Section 3339-19-02 - Responsible use of university computing resources at Miami university(A) General statement (1) University computing resources include, but are not limited to, end-user computing devices, servers, networks, email, software, printers, scanners, video distribution systems, telephone systems, and other computing hardware and software, whether owned by the university or contracted from a third party. All such university computing resources are intended for university-related use, including direct and indirect support of the university's instruction, research, and service missions; of university administrative functions; of student and campus life activities; and of the free exchange of ideas.(2) The rights of free expression and academic freedom apply to the use of university computing resources; so, too, however, do the responsibilities and limits associated with those rights. All who use the university computing resources must act responsibly, in accordance with the highest standard of ethical and legal behavior. Thus, legitimate use of university computing resources does not extend to whatever is technically possible. Users must abide by all applicable restrictions, whether or not they are built into the operating system or network and/or whether or not they can be circumvented by technical means.(3) This policy applies to all users of university computing resources, whether or not affiliated with the university, and to all uses of those resources, whether on campus or from remote locations. Additional policies may apply to specific computers, computer systems and/or networks provided and operated by specific units of the university and/or to uses within specific units. Some of these policies are listed in paragraph (H) of this rule and in rule 3339-21-05 of the Administrative Code.(B) Policy (1) All university computing resources users must: (a) Comply with all federal, Ohio, and other applicable law; all generally applicable university rules and policies; and all applicable contracts and licenses. such laws, rules, policies, contracts, and licenses include: the laws of libel, privacy, copyright, trademark, obscenity, and child pornography; the electronic communications privacy act and the computer fraud and abuse act, which prohibit "hacking" "cracking". and similar activities; the university's code of student conduct; the Miami university policy and information manual, the university's sexual harassment policy; and all applicable software licenses. In particular, users must: (i) Respect the right of others to be free from harassment or intimidation to the same extent that this right is recognized in the use of other communication; and(ii) Respect copyrights, intellectual-property rights, ownership of files and passwords. Unauthorized copying of files or passwords belonging to others or to the university may constitute plagiarism or theft. Accessing or modifying files without authorization (including altering information, introducing viruses or other malware, or damaging files) is unethical, may be illegal, and may lead to sanctions; and(iii) Not send unsolicited bulk email (spam) or email designed to trick users into providing their login credentials or other personal information (phishing email). Users who engage in electronic communications with persons in other states or countries or on other systems or networks should be aware that they may also be subject to the laws of those other states and countries and the rules and policies of those other systems and networks. Users are responsible for ascertaining, understanding, and complying with the laws, rules, policies, contracts, and licenses applicable to their particular uses.
Miami university extends these policies and guidelines to systems outside the university that are accessed via the university's facilities (e.g., electronic mail or remote logins using the university's internet connections).
(b) Use only those university computing resources that they are authorized to use and use them only in the manner and to the extent authorized. Ability to access university computing resources does not, by itself, imply authorization to do so. Users are responsible for ascertaining what authorizations are necessary and for obtaining them before proceeding. Accounts, passwords, and other authentication mechanisms, may not, under any circumstances, be shared with, or used by, persons other than those to whom they have been assigned by the university .(c) Respect the finite capacity of university computing resources and limit use so as not to consume an unreasonable amount of those resources or to interfere unreasonably with the activity of other users. Although there is no set bandwidth, disk space, cpu time, or other limit applicable to all uses of university computing resources, the university may require users of those resources to limit or refrain from specific uses in accordance with this principle. The reasonableness of any particular use will be judged in the context of all of the relevant circumstances.(d) Limit the personal use of university computing resources and refrain from using those resources for personal commercial purposes or for personal financial or other gain. Personal use of university computing resources is permitted when it does not consume a significant amount of those resources, does not interfere with the performance of the user's job or other university responsibilities, and is otherwise in compliance with this and other university policy. Further limits may be imposed upon personal use in accordance with normal supervisory procedures.(e) Refrain from stating or implying that they speak on behalf of the university and from using university trademarks and logos without authorization to do so. Affiliation with the university does not, by itself, imply authorization to speak on behalf of the university. Authorization to use university trademarks and logos may be granted only by Miami university. The use of appropriate disclaimers is encouraged. Personal web pages linked to the university web should disclaim association with Miami university.(C) Enforcement (1) Whenever it becomes necessary to enforce university rules or policies, an authorized administrator may: disallow network connections by certain computers (even departmental and personal ones); require adequate identification of computers and users on the network; undertake audits of software or information on shared systems where policy violations are possible; take steps to secure compromised computers that are connected to the network; or deny access to computers, the network, and institutional software and databases.(D) Sanctions (1) Users who violate this policy may be denied access to university computing resources and may be subject to other penalties and disciplinary action, both within and outside of the university. Violations will normally be handled through the university disciplinary procedures applicable to the relevant user. Alleged violations by students will normally be investigated, and the office of ethics and student conflict resolution will normally impose any penalties or other discipline.(2) However, the university, through its information managers, may suspend or block access to an account prior to the initiation or completion of such procedures; when it reasonably appears necessary to do so, and in order to protect the integrity, security, or functionality of university computing resources or other computing resources; or to protect the university from liability.(3) The university may also refer suspected violations of applicable law to appropriate law enforcement agencies.(E) Privacy and security (1) The university employs various measures to protect the security of university computing resources and users accounts. However, users should be aware that the university does not and cannot guarantee such security.(2) Users should also be aware that their uses of university computing resources are not private. While the university does not routinely monitor individual usage of university computing resources, the normal operation and maintenance of university computing resources require the backup and caching of data and communications, the logging of activity, the monitoring of usage patterns, and other such activities that are necessary for the rendition of service. Systems or technical managers, as part of their technical responsibilities, may occasionally need to diagnose or solve problems by examining the contents of particular files. Data from university computing resources may be used to evaluate the efficiency of university operations and personnel.(3) The university may also monitor the activity and accounts of individual users of university computing resources, including individual sessions and communications, without notice when: the user has voluntarily made them accessible to the public, as by posting to usenet or a web site; it reasonably appears necessary to do so to protect the integrity, security, or functionality of university computing resources or other computing resources or to protect the university from liability; there is reasonable cause to believe that the user has violated, or is violating, any university policy; an account or device appears to be engaged in unusual or unusually excessive activity, as indicated by the monitoring of general activity and usage patterns; or it is otherwise required or permitted by law.(4) Any such individual monitoring, other than when the user has voluntarily made them accessible to the public, as by posting to usenet or a web site, or required by law, or necessary to respond to perceived emergency situations, must be authorized in advance by the vice president for information technology or a designee of same.(5) The university, in its discretion, may disclose the results of any such general or individual monitoring, including the contents and records of individual communications, to appropriate university personnel or law enforcement agencies and may use those results in appropriate university disciplinary proceedings. Communications made by means of university computing resources are also generally subject to Ohio's public records statute to the same extent as they would be if made on paper.(F) The user's responsibilities (1) Be aware of the limits of computer security. Although the university employs various measures to protect the security of its computing resources and user accounts, users should be aware that the university cannot guarantee such security. Users should therefore engage in "safe computing" practices by establishing appropriate access restrictions for their accounts, guarding their passwords, and changing them regularly.(2) Be responsible for backing up and protecting personal files. Although the university under certain circumstances may provide storage space and under certain circumstances that storage may be backed up, Miami university assumes no responsibility for the loss or recovery of personal files.(3) Be responsible for protecting Miami data. All users have a responsibility to protect Miami data from unauthorized disclosure.(G) The university's responsibilities(1) The university owns various computers and the entire internal computer networks used on campus. The university also has various rights to the software and information residing on, developed on, or licensed for, these computers and networks. The university has the responsibility to administer, protect, and monitor this aggregation of computers, software, and networks. Specifically, purposes of the university's information technology management are to:(a) Manage computing resources so that members of the university community benefit equitably from their use;(b) Protect university computers, networks and information from destruction, tampering, and unauthorized inspection and use;(c) Communicate university policies and the responsibilities of individuals systematically and regularly in a variety of formats to all parts of the university community;(d) Establish and support reasonable standards of security for electronic information that community members produce, use, or distribute. Standards for security and access are elaborated in the document Miami university computing security policy, as well as in documents derived from it;(e) Monitor policies and propose changes in policy as events or technology warrant.(H) Other Miami university computing policies(1) Responsible use of computing resources at Miami university was adapted from the Ohio state university's policy on responsible use of university computing resources. Miami university is grateful to the Ohio state university for allowing us to use its policy as a model.(2) Additional policies, including the Miami university computing security policy, elaborate the above policies and outline procedures for implementation.(3) Additional policies that are not in this document may apply to specific computers, computer systems, or networks provided or operated by specific units of the university. Consult the operators or managers of these systems for further information. Replaces: 3339-21-02
Ohio Admin. Code 3339-19-02
Effective: 3/6/2015
Promulgated Under: 111.15
Statutory Authority: 3339.01
Rule Amplifies: 3339.01
Prior Effective Dates: 11/4/77, 7/1/97, 9/30/99, 11/14/09, 10/14/11, 9/12/13