Administrative Procedure 5221  Electronic Technology Usage

Board Policy 5220 Electronic Technology Usage
Adoption History:  4/15/08; revised 2/16/10
Reference:   Idaho Public Act - Idaho Code Sections 9-337 through 9-350;
Filesharing Policy and http://www.ag.idaho.gov/publications/legalManuals/PublicRecordsLaw.pdf

The College provides faculty, staff, and students with access to a wide variety of Electronic Technology Resources (“ETR”).  The ETR are valuable tools provided for the limited purposes of advancing, enhancing and promoting College business and educational opportunities made available by the College.  The purpose of this policy is to ensure compliance with applicable statutes, regulations and mandates relating to the use of electronic technology made available by the College and to establish acceptable practices and responsibilities associated with the use of ETR’s. 

As a condition of their use, ETR Users are required to limit their use of ETR’s as expressly provided herein.  This policy shall be the exclusive authority on the use of the College ETR’s, and no other practice, policy or custom, whether formal or informal, consistent or conflicting, shall be valid or enforceable.  Exceptions to this policy are only allowed when pre-approved in writing by the Department Chair or Director with the advice and consent of the Director of Information Technologies, or his/her designee, when deemed necessary for official College business, research, or academic work.

Definitions

As used in this policy, the terms herein shall have the following meaning:

  • Electronic Technology Resource (“ETR”):  Any and all computer printouts, online display devices, magnetic storage media, all computer-related activities involving any device capable of receiving, storing, managing, or transmitting electronic data including, but not limited to, mainframes, servers, supercomputers, personal computers, notebook computers, hand-held computers, personal digital assistants (PDA), pagers, cell phones, electronic book devices (e-book readers), distributed processing systems, telecommunication resources, network environments, telephones, fax machines, printers, scanners, and service bureaus, and all technology hardware, software systems, information systems and data.  ETR’s include any activity relating to the Internet, Social Media, text messaging, instant messaging, and pinging. 
  • User:    An individual, automated application or process that accesses or otherwise utilizes the College’s ETR’s.

Ownership

Electronic files created, sent, received, or stored on computers owned, leased, administered, or otherwise under the custody and control of the College are the sole and exclusive property of the College; they are not the private property of any User.  Provided, however, that there shall be a rebuttable presumption that works that an individual creates on ETR’s for academic or research-related purposes are the intellectual property of that person.  Notwithstanding such presumption, all such works are nevertheless subject to the College’s rights as provided in the privacy provisions of this policy.

Privacy

Electronic files created, sent, received, or stored on ETR’s owned, leased, administered or otherwise under the custody and control of the College are not private and may be accessed by the College’s information technology employees, other authorized agents or law enforcement personnel at any time for any reason without the knowledge, consent, or authorization of the User. 

Users are hereby put on notice that the College may track ETR usage at any time for any reason.  All College-owned applications, including Blackboard, are filtered, monitored and logged for, among other things, content, sites visited, patterns of activity, routing information, and duration of use.  Accordingly, no User has (or should expect to have) any right of privacy or confidentiality with respect to the use of the College’s ETR’s.  Whether for the purposes of managing those resources and traffic flow, assuring system security, verifying and ensuring compliance of all persons with College policies or applicable law, or for any other reason, the College expressly reserves the right (from time-to-time or at any time) to intercept, divert, discard, access or review any Internet connection, other electronic communications or file, or any contents of such  communication, or any other information created on, transmitted over or stored on College ETR’s, whether incoming or outbound, and whether at the time of transit or thereafter. 

The College also reserves the right to disclose to other persons or otherwise use the contents of any Internet communication or any other electronic communications or file for any of the foregoing purposes, as well as for the purposes of complying with or assisting law enforcement officials or legal authorities who may, by subpoena, search warrant or otherwise, seek review of communications, or for the purposes of litigation or other legal proceedings. 

Idaho Public Records Act

As a political subdivision of the state of Idaho, the College is subject to the Idaho Public Records Act. 

Except as specifically provided in the Idaho Public Records Act, Idaho Code expressly denies to College employees any expectation of privacy in their use of the College’s ETR’s.  Users should be aware that their use of ETR’s is subject to the public’s right to inspect and copy records, as that term is defined by Idaho law, created, sent, received, or stored on College ETR’s.

Standards of Conduct

Users shall, as an express condition of their use, abide by the following standards of conduct with respect to the use of College ETR’s:

  • College ETR’s shall be used only for authorized uses, which are limited to educational-related coursework, academic research, and work-related departmental activities.
  • Users shall protect individual user identifications and systems from unauthorized uses.  Users are responsible for all activities conducted on ETR’s utilizing their individual identification or originating from their assigned computing device(s).
  • Users may not log into or use another person’s account, computing device(s), user identification, password, files or data without authorization.  Logins and passwords must be kept secure and Users must immediately report any loss or theft of a password or username to the College.
  • Users shall not use ETR’s to violate the laws or regulations of the United States or any other nation, or the laws or regulations of any state, city, province, or other local jurisdiction in any way.  Use of any ETR for illegal activity is grounds for immediate dismissal and the College will cooperate with any legitimate law enforcement activity.
  • Users shall not send, submit, publish, display, or knowingly access any material that is, or may reasonably construed to be, defamatory, inaccurate, abusive, rude, obscene, profane, pornographic, sexually oriented, threatening, harassing, racially offensive, illegal or that encourages the use, possession, or distribution of controlled or illegal substances, or is otherwise not consistent with the policies, purposes and objectives of the College.
  • Users shall only access information that is their own, that is publicly available, or to which you have been given authorized access.
  • Users shall only use College approved copyrighted software installed by designated College personnel and in compliance with vendor license requirements.  Peripheral devices must be approved and installed by designated College personnel.
  • Users shall not engage in any activity that might be harmful to ETR’s or to any information or file stored thereon, such as creating or propagating viruses, worms, Trojan horses, trap-door program codes; disrupting services; or damaging equipment.
  • Users shall not use programs to decode passwords or otherwise gain unauthorized access to control of information.
  • Users shall not attempt to circumvent or subvert any security measure.
  • Users shall not connect to or use unauthorized or personal equipment on the College of Western Idaho networks.
  • All files downloaded from the Internet must be scanned for viruses using the College’s approved distributed software suite and current virus detection software.
  • Users shall not use ETR’s for commercial, religious, or political purposes, including, but not limited to, using electronic mail to circulate advertising for products or for political candidates and/or issues. 
  • Users shall not make or use illegal copies of copyrighted software, store such copies on ETR’s, or transmit them over ETR’s.
  • Users shall not use electronic mail, messaging services, or other electronic communication method to harass or intimidate another person, broadcast unsolicited messages by using someone else’s name or user identification. 
  • Users shall be considerate in the use of shared resources and shall not monopolize systems, overload networks, degrade services, waste computer resources by intentionally placing a program in an endless loop, printing excessive amounts of paper, or sending chain letters.
  • Users shall not play games using ETR’s unless for instructional purposes or specifically assigned by a supervisor.
  • Incidental or personal use of ETR’s must not interfere with the normal performance of an employee’s work duties.

Enforcement and Reporting

The Director of Information Technologies, or his designee, is designated with the responsibility for enforcement of this policy.  All Users of ETR’s are required to report any violations of this policy to the Executive Director of Information Technologies, or his designee.

Limitation of Liability

The College makes no warranties of any kind, either expressed or implied, that the functions of the ETR’s will be error-free or without defect.  The College will not be responsible for any damage Users may suffer, including, but not limited to, loss of data or interruptions of service.  The College is not responsible for the accuracy or the quality of the information obtained through or stored on the system.  The College will not be responsible for the financial obligations arising though the unauthorized use of ETR’s.

Violation of Policy

Any violation of this policy is unacceptable and may result in disciplinary action up to and including termination of employment and/or suspension or expulsion in the case of a student.  Additionally, Users are subject to loss of ETR access privileges, civil, and criminal prosecution. 

Peer 2 Peer (P2P) File Sharing

The abuse of network resources to illegally obtain and distribute media or software, through peer to peer networks (P2P), Usenet, or direct download, is a problem for many institutions of higher education.  While College of Western Idaho (CWI) recognizes there are legitimate uses for the previously mentioned applications, the College also understands that significant risks are implicit in the use of such applications.

The Higher Education Opportunities Act of 2008 (HEOA) [34 CFR Section 668] specifically requires colleges & universities to take steps to mitigate illegal downloads and P2P abuse.  CWI does not seek to ban any method for distributing or acquiring digital media, and will continue to support academic freedom and any technologies that can be used to foster collaboration.  However, CWI must protect its assets and reputation, as well as comply with federal regulations.

Prohibited Activity:

This policy strictly prohibits, by any method, the distribution, downloading, uploading, or sharing of any material, software, data, document, sound, picture, or any other file that is:

  • Specified as illegal by any federal or state law, statute, proclamation, order, or decree.
  • Copyrightable subject matter and which is not authorized for distribution through these means by the copyright owner.
  • Considered to be proprietary, privileged, private, or otherwise vital to the operation of the college.  This includes, but is not limited to, personnel, student, financial or strategic records and documents, or any material governed by federal and state regulations.
  • Any virus or malicious software.

Note that any content not authored by the User may be copyrightable subject matter, the copyright in and to which may be owned by a third-party author and the use of which without the author’s permission may subject the User and CWI to claims of copyright infringement.  The presence or absence of a “©” or other indicia of a copyright claim is NOT evidence of an absence of a claim of copyright in the subject work. Users of CWI resources may not attempt to circumvent, bypass, defeat, or disrupt any device, method, or technology implemented by the college for the purpose of P2P mitigation.  Additionally, the use of encrypted P2P application software is prohibited on CWI’s network infrastructure.

Examples of prohibited activity:

  • Use of a BitTorrent client to download a popular movie currently running in theaters.
  • Downloading a 'cracked' copy of a commercial software title, so that it may be used without the purchase of a valid license.
  • Downloading a copy of a textbook for a class so that it may be used without purchasing it.

This list is illustrative only and there are many other examples of potential misuse of CWI resources to violate the law, this policy or both. Contact the CWI Help Desk if you have questions about a particular use of CWI resources.

Responsibility:

All individual persons or groups utilizing CWI networks, including, but not limited to, CWI employees, students, guests, external business entities, and non-profit entities, shall bear legal and financial responsibility for events or consequences resulting from their own use of CWI network resources.

Individual departments, administrative areas, and other entities must respond in a timely and efficient manner to all inquiries that arise in regard to this policy.

P2P Monitoring and Mitigation:

CWI has implemented technology designed to mitigate illegal Peer to Peer (P2P) activity.  The technology attempts to:

  • Allow legal P2P traffic. 
  • Detect and block P2P traffic containing copyrighted material.
  • Detect and block P2P traffic containing suspected copyrighted material.
  • Engage in a process known as "Graduated Response." Graduated Response is detailed later in this policy.

CWI will not release any information collected by the appliance to any entity external to the College unless compelled or obligated by law or court order, subpoena, warrant, or writ; with the exception of the device manufacturer, which will receive data exclusively in aggregate format, with no personally identifying information, for purposes of internal statistical analysis.

Graduated Response:

An automated process, known as "Graduated Response", has been implemented to modify the behavior of CWI network users who abuse P2P.

Using CWI network usernames as an identifier, the CSA detects P2P activity from a host, identifies the content, and assigns a point value to the student, staff, or faculty member based on the copyright status of the content being uploaded or downloaded.  Downloading legal content over P2P will not incur points toward Graduated Response status.  When a threshold of points accrued from illicit activity is exceeded for a specific CWI network username, that user becomes "sanctioned."

Sanctioned users will have all internet web traffic redirected to a website explaining why the user was sanctioned, information about copyright, the P2P policy, and the Acceptable Use policy.  

Sanctioned users will still be able to access internal resources such as Blackboard and the Student Portal.

Sanctioned users must accept the College policies by clicking “I will comply” on the copyright violation website.  Acknowledgment of the policies does not constitute admission of wrong doing only that the sanctioned user is now aware of, and will comply with, the policies.  

The sanctions may be lifted once a specific time period has elapsed.  The time period will be communicated in the violation notice on the copyright website. The sanction levels are:

  • Level 1             Informational, no sanction
  • Level 2             4 hours
  • Level 3             24 hours
  • Level 4             All semester  

Users who feel they may have been mistakenly sanctioned may contact the Help Desk.  Upon review the sanction may be adjusted or lifted based on the discretion of CWI’s Information Technology Department.

Repeat offenders may have their internet access suspended indefinitely and be subject to disciplinary proceedings according to the student handbook or the CWI Policy and Administrative Procedure Manual.

Faculty, staff, and students may appeal a decision to suspend individual Internet access by submitting a written request to helprequest@cwidaho.cc.  The appeal should include all pertinent facts and information related to the incident, or events that lead to the suspension of service.   CWI will re-examine all available information regarding the decision to suspend service, and come to a decision whether or not to restore access.  The suspension of Internet access may only be appealed once.  Guests, contractors and other temporary users may not appeal the decision to suspend Internet access.