C08.2 Code of Conduct for Computer Use

I. Scope

This policy and code applies to all members of the RIT community, including students, faculty, staff, alumni, trustees, or those with an RIT computer account. It governs all community members’ conduct while representing RIT, using RIT resources, or connect to the university’s networks. This policy and code incorporates the RIT Compliance Program and Procedures that seek to ensure ethical, legal, and regulatory compliance available at the Office of Legal Affairs website. This policy and code should be referenced in context with the other RIT policies available online, as well as the specific policies and procedures incorporated below that already address key obligations and compliance risk areas for members of the RIT community.

RIT expects adherence to the requirements of this policy and code and these identified RIT policies at all times. The mere absence of a specific policy does not relieve any individual in the RIT community of the responsibility to apply the highest ethical standards when using RIT Information Technology Resources.

Applicable Codes and Policies
C00.0 - Compliance Policy and Code of Ethical Conduct
C03.0 - Intellectual Property
C06.0 - Prohibiting discrimination and Harassment
C07.0 - Privacy Policy
C08.1 - Information Security Policy
C11.0 - Policy on Freedom of Speech and Expression
C18.0 - Illegal Conduct
C22.0 - Records management

II. Policy Statement

The Information Technology Resources of the university are intended to support the mission of teaching, scholarly activity, and service for the university’s students, faculty and staff.  Appropriate use of Information Technology Resources by members of the university’s academic community should always reflect academic honesty and good judgment in the utilization of shared resources, and observe the ethical and legal guidelines of society. This document constitutes the university policy for the proper use of all Information Technology Resources.

RIT Information Technology Resources provide access to a wide variety of internal and external resources. This privilege of access requires individual users to act in an ethical manner and as a result imposes certain responsibilities and obligations. It is the responsibility of every user to respect the rights, privacy, and intellectual property of others, respect the integrity of the resources, and abide by all local, state, and federal laws and regulations.

This document outlines the user privileges and responsibilities as well as the guidelines and procedures for the responsible use of RIT Information Technology Resources. It is intended to allow for the proper use and management of these resources, provide protection of users’ rights, ensure reasonable access, and provide guidelines for accountability. It applies not only to RIT Information Technology Resources, but also to all computers and electronic devices attached to university Information Technology Resources in any way.

III. User Rights and Privileges

  1. Privacy - The university’s “Privacy Policy” (C7.0) recognizes that “Individual privacy and security are highly valued by our society,” but “must be balanced by the other community enumerated values and needs.” Within this understanding, the university community is assured that the privacy of such “personal property” as “written communications intended by their creator to be private including those transmitted or preserved in paper, electronic, or other media” will be protected, although it cannot be completely guaranteed. The “Privacy Policy” also recognizes that members of the RIT community have a responsibility to cooperate with authorized searches and seizures in emergencies and in circumstances of probable cause. In such instances, including those involving university computer and network use, the search and/or seizure of personal property or personal communications will be executed only on the authorization of an official identified in the “Privacy Policy.” Cooperation with the search or seizure of one’s personal property or personal communication does not of itself imply one’s own misuse or abuse of university computers or network; the search or seizure may be deemed necessary because of misuse or abuse elsewhere in the university system or in systems to which the university system is connected or affiliated. For example, scanning and pattern-matching of incoming or outgoing email may be necessary to remove computer viruses, to locate the sources of spam, or to respond to legitimate internal or external requests for investigation. In all instances of investigation into information technology use, individuals are protected to the extent possible by the provisions of the “Privacy Policy.”

  2. Freedom from Harassment - The university “Policy Prohibiting Discrimination and Harassment” (C6.0) defines “harassment” as unwelcome “conduct, communication, or physical contact” which has the effect of either “unreasonably interfering with” another’s work, activities, or participation, or of “creating an intimidating, hostile or abusive environment” for an employee or student. The university prohibits harassment in any form and will investigate any electronic communications that appear to indicate harassment. (This prohibition includes all obscene, defamatory, threatening, or otherwise harassing messages.) Correspondingly, members of the university community have an obligation to not use the university’s Information Technology Resources in such a way as to be reasonably judged to produce one or another of the above effects, whether intentionally or unintentionally. Such alleged or real misuse is covered by the provisions of this Code of Conduct as well as by the “Policy Prohibiting Discrimination and Harassment” (C6.0).

  3. Intellectual Property - The university policy on “Intellectual Property” (C3.0) deals in a detailed and exhaustive way with the rights of RIT employees as creators and owners of intellectual property. The privilege of creating and owning intellectual property as outlined in that policy is fully recognized by this Code of Conduct, However, where a violation of the “Intellectual Property Policy,” or of the intellectual property rights of creators or owners beyond the RIT campus, is alleged to have occurred through student or employee misuse of university Information Technology Resources, such alleged misuse will be investigated and, if proved, sanctioned. For example, the university’s users must not distribute copyrighted or proprietary material without written consent of the copyright holder, nor violate U.S. copyright or patent laws concerning software, documentation, or other tangible assets. Users should assume that any software or other electronic materials or media are copyright protected, unless the author(s) explicitly states otherwise.

  4. Freedom of Expression -  In general, all members of the university community-- students and employees alike--enjoy freedom of expression in the normal course of their activity. This freedom is both assured by numerous university policies and constrained by specific provisions of certain university policies, such as those noted herein (C3.0, C6.0, C7.0 and C10.0) as well as by specific provisions of this Code of Conduct. The constraints are, as in civil law, imposed only for the sake of the common good and the rights of individuals.

IV. User Responsibilities

Members of the RIT community have the responsibility to use university Information Technology Resources in ways that respect the rights of others and permit our common electronic resources to be equitably shared. Since free and civil discourse is at the heart of a university community, users should communicate in a manner that advances the cause of learning and mutual understanding.

In exchange for use of the university’s Information Technology Resources, users assume the responsibility to use resources in a responsible and professional manner. The following paragraphs highlight a non-exhaustive list of specific responsibilities. Questions about the appropriateness of any use of resources should be directed to the staff of the Division of Information and Technology Services or to the systems personnel responsible for the resource in question.

  1. Access

    1. Passwords and similar authorization information - Passwords are the primary way in which users are authenticated and authorized to use RIT Information Technology Resources. Users must not share or disclose their password(s) to any individual, including a faculty or staff member. Similarly, they must not disclose any other identifying information (e.g., PIN (personal identification numbers)) used to access specific system information. Authorized users are held accountable for violations of this Code of Conduct involving their accounts.

    2. Unauthorized use of resources – Users are prohibited from sharing accounts or network access privileges to gain access to resources to which they would otherwise be denied. Users must also not retain privileges or access to systems or information not needed in their current role within the university.

    3. Circumventing or compromising security - Users are prohibited from using any means to compromise the security of any system, internal or external to RIT Information Technology Resources. This includes non-technical activities such as misrepresenting one’s identity or impersonating another user

  2. Self-Protection - Any authorized user who connects a computer to the university network must ensure that the computer is protected against compromise from an internal or external attack. In this context, reasonable measures include the installation and maintenance of virus detection and eradication software, care in opening email message attachments, vigilance when visiting web sites and adhering to published system configuration and management standards. Authorized users are responsible for following all applicable information security standards and policies.

  3. Personal and Commercial Use - It is prohibited to use university Information Technology Resources to run a business or commercial service or to advertise for a commercial organization or endeavor. Use of RIT Information Technology Resources for any form of personal profit is strictly prohibited.

  4. Communication with Government Officials - All communications with government officials must abide by RIT guidelines for political activities as outlined in policy C10.0. Individuals wishing to address a legislative issue on behalf of the university should consult with the Office of Government and Community Relations before sending such communications using the university network.

  5. Harmful Activities - One must not use the university’s Information Technology Resources to cause harm to any individual or to harm any resources, whether internal or external to the university. Examples of harmful activities, in addition to those noted elsewhere in this Code, include (but are not limited to):

    1. Degrading performance or otherwise disabling Information Technology Resources.

    2. Destroying, altering, copying, or compromising information integrity (e.g., student records, personnel information, etc.)

    3. Email spamming.

    4. Threatening or intimidating email, postings, or other harmful forms of communication.

  6. Illegal Activities - Members must refrain from any conduct that is illegal. Illegal activities that are prohibited include (but are not limited to):

    1. Copyright infringement, including publishing copyrighted material such as papers, software, music, musical scores, movies, and artistic works. It is irrelevant whether or not any profit is made from such distribution; the mere fact of providing uncontrolled access to such material is illegal (C03.2).

    2. Divulging information that is confidential, private, or proprietary information.

    3. Misrepresentation of one’s identity to gain access to systems, software, or other services to which one does not have authorized access.

VI. Definitions

  1. Information Technology Resources: RIT-owned or leased transmission lines, networks, wireless networks, servers, exchanges, Internet connections, terminals, applications, and computers. Information owned by RIT or used by RIT under license or contract, in any form including but not limited to all types of electronic media, portable media, all electronic hardware, software, network, communications device or system and paper. Personal computers, servers, wireless networks, mobile devices, and other devices not owned by RIT but intentionally connected to RIT-owned Information Resources.

  2. User: Any individual who utilizes an Information Technology Resource.

VII. Procedures

The university reserves the right to restrict or deny access to its Information Technology Resources to those whose use of them is not consonant with the mission of the university. Users should be aware that their use of the university’s Information Technology Resources is not completely private. However, in all university operations discussed in the following paragraphs, individual rights of privacy will be preserved to the extent possible and compatible with the nature of the operation. As an institution, the university retains the following rights with respect to its Information Technology Resources:

  1. Allocation and Control of Access to Resources - Those responsible for maintaining RIT Information Technology Resources have the right to allocate resources in ways appropriate to the achievement of the university’s overall mission and objectives. They may also control access to its information and the devices on which it is stored, manipulated and transmitted in accordance with the policies of the University, the laws of the State of New York, and the United States.

  2. Usage Monitoring and Inspection of Files - While the university does not routinely monitor individual usage, the normal operation and maintenance of the university’s information technology environment require the backup and caching of data, the logging of usage data, the monitoring of usage patterns and other such activities that are necessary for maintaining network availability and performance. University system and network administrators may review this data for evidence of violation of law or policy. When necessary to ensure network availability and performance, or to respond to an alleged violation of law or policy, system and network administrators may monitor the activities and inspect the files of specific users on their computers and networks.

  3. System and Network Administration Access - Authorized RIT personnel may access others’ files for the maintenance of network computer and storage systems. Similarly, for the maintenance or security of networks, a network administrator may access others’ files and data on network devices or in transit. System Administrators are required to uphold the same confidentiality, ethics, and information integrity as all other users.

  4. Information Security Procedures - Units are responsible for complying with all university information security policy and standards, educating users of their responsibilities, and providing a reasonable level of security for sensitive information.

VIII. Reporting Violations of this code

For this Code to be effective, all members of the university community must be alert to possible violations. If a member of the community suspects that another community member is abusing his or her privileges or is engaged in activities forbidden by this policy, it is that member’s responsibility to report this to either ITS personnel or the administrative staff in charge of the affected systems. In all cases, suspected violations of this Code of Conduct should be reported to the electronic mail address abuse@rit.edu. Users should retain any other information that could be helpful for investigative purposes, such as harassing email messages and/or dates and times of unauthorized access.

  1. Investigation of Suspected Violations - Reports of suspected violations of this Code of Conduct are investigated by the designated professional staff of the Division of Information and Technology Services in consultation with the RIT Information Security Office and/or Public Safety if necessary. Confirmed violations will be brought to the attention of the violators and, where a confirmed violation is serious or persists, a restriction may be imposed, temporarily or permanently, by the university. Violators of statutory law will be referred to Public Safety.

  2. Sanctions - RIT may impose a range of penalties on users who violate the policies regarding the usage of university Information Technology Resources. For example, RIT may suspend computer and network privileges of an individual for reasons relating to the safety and well-being of other members of the campus community, or relating to the preservation and integrity of university property. Access will be restored when positive conditions can be reasonably assured, unless access is to remain suspended as a result of formal action imposed through the normal disciplinary processes of the university. Appeals will follow the relevant RIT Student Conduct Process (D18.2) or Human Resources review.

Responsible Office: Information and Technology Services. Questions regarding this policy should be directed to the help.rit.edu

Effective Date:
July 1, 2019

Policy History: 
Approved April 6, 1988
Revised April 24, 2002
Edited October 2010
Edited August to reflect change in responsible office
Interim Status – April 2019