Old Acceptable Use Policy
The computer networks and systems at WPI have been acquired as tools for use in the academic mission of WPI. These systems are electronic and may seem "ethereal", but when you use them you should consider yourself as being in a classroom, or elsewhere on campus. Your actions should be guided by the WPI Campus Code (section IV), just as if you were interacting with others face-to-face, always adhering to WPI's standards of honesty and personal conduct.
Summary of the Rules
- Comply with Intended Use of the System
Assure Ethical Use of the System
- Don't let anyone know your password(s).
- Don't violate the privacy of other users.
Don't copy or misuse copyrighted or licensed material.
- Fair Use
- Don't use the systems or network to harass anyone in any way.
- WPI is a signator to DMCA and will pursue claims of copyright infringement. The DMCA agent for WPI is Allan E. Johannesen. As outlined in this document, it is not acceptable use of WPI resources to violate copyright.
- Massachusetts Computer Crime Law
- Assure Proper Use of System Resources
- Assure Proper Use of Network Resources
- Residential Networking
- Wireless Networking
- Internet Bandwidth and Usage
It is important that you understand the purpose of the systems and network so that your use of these resources is in compliance with that purpose.
Don't violate the intended use of the systems and network at WPI.
The purpose of these facilities is to support research, education, and WPI administrative activities, by providing access to computing resources and the opportunity for collaborative work. All use of the WPI network must be consistent with this purpose. For example:
Don't try to interfere with or alter the integrity of the system at large, by doing any of the following:
- Permitting another individual to use your account.
- Impersonating other individuals in communication (particularly via forged e-mail, chat, news, etc.).
- Attempting to capture or crack passwords or encrypted information.
- Destroying or altering data or programs belonging to other users.
Don't try to restrict or deny access to the system by legitimate users. e.g.
- Don't try to crash systems or networks, either at WPI or off campus.
- Don't attempt to make a computer impersonate other systems.
- Don't consume unneeded resources; to include network bandwidth, compute time, disk, or processes. The web has traffic limitations; a site without an academic mission should not consume extensive resources.
- Don't use the facilities for private financial gain.
- Don't transmit threatening or harassing materials.
- Don't try to interfere with or alter the integrity of the system at large, by doing any of the following:
Along with the many opportunities that the computer systems and networks provide for members of the WPI community to share information comes the responsibility to use the system in accordance with WPI standards of honesty and personal conduct. Those standards, outlined elsewhere in this manual, call for all members of the community to act in a responsible, professional way. Appropriate use of the resources includes maintaining the security of the system, protecting privacy, and conforming to applicable laws, particularly copyright and harassment laws.
Don't let anyone know your password(s).
While you should feel free to let others know your username (this is the name by which you are known to the whole Internet user community), you should never ever let anyone know your account passwords. This includes even trusted friends, and computer system administrators (e.g. the Computing and Communications Center staff).
Giving someone else your password is like giving them a signed blank check, or your credit card. You should never do this, even to "lend" your account to them temporarily. Anyone who has your password can use your account, and whatever they do that affects the system will be traced back to your username -- if your username or account is used in an abusive or otherwise inappropriate manner, you will be held responsible. Much of the software on the WPI computer systems is licensed only for current students, staff, and faculty; use of the computers by others violates that contract.
In fact, there is never any reason to tell anyone your password: every WPI student, faculty member, or on-campus staff person who wants an account of his or her own may obtain one. If your goal is permitting other users to read or write some of your files, there are always ways of doing this without giving away your password.
For information about how to manage the security of your account, including advice on how to choose a good password, how to change passwords, and how to share information without giving away your password, see the on-line documentation or e-mail helpdesk.
Don't violate the privacy of other users.
The Electronic Communications Privacy Act (18 USC 2510 et seq., as amended) and other federal laws protect the privacy of users of wire and electronic communications.
The computer and network facilities of WPI facilitate information sharing. Security mechanisms for protecting information from unintended access, from within the system or from the outside, are minimal. These mechanisms, by themselves, are not sufficient for a large community in which protection of individual privacy is as important as sharing. Therefore, you must supplement the system's security mechanisms by using the system in a manner that preserves the privacy of themselves and others.
All users should make sure that their actions don't violate the privacy of other users, if even unintentionally.
Some specific areas to watch for include the following:
- Don't try to access the files or directories of another user without clear authorization from that user. Typically, this authorization is signaled by the other user's setting file access permissions to allow public or group reading of the files. If you are in doubt, ask the user.
- Don't try to intercept or otherwise monitor any network communications not explicitly intended for you. These include logins, e-mail, user-to- user dialog, and any other network traffic not explicitly intended for you.
- Unless you understand how to protect private information on a computer system, don't use the system to store personal information about individuals which they would not normally disseminate freely about themselves.
- Don't create any shared programs that secretly collect information about their users. Software on the WPI computer systems and network is subject to the same guidelines for protecting privacy as any other information-gathering project at the university. This means, for example, that you may not collect information about individual users without their consent.
- Don't remotely login to (or otherwise use) any workstation or computer not designated explicitly for public logins over the network -- even if the configuration of the computer permits remote access -- unless you have explicit permission from the owner and the current user of that computer to log into that machine.
- Do not portscan or perform remote version requests for systems that you do not have explicit permission for even if the configuration of the computer permits it.
Don't copy or misuse copyrighted or licensed material.
Copyright is a form of protection provided by the laws of the United States (title 17, U.S. Code) to the authors of original works of authorship including literary, dramatic, musical, artistic, and certain other intellectual works. This protection is available to both published and unpublished works.
You should assume materials you find on the Internet are copyrighted unless a disclaimer or waiver is expressly stated. Note that there does not have to be a statement that the material is copyrighted for it to be copyrighted; any original work created in recent years is automatically copyrighted according to U.S. law. The copyright holder has extensive rights. You must contact the copyright holder and ask permission to display the material.
If you do not abide by these legal and contractual restrictions, you may be subject to civil or criminal prosecution.
Although this is not an exhaustive list, you are likely to violate copyright by:
- Displaying pictures or graphics you have not created.
- Offering sound recordings you have not recorded yourself. Even if you have recorded them, you must have permission from the copyright holder.
Placing any materials owned by others, (i.e. copyrighted works) on your Web page, or for other display, without the expressed permission of the copyright owner.(Examples: cartoons, articles, photographs, songs, sound bites, movies, software, graphics scanned in from published works or other web pages).
Placing copyright attribution on the displayed material is not sufficient to enable its display; you must contact that copyright owner to be assured that the display is acceptable. Do this before display is attempted.
Educational institutions enjoy special exemptions from copyright protection, called Fair Use, whereby reasonable portions of copyrighted material may be distributed by instructors to students in a class. If copyrighted materials are to be placed on the web for a course, the materials must be restricted to the course. We offer assistance to accomplish this end. All class materials do not have to be protected in this way, but if the instructor places the information which is copyright protected in its own directory in the web and then uses a web page we designed to restrict logins to a class it will be acceptably protected. The fair use code is simple, but for further information please see the Stanford University Copyright and Fair Use World Wide Web site.
The programs offered for use on the campus computers typically have licenses which restrict use to the computer where they are installed and for educational purposes. The software is usually copyrighted, too. Although this is not an exhaustive list, you are likely to violate license and/or copyright by:
- reselling or giving away licensed programs or data
- using educational-licensed programs or data for non-educational purposes
- using programs or data for financial gain
- using programs or data without being among the individuals or groups licensed to do so
- making WPI license keys publicly available without authorization
Don't use the systems or network to harass anyone in any way.
Harassment is defined as any conduct, verbal or physical, on or off campus, which has the intent or effect of unreasonably interfering with an individual's or group's educational or work performance at WPI or which creates an intimidating, hostile or offensive educational, work or living environment. Harassment on the basis of race, color, gender, disability, religion, national origin, sexual orientation, or age includes harassment of an individual in terms of a stereotyped group characteristic, or because of that person's identification with a particular group.
The university's harassment policy extends to the networked world. For example, sending e-mail or other electronic messages which unreasonably interfere with anyone's education or work at WPI or any other institution, using WPI as a base, may constitute harassment and is in violation of the intended use of the system. Do not print or display material that may be considered offensive unless you have an academic reason. This includes pornography, both pictures and written material.
Any member of the WPI community who feels harassed is encouraged to seek assistance and resolution of the complaint. To report incidents of on-line harassment, send e-mail to the NetOps@wpi.edu. If you believe you are in danger, call the Campus Police immediately at x5555.
The Massachusetts Computer Crime Law, enacted on January 24, 1995 has four points:
- Any unauthorized access into any computer system, either directly, by network, or by telephone is prohibited.
- All electronically stored or processed data is now deemed as "property". As such, any destruction or corruption of such data is illegal.
- Electronic copies of files will now be admissible as evidence in court.
- Computer crime can now be prosecuted and punished in either the county where the perpetrator was physically located or in the county of the computer system and data that were accessed.
WPI's computer resources are powerful tools that can be easily misused. Your use of the system should be consistent with the intended uses of these resources. In particular, you should not overload the systems or otherwise abuse them.
Don't abuse your electronic mail (e-mail), web, or other communications privileges.
Electronic mail is a fast, convenient form of communication. It is easy to send electronic mail to multiple recipients, and you can even send a message to many recipients simply by specifying a single list name (i.e., by using a mailing list). However, this ability to send messages to many people makes it easy to misuse the system. The general rule is: use e-mail to communicate with other specific users, not to broadcast announcements to the user community at large.
For example, while it is appropriate to use e-mail to have an interactive discussion with a set of people (even 20 or more users) or to use e-mail to send a single copy of an announcement to some "bulletin board" facility with a wide readership (e.g. Network News, or an event), it is not appropriate to use e-mail as a way to broadcast information directly to a very large number of people (e.g., an entire WPI class). This is true whether you include the recipient usernames individually or by using a mailing list: under no circumstance should you use the e-mail system to get a general announcement out to some large subset of the WPI community.
These guidelines are not based on etiquette alone: the mail system simply does not have the capacity to process a very large number of e-mail messages at once. When a user sends out an announcement to a huge list of recipients, the mail servers get overloaded, disks fill up, and staff intervention is required. The overall result is a negative impact on the quality of service provided for all users.
Finally, the proliferation of electronic chain letters is especially abusive of the mail system and the network. Chain letters waste valuable computing resources, and may be considered harassment. Creating or forwarding chain letters may subject you to university disciplinary proceedings.
The web has specific traffic limitations; a site without an academic mission should not consume extensive resources.
The web at WPI has a multitude of uses. Potential students can learn about WPI and even apply to WPI. Researchers can get information on programs at WPI. Alumni can peruse information especially for them. Students, faculty, and staff can offer their web pages. Unfortunately, excessively popular pages can swamp the web so that these functions cannot be accomplished.
Any individual whose site gets 10% of the usage of the WPI user web server (users.wpi.edu) will be warned to reduce the traffic on their web. They will have 1 week to bring the traffic down to a reasonable level. 10% may not sound like much, but that is actually a large fraction of the resource, given how many people at WPI are sharing the resource. A site will be shut down if the owner has not managed to tame their web within a week.
A site, which is over 20% of the traffic, will be shut down immediately, as an emergency measure to preserve web functionality. Other grounds for immediate shutdown are copyright violations, commercial ventures, and other Acceptable Use Policy violations.
It is possible that some web page, which is consistent with the academic mission of WPI, will become very popular, and we will try to deal with that situation should it arise. We have not yet seen crippling traffic problems from any pages of this sort, however.
Don't perform commercial activities on WPI systems.
- The university's name must not be used in ways that suggest or imply the endorsement of other organizations, their products, or services.
- Fundraising and advertising may be conducted on the WPI network only under the supervision of officially recognized campus organizations.
Don't interfere with the functioning of the network or computer systems.
Your computer and network devices must not perform actions that might interfere with others. Do not cause this sort of trouble attacking either WPI's computers or computers elsewhere. You must not use or distribute any virus or other tools by which you or others might attempt to accomplish this disruption. Any attempt at disruption of others is unacceptable. A few examples are:
- Run processes on computers to bog them down; making them less useful for others.
- Break computer security.
- Cause broadcast of e-mail.
- Destroy others' files.
Don't abuse network bandwidth
Network bandwidth is a finite resource that must be managed in a reasonable fashion. As such bandwidth-intensive research work and other such enterprises should always be cleared with WPI Network Operations before proceeding. Also, non-academic applications may be blocked or limited in use if found to be causing problems with normal day to day operations.
Don't use the WPI network for commercial activities
The WPI network was created to promote new ideas and thoughts as well as pass useful and timely information to the WPI community. Commercial activity on the WPI network is only permitted for business done on behalf of WPI or its organizations, not for the benefit of private individuals or other organizations without authorization.
- It is not permitted to run a private business on the WPI network.
- Advertisements on webpages run from the WPI network are not permitted
- Reselling network IP services over WPI's network is not permitted.
Don't interfere with the functioning of the WPI network
Since the WPI network is for the use of the entire school body, denying its use to the school body is forbidden.
- Broadcast a storm of packets, causing excessive network traffic, making the network run slowly for others.
- Running unapproved network equipment (i.e. Routers, DHCP servers, Wireless Access Points, Etc…)
- Circumventing security, Hacking/Cracking or disrupting normal operations
Don't interfere with the functioning of other, non-WPI networks
- Off campus Hacking/Cracking is not permitted
Residential systems fall under the WPI AUP, as do all campus systems. Resident systems not found to be compliant will be addressed according to the following schedule.
Examples of each level of offense are given. Certainly, this list cannot completely list all violations; it can only show the areas into which violations might fall and attempts to offer guidelines about which action might fit into the area. CCC is the arbiter of the severity of the violation.
CCC may also notify appropriate authorities, e.g. Dean of Students, Campus Police, or FBI, depending on the situation.
All notifications and warnings below consist of e-mail to the station owner's CCC login name.
Minor Offense examples are:
- Storage of copyright materials, only if it appears to have been possible that someone else might have stored the materials on the system (e.g. due to careless security of the system).
- Harassment of others using the network as an instrument
- Apparent password hacking or other security intrusions, where the intruder might not have been the machine owner (i.e. on multi-user systems)
- Major bandwidth use, where the bandwidth is not due to other AUP violations. For example, offering pictures or programs to the Internet, where the material is not copyright violating, can still affect the WPI Internet connection and constitutes an AUP problem. Running mud servers, or other games, might cause the same problem.
- Commercial, fraudulent, or illegal mailing or posting.
- Distribution of software keys
The consequence is suspension of connectivity until the resident comes to Network Operations during normal working hours for a discussion of the AUP and an explanation of the violation. Prompt compliance is expected.
Major Offense examples are:
- A second minor offense.
- Not correcting the minor offense.
- Apparent password hacking or other security intrusions, where the intruder very likely was the machine owner of an on campus system, hacking an off-campus system.
- Hacking that results in actual intrusion or damage to any system, either here or elsewhere on the Internet.
- Storage of copyright materials, where it appears that the individual stored the material by their own hand. The materials might not have been absolutely known to be copyright violations.
- Massive commercial, fraudulent, or illegal mailing or posting.
- Sniffing and other forms of network wiretapping.
The consequence is a one-week suspension of connectivity. After a week has expired, the resident must come to Network Operations during normal working hours for a discussion of the AUP and an explanation of the violation. Requests for reactivation before one week expires will not be honored.
Termination Offense examples are:
- An offense after a major offense.
- Storage of copyright materials, where it appears that the individual stored the material by their own hand, where the copyright was obvious. Software packages are obvious violations, since anyone who ever saw a software distribution would be aware that the materials were not to be distributed.
Pictures or sounds would only fall under major offenses, since they are not usually so definitively labeled. If we can determine that the picture came from a magazine or the sounds came from a CD, that would be a termination offense, since those media would be labeled as copyrighted sources.
The consequence is termination of connectivity for a calendar year; note that networking fees are not refundable. An application for connectivity will not be accepted within a calendar year of the termination.
The resident may request that Network Operations initiate a WPI campus judicial procedure to adjudicate the suspension.
The above policy has been reviewed by the CCC support staff
The WPI wireless network is an extension of the WPI wired network and should be treated as such. However special care must be taken to promote security and uninterrupted accessibility.
- Don't use the WPI ESSID and keys in non-WPI wireless access points
- Don't use wireless sniffers
- Don't use non-WPI wireless access points on campus
- Don't bridge the WPI wired network to ANY wireless network
- Don't use wireless services that interfere with normal functionality
- Don't distribute the WPI Wireless keys
The result will be a Major offense as defined under Residential Networking.
The WPI campus is connected to the Internet through a 50 Mbps line. This line is shared amongst the entire campus, including dorms, fraternities, Academic and Administrative buildings. This is the primary link to major Internet services and must remain tightly managed for efficient use. No one entity may monopolize the link.
- Hosts that exceed 1% inbound or outbound traffic over the course of 24-hour period, without authorization, will be suspended from network use. Greek and Dorm hosts will be treated as a minor AUP offense under the Residential Networking rules. Academic and Administrative machines will be audited for use.
- Non-academic services (i.e. network games, p2p services, etc) will be monitored for use and will be addressed on a case-by-case basis
- Network Operations may block services that create large security issues or disrupt normal operations at any time.
WPI's IT Division reserves the right to audit and monitor any system, service, and data traffic within the WPI network to enforce the Acceptable Use Policy and to prevent system intrusion and instability.