III. Responsible Use

    A. Privileges and Responsibilities

      The University of Hawai‘i defines and provides access to institutional computers, information systems and networks as a privilege rather than a right. Reliable and safe access to the University's information resources requires that users accept their responsibilities to behave in ways that protect the community, and by so doing they also preserve their own access.

      All users must respect the rights of others, the integrity of the facilities and controls which are implemented to maximize the community’s reliable access, and all pertinent license and contractual agreements that underlie the University’s technology infrastructure. It is the policy of the University to deny access to any member of the user community who violates this policy or who uses the University’s technology resources to violate other duly established policies or laws.

    B. Principles of Responsible Use, with Examples

      All users have the responsibility to operate the University computing systems in an ethical, lawful and responsible manner. These principles of responsible use are derived directly from standards of decency and common sense that apply to the use of any shared public resource. They apply equally to users who are students, faculty, staff or any authorized guest user of the University’s systems, networks and services. Each of the following principles includes examples of prohibited behaviors. These examples are intended to illustrate the range of unacceptable actions rather than to exhaustively elaborate all specific behaviors that may violate the principle.

      1. Users must adamantly protect their personal passwords

        Passwords are the basic security mechanism which authenticate individuals as eligible to use University resources. The username and password also authorize individuals to perform specific actions based on the identity of the user, such as permitting students to drop classes or faculty to view class lists. Many legal and ethical violations begin when the culprit obtains use of someone else’s password, wittingly or unwittingly shared.

        Passwords should be chosen that are difficult to guess and should not be written down. Experts recommend changing passwords on a regular basis. Under no circumstances should a password be shared with a family member, friend or acquaintance, much less any stranger or caller. Appendix C contains a guide to the selection and management of personal passwords. Users should immediately report any suspected unauthorized use of their username to their system administrator.

      2. Users must respect the privacy of others’ passwords, information and communication, and may not attempt to use University resources to gain unauthorized access to any site or network or to maliciously compromise the performance of internal or external systems or networks

        Digital environments present certain new opportunities for abuse, but the infractions and consequences are often comparable to those in the physical world. Just as an unlocked door is not an invitation to theft, everything that is technically possible is not permissible or legal.

        Users must not store or run programs intended to obtain others’ passwords. Users must not look over others’ shoulders to try to obtain passwords or otherwise try to obtain unauthorized access to the information or communication of others. Users may not "sniff" networks or undertake comparable measures to obtain access to passwords or other information not made publicly available by the owner. Users may not attempt to gain unauthorized access to other systems, networks and services external to the University via the University’s Internet or other network connections. Nor may programs be stored or executed that attempt to gain unauthorized system-level access to computers or network devices either inside or external to the University.

        Users may not store or execute programs or engage in or abet any activities designed to test or compromise system or network performance without the prior written authorization of the responsible system administrator(s). This includes programs that introduce a virus, worm or other destructive/disruptive programs. Users may not launch "denial-of-service" attacks against internal or external systems and networks from within the University.

        Violations of this policy may also be subject to prosecution under the federal Electronic Communications Privacy Act (ECPA) of 1985 which protects the confidentiality of personal electronic communications or the Hawai‘i Penal Code provisions for computer crime. Under no circumstances will excuses be accepted that such behaviors were intended purely for educational purposes or to help system administrators improve security.

      3. No individual may falsely represent themselves or "spoof" another physical network connection

        Violations of laws, codes of conduct or usage policies are usually attempted under false identities. Academic integrity dictates that members of the University community be accountable for their actions. Users may not attempt to represent their network activities as originating from a network address other than the actual source (i.e. "spoofing"). Nor should users falsely identify themselves in their email or postings. There are legitimate uses for anonymity in certain specific communications forums, but it is generally not considered appropriate in most on-line discourse.

      4. Users must observe all laws relating to copyright, trademark, export and intellectual property rights

        Intellectual property is the lifeblood of a university, and all members of the university community should respect the work of others inside and outside the academy. Software may not be duplicated or installed except in strict accordance with applicable licensing agreements. Software not eligible for export may not be freely stored on University systems or transmitted outside the U.S. And University servers and networks may not be used to house or distribute unauthorized software, music, video or other information resources. The University will actively participate in the prosecution of members of the community who violate the law, for example, by mounting illegal music or software distribution servers using University resources.

        The University of Hawai‘i adopts the EDUCOM Code, a statement on Software and Intellectual Rights, incorporated herein as Appendix D. EDUCAUSE, which has since incorporated EDUCOM and its programs, is a non-profit consortium of colleges and universities committed to the use and management of information technology for teaching and learning.

        Pursuant to the Digital Millennium Copyright Act (1998), notifications of claimed infringement using University of Hawaii services should be filed with:

          Director of Information Technology
          University of Hawaii
          2532 Correa Rd.
          Honolulu, HI 96822
          Tel: 808-956-3501
          Fax: 808-956-5025
          Email: dmca-agent@hawaii.edu

          back to top

      5. Users must ensure that their electronic communications do not infringe the rights of others and are conducted in accord with the same standards of behavior that apply in other forms of communication

        The privilege of Internet access offers numerous opportunities to interact with others all over the world. As an institution of higher education the University supports open and unrestricted communication by members of its community. However, many people have a tendency to send email, post messages, or engage in other behaviors that they would never think to perform in person. Electronic communication may lack the visual and verbal cues such as a smile or tone-of-voice that indicate when someone is joking, so misinterpretation may be more likely than in-person. For this reason, it is suggested that people exercise even more care in their on-line communication than face-to-face.

        The same legal and policy standards that define intimidation, harassment or invasion of privacy apply to the electronic environment. For example, persistence in sending unwanted email constitutes harassment and is unacceptable if not illegal. Display of sexually explicit images or sounds where others can see or hear them may create a hostile environment and could constitute sexual harassment according to University policies on sexual harassment. And obscene email is comparable to obscene phone calls or letters. Laws relating to child pornography, obscenity and defamation apply in electronic environments and the University will willingly cooperate in the prosecution of individuals formally charged with such offenses.

        Finally, users should be aware that each specific on-line forum or mailing list might have specific standards of content and behavior to which its members are expected to adhere. These may range from "no anonymous messages" to "no posting of job ads on this mailing list." The University will cooperate in helping the managers of external forums enforce their standards, just as we expect other institutions to cooperate in helping members of the UH community manage their forums based on the public standards of behavior established for their group.

      6. University resources are intended to be used for institutional purposes and may not be used for private gain.

        The University provides information technology resources at great expense for the purpose of supporting its mission (learning, teaching, research, and public service). It is expected that usage will be primarily educational in nature in support of this mission.

        All applicable laws and policies relating to the ethical use of public resources apply to University information technologies as well. The Hawai‘i State Ethics Code prohibits use of University resources for private business purposes (see Appendix B) and under no circumstances may individuals use institutional technology resources for commercial purposes without prior written authorization. This includes activities such as the use of University email or web sites for marketing a home business, hosting a commercial home page, or providing friends who are not members of the University community with access to institutional equipment and services. Users may not run private servers or bulletin board systems for non-University purposes through University networks or provide such connectivity to others. Political campaigning may not be engaged in using the University’s electronic information systems

      7. Users may not engage in activities which compromise institutional systems or network performance for others

        The University administers its technology resources on a shared-use basis for the benefit of the entire community. This is only possible when all members of the community respect the need of others for services. In addition, portions of the Internet itself may be vulnerable to disruptions in service by malicious activities. As a whole, the Internet protects itself through an informal and evolving code of behavior among system administrators. The University of Hawaii is committed to be a good institutional citizen of the Internet, noting that non-cooperating institutions are sometimes blacklisted from certain services which could prevent members of the University community from achieving their legitimate academic requirements.

        As a general rule, the University tries to be permissive rather than prohibitive in these matters, but certain behaviors by individuals can compromise the availability and reliability of services for the entire community. Examples of such activities include the unauthorized running of "server" programs on institutional systems or hosting non-educational web sites intended to do nothing more than generate high "hit counts." Nothing in this section is intended to discourage faculty or staff from operating authorized servers in a responsible manner in support of the mission of the University. While it attempts to manage resources on a content-neutral basis, the University does reserve the right to curtail specific uses of its technology infrastructure that unduly interfere with the institution’s ability to provide the best possible service to the overall community.

        Users may not engage in the transmission of unsolicited bulk email ("spamming"), regardless of how important it may seem to the sender. Email is a form of individual communication, not a public forum, and should not be used to express opinions or forward views to those who have not expressed a wish to engage in the dialog. This policy shall in no way limit the use of email as a legitimate means for the University community to share information and communication.

        Under no circumstances may users create, transmit or forward electronic chain letters. Chain letters are often social notes, wishes of good fortune or most insidiously, bogus virus warnings which request the recipient to forward the message to friends and colleagues ad infinitum. Such notes can have a significant and consequential impact on institutional resources as they are forwarded around University systems. Users may not initiate or participate in the targeting of a particular person or system with mass quantities of email ("mail bombs"). In the paper world junk mailers bear the full costs of such activities when they choose to buy a stamp and envelope, but with University email the costs are borne by the entire community and the taxpayers of the State.

        Activities such as spam, chain letters, and mail bombs degrade performance of networks and systems, may violate agreements with third parties such as the University’s Internet Service Providers, and may even endanger the availability of the email services for the entire institution. Violations may be cause for the revocation of the offender’s access to University resources.