Computer Use Policy

PolicyRelated Guidelines

Contents:

In support of the University's mission of teaching, research, and public service, the University of California, Berkeley provides computing, networking, and information resources to the campus community of students, faculty, and staff.

Rights and Responsibilities

Computers and networks can provide access to resources on and off campus, as well as the ability to communicate with other users worldwide. Such open access is a privilege, and requires that individual users act responsibly. Users must respect the rights of other users, respect the integrity of the systems and related physical resources, and observe all relevant laws, regulations, and contractual obligations.

Students and employees may have rights of access to information about themselves contained in computer files, as specified in federal and state laws. Files may be subject to search under court order. In addition, system administrators may access user files as required to protect the integrity of computer systems. For example, following organizational guidelines, system administrators may access or examine files or accounts that are suspected of unauthorized use or misuse, or that have been corrupted or damaged.

Existing Legal Context

All existing laws (federal and state) and University regulations and policies apply, including not only those laws and regulations that are specific to computers and networks, but also those that may apply generally to personal conduct.

Misuse of computing, networking, or information resources may result in the restriction of computing privileges. Additionally, misuse can be prosecuted under applicable statutes. Users may be held accountable for their conduct under any applicable University or campus policies, procedures, or collective bargaining agreements. Complaints alleging misuse of campus computing and network resources will be directed to those responsible for taking appropriate disciplinary action. Reproduction or distribution of copyrighted works, including, but not limited to, images, text, or software, without permission of the owner is an infringement of U.S. Copyright Law and is subject to civil damages and criminal penalties including fines and imprisonment.

Examples of Misuse

Examples of misuse include, but are not limited to, the activities in the following list.

  • Using a computer account that you are not authorized to use. Obtaining a password for a computer account without the consent of the account owner.
  • Using the Campus Network to gain unauthorized access to any computer systems.
  • Knowingly performing an act which will interfere with the normal operation of computers, terminals, peripherals, or networks.
  • Knowingly running or installing on any computer system or network, or giving to another user, a program intended to damage or to place excessive load on a computer system or network. This includes but is not limited to programs known as computer viruses, Trojan horses, and worms.
  • Attempting to circumvent data protection schemes or uncover security loopholes.
  • Violating terms of applicable software licensing agreements or copyright laws.
  • Deliberately wasting computing resources.
  • Using electronic mail to harass others.
  • Masking the identity of an account or machine.
  • Posting materials on electronic bulletin boards that violate existing laws or the University's codes of conduct.
  • Attempting to monitor or tamper with another user's electronic communications, or reading, copying, changing, or deleting another user's files or software without the explicit agreement of the owner.

Activities will not be considered misuse when authorized by appropriate University officials for security or performance testing.

Additional Use Policies

The Computer Use Policy applies to use of all Berkeley Campus computing resources. Additional computer and network use policies and terms and conditions may be in place for specific electronic services offered by the campus.

In particular, the CalMail and Home IP services, as well as the Microcomputer Facilities, have additional policies that govern use of these services. The University of California Electronic Communications Policy applies to the use of UC computers and networks for electronic communications. You must familiarize yourselves with any of these when you agree to use these services.

Appropriate Use

UC Berkeley extends to students, faculty, and staff the privilege to use its computers and network. When you are provided access to our campus network, you are enabled to send and receive electronic mail messages around the world, share in the exchange of ideas through electronic news groups, and use Web browsers and other Internet tools to search and find needed information.

The Internet is a very large set of connected computers, whose users make up a worldwide community. In addition to formal policies, regulations, and laws which govern your use of computers and networks, the Internet user community observes informal standards of conduct. These standards are based on common understandings of appropriate, considerate behavior which evolved in the early days of the Internet, when it was used mainly by an academic and highly technical community. The Internet now has a much wider variety of users, but the early codes of conduct persist, crossing boundaries of geography and government, in order to make using the Internet a positive, productive, experience. You are expected to comply with these informal standards and be a "good citizen" of the Internet.

Enforcement

Penalties may be imposed under one or more of the following: University of California regulations, UC Berkeley regulations, California law, or the laws of the United States.

Minor infractions of this policy or those that appear accidental in nature are typically handled informally by electronic mail or in-person discussions. More serious infractions are handled via formal procedures. In some situations, it may be necessary to suspend account privileges to prevent ongoing misuse while the situation is under investigation.

Infractions by students may result in the temporary or permanent restriction of access privileges, notification of a student's academic advisor and/or referral of the situation to the Office of Student Judicial Affairs. Those by a faculty or staff member may result in referral to the department chairperson or administrative officer.

Offenses which are in violation of local, state, or federal laws may result in the restriction of computing privileges, and will be reported to the appropriate University and law enforcement authorities.

General Information

For clarification of policies and guidelines applying to Berkeley Campus computing and communications resources, including this Computer Use Policy, contact itpolicy@berkeley.edu. Related policies are available online at the Campus IT policies website.

If you would like to obtain paper brochure copies of this Computer Use Policy, including quantities to distribute at your campus location, please contact itpolicy@berkeley.edu.

Reporting Misuse

Report misuse of campus electronic communication resources to abuse@berkeley.edu. For abuse from off-campus, see: Responding to Inappropriate Use of Computing and Network Resources

1

Administering Appropriate Use of Campus Computing and Network Services

Contents:

Introduction

These Guidelines are intended to assist Berkeley Campus departments or units to ensure appropriate use of their computing and network services and to respond correctly to allegations of misuse.

Berkeley Campus departments or units may choose to provide or not provide computing and network services to defined categories of users, and may limit the types of services they do choose to provide. These decisions are based upon consideration of campus or local department or unit missions, available resources, or other academic or business needs and priorities.

Berkeley Campus departments or units who do provide computing and network services (hereinafter referred to as "Providers") must ensure that their services are administered in compliance with any applicable regulations and principles. To this end, they must keep themselves informed regarding current regulations and practices, consulting with campus authorities or documentation resources as required.

Since the Campus may be viewed as one legal entity, actions taken by Providers in response to allegations of misuse must be as consistent as possible for similar situations, both within a particular department or unit as well as in comparison to others on campus. To help Providers meet this requirement, various campus resource offices are available for consultation and/or referral for action. (See Appendix)

Guidelines

A. Defining Appropriate Use:

Providers must create written statements which clearly describe the purposes for which their particular computing and network services are provided, must notify their users of these purposes, and must require that users conform to these purposes. In addition to statements of uses which are allowed, these statements also may indicate any uses which are specifically precluded, such as commercial use, downloading software, or playing computer games.

B. Ensuring Compliance:

As a required condition for use of their services, Providers must require compliance with provisions of the University of California Electronic Communications Policy (ECP) and the Berkeley Campus Computer Use PolicyProviders should educate their users regarding the fact that University policies such as those pertaining to personal conduct, use of University name and logo, or sexual harassment apply to the use of campus computing and network resources. For more information see the Campus IT Policies website.

    1) Regular Authorizations:

Providers must have in place a process for authorizing any use of their services. (The mechanism for providing access will be referred to in these Guidelines as an Account). For each Account, an individual who is affiliated with UCB must be identified as the User. The Provider must notify Users:
  1. that they are responsible for any use of the service by means of that Account;
  2. that they must use the Account only for the defined purposes;
  3. that they must abide by applicable regulations including the University of California Electronic Communications Policy (ECP), the Berkeley Campus Computer Use Policy, and any other regulations the Provider includes in written policies; and
  4. of the possible consequences which they may face if the Account is not used appropriately

and must obtain the User's agreement with these conditions. (1)

    2) Group Accounts:

In the case of a group Account, a Designate must be identified for each Account. The Provider must notify these Designates that they are responsible for any use of the service by means of that Account, that any use of the Account by themselves or by other members of their groups must comply with the conditions listed in section B.1) ii) and iii) above, and of the possible consequences which they may face if the Account is not used appropriately. The Provider must obtain the Designate's agreement with these conditions. (1)

    3) Guest Accounts:

Providers who wish to grant Accounts to non-campus individuals (or groups) who have operational or academic associations with the Berkeley Campus must have criteria justifying use of University resources, such as describing the compelling academic or business reasons for granting service to unaffiliated entities. (2) Criteria also must include Account sponsorship by a Designate who is affiliated with UCB. The Provider must notify these Designates that they are responsible for any use of the service by means of that Account and that any use of the Account by themselves or by anyone whom they sponsor to use the Account must comply with the conditions listed in section B.1) ii) and iii) above, and of the possible consequences which they may face if the Account is not used appropriately. Providers must obtain the Designate's agreement that they and any of the individuals who use the account have been informed and agree to comply with these conditions. (1).

C. Termination of Accounts:

Providers should have procedures in place for timely closure of Accounts when Users are no longer eligible for services. Service termination procedures should include notification to the user.

D. Responding to Allegations of Misuse:

General Principles:

Providers must have written local procedures which outline steps for responding to alleged misuse of their services. The procedures should describe considerations used to determine the actions that will be taken. They need not specify the exact actions for every circumstance, but should outline the range of possible actions, such as a simple educational message, the temporary or permanent restriction of service, or referral to other Offices of authority, such as for student conduct cases. Allegations in specifically-regulated areas such as employee performance issues or sexual harassment cases must be referred for processing under existing campus procedures in those areas. (See section 3, below, for more examples of areas where referrals are required.)

Providers' local procedures must give Users the opportunity to respond or explain their activities. Such opportunity should be provided prior to taking any actions to restrict service, unless there is risk of harm to the system or of other serious consequences.

In order to maximize consistency of responses throughout the campus, Providers should obtain a review of their local procedures from IST's IT Policy Services group. Other resource offices available for additional review are listed in the Appendix to these Guidelines.

In addition to responses by Providers, the consequences of misuse may also include separate and independent sanctions under other applicable regulations (for example, those for sexual harassment or student conduct.)

How to Respond:

    1) Routine Situations:

The Provider's primary objective in responding to routine, first-time, misuse should be educational. For example:
  • reiterating the terms and conditions for use of the service and reminding Users they were informed of these and they agreed to abide by them as a requirement for getting an Account; and
  • warning Users of possible future consequences, such as an escalation of seriousness of response and/or specific possible penalties if there are repeat violations.

More serious misuse, or repeated misuse, may warrant responses involving more severe consequences.

    2) Short-Term, Temporary, Restrictions of Service:

It may be appropriate for Providers to temporarily restrict services pending investigations. Restrictions should not be a routine initial action, but may be made after considering:
  • the effect and implications of continued service, such as a possibility that further inappropriate activity may occur before the User is contacted;
  • the seriousness of the alleged activity; and
  • comparison with practices for restriction of services by other Providers.

When services are restricted, Providers should notify the User of the restriction, including:

  • when it has occurred or will occur;
  • the reason for the restriction;
  • what other related actions, if any, have been or will be taken;
  • the probable next steps; and
  • avenues for appeal.

Providers should ensure that their practices for restrictions of service are consistent with those of other Providers in similar situations by seeking review of their procedures by the IST IT Policy Services group.

    3) More Serious Actions:

Investigations that may lead to a long-term or permanent restriction of service or other penalty which significantly impacts a User's relationship with the campus must include discussions with the appropriate resource office, such as:
  • IST's IT Policy Services group;
  • the Center for Student Conduct (formerly "Office of Student Judicial Affairs"); or
  • the supervisor, departmental authority, Berkeley Campus Human Resource Office, or Academic Compliance Office (for employees).

Allegations regarding copyright and other areas of civil law such as trademark, defamation, libel, etc. must be referred to IST's IT Policy Services group with whom campus legal advisors will coordinate appropriate responses.

Allegations of sexual harassment must be coordinated with the campus Title IX Office.

Alleged violations of criminal law must be coordinated with the UCPD. Contacts with outside law enforcement authorities, such as federal agencies, should be coordinated with the UCPD.

Improper activities by University employees (misuse of resources, such as fraud and other financial irregularities) should be referred to the Campus Internal Audit Department in accordance with the Whistleblower Policy and Providers should assist the auditors as needed. Providers must not conduct their own investigations of such situations independently.

Appeals:

Providers must inform Users what procedures are available to appeal decisions. Such procedures may be local or, if Providers do not have local provisions for appeals, existing procedures applying to the User's affiliation with the University may be used. Many of the affiliation documents with such available appeal procedures are listed in the "Selected Regulations" section of the Appendix to these Guidelines.

Confidentiality:

Disclosure of any information related to investigations of allegations of misuse must comply with applicable governing regulations, which may include but are not limited to: the Family Educational Rights and Privacy Act (FERPA), the Information Practices Act, the Public Records Act, the Campus Whistleblower Policy, and Personnel Policies, Contracts, and Administrative Manuals.

E. Access Warning Statements:

Computer system and service administrators may choose to display a "warning statement" at the points where individuals can gain access to a computer, service, or network. This would provide notification to both authorized and unauthorized entities of the conditions governing access to the resource. For sample language and additional information see "Access Warning Statements".

Footnotes:

 (1) The verification mechanism for such agreement may be accomplished by signature on paper or by electronic means chosen by the Provider.

 (2) See the UC ECP section III.C Allowable Users and III.D Allowable Uses, which describe university policy limitations on users, purpose, and non-competition with commercial providers.
Examples of categories which Providers may deem eligible for access to campus computing and network services include, but are not limited to: emeriti faculty; faculty at other University of California campuses; individuals in the Visiting Scholar Program, exchange students, or other participants in their educational programs; contractors, independent consultants or other qualifying individuals (for the sole purpose of conducting their business with the University); or groups as defined by the UC Policy on Support Groups, Campus Foundations, and Alumni Associations or by the "Berkeley Campus Guidelines on Student Group Email Accounts" (currently under review).

APPENDIX


A. RESOURCE OFFICES:

Misconduct:

    STUDENTS:
the Center for Student Conduct
Phone: (510) 643-9069 or Email: studentconduct@berkeley.edu
    STAFF:
the user's Department Human Resource Manager or
the Berkeley Campus Personnel Office
Phone: (510) 642-7163
 
    FACULTY:
the user's Department Chair or Unit Head, or
the Office of the Executive Vice Chancellor and Provost
Phone: (510) 642-1961

Sexual Harassment:

Title IX Compliance Office
Phone: (510) 643-7985 or Email: tixco@berkeley.edu

Improper Activities (misuse of resources, such as fraud and other financial irregularities):

Internal Audit Department
Phone: (510) 642-8292

Criminal Activities:

Berkeley Campus Police
Phone: (510) 642-6760
(Any communications with outside law enforcement agencies should be coordinated with the UCPD.)

Use of University or Campus name or logos:

Office of Marketing & Business Outreach
Phone: (510) 642-9120

Financial conflict of interest:

Conflict of Interest Coordinator
Phone: (510) 642-6347

Coordination:

IT Policy Manager
Email: itpolicy@berkeley.edu

B. SELECTED REGULATIONS AND PROCEDURES:

Regulations which may be relevant to administering the appropriate use of Berkeley Campus computing and network services include, but are not limited to the:

Also see the Campus IT Policies website. 

 

C. DOCUMENT EXAMPLES:

The following may serve as a starting point for Providers to use in preparing or revising their local documents:

 

D. EDUCATIONAL OPPORTUNITIES:

home