IT Resources Acceptable Use Policy
Pennsylvania College of Technology's Information Technology Resources Acceptable Use Policy (AUP; policy P7.05, rev. 2/2013) promotes the efficient, ethical, and lawful use of Penn College’s information technology resources. The College’s computing systems, networks, and associated facilities are intended to support the College’s mission and to enhance the educational environment. Any use of these resources deemed inconsistent with the mission and purpose of the College will be considered a violation of this policy.
This policy applies to anyone who uses the College’s information technology (IT) resources. The resources covered by this policy include, but are not limited to computer hardware and software; mobile communication devices; telephone and data networks; and electronically stored data. Use of these resources includes access from off campus and on campus, as well as access from privately owned computers and electronic devices.
Rights & Responsibilities
Access to and use of Penn College IT resources and the Internet shall comply with federal laws, the laws of the Commonwealth of Pennsylvania, and the policies and procedures of the College. By using Penn College’s IT resources, all users agree to the rules, regulations, and guidelines contained in this Acceptable Use Policy.
Computers and networks provide access to resources on and off campus, as well as the ability to communicate with other users worldwide. Such open access is a revocable privilege and requires that individual users behave ethically and act responsibly. This AUP is intended to supplement College Policy and does not release users from compliance with any existing policies that address ethical issues such as harassment, academic dishonesty, and plagiarism.
College-provided IT resources are primarily designated for instructional, research, or administrative purposes. Employees and students may use these resources for personal purposes as long as that use does not interfere with the primary use and does not interfere with an employee’s normal duties and responsibilities.
The College’s computers and networks are shared resources, for use by all employees and students. Any activity that inhibits or interferes with the use of these resources by others is not permitted. The College will ensure reasonable use by monitoring access logs, traffic data, and network utilization.
Users are responsible for all activities to and from their access accounts. Users must take every precaution to protect access accounts. Under no circumstances should a user allow someone else to share an access account.
Users should not assume or expect any right of privacy with respect to the College’s IT resources. Although the College does not routinely monitor the communication of its employees or students, system administrators or other authorized college personnel may access or examine files or accounts that are suspected of unauthorized use or misuse, that have been corrupted or damaged, or that may threaten the integrity of the College’s computer systems. In addition, files, e-mail, access logs, and any other electronic records may be subject to search under court order.
Prohibited Use of Information Technology Resources
It is a violation of this policy to:
- Intentionally and without authorization, access, modify, damage, destroy, copy, disclose, print, take possession of, or distupt in any way all or part of any computer, computer system, network, software, data file, program, database, or any other College IT resource. This includes:
- Gaining access by willfully exceeding the limits of authorization
- Attempting (even if unsuccessful) to gain unauthorized access through fraudulent means
- Gaining access by using another person’s name, password, access codes, or personal identification
- Attempting (even if unsuccessful) to gain unauthorized access by circumventing system security, uncovering security loopholes, or guessing passwords/access codes
- Attempting to disrupt any resource from being available to other users
- Give or publish a password, identifying code, personal identification number or other confidential information about a computer, computer system, network or e-mail account, database, or any other College IT resource.
- Load any third-party software on computer systems in the computer labs, unless authorized by a member of the lab staff, a faculty member, or an Information Technology Services (ITS) representative.
- Transfer copyrighted materials to or from any system, or via the College network, without the express consent of the owner of the copyrighted material. (See section entitled “File Sharing and Copyright Infringement.”)
- Provide unauthorized external access to College-developed or commercially-obtained IT resources.
- Use any College IT resource for commercial, political, or illegal purposes; personal financial gain; or harassment of any kind.
- Display obscene, lewd, or otherwise offensive images or text.
- Intentionally or negligently use computing resources in such a manner as to cause network congestion and performance degradation.
Provisions for Private Computers Connected to the College Network
The following apply to anyone connecting a private computer to the College network via the College housing network (ResNet), a wireless LAN connection, a dial-up network connection, a virtual private network (VPN) connection, a regular network connection in an office, or any other network connection.
- The owner of the computer is responsible for the behavior of all users on the computer, and all network traffic to and from the computer, whether or not the owner is aware of the traffic generated.
- A private computer connected to the network may not be used to provide network access for anyone who is not authorized to use the College systems. The private computer may not be used as a router or bridge between the College network and external networks, such as those of an Internet Service Provider (ISP).
- Should ITS staff have any reason to believe that a private computer connected to the College network is using the resources inappropriately, network traffic to and from that computer will be monitored. If justified, the system will be disconnected from the network, and action will be taken with the appropriate authorities.
- Any residential student with an authorized network account may use the in-room ResNet connection for scholarly purposes, for official College business, and for personal use, so long as the usage (1) does not violate any law, regulation, or this policy; (2) does not involve extraordinarily high utilization of College resources or substantially interfere with the performance of the College network; (3) does not result in commercial gain or profit; and (4) is not in violation of any part of this policy.
- Due to the possibility of a breach in the College's computer network security, students are not permitted to connect a computer to ResNet and an external Internet Service Provider (ISP) AT THE SAME TIME. Students who prefer to use an external ISP must notify ITS PRIOR to connecting to the external ISP network.
- Users are responsible for the security and integrity of their systems. In cases where a computer is "hacked into," the user shall either shut down the system or remove it from the campus network as soon as possible to localize any potential damage and to stop the attack from spreading. If you suspect electronic intrusion or hacking of your system and would like assistance, contact ITS (570-320-7329) immediately.
- Personal servers and network equipment should never be connected to the College network without prior authorization from Information Technology Services.
The College e-mail system is not a private secure communications medium. As such, e-mail users cannot expect privacy. By using the College e-mail system, each user acknowledges:
- The use of electronic mail is a privilege not a right. Transmitting certain types of communications is expressly forbidden. This includes messages containing chain letters, pyramids, urban legends, and alarming hoaxes; vulgar, obscene, or sexually explicit language; threatening or offensive content; derogatory, defamatory, sexual, or other harassment; and discriminatory communication of any kind. As with other information technology resources, the use of e-mail for commercial or political purposes is strictly prohibited.
- Under the Electronic Communications Privacy Act, tampering with e-mail, interfering with the delivery of e-mail, and using e-mail for criminal purposes may be felony offenses, requiring the disclosure of messages to law enforcement or other third parties without notification.
- E-mail messages should be transmitted only to those individuals who have a need to receive them. Distribution lists should be constructed and used carefully. E-mail distribution lists should be kept current and updated regularly. Inappropriate mass mailing is forbidden; this includes multiple mailings to newsgroups, mailing lists, or individuals (e.g., "spamming," "flooding," or "bombing").
- Any user who suspects that his/her e-mail account has been compromised is required to contact ITS (570-320-7329) immediately.
- All users of the College e-mail system waive any right to privacy in e-mail messages and consent to the access and disclosure of e-mail messages by authorized College personnel. Accordingly, the College reserves the right to access and disclose the contents of e-mail messages on a need-to-know basis. Users should recognize that under some circumstances, as a result of investigations, subpoenas, or lawsuits, the College might be required by law to disclose the contents of e-mail communications.
File Sharing and Copyright Infringement
Federal copyright law applies to all forms of information, including electronic communications. Members of the College community should be aware that copyright infringement includes the unauthorized copying, displaying, and/or distributing of copyrighted material. All such works, including those available electronically, should be considered protected by copyright law unless specifically stated otherwise.
Penn College complies with all provisions of the Digital Millennium Copyright Act (DMCA). Any use of the Penn College network, e-mail system, or website to transfer copyrighted material including, but not limited to, software, text, images, audio, and video is strictly prohibited. Therefore, the use of peer-to-peer file sharing programs such as BitTorrent, utorrent, Vuze, or any other torrent client, Frostwire/Limewire, etc., is, in most cases, a violation of College policy and federal law.
Anyone using College IT resources to commit acts of copyright infringement will be subject to the College’s due process. Acts of piracy are violations of state and federal laws, and as such, may result in criminal charges. Suspected infringement of the DMCA should be reported to the College’s DMCA Agent (570-326-3761, ext. 8036).
Reporting Violations of IT Acceptable Use Regulations
Violations of this Acceptable Use Policy should be reported immediately to the Vice President for Information Technology, Student and Administrative Services Center, Room 3008 (570-320-2441) or to the Director of Network Services, Student and Administrative Services Center, Room 2043 (570-329-4917). The College will make every effort to maintain confidentiality to the extent possible consistent with other obligations.
Violations of these regulations will result in the appropriate disciplinary action, which may include loss of computing privileges, suspension, termination, or expulsion from the College, and legal action.
It is a violation of Pennsylvania law to access, alter, or damage any computer system, network, software or database, or any part thereof, with the intent to interrupt the normal functioning of an organization. It is also unlawful to knowingly and without authorization, disclose a password to any computer system, network, or to gain unauthorized access to a computer or to interfere with the operation of a computer, network, or to alter, without authorization, any computer software. Violations of these sections of the law are punishable with up to $15,000 fine and seven years imprisonment. Disclosing a password to a computer system, network, etc., knowingly and without authorization, is a misdemeanor punishable by a fine up to $10,000 and imprisonment of up to five years.
Federal Law and Legislation
The following federal legislation applies:
- USA Patriot Act
- Homeland Security Act of 2002, Section 225 (Cyber Security Enhancement Act of 2002)
- Prosecutorial Remedies and tools Against the Exploitation of Children Today Act, 18 U.S.C. § 2702 (PROTECT Act)
The following are Federal Criminal Codes related to Computer Intrusions:
- 18 U.S.C. § 1029. Fraud and related Activity in Connection with Access Devices
- 18 U.S.C. § 1030. Fraud and related Activity in Connection with Computers
- 18 U.S.C. § 1362. Communication Lines, Stations, or Systems
- 18 U.S.C. § 2510 et seq. Wire and Electronic Communications interception and Interception of Oral Communications
- 18 U.S.C. § 2701 et seq. Stored Wire and Electronic Communications and Transactional Record Access
- 18 U.S.C. § 3121 et seq. Recording of Dialing, Routing, Addressing, and Signaling Information
The Pennsylvania College of Technology makes absolutely no warranties of any kind, either express or implied, for the Internet services it provides. The College will not be responsible for any damages suffered by users, including, but not limited to, any loss of data resulting from delays, non-deliveries, user errors, or service interruptions.
The College is not responsible for the accuracy or quality of information obtained through its Internet services, including e-mail. Users assume responsibility for any damages suffered as a result of information obtained through these sources.
The user agrees to indemnify and hold harmless Pennsylvania College of Technology, the Board of Directors, and College employees from and against any claim, lawsuit, cause of action, damage judgment, loss, expense, or liability resulting from any claim, including reasonable attorneys’ fees, arising out of or related to the use of the College's hardware, software, and network facilities. This indemnity shall include, without limitation, those claims based on trademark or service mark infringement, trade name infringement, copyright infringement, defamation, unlawful discrimination or harassment, rights of publicity, and invasion of privacy.