Amherst College supports an extensive information-technology environment for faculty, staff, students, and other members of the college community. The college's general policies and codes of conduct apply to the electronic environment just as they apply in all other college settings. This Acceptable Use Policy (AUP) supplements these existing standards by describing the special rights and responsibilities that attach to use of the college's “E-Resources” (as defined below). The policy also explains the roles of those charged with maintaining, operating, and overseeing college E-Resources.
The entire community's cooperation helps to ensure that high-quality E-Resources remain available for the many endeavors of the college and its constituents.
This Policy applies to all information-technology and other electronic resources of the college (“E-Resources”), including without limitation:
- All computers, systems, equipment, software, networks, and computer facilities owned, managed, or maintained by the college for the handling of data, voice, television, telephone, or related signals or information
- Any access or use of the college's electronic resources from a computer or other system not controlled or maintained by the college; and,
- The creation, processing, communication, distribution, storage, and disposal of information under the college’s control
Restrictions on Use
The college’s Eligibility for Accounts Policy defines the conditions under which individuals are given the privilege of using this environment. In general, users are expected to conform to the same standards of conduct when using this environment as are applicable to the use of other college facilities. The examples given below are illustrative, and are not intended to cover all possibilities. There will be a need for exceptions in some circumstances. Consult the chief information officer with questions about specific activities or exceptions. Each account is provided for the use of a specific individual, and may not be shared with or lent to others. Individuals are expected to take reasonable precautions to prevent others from using their accounts.
Examples of violations include the following:
- Giving an account password to another person
- Logging in to one’s account at a public computer, then leaving without logging out
- Providing access to the campus network to others
The college may send official correspondence to members of its community via electronic mail. Students, faculty, and staff, are expected to check their @amherst.edu email account regularly and are responsible for college information sent there. college employees are expected to use their Amherst College email account for all college-related communications. If a student elects to forward his/her @amherst.edu email to another email account, the student remains responsible for any material not received because of any defect in the forwarding mechanism or the destination account.
Accounts and Access Restrictions
User IDs and passwords are the primary method used to authenticate users of the college’s E-Resources. They help prevent unauthorized access to E-Resources or any restricted information found within them. Users may not share their passwords with any other person and must protect them from disclosure by, for example, changing them regularly, monitoring access to their accounts, and contacting the college’s IT Staff if they suspect their passwords have been compromised. Users may be held responsible for all activity conducted using their IDs. Users must select strong passwords (meaning passwords composed of a mix of at least eight numbers, letters, and symbols and not including a word commonly found in a dictionary, or as required by the system at the time of creation). No person, including any member of the IT Staff, is authorized to request any user's password.
All users must protect the college’s E-Resources from unauthorized access. Specifically, all users must:
- Take responsibility for the security and integrity of information stored on any personal or assigned desktop, laptop, or handheld system
- Cooperate with system administrators during investigations of improper use
- Take care to access E-Resources only from secure environments and to log out of sessions before leaving any computer unattended
- Take all appropriate precautions when accessing confidential or restricted college data to protect the data from unauthorized disclosures and from threats to its accuracy or integrity
- Comply with requests from the IT Staff and other authorized personnel to cease use of E-Resources that compromises the E-Resources or the college
And, without authorization, no user may:
- Extend the network by introducing a hub, switch, router, wireless access point, or any other service or device that permits more than one device to connect to any college network
- Provide any other person with E-Resources or access to them
- Send e-mail chain letters or mass mailings for purposes other than authorized college business
- Alter, remove, or forge email headers, addresses, or messages, or otherwise impersonate or attempt to pass oneself off as another
- Obtain E-Resources beyond those allocated to the user, seek or gain access to data or user accounts for which the user is not authorized, or eavesdrop or intercept transmissions not intended for the user
- Use the college’s Internet or other network access in a malicious manner or to alter or destroy any material which the user is not authorized to alter or destroy
- Tamper with, modify, damage, alter, or attempt to defeat restrictions or protection placed on accounts or any E-Resources; or
- Damage computer or network systems; create or intentionally introduce or propagate computer viruses, worms, Trojan Horses, or other malicious code to any E-Resource; attempt to degrade the performance of the system or to deprive authorized users of E-Resources or access to E-Resources.
Copyright and other Intellectual Property
Users must respect intellectual-property rights, including copyrights, in all use of college E-Resources. All use of content, including text, images, music, and video, retrieved from E-Resources or stored, transmitted or maintained using E-Resources, must comply with copyright and other applicable laws. Copied material, used legally, must be given attribution in conformance with applicable legal and professional standards.
Software may be copied, installed, or used on college E-Resources only as permitted by the software’s owner or authorized licensor and by law. Proprietary software must be properly licensed, and users must strictly adhere to all applicable license provisions (including those concerning installation, use, copying, and the number of simultaneous users).
Respect for Others
The Statement of Intellectual Responsibility and the Statement of Respect for Persons apply to the use of the electronic environment. Users must honor the rights of others to privacy, academic freedom, and freedom from harassment. Users may not use E-Resources to threaten or harass any person or to create a hostile place to work or study. In particular, users must honor others' requests for the user to stop sending unwanted communications of any kind. Users may not do anything to interfere inappropriately with others' use of E-Resources, including by consuming E-Resources in excess.
Examples of violations of those standards include the following:
- Sending harassing or threatening messages,
- Using the network to participate in plagiarism,
- Interfering with another person’s files, accounts or coursework
- Sending “junk email”—email sent to large lists of people without a reasonable expectation that they wish to receive it.
Use of the college’s electronic environment for commercial purposes not relevant to the mission of the college is prohibited, unless specifically authorized in writing by the chief information officer. Examples include the following:
- Operating a business from a dormitory or office that uses the college’s electronic environment
- Fundraising and advertising using the college’s electronic environment by groups or individuals other than officially recognized campus organizations
- Creating a website on the college server that sells items for personal profit.
Account owners may not engage in any activity that may reasonably be expected to be harmful to the systems operated by the college or a third party, or to information stored upon them. Examples include the following:
- Participating in the breaking of security on a computer system regardless of whether it is owned by the college or by some third party
- Disrupting service on a computer system by sending automated messages that tie up the computer.
Common resources, such as network bandwidth, are to be shared by all members of the college community. Individuals may not engage in activities that might reasonably be expected to cause congestion of the network, or prevent others from making reasonable use of the college’s electronic resources, or incapacitate, compromise, or damage the college’s electronic resources. Examples include the following:
- Operating network servers that consume more than a fair share of bandwidth
- Running programs that cause network congestion
- Sending “junk” email.
Violations of these conditions for the use of this environment are subject to the investigative and disciplinary procedures of the college, with the chief information officer acting in an advisory role. The Office of Student Affairs usually handles complaints against students. The Office of the Dean of the Faculty usually handles complaints against faculty. Complaints against staff and administrators are usually handled through supervisors and Human Resources. The Eligibility for Accounts Policy does provide for a small number of accounts for individuals who are neither students nor employees of the college; the chief information officer will handle these cases, with consultation with the college administration as appropriate.
Limitation of Privileges Pending Judicial Process
In addition, in some cases, the college must act more immediately to protect its interests and resources (including the electronic environment and the data stored in it) or the rights and safety of others. The chief information officer, or in his or her absence a delegate within Information Technology staff, has the authority to suspend or limit account privileges and access in those situations. When an account is suspended in this way, the chief information officer or the delegate shall notify the appropriate office who will handle the complaint, and will attempt to notify the account owner. Account suspension under these conditions is temporary while the complaint is handled through the normal investigative and disciplinary procedures of the college.
Users’ Expectation of Privacy
The college recognizes the importance of privacy in an academic setting and does not routinely monitor a current user's email, data, software, or other online activity. There are limited circumstances, however, in which the college may access, monitor, limit and/or disclose a user’s communications or other data on eResources without the user’s permission. These circumstances include the following:
- To maintain the integrity of its systems, network or data
- When required by federal, state or local law, administrative rules, court order or other legal authority;
- To preserve the health and safety of individuals or the Amherst College community;
- When there are reasonable grounds to believe that a violation of law or a significant breach of college policy may have taken place and access, inspection or monitoring may produce evidence related to the possible misconduct; or
- To address a legitimate business need
Such college access to a user’s communications or other data on eResources without the user’s permission will occur only with the approval of the president and the dean of the faculty (for faculty), director of human resources (for administrators and staff) or chief student affairs officer (for students). In cases of emergency where necessary to preserve the integrity of the system, comply with laws or other legal authority, or preserve health and safety, the college may access, monitor, limit and/or disclose a user’s communications or other data on eResources without seeking the above-described permission. In that instance, the chief information officer or designee will log any emergency access for review by the president and dean of the faculty, director of human resources or chief student affairs officer, as the case may be.
Finally, the college cannot guarantee the security of those eResources against unauthorized access or disclosure.
The E-Resources and anything accessible on or through them are made available “as is" and "as available.” The college makes no guarantee that any E-Resource will be free of objectionable matter, errors, defects, bugs, viruses, worms, "Trojan horses," or other destructive features. The college is not responsible for any harm arising from E-Resources or users’ reliance on them, nor is it responsible for any third-party content accessed using college E-Resources, including content made available by another college user or any third party.
This policy is not a complete statement of the college’s rights or remedies, and nothing in this policy waives any of those rights or remedies, including any rights in or to the E-Resources.