ITS Documentation

Guidelines for Implementing the Proper Use Policy
of the University of Michigan:
Responsible Use of Technology Resources

R1103 • February 2014

The Proper Use of Information Resources, Information Technology, and Networks at the University of Michigan (SPG 601.07) applies to all members of the university community and refers to all information resources — whether individually-controlled, shared, stand-alone, or networked.

NOTE: U-M Information Technology (IT) service providers may supplement this document with unit-specific guidelines, but those guidelines will not supersede this document or the Proper Use policy.

Table of Contents


Rationale

These guidelines can assist the U-M community in administering the Proper Use Policy (SPG 601.07). They serve as the base set for using all the resources offered by U-M IT service providers. By using campus technology resources, all U-M community members agree to abide by these guidelines.

The university provides IT resources to students, faculty, staff, alumni, and sponsored affiliates. In accordance with the Proper Use policy, all users have the responsibility to use these resources in an effective, efficient, ethical, and legal manner.

Ethical and legal standards that apply to IT resources are based on the standards of common sense and courtesy that apply to any shared resource. The U-M community depends upon the university's spirit of mutual respect and cooperation to resolve differences and problems that may arise.

These guidelines are published in that spirit. They specify user responsibilities in accordance with the Proper Use policy and to promote the ethical, legal, and secure use of computing resources for the protection of all U-M community members. The university provides IT resources with the stipulation that users be good citizens and that they contribute to creating and maintaining an open community of responsible users.

Appropriate and Responsible Use

Appropriate and responsible use stipulates that U-M computing resources be used in a manner consistent with the University's instructional, public service, research, and administrative objectives. Use should also be consistent with the specific objectives of projects or tasks for which use was authorized. All uses inconsistent with these objectives are considered to be inappropriate use and may jeopardize further access to services.

Identity Misrepresentation (SPG 601.19) covers identity misrepresentation. In brief, you may not:

  • assume another person's identity or role through deception or without proper authorization.

  • communicate or act under the guise, name, identification, email address, signature, or indicia of another person without proper authorization

  • communicate under the guise of an organization, entity, or unit that you do not have the authority to represent.

Information on protecting yourself online is available at the Protect Yourself Online portion of Safe Computing.

U-M IT services provide and preserve security of files, account numbers, authorization codes, and passwords. However, security can be breached through actions or causes beyond the service provider's reasonable control. You should always safeguard your personal and confidential data, passwords, and authorization codes by:

  • using the free excellent commercial anti-virus software provided to the university community

  • keeping your operating systems up-to-date especially with regard to security patches.

  • taking full advantage of file security mechanisms built into the computing systems

  • choosing passwords wisely and changing them periodically.

  • following established security policies and procedures to control access and use of administrative data.

User Responsibilities

By using the university's computing services, you accept the following responsibilities.



Respect the Privacy of Other Users

For example, you may not:

  • intentionally seek information on, obtain copies of, or modify e-mail, files, tapes, or passwords belonging to other users or the university.

  • represent others, unless authorized to do so explicitly by those users.

  • divulge sensitive personal data to which you have access concerning faculty, staff, or students without explicit authorization to do so.

Respect the Rights of Other Users

Example:

You must comply with all university policies regarding harassment on the basis of race, sex, color, religion, creed, national origin, ancestry, age, marital status, disability, gender identity, or gender expression. The University of Michigan is committed to being a racially, ethnically, and religiously heterogeneous community.

Respect the Legal Protection Provided by Copyright
and Licensing of Programs and Electronic Media

For example, you may not:

  • use file-sharing programs to obtain copyrighted material such as music, DVDs, and other protected items without permission of the copyright holder.

  • make copies of a licensed computer program to avoid paying additional license fees or to share with other users.

Respect the Intended Usage of Resources

For example, you may:

  • use only those resources (uniqname and password, funds, transactions, data, processes, etc.) assigned to you by service providers, faculty, unit heads, or project directors for the purposes specified.

  • not access, use, or divulge such resources unless explicitly authorized to do so by the appropriate authority.

  • not use university resources assigned to you or others for profit-making or fund-raising activities unless explicitly authorized to do so by the appropriate authority.

  • not use university resources to campaign for or against a ballot initiative or a candidate running for office or to conduct a political campaign.

  • not create an e-mail group with the intent of sending out what would generally be regarded as spam, unless the creator has received permission from the members of the new group.

  • may not advertise or solicit for commercial events or endeavors.

Respect the Shared Nature of Resources

Example:

You must avoid activities that unreasonably tax system resources or that, through frivolous use, go beyond the intended use of the system.

Respect the Intended Usage of Systems for Electronic Exchange
Including E-Mail, Online Chats, and Blogs

For example, you may not:

  • indiscriminately send unsolicited mass e-mail unrelated to:

    • university business.

    • the purpose of the addressed e-mail group as noted in the Description field of its MCommunity entry.

  • send forged e-mail, e-mail that threatens or harasses other users, unsolicited mass e-mail not related to the purpose(s) of the addressed directory group(s) or listserv(s), or promotional e-mail for commercial or profit-making purposes.

Respect the Integrity of the System or Network

Example:

You may not intentionally develop or use programs, transactions, data, or processes that harass other users, infiltrate the system, or damage or alter the software or data components of a system. Alterations to any system, network software, or data component may be made only under specific instructions from authorized faculty, unit heads, project directors, or management staff.

Respect the Financial Structure of a Computing or Networking System

Example:

You may not intentionally develop or use any unauthorized mechanisms to alter or avoid charges levied by the university for computing, network, and data processing services.

Adhere to All General University Policies and Procedures

Examples include but are not limited to:

  • policies on proper use of information resources, information technology, and networks.

  • acquisition, use, and disposal of university-owned computer equipment.

  • use of telecommunications equipment.

  • ethical and legal use of software.

  • ethical and legal use of administrative data.


Service Provider Responsibilities

Considering the needs of the total user community, U-M service providers have the responsibility to offer services in the most efficient, reliable, and secure manner. At certain times, carrying out these responsibilities may require special actions or intervention by the service provider's staff. In such circumstances, they are bound by the policies governing their actions. At all other times, service provider staff have no special rights above and beyond those of other users. They are required to follow the same policies and conditions of use that all users must follow. Every effort shall be made to ensure that persons in positions of trust do not misuse computing resources and data or take advantage of their positions to access information not required in the performance of their duties.

Service providers are not responsible for policing user activity. However, if they become aware of a violation, they should initiate an investigation. To forestall an immediate threat to the security of a system or its users, service providers may suspend access of those involved in a suspected violation while the incident is being investigated. They may also take other actions to preserve the state of files and other information relevant to the investigation.

Service providers will act in accordance with U-M policies governing user privacy. Prior to to examining e-mail and other private file content, they must seek the user's permission. If this is not possible, service providers must obtain authorization from a higher administrative authority working in conjunction with the university's General Counsel to examine any content that may jeopardize the:

  • security of U-M systems

  • security of users

  • ability of the university or its constituent parts to conduct necessary business

Violations of Guidelines

A violation of any of these guidelines is considered —at a minimum — to be unethical. It may also violate other university policies and may be a criminal offense. You should report any information you may have concerning possible guideline violations.

Established university practices, policies, and procedures allow any of the following actions to be taken against a user determined to be violating these guidelines:

  • termination of access
  • disciplinary review
  • expulsion or termination of employment
  • legal action
  • other disciplinary action deemed appropriate

To resolve guideline violations, service providers may work with other university offices including but not limited to:

Responsible Use Guidelines for Specific Services

The U-M Standard Practice Guide provides additional responsible use guidelines applying to the use of networks, telecommunications services, and administrative data processing systems.

The university maintains or provides connections to external service providers that have established acceptable use standards. You are solely responsible for understanding and adhering to those standards. Should you violate any policy of an external network, the university cannot and will not extend any protection to you.

Reporting Incidents

In general, you should report a suspected guideline violation to the school, college, or unit maintaining the system. If you are unsure where to report the problem, contact the ITS User Advocate. The advocate will either deal directly with the incident or will direct it to the appropriate person(s).

If possible, please forward a copy of any information relevant to the incident you are reporting. If the incident involves e-mail, please forward the message with the full headers.

Additional Resources

For further help or to report a suspected violation, please notify the IT User Advocate.

The following websites provide additional information:

The ITS Service Center provides a variety of computing help resources.

For further help with this or any other topic, call 734-764-HELP [4357] or submit an online service request.