Information Technology: Acceptable Use
The Woods Hole Oceanographic Institution (WHOI) provides electronic information resources (including, but not limited to, computers, computer accounts and services, networks, software, electronic mail services, electronic information sources, video and video services, telephone and voicemail services, Web page servers, and related services) to assist members of the WHOI community in the pursuit of research, education, and associated administration. This policy, in conjunction with other applicable WHOI policies, sets forth acceptable use of all WHOI electronic information resources owned or managed by the Institution, and describes the rights and responsibilities of the WHOI community with respect to use of these resources. This policy is applicable to any individual affiliated with the Institution, whether physically at the Institution or elsewhere, and refers to all information resources whether individually controlled or shared, stand-alone or networked, shipboard or shore-based.
It is the policy of the Institution to maintain access for its community to local, national, and international sources of information and to provide an atmosphere that encourages access to knowledge and sharing of information. In accordance with this policy, the Institution works to create an intellectual environment in which students, postdocs and staff feel free to create and to collaborate with colleagues both at WHOI and at other institutions, without fear that the products of their intellectual efforts will be violated by misrepresentation, tampering, destruction, and/or theft.
Access to the information resource infrastructure both within the Institution and beyond the campus, sharing of information, and security of the intellectual products of the community all require that each and every user accept individual responsibility for appropriate use of the resources. As members of the WHOI community, and in accordance with this policy, all users and systems administrators or service providers have the responsibility to use those services in an effective, efficient, ethical, and legal manner.
Ethical and legal standards that apply to information technology resources derive directly from standards of common sense and common courtesy that apply to the use of any shared resource. The Institution depends first upon a spirit of mutual respect and cooperation to resolve differences and ameliorate problems that arise from time to time.
Electronic information resources are intended to be used to carry out the legitimate business of the Institution. In addition, members of the WHOI community may use electronic information resources for personal purposes, as long as such use is in accordance with this policy (including the prohibition on inappropriate use) and does not otherwise interfere with the Institution's interests. Any other uses of WHOI's electronic information resources are not permitted. Therefore, WHOI employees, postdocs and students may not use electronic information resources to an extent or in a manner that may detract from their work, although occasional, incidental personal use of the resources during work hours is permitted. For example, the use of the telephone to make appointments that must be made during the workday or for checking with family members about arrival and departure times would typically be viewed as a legitimate use of Institution resources as long as such use is not frequent, prolonged or abused.
As is the case for the use of other Institution property, employees, postdocs, students, and other members of the WHOI community who use campus electronic information resources assume responsibility for their appropriate use and agree to comply with all relevant Institution policies and all applicable local, state, and federal laws. Should the Institution account or resource holder allow access to Institution electronic resources by a family member (e.g., Internet access), such use is considered to be use by the holder of the account and the account holder is responsible for any misuse of the resource and any violation of this policy. Access to the networks and to the information technology environment at the Institution is a privilege, not a right, and WHOI may revoke this privilege at any time for misuse.
member of the WHOI community who, without authorization,
accesses, uses, destroys, alters, dismantles, or disfigures
the Institution information technologies, properties,
or facilities, including those owned by third parties,
threatens the atmosphere of collegial access and sharing
of information and the security within which members
of the community may create intellectual products and
maintain records. In light of WHOI's policy in this
area, inappropriate uses of Institution resources will
be considered unethical and unacceptable conduct and
may result in disciplinary action up to and including
termination of employment or expulsion from academic
programs. In addition, suspected illegal acts involving
Institution electronic information services may be reported
to state and federal authorities and may result in prosecution
by those authorities.
Accordingly, users of Institution electronic information resources may not use these resources for inappropriate or unauthorized purposes. Although not exhaustive, some examples of inappropriate use are:
- Sending a communication or using electronic information resources, including Web pages, to discriminate or illegally harass, defame, or threaten individuals or organizations, or engaging in other illegal conduct or in conduct that violates Institution policy;
- Intentionally accessing or downloading sexually explicit material; or disseminating sexually explicit voice mail, e-mail, graphics, downloaded material or website links;
- Destruction or damage to equipment, software, or data belonging to others;
- Disruption or unauthorized monitoring of electronic communications;
- Intentional interference with the use of Institution systems;
- Violations of computer security systems;
- Unauthorized use of accounts, access codes, or identification numbers;
- Use of facilities in ways that intentionally impede the legitimate computing activities of others;
- Use of facilities for commercial purposes except as previously authorized under WHOI Conflict of Interest and Outside Professional Activity procedures;
- Use for political or lobbying activities that jeopardize the Institution's tax exempt status and therefore violate Institution policy;
- Violation of copyrights, software license agreements, patent protections and authorizations, or protections on proprietary or confidential information;
- Unauthorized use of WHOI's trademarks;
- Violations of another's privacy;
- Scientific or academic dishonesty;
- Sending chain letters or spam;
- Intrusion into computer systems to alter or destroy data or computer programs (i.e., hacking or cracking); and
- Sending communications that attempt to deceive or mislead by hiding the identity of the sender or representing the sender as someone else.
Password capabilities and other safeguards are provided to members of the WHOI community in order to protect electronic messages, data, files, and other records (including computer files and records, electronic mail, and voicemail) from unauthorized use. However, these safeguards are not intended to provide confidentiality from the Institution with respect to personal messages or files stored on Institution systems. Electronic information resources are Institution property. Employees, postdocs, students, and other members of the WHOI community should not have an expectation of privacy with respect to their use of Institution electronic information resources or data, files, or other records generated, stored, or maintained on Institution resources.
In addition, although systems administrators and service providers attempt to preserve the security of files, account numbers, authorization codes, and passwords, security can be breached through actions or causes beyond their reasonable control. Electronic resource users are urged, therefore, to safeguard their data, personal information, passwords and authorization codes, and confidential data; to take full advantage of file security mechanisms built into the computing systems; to choose passwords wisely and to change them periodically; and to follow the security policies and procedures established to control access to and use of administrative data.
All systems administrators and service providers, whether in CIS, MIS, or administering a system from within a department or at sea, have the responsibility to offer service in an efficient, reliable, and secure manner while considering the needs of the total user community. At certain times, the process of carrying out these responsibilities may require special actions or intervention by service provider staff. Therefore, systems administrators and service providers have authorization to access WHOI's electronic information resources to the extent necessary to perform their functions and only for the purpose of performing those functions. In all other respects, service staffs have no special rights above and beyond those of other users; they are required to follow the same policies and conditions of use that other users must follow. Persons in positions of trust are not permitted to misuse computing resources or data or take advantage of their positions to access information not required in the performance of their duties.
The Institution may routinely examine network transmission patterns such as source/destination, address/port, flags, packet size, and packet rate and apply automatic pattern recognition filters to the content of messages for the purposes of detecting spam, viruses, and known modes of intrusion attempts.
Employees, postdocs, students, and other members of the WHOI community should understand that it is technologically possible to access, reconstruct, or retrieve electronic messages, data, files, and other records generated, stored, or maintained on Institution electronic information systems even after they have been deleted. While the Institution will not, as a routine matter, review the content of electronic messages or other data, files, or records generated, stored, or maintained on Institution electronic information systems, WHOI retains the right, at its discretion, to inspect, review, or retain the content of electronic messages and other data, files, or records generated, stored, or maintained by employees, postdocs, students, or other members of the WHOI community at any time without prior notification, for legitimate Institution reasons. Requests for access to an individual's data, files, or other digitally-stored information, without the individual's permission, however, may only be granted by the President and Director (or designee) or by the Vice President responsible for the individuals whose records need to be accessed. Legitimate reasons for access include, but are not limited to:
- Responding to lawful subpoenas or court orders,
- Investigating allegations of misconduct and/or harassment,
- Determining compliance with Institution policies, and
- Locating electronic messages, data, files, or other records.
Any questions concerning the appropriate use of any of the Institution's electronic information resources or relevant Institution policies should be directed to the Computer and Information Systems Director, the Management Information Systems Manager, the Human Resources Manager, the Associate Dean, or the Information Technology Advisory Committee. Reports about violations of these guidelines should be directed to the appropriate Vice President for the system involved.