IT Acceptable Use Policy
Acceptable Use of Information Technology Resources
Use of the Peabody Institute of The Johns Hopkins University (JHU/Peabody) information technology (IT) resources is a privilege that is extended to users for the purpose of accomplishing the school’s mission. This privilege comes with the responsibility of using IT resources in a manner consistent with the values and culture of JHU/Peabody, and in accordance with the Johns Hopkins University IT Policy, (HR Policy Manual/Appendix/Use of IT Policies). The purpose of this policy is to govern the use of JHU/Peabody IT resources as they apply to promoting a positive image of the school, creating a productive work place, and protecting JHU/Peabody and its employees from disruptive or illegal activates. This policy is available for review at www.peabody.jhu.edu/it/policies.
2.0 Scope - Policy Statement on Acceptable Use
This policy applies to all users of the JHU/Peabody IT resources. Users include, but are not limited to, faculty, visiting faculty, staff, students, vendors, and consultants. IT resources are the devices, infrastructure, applications, and data, including resources designated for the use of a single individual that comprise the JHU/Peabody computer network and are the sole property of JHU/Peabody.
Furthermore, JHU/Peabody owns all network traffic that traverses its infrastructure (though not necessarily the content of that traffic), regardless of the source of the traffic.
Acceptable use of IT Resources is use that is consistent with Johns Hopkins missions of education, research, service, and patient care, and is legal, ethical and honest. Acceptable use must respect intellectual property, ownership of data, system security mechanisms and an individual’s right to privacy and freedom from intimidation, harassment, and annoyance. Further, it must show consideration in the consumption and utilization of IT Resource and it must not jeopardize Johns Hopkins not for profit status. Incidental personal use of IT Resources is permitted if consistent with JHU and Peabody policy, and if such use is reasonable, not excessive, and does not impair work performance or productivity.
JHU/Peabody IT resources are acquired and implemented by JHU/Peabody to assist users in the performance of their jobs. Users should not have an expectation of privacy in anything they create, store, send, or receive using those resources. Email and user accounts and their contents are generally considered private, but neither policy nor technology is able to guarantee privacy. Files stored on JHU/Peabody IT resources are presumed to be the property of JHU/Peabody, and there can be no expectation of privacy concerning such files stored on or transmitted across JHU/Peabody IT resources.
Using JHU/Peabody resources to transmit, view, or download sexually explicit content except as may be necessary and appropriate for legitimate medical, scholarly, or forensic purposes, is strictly prohibited.
If employees are found in violation of these policies they will be subject to the progressive disciplinary process up to and including termination if warranted.
The topics covered by this policy involve a wide variety of issues. They can be roughly summarized by three guiding principles:
- Do nothing illegal
- Do nothing to violate JHU Policy
- Do nothing to harm JHU/Peabody
- Respect your coworkers, colleagues, and members of the JHU/Peabody Community
4.0 Policy Statement - Use of IT Resources against Policy
4.1 Illegal Activity
JHU/Peabody IT resources may not be used for any illegal activity as defined by local, state, federal, or international law. All legal questions should be directed to the Johns Hopkins University Office of General Counsel. Examples of illegal activity include, but are not limited to the following:
1) Posting or disseminating material that is unlawful, such as child pornography
2) Pyramid or other illegal soliciting schemes
3) Fraudulent activities, including impersonating any person or entity or forging anyone else’s digital signature
4) Harassment or threats of any kind. Examples include but are not limited to:
a) Distribution of offensive material
b) Repeated unwelcome contact
c) Words, phrases, or statements that would create a hostile work environment. This includes, but is not limited to, racially, ethnically, or sexually offensive language. This would also include posts made to third party social media sites such as Facebook and Twitter.
5) Unauthorized accessing of or prevention of authorized accessing of systems outside the JHU/Peabody domain. This includes, but is not limited to:
a) Accessing data not intended for you
b) Logging into or making use of a server or account you are not expressly authorized to access
c) Probing the resources or security of other networks
d) Denial of service (DoS, DDoS, etc.) attacks
6) Any use of materials in violation of intellectual property laws such as copyright laws or of vendor licensing agreements. JHU/Peabody complies fully with all local, state, and federal intellectual property laws, including the Digital Millennium Copyright Act. All legal questions should be directed to the JHU Office of General Counsel, Main Office, 3400 N. Charles Street, Garland Hall 113, Baltimore, MD 21218-2688. 410-516-8128. Fax: 410-516-5448
4.2 Activity Harmful to or Contrary to the Values of JHU/Peabody and against Policy
JHU/Peabody IT resources may not be used for activities that would be harmful to the legal status or reputation of JHU/Peabody. User may not participate in activities that prevent the use or unduly degrade the performance of the University or Peabody IT resources. Examples of these activities include, but are not limited to, the following:
1) Use inconsistent with non-profit status of JHU/Peabody
a) Johns Hopkins University (JHU) is a non-profit, tax-exempt organization and, as such, is subject to specific federal, state, and local laws regarding sources of income, political activities, use of property, and similar matters.
b) Commercial use of IT resources for non-JHU/Peabody business purposes is prohibited. Communication and exchange of data that may have an incidental commercial benefit to an external organization are permitted, so long as it furthers the JHU/Peabody mission.
2) Participation in activities that cause excessive strain on or interfere with the use of JHU/Peabody IT resources. Examples include, but are not limited to:
a) Distributing unsolicited bulk email
b) Transferring multiple or very large files
c) Performing network scanning
d) Attaching to external sites for the purpose of accessing non-JHU/Peabody work related video and audio streams, including Netflix, Hulu, and other entertainment sites.
3) Intentionally distributing, using or allowing propagation of any malicious software. Malicious software are programs or scripts that seeks to damage, propagate, deny use, allow unauthorized access or transmit unauthorized data to or from any JHU/Peabody IT resource.
a) Examples of malicious software include but are not limited to:
i) Viruses or worms
ii) Rootkits, backdoors, or Trojans
iii) DoS (Denial of Service)
iv) Programs or scripts that cause buffer overflow
v) Password guessing/cracking programs
b) NOTE: Peabody IT users engaged in JHU/Peabody-sanctioned malicious software research must take appropriate precautions to isolate the research systems from general JHU/Peabody IT resources to prevent accidental distribution or data release.
4) Personal use that has an undue impact on the operation of JHU/Peabody IT resources. IT resources and equipment are provided for the legitimate work purposes of employees, and are the property of Peabody. Occasional, limited, personal use of the JHU/Peabody IT resources is permitted if it meets the following criteria:
a) The use does not adversely affect JHU/Peabody IT resources
b) The use does not violate any other provision of this policy or any other policy, guideline, or standard of Peabody
c) The use does not violate any applicable local, state, or federal laws
d) NOTE: At all times, users have the responsibility to use the JHU/Peabody IT resources in a respectful, professional, ethical, and lawful manner.
e) Using JHU/Peabody IT resources to send, store or display material that is sexually explicit, intimidating, defamatory, discourteous, offensive or otherwise inappropriate is against policy and prohibited.
5) Using JHU/Peabody resources to transmit, view, or download sexually explicit content except as may be necessary and appropriate for legitimate medical, scholarly, or forensic purposes, is strictly prohibited. If there is a legitimate need to access such material using JHU/Peabody IT resources, disclosure of the need and the type of material to be accessed shall first be made to the user’s supervisor. If access has been blocked the user’s supervisor will contact Information Systems and request that access be given. Legitimate users of such material must take reasonable precautions to prevent the exposure of this content to others
6) Broadcasting information or messages. This includes, but is not limited to, sending mass email, and broadcasting instant messenger messages. Legitimate mass-mailings should use one of the listserv addresses and be sent only by authorized users.
Examples of activities that do not reflect the institutions values include but are not limited to:
1) Attempting to access a JHU/Peabody IT resource for which a user is not authorized. Availability of a resource does not imply authorization. Simply because a particular resource has open access does not mean everyone who has access is authorized to use the resource. Examples of attempted access include but are not limited to:
a) Trying different user names and passwords at login screens
b) Exploring open file shares
c) Using a workstation logged-in under another users account
2) Attempting to conceal your identity, masquerading, or impersonating another user or adopting a false identity when using any JHU/Peabody IT resource.
3) Selling or proselytizing for commercial ventures, religious causes, or political campaigns, outside organizations, or other non-JHU/Peabody related activities. Examples of where this activity is prohibited include but are not limited to:
a) Unsolicited email
b) Email signature files such as ones that include quotations
c) Computer screen savers and desktop backgrounds
4) Using JHU/Peabody IT resources to solicit funds or donations beyond University or Institute sponsored campaigns for any organization without prior approval from either the recipient or the director or appropriate dean to review and approve solicitations. This includes, but is not limited to:
a) Commercial and non-commercial ventures
b) Churches or religious activities
c) Political campaigns or causes
d) All forms of Internet and intranet communications are covered by this prohibition. The forms of communications include but are not limited to:
i) Email, especially unsolicited mail without the recipients’ prior approval
ii) Chat or instant messaging (IM)
iii) IP telephony, including but not limited to programs such as Skype
5) Using JHU/Peabody IT resources to send, store or display material that is sexually explicit, intimidating, defamatory, discourteous, offensive or otherwise inappropriate
6) Using JHU/Peabody resources to transmit, view, or download sexually explicit content except as may be necessary and appropriate for legitimate medical, scholarly, or forensic purposes. If there is a legitimate need to access such material using JHU/Peabody IT resources, disclosure of the need and the type of material to be accessed shall first be made to the user’s supervisor. If access has been blocked the user’s supervisor will contact Information Systems and request that access be given. Legitimate users of such material must take reasonable precautions to prevent the exposure of this content to others.
NOTE: Copyright infringement is the act of exercising, without permission or legal authority, one or more of the exclusive rights granted to the copyright owner under section 106 of the Copyright Act (Title 17 of the United States Code). These rights include the right to reproduce or distribute a copyrighted work.
- In the file-sharing context, downloading or uploading substantial parts of a copyrighted work without authority constitutes an infringement.
- Penalties for copyright infringement include civil and criminal penalties. In general, anyone found liable for civil copyright infringement may be ordered to pay either actual damages or "statutory" damages affixed at not less than $750 and not more than $30,000 per work infringed. For "willful" infringement, a court may award up to $150,000 per work infringed. A court can, in its discretion, also assess costs and attorneys' fees. For details, see Title 17, United States Code, Sections 504, 505. Willful copyright infringement can also result in criminal penalties, including imprisonment of up to five years and fines of up to $250,000 per offense.
- Further, individuals who have been found to infringe copyrighted materials on the JHU/Peabody network are subject to disciplinary proceedings under the Acceptable Use of IT Resources policy, faculty manual, Student Conduct Code, and staff manual in addition to civil and criminal penalties. The failure to enforce this policy, for whatever reason, shall not be construed as a waiver of any right to do so at any time.
For safety and/or legal purposes, or as needed to maintain or protect its facilities, Peabody reserves the right to copy, examine, and disclose all email messages and files stored on any institution-owned media or equipment or transmitted across or through Peabody network facilities.
JHU/Peabody reserves the right to refuse to post or to remove any electronic information or materials that it deems, at its sole discretion, to be offensive, indecent, fraudulent, or otherwise inappropriate regardless of whether such material or its dissemination is lawful.
All network traffic, regardless of the source, will be monitored as necessary. Reasons for monitoring include but are not limited to the following:
- Maintaining the integrity and performance of Peabody IT resources
- Enforcement of Peabody policy
- Compliance with local, state and federal law or their agents
The Peabody Institute of The Johns Hopkins University has no obligation to monitor the network for violations of acceptable use. An absence of monitoring in no way limits the right to monitor all network traffic.
The information technology director is responsible for ensuring adequate monitoring technology is in place wherever possible to enforce specific provisions in this policy. In many cases, however, Peabody must rely on a concerned and alert user community to report violations. The Information technology director reviews email sent to firstname.lastname@example.org for reports on violation of the Acceptable Use Policy. Reports are forwarded to the Department of Human Resources, to the Dean of the Institute, and the respective dean in whose department the alleged violation occurred. This dean is responsible for determining the appropriate enforcement organizations to which violations will be reported. Employees found to be in violation of these policies will be subject to the disciplinary process up to and including termination if warranted.
This policy is effective January 1, 2007.
7.0 Responsibility for Policy Maintenance
It is the responsibility of the information technology director to ensure that this policy is current and relevant. The information technology director must review this policy every two years from the date the policy becomes effective, in partnership with the JHU HR Policy Committee and the JHU IT Use Committee, and submit any changes for approval to the Executive Staff of the Peabody Institute of the Johns Hopkins University.
Authority for this comes from the Office of the Dean and the Executive Staff of the Peabody Institute of The Johns Hopkins University.
Questions regarding Title VI, Title IX, and Section 504 should be referred to the Office of Institutional Equity, Garland Hall, Suite 130, 410-516-8075, 410-516-6225 (TTY), or at www.jhuaa.org.
9.0 Revision History
Initial policy approved by Director of Information Technology and Steering Committee for Information Services (SCIS) on February 26th 2007. Policy reviewed and updated in June 2010. Policy reviewed and updated in February 2014
Reviewed and Revised March 2015