Fayetteville Policies and Procedures 900.0
Code of Computing Practices
- General Principles
- This code governs the use of computers, networks, and other computing resources at the University of Arkansas, Fayetteville. These resources are provided by the University to enhance its mission of teaching, research, and public service and to provide access to local, national, and international facilities in achieving these goals. The University is committed to computing and network systems that effectively meet the needs of its users.
- Individuals who are granted computing accounts or who use computing resources at the University accept the responsibilities that accompany such access. Each user is expected to use University accounts and resources for educational, research, or administrative purposes; except as otherwise provided in this code, activities unrelated to these purposes are prohibited. Use of computing resources in violation of the regulations set forth in this code will be reviewed through established University procedures for student and employee misconduct. Restrictions imposed on usage of computer and network systems may be challenged through the same procedures.
- The University is committed to intellectual and academic freedom in connection with its computing and network resources. Computers and networks can provide access to resources on and off campus, including the ability to communicate with other users worldwide. Such open access is a privilege, much like access to books in the library, and requires that individual users act responsibly. Use of computing and network resources should always be legal and ethical, reflect academic honesty, and show restraint in the consumption of shared resources. It should demonstrate respect for intellectual property, ownership of data, system security mechanisms, the right to personal privacy, and to the right of individuals to freedom from intimidation and harassment.
- All federal and state laws, as well as general University regulations and policies, are applicable to the use of computing resources. These include, but are not limited to, the Family Education Rights and Privacy Act of 1974, 20 U.S.C. § 1232g; the Electronic Communications Privacy Act of 1986, 18 U.S.C. §§ 2510 et seq.; the Arkansas Freedom of Information Act, Ark. Code Ann. §§ 25-19-101 et seq.; and state and federal computer fraud statutes, 18 U.S.C. § 1030 and Ark. Code Ann. §§ 5-41-101 to -1071. Illegal reproduction of software and other intellectual property protected by U.S. copyright laws and by licensing agreements may result in civil and criminal sanctions.
- The University recognizes the value and potential of electronic communications and
publishing on the Internet. Students, faculty, and staff have the opportunity to produce,
in a manner consistent with this code, individual World Wide Web pages through their
University accounts. However, the University does not approve, preview, or censor
these home pages and accepts no responsibility for their content, or for the content
of electronic mail communications.
- Administration of Computing Resources
- In General
- The University, in accordance with state and federal law and the policies of the Board of Trustees, may control access to its information and the devices on which it is stored, manipulated, and transmitted.
- The University has the responsibility to: (a) develop, implement, maintain, and enforce appropriate security procedures to ensure the integrity and privacy of individual and institutional information, however stored; (b) uphold all copyrights, patents, licensing agreements, and rules of organizations that supply information resources.
- Responsibility for administering the University's computing and network resources and for the security of these resources rests with the Department of Information Technology Services and units designated in writing by Information Technology Services.
- System Administrators
- A system administrator is any person designated, within any campus unit, to maintain, manage, and provide security for shared multi-user computing resources, including computers, networks, and servers.
- System administrators shall perform their duties fairly, in cooperation with the user community and University administrators. They shall adhere to this code and all other pertinent University rules and regulations, shall respect the privacy of users to the greatest extent possible, and shall refer disciplinary matters to appropriate University officials.
- Data Collection
- Given the nature of the technology, a wide range of information can be easily collected by University personnel using system software. For example, software may be configured to provide aggregate information on the number of users logged in, the number of users accessing certain software, etc.
- No information shall be routinely collected that is not required by system administrators in the direct performance of their duties, such as routine backup for system recovery.
- Privacy of Electronic Files
- Users do not own accounts on University computers but are granted the privilege of exclusive use of their accounts. Use of University computing resources for storage or transmission of data does not alter any ownership interest of the user in that data. Users are entitled to privacy regarding their computer communications and stored data.
- University officials will access electronic files, including email files, only under
one or more of the following conditions:
- The user consents in writing to such access.
- There is a valid search warrant, subpoena, or court order, or a request for electronic records that are open to public inspection under the Arkansas Freedom of Information Act.
- There exists an emergency situation in which the physical safety and/or well-being of person(s) may be affected or University property may be damaged or destroyed. Responsibility for authorizing access rests with the Director of Information Technology Services or the Vice Chancellor for Finance and Administration.
- There exist reasonable grounds to believe that a violation of law or University policy is occurring or has occurred. Access will take place only after a reasonable effort has been made to obtain consent. Responsibility for authorizing access rests with the Director of Information Technology Services or the Vice Chancellor for Finance and Administration.
- Access is necessary for maintenance of computers, networks, data, and storage systems; to maintain the integrity of the computer, network, or storage system; or to protect the rights or property of the University or other users. Authorized personnel may routinely monitor and log usage data, such as network session connection times and end-points, CPU and disk utilization for each user, security audit trails, and network loading. In all cases, the privacy rights of users shall be protected to the greatest extent possible.
- The Arkansas Freedom of Information Act
- The electronic files, including email files, of University employees are potentially subject to public inspection and copying under the state Freedom of Information Act ("FOIA"), Ark. Code Ann. §§ 25-19-101 et seq.
- The FOIA defines "public records" to include "data compilations in any form, required by law to be kept or otherwise kept, . . . which constitute a record of the performance or lack of performance of official functions which are or should be carried out by a public official or employee [or] a governmental agency. . . ." Ark. Code Ann. § 25-19-103(1). All records maintained in public offices or by public employees within the scope of their employment are presumed to be public records. Id. Various exceptions apply. See Ark. Code Ann.§ 25-19-105; University Policy and Procedures Manual § 850.1.
- Education Records
- Records containing information directly related to a student are confidential and protected from public disclosure by the Family Educational Rights & Privacy Act, 20 U.S.C. § 1232g, and the Arkansas Freedom of Information Act, Ark. Code. Ann. § 25-19-105(b)(2).
- No one shall access any such records maintained in an electronic format or disclose
or distribute their contents in any manner inconsistent with federal and state law
and University regulations.
- In General
- Use of Computing Resources
- In General
This section does not cover every situation involving the proper or improper use of University computing resources; however, it does set forth some of the responsibilities that a person accepts if he or she chooses to use those resources. The purpose of this section is to establish rules for the benefit of all users and encourage responsible use of computing resources.
- Use Without Authorization Prohibited
- No one shall (a) connect with or otherwise use any University computer, modem, network, or other computing resource without proper authorization; (b) assist in, encourage, or conceal any unauthorized use, or attempted unauthorized use, of any University computer, modem, network, or other computing resource; or (c) misrepresent his or her identity or relationship to the University to obtain access to computing resources.
- Users shall use only those computing and network resources that have been authorized for their use and must identify computing work with their own names or an approved means of identification so that responsibility for the work can be determined and users contacted, if necessary.
- Users shall use their accounts for the purposes for which they are established, as well as personal communications. Accounts and other University computing resources shall not be used for personal financial gain or benefit or for the benefit of organizations not related to the University, except: (a) in connection with scholarly pursuits, such as faculty publishing activities; or (b) in accordance with University policy on outside consulting for compensation.
- Users shall not subvert restrictions associated with their accounts, such as quotas and levels of access.
- Users shall follow all applicable procedures for accessing University computing systems as published in the University's web pages and in the online HELP and NEWS facilities for each system.
- No one shall give any password for any University computer or network to any unauthorized person, nor obtain any other person's password by any unauthorized means. Users are responsible for the use of their computer accounts and shall not allow others access to their accounts, through sharing passwords or otherwise. Users should take advantage of system-provided protection measures to prevent such access.
- When a user ceases being a member of the campus community or is assigned a new position and/or different responsibilities within the University, his or her account and access authorization shall be reviewed. A user shall not use facilities, accounts, access codes, privileges, or information for which he or she is not authorized.
- Security and Related Matters
- No one shall (a) knowingly endanger or compromise the security of any University computer, network facility, or other computing resource or willfully interfere with others' authorized computer usage, (b) attempt to circumvent data protection schemes, uncover security loopholes, or decrypt secure data; (c) modify or reconfigure or attempt to modify or reconfigure any software or hardware of any University computer or network facility in any way, unless specific authorization has been obtained; or (d) use University computer resources and communication facilities to attempt unauthorized access to or use of any computer or network facility, no matter where located, or to interfere with others' legitimate use of any such computing resource.
- No one shall attempt to access, copy, or destroy programs or files that belong to other users or to the University without prior authorization, nor shall anyone use University computing resources for unauthorized monitoring of electronic communications.
- No one shall create, run, install, or knowingly distribute a computer virus, Trojan Horse, or other surreptitiously destructive program, email, or data via any University computer or network facility, regardless of whether demonstrable harm results.
- Users shall not place confidential information in computers without protecting it appropriately. The University cannot guarantee the privacy of computer files, email, or other information stored or transmitted by computer; moreover, the University may access such information in accordance with Part II of this code. Persons who have access to confidential or sensitive information shall disclose it only to the extent authorized by the Family Educational Rights & Privacy Act, the Arkansas Freedom of Information Act, and other applicable laws, and only in connection with official University business.
- Users shall not knowingly or recklessly perform any act that will interfere with the normal operation of computers, terminals, peripherals, or networks and shall not intentionally waste or overload computing resources.
- Intellectual Property
- No one shall copy, install, use, or distribute through University computing resources any photographs, logos, images, graphics, graphic elements, audio, video, software, html markup, data files, or other information in violation of U.S. copyright, trademark, or patent laws or applicable licensing agreements. It is the user's responsibility to become familiar with the terms and requirements of any such laws or agreements. This subsection does not apply to any material that is in the public domain.
- Users should be aware that the unauthorized peer-to-peer sharing of copyrighted works such as music, pictures, games, computer applications, and movies is a violation of this code. It is also illegal and may carry significant money and/or criminal sanctions. It is the responsibility of the user who is downloading or uploading files to make certain that they are not copyrighted works or that the user has the permission of the copyright holder.
- User Communications
- Users assume full responsibility for messages that they transmit through University computers and network facilities.
- No one shall use the University's computing resources to transmit fraudulent, defamatory, or obscene messages, or any material prohibited by law.
- No one shall use the University's computing and network resources to: (a) harass or threaten another person, including but not limited to, by conveying obscene language or images or threats of bodily harm; (b) repeatedly contact another person to harass, whether or not any actual message is communicated, and the recipient has expressed a desire for the contact to cease; (c) repeatedly contact another person regarding a matter for which one does not have a legal right to communicate (such as debt collection), once the recipient has provided reasonable notice that he or she desires such contact to cease; (d) disrupt or damage the academic, research, administrative, or related pursuits of another person; or (e) invade the privacy, academic or otherwise, of another person or threaten such an invasion.
- Users shall comply with this code as well as the regulations and policies of newsgroups, lists, and other public forums through which they disseminate messages.
- Users shall not (a) initiate or propagate electronic chain letters; (b) engage in spamming or other indiscriminate mass mailings to newsgroups, mailing lists, or individuals; (c) forge communications to make them appear to originate from another person, e.g., spoofing; or (d) engage in resource-intensive activities unrelated to University functions, e.g., online role playing games (RPGs).
- Priority in Use of Computing Facilities
- In University libraries and general-access computer labs, or in any other environment in which users must share computing resources, priority shall be given to users engaged in activities directly related to the University's mission, e.g., completing course assignments or engaging in research. The libraries and computer labs may adopt regulations to implement this policy and to encourage cooperation among users of the same equipment.
- Use of electronic messaging systems for non-course work is not permitted in libraries and general-access computer labs when others are waiting to use the equipment.
- Home Pages, Lists, and Newsgroups
- The University recognizes the value and potential of electronic communications and publishing on the Internet. Students, faculty, and staff have the opportunity to produce, in a manner consistent with this code, individual World Wide Web pages through their University accounts. However, the University does not approve, preview, or censor these home pages and accepts no responsibility for their content, or for the content of electronic mail communications.
- Any personal home page or other personal collection of electronic material that is accessible to others must include the following disclaimer: "These materials are not endorsed, approved, sponsored, or provided by or on behalf of the University of Arkansas, Fayetteville."
- Academic and administrative departments, registered campus organizations, and other entities may apply to the Department of Information Technology Services for an "information provider" account to create a home page on the University of Arkansas web server. Publication guidelines and link requests are made through University Relations.
- The following individuals or groups are eligible to establish a listserv list or netnews newsgroup using University computing resources: (a) faculty or staff members, with the written approval of the appropriate department head; (b) registered student organizations, i.e., student groups that are formally registered with the Campus Activities Center; and (c) ARKnet or community organizations associated with the University.
- Approval for a list or newsgroup must be obtained from the appropriate system administrator.
If resources are available, such approval shall be granted unless the proposed list
or newsgroup (a) duplicates an existing list or newsgroup or (b) appears to serve
a purpose unrelated to the University's mission. The University neither controls the
content of lists and newsgroups nor assumes any responsibility for their content.
- In General
- Enforcement and Sanctions
- System administrators are responsible for protecting the system and users from abuses of this code. Pursuant to this duty, system administrators may (1) formally or informally discuss the matter with the offending party, (2) temporarily revoke or modify access privileges, or (3) refer the matter to the appropriate disciplinary authority.
- Any violation of this code may result in the revocation or suspension of access privileges. Imposition of such a sanction is within the discretion of the Department of Information Technology Services or the appropriate academic or administrative unit.
- Any violation of this code is misconduct for purposes of the student code of conduct, the law student code of conduct, and University personnel policies and may be punished accordingly.
- Any offense that violates local, state, or federal laws may result in the immediate loss of all University computing and network privileges and may be referred to the appropriate University disciplinary authority and/or law enforcement agencies.
1 See the Arkansas General Assembly website to view the Arkansas Code.
Previously listed as Fayetteville Policies and Procedures 201.0
Revised February, 2011
Revised September 2009
Revised April 2002
Revised March 1998
Revised August 1994
April 28, 1993