Access to computers, services and networks owned by Purdue University is a privilege governed by certain regulations and restrictions. These include rules defined by the University and the schools as well as all applicable federal, state and local laws ([1],[2],[3]).

The schools pledge to provide their authorized users the best computer and network access possible and protect those resources as much as possible from unauthorized use and access. Without this protection, these resources could be victims of internal and external attacks that deny authorized access or result in the loss, dissemination, or compromise of data.

In return, the user agrees to abide by the regulations set forth in this Acceptable Use Policy. This means that the user agrees to behave responsibly according to the standards established by Purdue University and this document while using University systems and network resources.

All authorized users have the right to use computer and network resources within the guidelines set forth in this policy.

No user will be subject to unauthorized scanning or monitoring except as defined by this policy ([5]). Any request for access to logs or personal data must be mandated by the proper authority. Only individuals who are specifically authorized shall perform monitoring, and only the minimum amount of data necessary shall be collected. Data collected through monitoring shall be made accessible only to authorized individuals, who are responsible for maintaining its confidentiality. Content monitoring of network activity will not occur except as specifically defined below.

The system administrator reserves the right to monitor the usage of all network resources to ensure compliance with this policy, University policy, and federal, state and local laws. All users agree to this monitoring implicitly through use of the network resources. This includes:

• Logging and monitoring server usage and network traffic
• Accessing user data in the normal course of performing administration duties
• Monitoring resource usage to maintain functionality and efficiency
• Scanning, monitoring, and testing the network for security problems

Users can use network and computer resources for University business that promotes the goals of the University. Network and computer resources are to be used in ways that do not unreasonably interfere with other users. Private use that does not interfere with the use of the resources for University business or violate laws or policies is also allowed.

All usage of computer systems at Purdue University must fall within the policy guidelines established by the University ([1],[2],[3]). Understanding and following these policies are the responsibility of each user.

Purdue users are expected to comply with copyright and intellectual property laws ([4]). Users will not use unlicensed copyrighted material, make illegal copies of copyrighted software, store such copies on University systems, or transmit such copies over University networks. Users will also not allow others to illegally use University licensed software. Proper usage and licensing of software is the responsibility of each individual user.

Users will not use resources for non-University activities in ways that interfere with users performing University business.

For University business, users will not unreasonably use computer and network resources that interfere with other users' access to those resources. These resources include, but are not limited to, network services, bandwidth, and staff time.

Users will not conduct unauthorized scanning of computer network connected devices and systems ([5]). This scanning includes but is not limited to unauthorized electronic means to eavesdrop, collect, or disclose information about others.

Users will not attempt or assist in attempts to gain unauthorized access to passwords, control information, services, computing resources, network resources, or computing facilities ([6]).

Users will not access any data without explicit permission from the owner of the data. This includes data that are not covered by federal, state or local laws ([2],[3]).

Users will not operate their computers in ways that risk the security of the network or other computer resources. This includes removing or preventing the installation of security measures, software or patches.

Users will not use computer and network resources in ways that jeopardize, harass, intimidate, threaten, or otherwise harm other users, computers, or network resources including local users and users external to the University ([7]).

Users who become aware of any violation of this policy should notify the proper authorities. These authorities could include the network administrator, the head of the department, the Dean's office, university officials or the police.

Violations of this policy will be reported to the Dean's office and other appropriate authorities. Non-compliance with this policy may also result in the loss of access to computer resources. The network administrators reserve the right to remove the network access and accounts of any user or computer that poses an immediate threat to other users. Said access will be denied until the immediate threat is remedied. The decision to permanently remove network or computer resource access and accounts will be left up to the individual departments and/or the Dean's office.

[1] Purdue Information Technology Policies

http://www.purdue.edu/policies/pages/information_technology/info_tech.html

[2] HIPAA Policies and Procedures

http://www.purdue.edu/hippa/

[3] FERPA Policies and Procedures

http://www.purdue.edu/policies/pages/records/c_51.html

[4] Copyright Law

http://www.copyright.gov/title17/circ92.pdf

[5] Federal Wiretapping Law

http://www.eff.org/Privacy/Surveillance/200001_us_fed_wiretap_laws.html

[6] Indiana Computer Tampering Law

http://www.ai.org/legislative/ic/code/title35/ar43/ch1.html#IC35-43-1-4

[7] Indiana Intimidation and Harassment Law

http://www.in.gov/legislative/ic/code/title35/ar45/ch2.html

TO ALL USERS OF THE PHARMACY, NURSING, AND HEALTH SCIENCES COMPUTER NETWORK:

The recent major hacking incident involving Microsoft all over the United States extended, unfortunately, into our Windows systems. Our staff worked long and hard to correct this.

Everyone needs to understand, however, that when an episode like this happens, individual computers are hacked and "recruited" to do things that will harm the network. It is imperative in such situations, then, that individual machines be "cleaned up." When Jenett, Jennifer, or Mike needs access to your machine to do this, it is important for you to cooperate. Of course, YOUR machine is under YOUR control, but access to the network is a privilege granted by Purdue University. If you refuse access to your machine, that is up to you, but we'll simply turn off your access to the network. This is consistent with the Acceptable Use Policy we distributed earlier. Please understand that this hard-headed approach is the only way to ensure that the network is secure.

Thank you for your cooperation in the past and in the future.

Marc Loudon, Associate Dean
August 27, 2003