Sweet Briar College provides and maintains computing and telecommunications technologies to support the education, research and work of its faculty, staff, and students. Sweet Briar's computing and telecommunications technologies are collectively referred to as SBCNet. By connecting computers with each other and with national and international computer networks, SBCNet provides many educational benefits.

The purpose of this policy is to define responsible and ethical behavior of SBCNet users in order to preserve the health, availability, and integrity of college computing resources. This policy is purposely silent on matters covered by other policies such as sexual harassment and honor code violations, and by federal and state laws on privacy and computer abuse. This policy applies to all users of Sweet Briar computing resources.

The priorities for use of Sweet Briar computing resources are:

Highest

All education, research, and administrative purposes of the college.

Medium

Other uses indirectly related to Sweet Briar purposes with education or research benefit, including personal communications.

Lowest

Recreation, including game-playing.

Forbidden

Selling Sweet Briar resources, commercial activities not sanctioned by the President's office, intentionally denying or interfering with service, unauthorized use or access, reading or modifying files without proper authorization, using the technology to impersonate another, violations of laws or other Sweet Briar policies.

Because it is not possible to anticipate all the ways in which individuals can harm or misuse college computing facilities, this policy focuses on a few simple rules. These rules generally indicate actions that should be avoided.

If you observe someone violating this policy, or another Sweet Briar policy using SBCNet resources, you can report it by email to stopit@sbc.edu. Many local computing systems also have a "stopit" account that you can send mail to in order to report questionable activities Ñ alternatively you may send mail to postmaster@sbc.edu.

A. Rules of Use

Sweet Briar treats access to SBCNet resources as a privilege that is granted on a presumption that every member of the college community will exercise it responsibly. The following rules are not complete -- just because an action is not explicitly proscribed does not necessarily mean that it is acceptable. The rules should be read for the principles behind them and the principles adhered to in all situations.

1. Use SBCNet Consistently With the Stated Priorities.

   Low priority uses of SBCNet should be avoided during the times of peak demand, typically the mid afternoon to late evening hours. During peak periods, other users may be prevented from doing their high priority work if you are doing something of low priority. Those users are likely to complain to you or to if they observe you interfering with their work.

   Certain activities such as chain letters, broadcast email, transmission of large image and sound files, to very large distributions will consume large amounts of resources; avoid them.

2. Don't Allow Anyone to Use Your Account.

   Your Sweet Briar username identifies you to the entire international Internet user community. Another person using your account, whether or not you have given permission, will be acting in your name. Anyone who knows your password can use your account. You are responsible for that person's actions in your account. If that person violates any policies, his or her actions will be traced back to your username and you may be held responsible. The easiest way to protect yourself is to not give away your password. If you need to give someone access, give it on a temporary basis, and change your password immediately after that person finishes using your account. You should also not give your password to anyone you do not trust.

   If someone else offers you use of an account for which you are not authorized, decline. If you discover someone's password, don't use it; report the access to the password to the owner or to stopit@sbc.edu.

3. Honor the Privacy of Other Users.

   Sweet Briar treats the contents of all files, email, and communications as private, and will strive to protect the privacy of all users. Many aspects of privacy of files and communications are also protected by Federal and State laws. Examples:

   • Don't access the files or directories of another user without explicit authorization from that user. Typically, authorization is signalled by the other user's setting file access permissions to allow public or group reading of files. Since some systems by default make all files readable to all users and some users don't know this, the file permissions are not reliable. It is always best to ask.
   • Don't intercept or monitor any network communications not explicitly meant for you.
   • Don't use the systems or transmit personal or private information about individuals unless you have explicit authorization from the individuals affected. Don't distribute such information unless you have permission from those individuals.
   • Don't create programs that secretly collect information about users. Software on SBCNet is subject to the same guidelines for protecting privacy as any other information-gathering project at the college. You may not user computer and telecommunication systems to collect information about individual users without their consent. Note that some system utilities log user information (ftp, mosaic, login, etc.). This is considered normal system administration functions.

4. Don't Impersonate Any Other Person.

   Using SBCNet resources to impersonate someone else is improper. If you use someone else's account, you may be committing acts of fraud because the account owner's name will be attached to the transactions you have performed.

   If you send anonymous mail or postings, you should realize that it is customarily considered polite to identify that your message is anonymous or is signed by pseudonym. You should be aware that most people will give less credence to anonymous communication than to signed communication.

5. Don't Use SBCNet To Violate Other Policies or Laws.

   Computer networks offer new ways to commit actions that violate laws or policies that are covered elsewhere. Here are reminders of typical other policies:

   • Don't copy copyrighted documents. Many programs and their documentation are owned by individual users or third parties and are protected by copyright and other laws, licenses, and contractual agreements. You must abide by these restrictions; to do otherwise may be a crime. (See Appendix D: Policy on Unauthorized Copying)
   • Don't use SBCNet to threaten or harass anyone. Various types of harassment, including sexual, religious and racial, are proscribed by SBC policies.
   • Don't use SBCNet to violate the Honor Code.
   • Don't use SBCNet to launch viruses, worms, trojan horses, or other attacks on computers here or elsewhere.

B. Offices, Centers, and Departments

Organizational units on the campus operate computers and networks to support their missions. The principles of this policy apply to all Sweet Briar organizational units, and any computers connected to SBCNet. Units may set additional local policies and expectations that are consistent with this policy.

C. Privacy

All users of SBCNet enjoy a right of privacy. No other user, system administrator, or official may read email, files, or communications without the consent of their owners. Only in rare and exceptional cases where a severe threat is present and there is no alternative to ameliorating the threat may the Director of Computing authorize the reading of email, files, or communications. No system administrator or official may do this without the authorization of the President or Dean.

D. System Administrators

The system administrators of various computers around campus have special responsibilities. They should exercise their extraordinary powers to override or alter access controls, accounts, configurations, and passwords with great care and integrity. System Administrators manage computers and administrate policies, but they do not create policies. Their actions are constrained by this policy and by the policies of local administrative units. In particular, local units should set policies concerning accounts on their machines, and system administrators must follow these policies.

If a system administrator observes someone engaging in activities that would seriously compromise the health or integrity of a system or network — e.g., someone launching a virus attack or attempting to gain root access — she may take immediate action to stop the threat or minimize damage. This may include termination of processes, disconnection from a network, or temporary suspension of an account. Account suspensions must be reported immediately to the Director of Computing. Only in exceptional cases may personal files or communications be inspected. Thus, computing personnel may not read email, files, or communications as part of an investigation without explicit authorization.

E. Security Review Panel (SRP)

This policy establishes a Security Review Panel consisting of the Director of Computing, the Networks Manager, a student to be selected by the Network Services Division, a faculty member selected by the Technology Planning Group, the Director of Libraries & Integrated Learning Resources, Computer Resources/Technical Support Coordinator, and the Dean of the College or her/his designee. Its chair will be the Director of Libraries and Integrated Learning Resources. Computing adminstrators will report all violations and their responses to this panel immediately. Any member of the community can report a violation to the panel via stopit@sbc.edu. On receipt of a complaint from a community member, the panel chair will assign one of the members as the panel's "case worker" for that complaint. The five-step "stopit process" within which the panel operates is described below. If a user's account is disabled as a result of a suspected violation, the user has a right to a resolution and reactivation of the account in the case of a mistake within 2 working days. The panel is also responsible for reviewing these policies periodically and recommending improvements and clarifications as needed.

F. Responsible Use of Computing

The Stopit Process

Sweet Briar's computing policy document provides rules of use for the campus computing and telecommunications technologies . This document, which complements those policies, defines the process for handling policy violations.

The process described here, called "stopit" after a similar process at MIT and George Mason University, uses a graduated approach to deal with violations of the policy. The approach is based on the premises that the vast majority of the users are responsible and that most offenders, given the opportunity to stop uncivil or disruptive behavior without having to admit guilt, will do so and will not repeat the offense. Many offenses are not direct threats to the integrity of Network Sweet Briar itself, but are violations of other campus rules, state laws, or federal laws for which there are enforcement processes already in place. The stopit process is designed to direct complaints to the appropriate authorities quickly. The stopit process has five stages:

STOPIT 1: Wide Distribution of Policy Information

A poster describing the essence of the responsible use policy will be displayed in each computer lab on the campus; the same information will be given to new users and to each user annually. The essence of the policy is that certain behaviors may interrupt or hurt other members of the SBC community; all users should refrain from such behaviors. Anyone observing a harmful or disruptive behavior can report it to stopit@sbc.edu or to the campus police.

STOPIT 2: Standard For Registering Complaints

The stopit@sbc.edu address is monitored regularly by members of the Security Review Panel (SRP), who will make sure that complaints are responded to rapidly. In many cases, the SRP member who responds to a complaint will alert the existing authority who handles the type of complaint — e.g., accusations of sexual harassment go to the campus sexual harassment board, honor code violations to the honor committee, thefts of equipment to the campus police, repetitive misconduct to the Dean of Co-Curricular Life, chain-letters to the network Postmaster. Users do not need to know who the proper authority is for a particular complaint, they simply write to stopit@sbc.edu.

STOPIT 3: Warning Letter

The third mechanism, which almost always follows STOPIT 2, is a letter to the alleged perpetrators of improper Network Sweet Briar use, harassment, or other uncivil behavior. The letter will have this form:

"Someone using your account did [whatever the offense is]." This is followed by an explanation of why this behavior violates which policy. "Account holders are responsible for the use of their accounts. If you were unaware that your account was being used in this way, it may have been compromised. The system administrator of the machine hosting your account can help you change your password and re-secure your account. If you were aware that your account was being used to [do whatever it was], then please make sure that this does not happen again." Finally, the letter will identify an SRP member who has been assigned to the case.

This stage makes sure the persons are informed of the policy violation and complaint and offers them the chance to desist without having to admit guilt.

STOPIT 4: Mandatory Interview with SRP Member

If the recipient of a STOPIT 3 letter wishes to contest what is said in the letter, he or she may talk to the SRP member assigned to the case. If that recipient repeats the offense, or commits a new offense, he or she will be invited to a mandatory interview with the SRP member assigned to the case. The SRP chair can authorize the temporary suspension of access to an account if the individual fails to arrange for the mandatory interview. Individuals may request a hearing before the full SRP.

STOPIT 5: Disciplinary Procedures

If none of the previous stopit stages convinces the offender to desist, the matter will be referred to the normal university disciplinary procedure for the type of offense. The SRP will make available all information and evidenceit has on the case to the disciplining authority.