Acceptable Use of Information Technology Resources
1.0 Purpose
Use of the Peabody Institute of The Johns Hopkins University (Peabody) information technology (IT) resources is a privilege that is extended to users for the purpose of accomplishing the school’s mission. This privilege comes with the responsibility to use IT resources in a manner consistent with the values and culture of Peabody. The purpose of this policy is to govern the use of Peabody IT resources as they apply to promoting a positive image of the school, creating a productive work place, and protecting Peabody and its employees from disruptive or illegal activities. This policy is available for review at www.peabody.jhu.edu/itpolicies.
2.0 Scope
This policy applies to all users of the Peabody IT resources. Users include, but are not limited to, faculty, visiting faculty, staff, students, vendors, and consultants. IT resources are the devices, infrastructure, applications, and data, including resources designated for the use of a single individual that comprise the Peabody computer network and are the sole property of Peabody.
Furthermore, Peabody owns all network traffic that traverses its infrastructure (though not necessarily the content of that traffic), regardless of the source of the traffic. To understand this concept, think of the U.S. Postal Service. Once a letter is dropped in a mailbox, the Postal Service owns the letter until it is delivered. Even the original sender cannot reclaim the letter. However, the sender still maintains copyright ownership of the content of that letter.
3.0 Background
The topics covered by this policy involve a wide variety of issues. They can be roughly summarized by three guiding principles:
• Do nothing illegal
• Do nothing to harm Peabody
• Respect other community members
4.0 Policy Statement
4.1 Illegal Activity
Peabody IT resources may not be used for any illegal activity as defined by local, state, federal, or international law. All legal questions should be directed to the Johns Hopkins University Office of General Counsel. Examples of illegal activity include, but are not limited to, the following:
1. Posting or disseminating material that is unlawful, such as child pornography
2. Pyramid or other illegal soliciting schemes
3. Fraudulent activities, including impersonating any person or entity or forging anyone else’s digital signature
4. Harassment or threats of any kind. Examples include but are not limited to:
• Distribution of offensive material
• Repeated unwelcome contact
• Words, phrases or statements that would create a hostile work environment. This includes, but is not limited to, racially, ethnically, or sexually offensive language. This would also include posts made to third party social media sites, such as Myspace and Facebook, among others.
5. Unauthorized access of or prevention of authorized access to systems outside the Peabody domain. This includes, but is not limited to:
• Unauthorized access of data
• Unauthorized usage or access of servers or accounts without express permission
• Probing the resources or security of other networks
• Denial of service attacks
6. Any use of materials in violation of intellectual property laws such as copyright laws or of vendor licensing agreements. Peabody complies fully with all local, state, and federal intellectual property laws, including the Digital Millennium Copyright Act. All legal questions should be directed to the JHU Office of General Counsel, Main Office, 3400 N. Charles Street, Garland Hall 113, Baltimore, MD 21218-2688. 410-516-8128. Fax: 410-516-5448 4.2 Activity Harmful to Peabody Peabody IT resources may not be used for activities that would be harmful to the legal status or reputation of Peabody. User may not participate in activities that prevent the use or unduly degrade the performance of Peabody IT resources. Examples of these activities include, but are not limited to, the following:
1. Use inconsistent with non-profit status of Peabody
• Hopkins is a non-profit, tax-exempt organization and, as such, is subject to specific federal, state, and local laws regarding sources of income, political activities, use of property, and similar matters.
• Commercial use of IT resources for non-Peabody business purposes is prohibited. Communication and exchange of data that may have an incidental commercial benefit to an external organization are permitted, so long as it furthers the Peabody mission.
2. Participation in activities that cause excessive strain on or interfere with the use of Peabody IT resources. Examples include, but are not limited to:
• Distributing unsolicited bulk email
• Transferring multiple or large files
• Performing network scanning
• Attaching to external sites for the purpose of accessing non-Peabody work related video and audio streams.
3. Intentionally distributing, using or allowing propagation of any malicious software. Malicious software are programs or scripts that seeks to damage, propagate, deny use, allow unauthorized access or transmit unauthorized data to or from any Peabody resource.
Examples of malicious software include but are not limited to:
• Viruses or worms
• Rootkits, backdoors, or trojans
• DoS (Denial of Service)
• Programs or scripts that cause buffer overflow
• Password guessing/cracking programs.
NOTE: Peabody IT users engaged in Peabody-sanctioned malicious software research must take appropriate precautions to isolate the research systems from general Peabody IT resources to prevent accidental distribution or data release.
4. Personal use that has an undue impact on the operation of Peabody IT resources. Occasional, limited, personal use of the Peabody IT resources is permitted if it meets the following criteria:
• The use does not adversely effect Peabody IT resources
• The use does not violate any other provision of this policy or any other policy, guideline, or standard of Peabody
• The use does not violate any applicable local, state, or federal laws NOTE: At all times, users have the responsibility to use the Peabody IT resources in a respectful, professional, ethical, and lawful manner.
5. Broadcasting information or messages. This includes, but is not limited to, sending mass email, and broadcasting instant messenger messages. Legitimate mass-mailings should use one of the listserv addresses and be sent only by authorized users.
4.3 Activity Contrary to the Values of Peabody
Use of Peabody IT resources must reflect the following values:
• Respect for others
• Civil discourse
• Forthright communication
Peabody reserves the right to refuse to post or to remove any electronic information or materials that it deems, at its sole discretion, to be offensive, indecent, fraudulent, or otherwise inappropriate regardless of whether such material or its dissemination is lawful. Examples of activities that do not reflect the institutions values include, but are not limited to:
1. Attempting to access a Peabody IT resource for which a user is not authorized. Availability of a resource does not imply authorization. Simply because a particular resource has open access does not mean everyone who has access is authorized to use the resource. Examples of attempted access include, but are not limited to:
• Trying different user names and passwords at login screens
• Exploring open file shares
• Using a workstation logged-in under another user's account
2. Attempting to conceal identity, masquerading, or impersonating another user or adopting a false identity when using any Peabody IT resource.
3. Selling or proselytizing for commercial ventures, religious causes, or political campaigns, outside organizations, or other non-Peabody related activities without specific prior authorization from the receiver of the message. Examples of where this activity is prohibited include, but are not limited to:
• Unsolicited email
• Email signature files such as ones that include quotations
• Computer screen savers and desktop backgrounds
4. Using Peabody IT resources to solicit funds or donations beyond University or Institute sponsored campaigns for any organization without prior approval from either the recipient or the director or appropriate dean to review and approve solicitations. This includes, but is not limited to:
• Both commercial and non-commercial ventures
• Churches or religious activities
• Political campaigns or causes All forms of Internet and intranet communications are covered by this prohibition. The forms of communications include, but are not limited to:
• Email, especially unsolicited mail without the recipients prior approval
• Chat or instant messaging (IM)
• IP telephony, including but not limited to programs such as Skype
5. Using Peabody IT resources to send, store or display material that is sexually explicit, intimidating, defamatory, discourteous, offensive or otherwise inappropriate
6. Using email signature files that contain information other than what is necessary for identification and contact. For example, inspirational quotes and personal expressions are inappropriate
7. Using Peabody resources to transmit, view, or download sexually explicit content except as may be necessary and appropriate for legitimate medical, scholarly, or forensic purposes. If there is a legitimate need to access such material using Peabody IT resources, disclosure of the need and the type of material to be accessed shall first be made to the user’s supervisor. If access has been blocked the user’s supervisor will contact Information Systems and request that access be given. Legitimate users of such material must take reasonable precautions to prevent the exposure of this content to others.
5.0 Enforcement
Peabody IT resources are acquired and implemented by Peabody to assist users in the performance of their jobs. Users should not have an expectation of privacy in anything they create, store, send, or receive using those resources. Email and user accounts and their contents are generally considered private, but neither policy nor technology is able to guarantee privacy. Files stored on Peabody IT resources are presumed to be the property of Peabody, and there can be no expectation of privacy concerning such files stored on or transmitted across Peabody IT resources. For safety and/or legal purposes, or as needed to maintain or protect its facilities, Peabody reserves the right to copy, examine, and disclose all email messages and files stored on any institution-owned media or equipment or transmitted across or through Peabody network facilities.
All network traffic, regardless of the source, will be monitored as necessary. Reasons for monitoring include but are not limited to the following:
• Maintaining the integrity and performance of Peabody IT resources.
• Enforcement of Peabody policy
• Compliance with local, state and federal law or their agents.
The Peabody Institute of The Johns Hopkins has no obligation to monitor the network for violations of acceptable use. An absence of monitoring in no way limits the right to monitor all network traffic.
The information technology director is responsible for ensuring that adequate monitoring technology is in place wherever possible to enforce specific provisions in this policy. In many cases, however, Peabody must rely on a concerned and alert user community to report violations. The Information technology director reviews email at help@air.peabody.jhu.edu for reports on violation of the Acceptable Use Policy. Reports are forwarded to the Department of Human Resources, to the director of the Institute, and the respective dean from where the violation came who is responsible for determining the appropriate enforcement organizations to which violations will be reported.
Copyright infringement is the act of exercising, without permission or legal authority, one or more of the exclusive rights granted to the copyright owner under section 106 of the Copyright Act (Title 17 of the United States Code). These rights include the right to reproduce or distribute a copyrighted work. In the filesharing context, downloading or uploading substantial parts of a copyrighted work without authority constitutes an infringement.
Penalties for copyright infringement include civil and criminal penalties. In general, anyone found liable for civil copyright infringement may be ordered to pay either actual damages or "statutory" damages affixed at not less than $750 and not more than $30,000 per work infringed. For "willful" infringement, a court may award up to $150,000 per work infringed. A court can, in its discretion, also assess costs and attorneys' fees. For details, see Title 17, United States Code, Sections 504, 505. Willful copyright infringement can also result in criminal penalties, including imprisonment of up to five years and fines of up to $250,000 per offense.
Further, individuals who have been found to infringe copyrighted materials on the Institute/Hopkins network are subject to disciplinary proceedings under the Acceptable Use of IT Resources policy, faculty manual, Student Conduct Code, and staff manual in addition to civil and criminal penalties. The failure to enforce this policy, for whatever reason, shall not be construed as a waiver of any right to do so at any time.
6.0 Actions
This policy is effective January 1, 2007.
7.0 Responsibility for Policy Maintenance
It is the responsibility of the information technology director to ensure that this policy is current and relevant. The information technology director must review this policy every two years from the date the policy becomes effective and submit any changes for approval to the Executive Staff of the Peabody Institute.
8.0 Authority
Authority for this comes from the office of the director and the Executive Staff of the Peabody Institute of The Johns Hopkins University.
Questions regarding Title VI, Title IX, and Section 504 should be referred to the Office of Institutional Equity, Garland Hall, Suite 130, 410-516-8075, 410-516-6225 (TTY), or at www.jhuaa.org.
9.0 Revision History
Initial policy approved by Director of Information Technology and SCIS on February 26th 2007. Policy reviewed and updated in June 2010.
