Below is a DRAFT Computer Usage Policy now being widely circulated on the McGill University campus in Montreal, Canada. It has been formulated largely by the Director of the Computing Center and the University Lawyer and is considered close to the final version which will come into effect September, 1993. Presently there is no explicit (campus-wide) policy. I am inviting thoughtful criticism of this policy. I would like to collect your comments in order to make concrete suggestions to possibly revise this policy before it is made official. When you reply, please include the name of your institution and your position within it. I look forward to many informed responses, Prof. David G. Jones djones@lightning.mcrcim.mcgill.edu McGill University Dept. of Electrical Engineering 3480 University St. Montreal, Quebec H3A 2A7 CANADA - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (27 May 1993) McGill University Computing Facilities Usage Policy DRAFT - Revised The computing facilities at McGill are provided for the use of McGill students, faculty and staff in support of the programs of the University. All students, faculty and staff are responsible for seeing that these computing facilities are used in an effective, efficient, ethical, lawful and polite manner. McGill Computing Facilities (MCF) are defined as any computer, computer-based network, computer peripherals, software or any combination thereof, owned by McGill University or under the possession, custody or control of McGill University. All equipment purchased with research funds administered by McGill are, by definition, owned by McGill University. The following policies apply to all users of McGill Computer Facilities. 1. MCF may be used only with explicit authorization. The unauthorized use of MCF, as well as the provision of false or misleading information for the purpose of obtaining access to MCF, is prohibited. MCF may not be used to gain unauthorized access to computing facilities of other institutions, organizations or individuals. 2. Computer and network accounts, passwords or other types of authorization are assigned to individual users and must not be shared with others. Users are required to take all reasonable precautions to protect the accounts allocated to them. 3. MCF are to be used for authorized purposes and in the support of university sanctioned activities. Use for conducting business or for financial gain is specifically forbidden unless approved in writing. 4. The use of networks external to McGill (such as RISQ, CA*net, NSFNET) must comply with the policies of acceptable use promulgated by the organizations responsible for those networks. Examples of inappropriate behaviour include, but are not limited to, wide-spread unsolicited mailings and the use of networks for commercial activities. 5. Users should be aware that data (including e-mail) may, due to software or hardware failure, be accessible to those who are not explicitly authorized. Systems management personnel may also on occasion have access to such data while performing routine operations or in pursuing apparent systems problems or user problems. Systems personnel are required to report any apparent improper or illegal activities so discovered. No guarantee of complete privacy is made. 6. To protect the integrity of MCF and the users thereof against unauthorized or improper use of those facilities, McGill University reserves the right, without notice, to: limit or restrict any individual's use, and to inspect, copy, remove or otherwise alter any data, file, or system resource which may undermine the authorized use of any computing facility. McGill also reserves the right to periodically check any system and reserves any other rights necessary to protect its computing facilities. Only explicitly authorized University staff may exercise the preceding rights and only for reasonable cause. Staff who, in the course of their jobs, exercise these rights, may only use the information so obtained if there is evidence of improper or illegal use of MCF. Any such use of normally private data must be reported to University officials. 7. It is prohibited to attempt to discover or alter passwords or to access other information which a user is not duly authorized to have, as are any attempts to subvert MCF security. Lack of system protection does not give the right to do any of these things. Unauthorized monitoring of electronic communications is expressly forbidden. 8. Intentional unauthorized disruption of MCF is not allowed, nor is any unauthorized action which intentionally denies another legitimate user access to MCF. 9. MCF may not be used for any illegal purposes. The law prohibits unauthorized use of computers; unauthorized access to information or programs; destruction or alteration of data or interference with lawful access to data; the use of a computer system with the intent to commit any of the above. Copyright law specifically prohibits copying of any software except as explicitly allowed in the usage agreement. Unless the software explicitly states otherwise, ALL software is copyrighted, even those normally referred to as shareware or freeware. Copyright law provides similar protection for data and text. 10. Harassment in any form is not allowed. Messages of any type, which would be illegal or inappropriate in verbal or printed form, are considered illegal or inappropriate in computer-based forms. 11. E-mail or other messages must be signed and traceable to the originator. Access to remote systems must be similarly traceable. 12. Users are encouraged to report any violations of this policy by another individual and any information relating to a flaw in or bypass of computing facility security to the appropriate systems manager or the Computing Centre. 13. Individual computing facilities may establish additional rules and policies as they see fit. Such additions must be consistent with this policy. McGill University reserves the right to take disciplinary and/or legal action in the case of infractions of the preceding. Due to the diversity in computing facilities across the University, the preceding policies may not include sufficient detail. If you have any questions regarding their intention or the implementation in your area, address your questions to the people responsible for your local computing facility. Questions not answered to your satisfaction may be addressed to the Director of Computing and Telecommunications. Students, faculty or staff may be required to formally acknowledge the terms of this policy at the discretion of individual computing facilities management. ****** END OF POLICY ******