1.What do you mean by "authorized"? Who authorizes in terms of users and in terms of equipment connected to campus resources?
It depends, but generally use of a specific resource is authorized by the campus entity with primary ownership of and responsibility for that resource. For example, a registered student may obtain an email account after agreeing to abide by this policy, but faculty and staff must have departmental approval to receive an email account. A departmental system may have specific uses authorized by that department that differ from ITS.
2. Can a department have a stricter policy? A more lenient policy? Which takes precedent when?
A department may have stricter or more lenient policies provided they are consistent with existing laws and policies. Departmental policies take precedent when the resources affected are restricted to the department. The RUP takes effect when departmental policies result in violations affecting individuals or resources outside the department. Departments are encouraged to review their policies with AUPC for known legal issues.
3. I teach a CSC class on networks. Do the rules for port scanning, hacking, etc., apply to me?
Classroom use is an authorized activity within the bounds of the classroom environment. For example, a network course may use port scanning as a teaching tool within the departmental network and systems designated for use for that course. Logging into and performing the scan on a machine/network designated for that purpose at a designated time would be acceptable use. However, conducting a port scan from home on any other Cal Poly or non-Cal Poly system would not be an acceptable use at any time.
4. Can I put material that I have downloaded from the Internet on web pages used by my students?
Material downloaded from the Internet may be used as long as it is known to be in the public domain or licensed for such use. Never assume that because there is no copyright notice that an item is in the public domain. To be safe, you should obtain the owner’s permission before posting or distributing materials to students. If they require that access be limited to the class, it may be necessary to password protect the materials, include language advising the students not to redistribute the material, and other measures.
5. Are students allowed to have offensive material on their web sites, screen savers? Why?
Material considered offensive to one person may not be to others and may constitute free speech, which is protected by the First Amendment of the U.S. Constitution. Cal Poly does not monitor or censor personal web pages hosted on University servers. There may be valid reasons for accessing or displaying such materials on University computers. However, material that violates applicable laws, e.g., child pornography, is not allowed. In addition, offensive screen savers, sounds, or wall papers may constitute a hostile workplace when used on a workstation that other users may have an opportunity to view in lab or office environments. If complaints were received in that case, the individual would be asked to perform their work elsewhere.
6. Can I play games on workstations and/or over the campus network?
Games are non-academically related programs that are primarily run for their entertainment or recreation value. The ability to play games on workstations is regulated by the entity responsible for those workstations or the system on which the game is running. Game playing is not allowed on Central UNIX, including the use of normal system utilities to connect to other sites for their entertainment or recreation value.
Playing networked based games or running a game on one system from another is also limited by available network capacity and competing needs of the University for network access. Priority for network use is given to academic requirements and approved University business activities. A good rule of thumb is that if response seems be slower than normal, game playing should be discontinued.
7. Can I use email and Internet resources for personal use?
Yes. Incidental personal use is permitted provided it does not involve personal financial or other gain or personal commercial use, does not consume a significant amount of campus resources, does not interfere with your own or other users’ ability to perform University-related responsibilities, and otherwise complies with applicable laws, rules, policies, contracts and licenses.
8. Can my family use my account for email and web access?
No. You are the only one authorized to use Cal Poly accounts issued in your name. It is not appropriate for family members to use University email or the Cal Poly modem pool to access the Internet or email (even if not Cal Poly) since it requires them to use your login ID and password. Sharing these with others is not permitted except when authorized, e.g., delegating email or providing a single login and password to students in a class.
9. Can I put family information/pictures on my web page?
Yes. Incidental personal use and unofficial personal web pages are allowed under the RUP. However, it would not be appropriate for such materials to appear on official departmental web sites. In addition, each user is allocated a certain amount of disk space in their account and should remove non-course or personal materials from their account if they need additional space to store University-related materials.
10. My child is raising money for a school activity. Can I send out an email telling folks that the sign-up is in my office?
University resources may not be used to raise monies for off-campus organizations, non-profit or otherwise. Such mailings may also constitute SPAM and may be against the law.
11. Can I access my off-campus Internet provider (AOL, etc) from on campus?
This is permissible if such access does not prevent you or other users from using campus resources to carrying out their assignments. For example, it would be inappropriate for an employee to conduct such personal business to the detriment of their assigned duties, or for a student to use a lab machine for this purpose while other students are waiting to use the workstation to complete a class assignment. In addition, you are responsible for knowing and abiding by the use policies of that Internet provider, which in some cases may be more restrictive than the University’s RUP.
12. If I use Cal Poly’s modem pool to access another Internet provider, am I still covered by Cal Poly’s RUP?
Yes. Any traffic passing through the University modem pool will be subject to the RUP. In addition, you are responsible for knowing and abiding by the use policies of that Internet provider, which in some cases may be more restrictive than the University’s RUP.
13. I am running for an ASI office, college council seat, or some other student office. Can I campaign using email? Using my web page?
This use is appropriate under the RUP. However, any emails would be subject to the mass email restrictions and guidelines as defined within the Electronic Mail and Messaging policy and must comply with applicable laws and other provisions of the RUP.
14. Can I express my political opinions on my web page?
Being an advocate for a candidate or ballot initiative is an acceptable use for students. However, it is illegal for employees to use or permit others to use State resources for political advocacy. Due to the personal nature of this activity, the State of California would not indemnify or defend an employee if an action was pursued against them for violating this State law. Political advertising and fundraising is not permitted.
15. What if I am running for a local office?
University resources may not be used advertising for local political offices or ballot initiatives. Promoting your campaign for political office would constitute use of State resources for personal gain, which is prohibited under the policy.
16. I am supporting a local ballot initiative. Can I host an email distribution list to update interested people on this issue?
The courts have yet to address the specific issue of whether an individual’s use of state supported email for political purposes violates the law. While the University may choose not to be involved in deciding whether a personal communication violates this provision, other policy provisions may apply and an employee may still be subject to personal liability under the law. Employees should exercise appropriate caution prior to engaging in such activities, which may have negative consequences for them and the University.
17. What is SPAM? What can I do about it?
SPAM usually refers to unsolicited email. Based on this, there can be valid SPAM and unwanted SPAM. Currently, unwanted SPAM is covered by State law, which provides civil remedies only. This means the recipient may sue the sender if they fail to stop after the recipient notifies them to do so. Unfortunately, most SPAMers don't have assets in California and are hard to sue, even if you have the desire to pursue such a course. In addition, notifying the sender to stop can verify your email address and cause you to receive more SPAM. Finally, some SPAM may include attachments carrying potentially destructive viruses. ITS recommends that users simply delete unwanted SPAM in the same way they throw away junk mail received through the U.S. Post Office (“snail mail”). You can complain to the administrator of the system where the SPAM originated (e.g., abuse@aol.com and notify ITS if the SPAM appears to have originated at Cal Poly.
18. Why doesn't the University block SPAM?
People who send out SPAM email usually get around blocking attempts by frequently changing their sending addresses, so blocking a single user address is virtually meaningless. Blocking the originating site will block valid email as well as the SPAM. There is also the issue of freedom of speech. What is junk to some may be useful to others. Blocking SPAM could constitute a violation of a student's First Amendment rights.
19. What are chain letters, and why aren't they allowed?
Chain letters are unsolicited letters requesting that the recipient send the message on to other users for various reasons and causes, from sending good luck, spreading a virus warning, and pyramid schemes promising great wealth to making a dying child happy. Most chain letters are hoaxes or simply designed to create as much email traffic as possible. The good luck chain letters also prey upon the superstition of the recipient. Chain letters serve no useful purpose. Even valid virus warnings can generate confusion amongst the recipients. They also consume a large amount of computing and network resources with no tangible benefit. As a result, prohibiting chain letters has become a de facto standard amongst most systems administrators.
20. You reserve the right to delete files in the event of an emergency. Is there any way to recover deleted information for a class, a senior project, or a research contract? Should the "importance" determine the level of effort to restore the information?
Permanent files in a user’s account on Central UNIX (not email) are backed up on a regular basis, usually every weeknight. Temporary files are never backed up and are non-recoverable. The effectiveness of email backups varies and can be very costly to implement. Recovery depends on what was lost as a result of an emergency deletion. One constant guideline is that it can't be recovered if hasn't been backed up. If a file was created or heavily modified since the last backup, those recent changes will be lost.
21. I am out of town (or on sabbatical or leave) and don't get the warning that files will be deleted. Do I have any recourse?
Backups are only kept for a finite amount of time and become less granular as time goes on. Consequently, the longer between when the delete occurred and the file recovery request is submitted, the less likely the file will be recoverable in a useful form if at all.
22. How will you know that a violation has occurred?
Enforcement will be based on receipt of one or more valid formal complaints about a specific incident or through discovery of a possible violation in the normal course of administering IT resources. ITS will determine if a violation of the policy has occurred based on further investigation of the evidence by the appropriate campus entities.
23. Will you be monitoring my email?
The University will not monitor an individual user’s email unless directed to do so by court order or the user requests such assistance.
24. Who will make the determination that it is a violation of policy and not simply a performance issue?
The Vice Provost/Chief Information Officer or designee will investigate complaints, determine if the policy has been violated, and refer the matter to designated University officials for further action if appropriate.
25. If I think a violation of the policy has occurred, how do I let ITS know?
There are several methods that can be used to report a potential policy violation:
You may also refer complaints directly to the following University officials:
Complaints must be filed by the individual or by the administrator of the network/system that was harmed. Cal Poly will act on anonymous and third party complaints only in the event of a health and safety issue; otherwise, the individual who has been harmed will be contacted and asked to file a formal complaint.
Suspected infractions occurring on external or departmental systems should be reported to the administrator responsible for the resource with a copy to complaints@calpoly.edu. Cal Poly system administrators, supervisors or offices receiving a complaint or discovering a possible violation should notify complaints@calpoly.edu
26. Can you freeze a student account for irresponsible use?
ITS will freeze a user’s account for security reasons only (e.g., the account appears to have been compromised or has been involved in an attempt to compromise the system), at the direction of designated University Officials (e.g., Office of Student Rights and Responsibilities, Academic Personnel, or Human Resources), or in response to a court order. ITS may temporarily block access to a web page or other materials in response to a complaint of copyright infringement. ResNet will temporarily turn off ports in response to a complaint.
27. Who will respond to policy violations by faculty? By students? By staff?
Initial response to complaints under the RUP will be handled by ITS. Serious incidents, repeat violations, and minor infractions and first time offenses that cannot be resolved informally will be referred to one or more of the following authorities for further action:
28. What if I don't agree when you tell me to stop an activity?
You may respond with your explanation of the event and it will be evaluated by the entity handling the complaint. If your reason is not accepted, you can appeal the decision to the Vice Provost/Chief Information Officer who has final authority in determining whether a computing policy has been violated or not. Students and employees can appeal any decision and action taken through existing University disciplinary/grievance processes.
29. What are potential penalties for violating this policy?
Penalties are dependant on the state agency that deals with the complaint and the severity of the complaint. First offenses and minor infractions are generally resolved informally by the entity responsible for the resource. Repeat offenses and serious incidents may lead to formal disciplinary action up to and including dismissal or termination. Misuse may result in the loss of computing privileges and prosecution under applicable civil and criminal statutes.
30. Where can I get more information?
All users are encouraged to review the complete RUP, which contains a full description of the policy and its application and provisions. It includes definitions, examples, procedures and hyperlinks to documents with more information on specific topics such as copyrights. The full policy is on file in the Library for users without Internet access. Users can also contact ITS by email (its@calpoly.edu), phone (805-756-2966 or 7000) or in person (14-113) for advice and guidance in interpreting or explaining any aspect of the policy.
Return to Responsible Use Policy