contact: BETSY@KSUVM "Betsy Edwards" Ethical use of computing services at Kansas State University (This policy statement is published by Computing and Telecommunications Activities, Cardwell 20, Kansas State University, Manhattan, Kansas 66506. It is available in brochure form in the CTA Information Center in Cardwell 23. Last publishing date: in the October 1988 issue of the CTA Newsletter. Contact person: Betsy Edwards, Bitnet BETSY@KSUVM.) The intent of computing at Kansas State University is to promote administrative, educational, and research efforts. Preventing access to computing resources with sophisticated security measures is counterproductive since it reduces the capability of the system for responsible users. Thus, an ethical computing attitude is promoted among the user community. Users are expected to follow normal standards of ethics and polite conduct in their use of the computing resources. Responsible user behavior includes consideration for other users, as well as efficient use of the computing resources. It is expected that users will behave responsibly, ethically, and politely even in the absence of reminders or enforcement. Computing account numbers and other data required for access to computing services are to be used for the purposes of accurate accountability, are non-transferable, and are to be used only for the projects listed in the application for such services. User responsibility is the only ultimate safeguard against misuse. However, when misuse is discovered, punitive measures will be taken against the misusers. We feel that if these measures are well publicized, the users will be careful to use the computer for valid purposes only. ------------------------------------------------------- | Computer Crime and Unlawful Computer Access | ------------------------------------------------------- According to Section 21-3755 of the Kansas Criminal Code, which went into effect July 1, 1985, computer crime is: (a) Willfully and without authorization gaining or attempting to gain access to and damaging, modifying, altering, destroying, copying, disclosing, or taking possession of a computer, computer system, computer network, or any other property; (b) using a computer, computer system, computer network, or any other property for the purpose of devising or executing a scheme or artifice with the intent to defraud or for the purpose of obtaining money, property, services, or any other thing of value by means of false or fraudulent pretense or representation; or (c) willfully exceeding the limits of authorization and damaging, modifying, altering, destroying, copying, disclosing, or taking possession of a computer, computer system, computer network, or any other property. Unlawful computer access is willfully, fraudulently and without authorization gaining or attempting to gain access to any computer, computer system, computer network or to any computer software, program, documentation, data, or property contained in any computer, computer system, or computer network. Penalties --------- Under Kansas law, computer crime which causes a loss of less than $150 is a class A misdemeanor and is subject to a fine up to $2,500 and up to one year imprisonment. Computer crime which causes a loss of $150 or more is a class E felony and carries a minimum sentence of one year imprisonment, with a maximum of two to five years, and a fine not to exceed $10,000. Under Kansas law, unlawful computer access is considered a class A misdemeanor and subject to a maximum of one year imprisonment and a fine up to $2,500. ------------------------------------------------------- | Computer Misuse | ------------------------------------------------------- In the following paragraphs, we define four types of computer misuse, along with additional University punitive measures. Unauthorized Computing ---------------------- This is computing that is unrelated to the stated purpose for use of a university computer system. The stated purpose is determined by the head of the administrative unit (such as an academic department) in charge of the computing resource. Examples of this type of misuse are computer games (when not a part of the class), personal use, and reports and papers which are not specifically designated for preparation on the computer. The penalty for unauthorized computing is loss of access to the computer resource and repayment of the funds expended in unauthorized usage. Unauthorized Access ------------------- This type of access is enumerated in three categories: The first category is defined to include access by a user to an account or file of another user for the purposes of copying the contents and representing it as his or her own work. This is to be interpreted as plagiarism and is therefore subject to Kansas State University's Academic Ethics, Behavior, and Grievance Procedures. Examples of this include copying programs and reports and representing them as one's own work. In this situation, departmentally defined procedures will be followed and repayment of the unauthorized funds is required. The second category is access to another user's account for the purpose of avoiding use of one's own funds. This is considered theft and is prosecutable as such under Kansas law. The third category is access to another user's account and/or files or electronic mail for the purpose of invading an individual's privacy. This is considered breach of privacy and is prosecutable under Kansas law. Unauthorized Copying of Software -------------------------------- Since there is a substantial increase in the use of personal computers on campus, there is great danger that the University could be held liable for copying of software which is protected by license, particularly if it is subsequently sold or given away. Any unauthorized copying of licensed software is therefore considered as theft from the University and a violation of the copyright laws. Harassment Using a Computer --------------------------- The use of computer messages, electronic mail, or other mechanisms for the purpose of harassing other users is to be considered misuse of the computer. The punitive measure is loss of access to the computer resource. ========================================================================