Use of the University of Massachusetts Amherst Office of Information Technologies (OIT) resources is granted based on acceptance of the following specific responsibilities:

Use only those computing and information technology resources for which you have authorization.

For example, it is a violation:

• To use resources you have not been specifically authorized to use
• To use someone else's account and password or share your account and password with someone else
• To access files, data, or processes without authorization
• To purposely look for or exploit security flaws to gain system or data access

Protect the access and integrity of computing and information technology resources.

For example, it is a violation:

• To use excessive bandwidth
• To release a virus or worm that damages or harms a system or network
• To prevent others from accessing an authorized service
• To send email that may cause problems and disrupt service for other users
• To attempt to deliberately degrade performance or deny service
• To corrupt or misuse information
• To alter or destroy information without authorization

Abide by applicable laws and university policies and respect the copyrights and intellectual property rights of others, including the legal use of copyrighted software.

For example, it is a violation:

• To download, use or distribute copyrighted materials, including pirated software
• To make more copies of licensed software than the license allows
• To operate and participate in pyramid schemes
• To distribute pornography to minors
• To upload, download, distribute or possess child pornography

Use computing and information technology resources only for their intended purposes.

For example, it is a violation:

• To use computing or network resources for advertising or other commercial purposes
• To distribute copyrighted materials without express permission of the copyright holder
• To send forged email
• To misuse Internet Relay Chat (IRC) software to allow users to hide their identity, or to interfere with other systems or users
• To send terrorist threats or "hoax messages"
• To send chain letters
• To intercept or monitor any network communications not intended for you
• To attempt to circumvent security mechanisms
• To use privileged access for other than official duties
• To use former privileges after graduation, transfer or termination, except as stipulated by the university

Respect the privacy and personal rights of others.

For example, it is a violation:

• To use electronic resources for harassment or stalking other individuals
• To tap a phone line or run a network sniffer without authorization
• To access or attempt to access other individual's password or data without explicit authorization
• To access or copy another user's electronic mail, data, programs, or other files without permission
• To disclose information about students in violation of University Guidelines

System Administrators and providers of University computing and information technology resources have the additional responsibility of ensuring the integrity, confidentiality, and availability of the resources they are managing. Persons in these positions are granted significant trust to use their privileges appropriately for their intended purpose and only when required to maintain the system. Any private information seen in carrying out these duties must be treated in the strictest confidence, unless it relates to a violation or the security of the system.

Be aware that although computing and information technology providers throughout the University are charged with preserving the integrity and security of resources, security sometimes can be breached through actions beyond their control. Users are therefore urged to take appropriate precautions such as:

• Safeguarding their account and password
• Taking full advantage of file security mechanisms
• Backing up critical data on a regular basis
• Promptly reporting any misuse or violations of the policy
• Using virus scanning software with current updates
• Using personal firewall protection
• Installing security patches in a timely manner

Every member of the University community has an obligation to report suspected violations of the above guidelines or of the Acceptable Use Policy for Computing and Information Technology Resources. Reports should be directed to the unit, department, school, or administrative area responsible for the particular system involved.

If a suspected violation involves a student, a judicial referral may be made to the Dean of Students Office of the college of the student's enrollment. Incidents reported to the Dean will be handled through the University Code of Student Conduct.

If a suspected violation involves a staff or faculty member a referral will be made to the individual's supervisor.