Examples of Violations of Willamette University’s Responsible Use Policy

February 23, 2009, Ver. 1.2

The following provides some detail about some violations about which WITS frequently gets questions.

Sharing Network Account usernames and passwords (unauthorized use)

Your Network Account and Password are provided only for your use.  Network Accounts give you access to a wide range of services that are restricted for use by you personally. Examples are your e-mail account, your H: drive, online timecards, your Fusser’s information, and registration). Your Network Account also gives you access to services that are restricted for use by members of the Willamette community.  Examples here include e-mail, your network storage, library services and WISE.  If you share your Network Account with friends, roommates or family members, you are giving them access to all of your personal information as well as to services they are not authorized to use.  They also have the opportunity to send embarrassing e-mail messages in your name, modify your web page, post a tasteless comment on a course blog, or worse.

Do not share your password with anyone.  If you suspect that someone may have discovered your password, change it immediately.

Do not use anyone else’s account and password.  Using someone else’s account and password to access services or data is a violation of policy, regardless of how the password was obtained.

Harassment

Electronic communication that is repeated and unwanted may constitute harassment.  In general, communication targeted to specific individuals with the intent to harass or threaten is a violation of Willamette policy.  If you receive unwanted e-mail or other forms of communication, you may want to consider notifying the sender that it is unwanted.  The sender may not realize that the communication is unwanted unless you tell the person.  If the sender continues to communicate after being placed on notice, or if you feel uncomfortable confronting the sender, the incident should be reported to Judicial Board.  You should also contact Campus Safety if you feel the situation is potentially serious and requires immediate attention.

You should always save electronic copies of anything that might be used as evidence.

Interfering with activities of others

This can be any activity that disrupts a system and interferes with other people’s ability to use that system.  In some cases, consuming more than your “fair” share of resources can constitute interference.  Some examples are:

  • e-mail bombing that causes a disk to fill up, the network to bog down, or an e-mail application to crash;
  • running a peer-to-peer file-sharing application in such a way that it slows down the network by consuming excessive bandwidth;
  • allowing an internet television application run continually so  your computer consumes excessive bandwidth

Unauthorized access

Legitimate use of Willamette’s Computer Network does not extend to whatever an individual is capable of doing.  In some cases, operating systems have security holes or other loopholes that people can use to gain access to the system or to the data residing on the system.  Exploiting such holes is considered unauthorized access even if no damage is done to the system.  If someone inadvertently turns on file sharing on a personal computer, you do not have the right to read or delete files unless you have been given explicit permission from the owner.  This is much like accidentally leaving the door to your house unlocked.  You wouldn’t expect a burglar to use that as an excuse for robbing you.

Abiding by applicable contracts and licenses

The Library purchases licenses that allow authorized Willamette users to access the contents of electronic journals and databases.  When you share your network account with someone who then accesses or downloads this content, we are in violation of our contract and run the risk of having Willamette University access to this scholarly content revoked.  Downloading multiple issues of a journal or systematically downloading sections of a database is not allowed and will lead to suspension of access when detected by a content provider.  Posting licensed content on a personal website without authorization and outside the boundaries of fair use is another example of a contract violation.

Forgery

Altering electronic communications to hide your identity or impersonate another person constitutes forgery.  All e-mail messages, blog posts, or any other form of communications using University systems should contain your name and/or your network account username.  Forgery includes using another person’s identity or using a fake identity.  Forgeries intended to as pranks or jokes are still considered violations.

Tapping phone or network transmissions

Running a network “sniffer” program to examine or collect data from the network, including wireless networks, is considering tapping a network.  Unauthorized use of such programs is a violation of policy.

Commercial use of university resources

Using e-mail to solicit sales or conduct business or setting up web pages to advertise or sell a service constitute commercial use.  Even if you use your own personal computer, but you use the University’s network – from a residence hall, library wireless connection, office, or remote access from home – you are in violation of the policy.

Hoaxes, Phishing and Chain E-mail

Starting or participating in the propagation of e-mail hoaxes, phishing scams or chain e-mail is a violation of Willamette policy.

E-mail hoaxes of various sorts have become widespread on the Internet. Some are virus warnings like "Good Times", "PenPal", and "Irina".  Others may offer business opportunities that sound too good to be true (they are), free government grants, or assistance in getting a scholarship.  Still others such as the "Naughty Robot" claims to have all your credit card numbers. Most hoaxes start out as pranks, but often live on for years, getting passed around by new people who have just joined the Internet community. Don't believe every warning you get via e-mail.  Most are hoaxes.

You should not pass these warnings on unless you verify the authenticity.  If you have a question about a message you received, you should contact the WITS Help Desk or check out one of the many sites on the Internet that track hoaxes:

A common and particular vicious type of scam is the “phishing” attack in which the sender is trying to get you to reply to the message with personal information, such as your username and password, a bank account or credit card number, or possibly even your social security number.  Some of these messages are dressed up to look like they are coming from a legitimate source.  However, when you put your mouse over the link on which you are being asked to click, look in the lower left hand corner of your browser to view the full address of the link.  Often it will have internet address numbers in it, e.g. 192.208.319.56 or it will simply not look like the address of a real company, e.g. www.junkhost.ru/bank_of_america.  Never click on these links.

Chain e-mail often contains phrases like "pass this on", "forward - do not delete", "don't break the chain", "this is safe, don't worry", "let's see how long this takes to get back to the start", "this has been around the world 20 times", "7 years of good luck!", "I don't wanna die", "your mom would want you to do this", etc.  Typically there is some story about how lucky a person has been since they forwarded the chain e-mail or how unlucky they were because they didn't. Sometimes chain e-mail is disguised - it tells of some kid who is dying and wants post cards, or it warns about e-mail viruses or internet shutdowns.  Another class of messages contains hoaxes of various sorts.  They tell you to forward the “warning” to everyone you know.  The message may claim to inform you of the “worst internet virus ever” or that a huge number of credit card numbers have fallen into the wrong hands.  Be skeptical!  All these are examples of chain mail designed to get you to forward it.   Do the right thing and break the chain.

If you get chain e-mail from someone with a Willamette e-mail address, you can report it to the WITS Help Desk. You will need to send a copy of the chain e-mail to be included in the report.   In most cases, a first offense results in a warning. Subsequent offenses result in a referral to the Judicial Board for disciplinary action. If you get chain e-mail from someone not affiliated with Willamette, be extremely cautious about choosing to reply to the sender no matter how displeased you may be about receiving the message.  You may simply be confirming that someone is paying attention to the e-mail arriving at your address, thereby making it more valuable to spammers.    Almost always, the best course of action is simply to delete the message.