"The Proper Use of Information Resources, Information Technology, and Networks at the University of Michigan" (Standard Practice Guide 601.7) applies to any member of the University community, whether at the University or elsewhere, and refers to all information resources, whether individually controlled or shared, stand alone or networked.

To assist the community in the administration of the Proper Use policy, these guidelines specify the responsibilities each member of the UM community agrees to assume by his or her use of campus technology resources. It stands as the base set of guidelines for use of resources offered by all service providers (1) across campus, including the Information Technology Central Services (ITCS), the Computer Aided Engineering Network (CAEN), Medical Center Information Technology (MCIT).

Service providers may supplement this document with more unit-specific guidelines for their users, but unit-specific guidelines do not supersede this document or the Proper Use policy.

The University of Michigan provides information technology resources to a large number and variety of users-faculty, staff, students, and outside clients. As members of the University of Michigan community, and in accordance with the Proper Use policy, all users have the responsibility to use those services in an effective, efficient, ethical, and legal manner.

Ethical and legal standards that apply to information technology resources derive directly from standards of common sense and common courtesy that apply to the use of any shared resource. The campus computing community depends first upon the spirit of mutual respect and cooperation that has been fostered at the University of Michigan to resolve differences and ameliorate problems that arise from time to time.

These guidelines are published in that spirit. Their purpose is to specify user responsibilities in accordance with the Proper Use policy and to promote the ethical, legal, and secure use of computing resources for the protection of all members of the University of Michigan computing community. The University extends membership in this community to its students and employees with the stipulation that they be good citizens, and that they contribute to creating and maintaining an open community of responsible users.

Appropriate and Responsible Use
Central to appropriate and responsible use is the stipulation that, in general, computing resources shall be used in a manner consistent with the instructional, public service, research, and administrative objectives of the University. Use should also be consistent with the specific objectives of the project or task for which such use was authorized. All uses inconsistent with these objectives are considered to be inappropriate use and may jeopardize further access to services.

As a member of the University community, you may not assume another person's identity or role through deception or without proper authorization. You may not communicate or act under the guise, name, identification, email address, signature, or indicia of another person without proper authorization, nor may you communicate under the rubric of an organization, entity, or unit that you do not have the authority to represent. (See SPG section 601.19).

Although service providers provide and preserve security of files, account numbers, authorization codes, and passwords, security can be breached through actions or causes beyond their reasonable control. You are urged, therefore, to safeguard your data, personal information, passwords and authorization codes, and confidential data; to take full advantage of file security mechanisms built into the computing systems; to choose your passwords wisely and to change them periodically; and to follow the security policies and procedures established to control access to and use of administrative data.

User Responsibilities
When you use the University of Michigan's computing services, you accept the following specific responsibilities:

1. To respect the privacy of other users; for example, you shall not intentionally seek information on, obtain copies of, or modify files, tapes, or passwords belonging to other users or the University, shall not represent others, unless authorized to do so explicitly by those users, nor shall you divulge sensitive personal data to which you have access concerning faculty, staff, or students without explicit authorization to do so.

2. To respect the rights of other users; for example, you shall comply with all University policies regarding sexual, racial, and other forms of harassment. The University of Michigan is committed to being a racially, ethnically, and religiously heterogeneous community.

3. To respect the legal protection provided by copyright and licensing of programs and data; for example, you shall not make copies of a licensed computer program to avoid paying additional license fees or to share with other users.

4. To respect the intended usage of resources; for example, you shall use only those resources (uniqname and password, funds, transactions, data, processes, etc.) assigned to you by service providers, faculty, unit heads, or project directors for the purposes specified, and shall not access or use other such resources unless explicitly authorized to do so by the appropriate authority. You may not use University resources assigned to you or others for profit-making or fund-raising activities unless explicitly authorized to do so by the appropriate authority.

5. To respect the shared nature of resources; for example, you shall avoid activities that unreasonably tax system resources or that, through frivolous use, go beyond the intended use of the system.

6. To respect the intended usage of systems for electronic exchange (such as e-mail, IRC, Usenet News, World Wide Web, etc.); for example, you shall not send forged electronic mail, mail that will intimidate or harass other users, chain messages that can interfere with the efficiency of the system, mass mailings not related to the topic(s) of the addressed group(s), or promotional mail for profit-making purposes. Also, you shall not break into another user's electronic mailbox or read someone else's electronic mail without his/her permission.

7. To respect the integrity of the system or network; for example, you shall not intentionally develop or use programs, transactions, data, or processes that harass other users or infiltrate the system or damage or alter the software or data components of a system. Alterations to any system or network software or data component shall be made only under specific instructions from authorized faculty, unit heads, project directors, or management staff.

8. To respect the financial structure of a computing or networking system; for example, you shall not intentionally develop or use any unauthorized mechanisms to alter or avoid charges levied by the University for computing, network, and data processing services.

9. To adhere to all general University policies and procedures including, but not limited to, policies on proper use of information resources, information technology, and networks; acquisition, use, and disposal of University-owned computer equipment; use of telecommunications equipment; ethical and legal use of software; and ethical and legal use of administrative data.

Service Provider Responsibilities
All service providers have the responsibility to offer service in the most efficient, reliable, and secure manner while considering the needs of the total user community. At certain times, the process of carrying out these responsibilities may require special actions or intervention by service provider staff. In such circumstances, service providers are bound by the policies governing their actions. At all other times, staff have no special rights above and beyond those of other users; they are required to follow the same policies and conditions of use that other users must follow. Every effort shall be made to ensure that persons in positions of trust do not misuse computing resources or data or take advantage of their positions to access information not required in the performance of their duties.

Service providers are not responsible for policing user activity. However, when they become aware of violations, either through the normal course of duty or by a complaint, it is their responsibility to initiate an investigation. At the same time, to forestall an immediate threat to the security of a system or its users, service providers may suspend access of the people involved in the violation while the incident is being investigated. They may also take other actions to preserve the state of files and other information relevant to an investigation.

Service providers will act in accordance with existing policy governing privacy of user information by seeking permission to examine the content of e-mail and other private files. In instances where user permission cannot be obtained and the content of files may jeopardize the security of systems, safety of users, or ability of the University or its constituent parts to conduct necessary business, service providers must obtain authorization from a higher administrative authority working in conjunction with General Counsel to examine content.

Violations of Guidelines
Violations of any of the above guidelines are certainly unethical and may be violations of University policy or criminal offenses. You are expected to report information you may have concerning instances in which the above guidelines have been or are being violated.

In accordance with established University practices, policies, and procedures, confirmation of inappropriate use of University of Michigan technology resources may result in termination of access, disciplinary review, expulsion, termination of employment, legal action, or other disciplinary action. Service providers will, when necessary, work with other University offices such as the Judicial Advisor, the Department of Public Safety and Security, schools and colleges disciplinary councils, the Office of the General Counsel, and others in the resolution of problems.

Other Responsible Use Guidelines for Specific Services
Additional responsible use guidelines applying to the use of networks and telecommunications services and administrative data processing systems and services can be found in the Standard Practice Guide online.

Also, other external networks to which the University of Michigan maintains connections (for example, MichNet) have established acceptable use standards (see the World Wide Web for details). It is your responsibility to adhere to the standards of such networks. The University cannot and will not extend any protection to you should you violate the policies of an external network.

Reporting Incidents
In general, reports about violations of these guidelines should be directed to the administrative school, college, or unit for the system involved.

At the College of Engineering, contact CAEN Security by sending e-mail to security@engin.umich.edu or calling 763-4910.

For services provided by ITCS, contact the IT User Advocate (ITUA) by sending e-mail to abuse@umich.edu or calling 647-6396.

If possible, please forward a copy of any information relevant to the incident you are reporting.

If you are unsure where to report the problem, please contact the IT User Advocate. The Advocate will redirect the incident to the appropriate person(s) for action or will handle it directly.

Further Information
These guidelines and the University's Proper Use policy are available on the Information Technology Policies and Guidelines web site.

The University's Standard Practice Guide is also available on the Web.

(1) "Service provider" is a University department or unit that provides any information technology service (such as e-mail, file service, computational cycles, or statistical analyses) to members of that unit and/or to others outside of it.

Return to Information Technology Policies and Guidelines

For more information, please contact the IT User Advocate at abuse@umich.edu
Copyright © 2007 University of Michigan Regents.