Computing tries toidentify and deal with the worst offenders. To minimize waiting time for terminals, printers, or other resources,Campus Computing may relegate wasteful users to low CPU priority,suspend or revoke the printing privileges of wasteful users, or suspendor revoke access privileges of wasteful users. Unnecessary waste also occurs in another area Ð temporary disk space.

CONCLUSION

Campus Computing encourages you to explore and use the University'scomputer system for genuine educational pursuits! If you have doubtsabout a course of action, consider whether it is consistent with thespirit of the laws, legal concepts, and ethical guidelines presentedabove. Consider whether the action accords with the standards ofresponsible, polite conduct. When these provide no specific guidancefor your situation, apply this version of the Golden Rule:

Rule #10: Compute unto others as you would have them compute unto you.


If you have questions or wish to report suspicious activity, contactyour advisor or the Campus Computing Help Desk at 882-5000.