Table of contents
- Doesn't the university already have an Acceptable Use Policy?
- Given all that, why do we need a Policy?
- The AUP states that the university does not limit access to information due to its content, does this mean that I can access whatever websites that I wish?
- Who are these people and why are they spying on me?
- Can you elaborate on the Sole Use clause in the AUP?
- Does the first prohibited conduct statement indicate that I can't install software on my computer?
- Does the third prohibited conduct statement prevent me from sending anonymous email?
- The policy prohibits exposing sensitive or confidential information. What does that mean?
- What are examples of prohibited commercial use?
- What is permissible in this area?
- What does "represent interests of non-university groups" mean?
- Where can I turn if I have questions about the Acceptable Use Policy and their application?
Doesn't the university already have an Acceptable Use Policy?
The Guidelines on the Acceptable Use of Information Technology Resources were developed in 1996 by Academic IT Services which later became part of the Division of Information Technology. While accepted as a de facto policy, it was never submitted for policy approval. Much remains the same between the old Guidelines and new Policy; however portions have been modified to reflect changes in technology, network usage, and attitudes towards computer use and security over the past 10 years.
Given all that, why do we need a Policy?
USM policy dictates that institutions must establish an Acceptable Use Policy (AUP).
The AUP states that the university does not limit access to information due to its content, does this mean that I can access whatever websites that I wish?
You may access whatever websites that you wish (as long as they are legal), but that does not mean whenever and wherever you wish. Employees, for example, are not free to surf the Internet at will when they should be performing their jobs. Likewise, the AUP does not condone accessing websites that could potentially create a hostile work or study environment. The policy says that university personnel monitor and access systems and networks.
Who are these people and why are they spying on me?
The people in question are those working in university IT departments who keep the mail systems, file servers, computer and phone networks running as well as the staff who respond to alerts from the security devices installed within the network. During the course of doing their jobs, it is possible that these employees may be exposed to data and network traffic that might be considered personal. A confidentiality agreement Division of IT employees sign annually details their obligations for accessing data and protecting the information. If IT personnel stumbles across evidence suggesting illegal activity, they have an obligation to report their findings to authorities. There are situations in which files, data, and transmissions may be examined. When presented with a valid court order or an appropriate application under the Maryland Public Information Act, IT staff will provide access to requested materials. Access may also be granted to an employee's department for business continuity or investigative purposes. Requests for access are cleared through the Office of Legal Affairs.
Can you elaborate on the Sole Use clause in the AUP?
IT resources are provided to support the academic, research, instructional, and administrative objectives of the university. These resources are extended for the sole use of university faculty, staff, students, and all other authorized associates to accomplish tasks related to the status of that individual at the university, and consistent with the university's mission. There are two key points in this section. First, that the campus IT resources are not available to the general public. Authorized associates would be those who have been expressly granted access to resources by a member of the campus community who has been authorized to make such offers. For example, if faculty and staff are willing to take responsibility for their visitors, they can issue temporary wireless associate accounts. The second point of the paragraph is that IT resources are made available to members of the campus community for the purpose of enhancing their role here at the university. Personal use of these resources is not explicitly prohibited (and is expected for our university residents), however that use must be in moderation and not conflict with departmental expectations for work performance.
Does the first prohibited conduct statement indicate that I can't install software on my computer?
If it is the practice of your department that computers are managed by the individual who uses it, you are authorized to install software and make changes.
Does the third prohibited conduct statement prevent me from sending anonymous email?
No. You can remain anonymous, but you cannot pretend to be someone else without that person's permission (e.g., administrative assistants may send messages on behalf of their employer).
The policy prohibits exposing sensitive or confidential information. What does that mean?
Data protected by federal, state, or USM privacy regulations is considered sensitive. This includes student information protected by Family Educational Rights and Privacy Act (FERPA), financial information protected by the Gramm-Leach-Bliley Act, and health care related information protected by HIPAA. Confidential information includes material received under a non-disclosure agreement.
What are examples of prohibited commercial use?
Examples of commercial use include using a university email address in commercial advertising, hosting a website on the university network for a business such as a private consulting practice, or placing compensated advertising on a Web page.
What is permissible in this area?
University sanctioned enterprises such as those located in Stamp Union and participants in business incubator programs are excluded from the commercial use prohibition. Incidental commercial use such as selling an item on an Internet auction service is permitted as long as it does not conflict with office rules regarding appropriate use of computers. Professional activities that further the mission of the university such as preparing articles for commercial publication may be permitted as long as such activities are approved by the department.
What does "represent interests of non-university groups" mean?
You cannot use university resources to further the mission of organizations that have no connection to the university or your role at the university. This might include activities such as mass mailings for your (non-university sponsored) religious organization or hosting a website for your neighborhood homeowner's association. There are low cost, and in some cases free, options outside the university that can provide these resources.
Where can I turn if I have questions about the Acceptable Use Policy and their application?
Project NEThics℠ is an initiative within the Division of Information Technology's Security and Policy group. It is charged with promoting responsible use of computing resources and coordinating enforcement of the Acceptable Use Policy. Project NEThics℠ can be reached at 301.405.8787 or nethics@umd.edu. Questions may also be directed to the Office of General Counsel (OGC).