HMS IT Student Computing Policies
SECTION 1
Harvard Medical School Use of Computers and Networks
Use of Facilities
Privacy of Information
Intellectual Property
SECTION II
Additional Policies from HMS IT Student Computing Services
Security and Privacy
Use of Facilities
Use of the HMS Network
Cases of Misconduct
Waiver
SECTION III
HMS P2P (Peer-to-Peer) File Sharing Application Policy
HMS E-Mail Policy
Other Related Resources:
Digital Millenium Copyright Act Compliance
HARVARD'S COMPLIANCE WITH DIGITAL COPYRIGHT
LAW
From Daniel Moriarty, Assistant Provost for Information Technology, March 17, 2003
HMS IT Department Policies on Security
SECTION I
Harvard Medical School Use of Computers and Networks
Individuals who are provided access to Harvard University computer facilities and to the campus-wide communication network assume responsibility for their appropriate use. Harvard University expects individuals to be careful, honest, responsible, and civil in the use of computers and networks. Those who use wide-area networks (such as the Internet) to communicate with others or to connect to computers at other institutions are expected to abide by the rules for the remote systems and networks as well as those for Harvard's systems. Be advised that, in addition to being a violation of College rules, certain computer misconduct is prohibited under Massachusetts General Laws, c.266 subsection 33 (a) and 12 (f) and is, therefore, subject to criminal penalties. Such misconduct includes knowingly gaining unauthorized access to a computer system or data base, falsely obtaining electronic services or data without payment of required charges, and destroying of electronically processed, stored, or in-transit data. In addition, individuals may be held responsible for misuse which occurs by allowing access to a third party to their own computer or account. Individuals are expected to abide by these rules and policies and to consult an official of Harvard Medical School's (HMS) IT Student Computing Services prior to any activity that would appear to threaten the security or performance of Harvard University computers and networks. Failure to do so may result in disciplinary action.
Computer and network facilities are provided primarily for an individual's educational use. These facilities have tangible value. Consequently, attempts to circumvent accounting systems or to use the computer accounts of others will be treated as forms of attempted theft. Individuals may not attempt to damage or to degrade the performance of Harvard's computers and networks and should not disrupt the work of other users. Individuals may not attempt to circumvent security systems or to exploit or probe for security holes in any Harvard network or system, nor may individuals attempt any such activity against other systems accessed through Harvard's facilities. Execution or compilation of programs designed to breach system security is prohibited unless authorized in advanced. Individuals assume personal responsibility for the use of their accounts. Consequently, users may not disclose their passwords or otherwise make Harvard's facilities available to unauthorized individuals (including family or friends). Moreover, the possession or collection of others' passwords, personal identification numbers (PINs), private digital certificates, or other secure identification information is prohibited. Use of Harvard's computers and networks for business-related purposes without authorization is prohibited.
Information stored on a computer system or sent electronically over a network is the property of the individual who created it. Examination, collection, or dissemination of that information without authorization from the owner is a violation of the owner's rights to control his or her own property. Systems administrators, however, may gain access to users' data or programs when it is necessary to maintain or prevent damage to systems or to ensure compliance with other University rules. Computer systems and networks provide mechanisms for the protection of private information from examination. These mechanisms are necessarily imperfect and any attempt to circumvent them or to gain unauthorized access to private information (including both stored computer files and messages transmitted over a network) will be treated as a violation of privacy and will be cause for disciplinary action. In general, information that the owner would reasonably regard as private must be treated as private by other users. Examples include the contents of electronic mail boxes, the private file storage areas of individual users, and information stored in other areas that are not public. That measures have not been taken to protect such information does not make it permissible for others to inspect it. On shared and networked computer systems certain information about users and their activities is visible to others. Users are cautioned that certain accounting and directory information (for example, user names and electronic mail addresses), certain records of file names and executed commands, and information stored in public areas, are not private. Nonetheless, such unsecured information about other users must not be manipulated in ways that they might reasonably find intrusive; for example, eavesdropping by computer and systematic monitoring of the behavior of others are likely to be considered invasions of privacy that would be cause for disciplinary action. The compilation or redistribution of information from University directories (printed or electronic) to third parties, especially those outside HMS, is forbidden.
Computer programs written as part of one's academic work should be regarded as literary creations and subject to the same standards of misrepresentation of copied work. In addition, attempts to duplicate, use, or distribute software or other data without authorization by the owner is prohibited.
SECTION II
Additional Policies from HMS IT Student Computing Services
These policies are intended to serve as an addendum to the HMS statement on Use of Computers and Networks (Section I). These are departmental policies that apply specifically to the use of HMS IT Student Computing' facilities and resources.
The staff of HMS IT Student Computing Services consider user accounts to be the private property of individualize who have opened them, and as a result will never ask users to reveal their passwords. However, users who request assistance from the HMS IT Student Computing Resources give the staff implicit permission to view specific data in their accounts that is necessary to investigate, diagnose, or correct the problem.
Individuals should not attempt to exploit, test, or probe for suspected security holes on HMS computers or networks, but instead should report them to HMS IT Student Computing Services. Likewise, users should not disseminate to others any information that serves to circumvent or degrade system or network security or integrity. Physical theft, rearrangement, or damage to any University computer or network equipment, facilities, or property is strictly prohibited, and will be reported to the police. This includes all public computer labs, network hubs, wiring, and links. Users may not plug in personal computers or peripheral devices in public computer labs or onto the HMS Network without prior authorization.
HMS IT Student Computing Services must ensure that academic work takes precedence at all times over other computing activities in its facilities. In situations of high user demand which may strain available computer resources, HMS IT Student Computing Services reserves the right to restrict (e.g., to specific times of day) or prohibit computer entertainment activities such as game playing. Similarly, loud or disruptive behavior which may hinder academic work in the computer labs is not permitted.
Users with personal computers on the HMS Network are expected to take reasonable precautions to ensure the security of their systems. Individuals may be held responsible for misuse by others that occurs on their systems.
Users should not attempt to plug their personal computers into any data jack for which they are not personally registered or authorized to use. Attempts to plug into an unauthorized data jack may result in its automatic deactivation.
Attempts to monitor, analyze, or tamper with network data packets that are not explicitly addressed to your computer are prohibited.
Using a network address other than the one assigned by HMS IT Student Computing Services is prohibited.
Users are not permitted to register external domain names (i.e., any domain outside of harvard.edu) that reference systems on the HMS Network.
Users may not advertise routing information on the HMS Network or act as gateways to external or private networks.
It is prohibited to connect any secondary physical network to the HMS Network without authorization.
Providing services or running applications which consume excessive bandwidth on the HMS Network without authorization is prohibited.
Whenever a case of computer misconduct is suspected or reported, HMS IT Student Computing Services will notify the appropriate Resident Dean or University official, who in turn will determine the course of any investigation or disciplinary action. Pending the ability to contact this official, HMS IT Student Computer Services reserves the right to deny system or network access on a temporary basis to anyone who violates these rules. This includes the ability to terminate processes or connections that threaten system or network security, performance, or integrity.
Individuals will be held to the same standard of conduct (in oral, written, and electronic communication) with the staff of HMS IT Student Computing Services as with other officers and staff of the University.
Users recognize that systems and networks are imperfect and waive any responsibility for lost work or time that may arise from their use. The staff of HMS IT Student Computing Services cannot compensate users for degradation or loss of personal data, software, or hardware as a result of their use of University-owned systems or networks, or as a result of assistance that they may seek from any HMS IT Student Computing Services staff member.
SECTION III
HMS P2P (Peer-to-Peer) File Sharing Application Policy
Harvard Medical School does not allow P2P software usage on
its wired or wireless network. Examples of P2P applications include Morpheus, LimeWire,
BitTorrent, eMule, eDonkey, AIM for file sharing, and others in this category. Anyone using P2P
applications on the HMS network will be blocked from, or have limited access to the network,
without prior notification. Review Harvard Universitys Digital Millennium Copyright Act compliance
information at http://www.dmca.harvard.edu/dmca_overview.php for the background on the basis of
this policy. Be aware that the action of downloading or sharing copyrighted materials by any means
is illegal, and violators may be subject to criminal or civil prosecution.
HMS faculty, staff or students who must use BitTorrent on the HMS network for legitimate
research or academic purposes may ask for an exemption to this policy by emailing a request
with their P2P needs to the HMS IT Help Desk at help_desk@hms.harvard.edu. Exceptions may be
granted upon the approval of the HMS IT Client Services Director and the Information Security
Officer. There are no exceptions for other types of P2P software usage. If there are any questions
with this policy or any other IT related questions, contact the HMS IT Help Desk at the email above
or by phoning 617-432-2000.
For more information go to: http://dmca.harvard.edu