POLICIES & APPROPRIATE USE OF IT RESOURCES

Hartwick College provides technology resources in support of the College’s purpose as a liberal arts and sciences institution, our educational and community values, and our programs and initiatives. The goal of Hartwick’s Information Technology organization is to provide high quality services to the College community.

To ensure that our high standards are met, we have certain expectations regarding the use of technology resources at the College. The purpose of this policy is to encourage the responsible use of our technology resources, consistent with the College’s expectations for the appropriate conduct of the members of its community. As such, it supplements existing College policies. This document is intended to provide guidance to users. It describes activities that Hartwick College considers to be violations of use of technology resources. The examples listed are not intended to be exhaustive, since technology and applications constantly change.

Download User Responsibilities and Appropriate Use Policy for signing.

If you are unsure whether any use or action is permitted, please contact the Technology Resource Center at x4357 (607-431-4357) for assistance.

Access to Hartwick College technology resources is a privilege, not a right. This privilege is extended to all users, including faculty, staff, students, trustees, alumni/ae, and affiliated individuals and organizations. Hartwick’s technology resources include computing facilities, telecommunications and network services, video network services, web page servers, equipment, software, applications, information resources, printing and scanning services, and user and technical support provided by Information Technology staff. Accepting access to these technology resources carries an associated expectation of responsible and appropriate use.

In General
While there are cases in which use of technology resources is deemed not responsible or not appropriate, there are also cases in which technology resources are used in the conduct of behaviors which violate College policies, codes of conduct, or local, state, or federal laws. Though the use of technology resources is the focus of this document, those who use Hartwick technology resources are advised that use may also be governed by other College policies, including but not limited to those in the student handbook, College catalog, employee and faculty handbooks; other policies governing academic, student life, or personnel matters at the College; or agreements between the College and affiliated organizations. Hartwick College’s technology and information resources are not to be used for commercial purposes or non-College related activities without written authorization from the officer(s) of the College that have been so designated. (Contact the Technology Resource Center for further information.)

Your Responsibilities
As a user of Hartwick technology resources, you have a shared responsibility with the College Information Technology staff to maintain the integrity of our systems, services, and information so that high quality services can be provided to everyone. Your responsibilities include:

• To use the College’s technology resources responsibly and appropriately, consistently with the mission and purpose of the College, and respect the rights of other users to system, services, and information access 24 hours/day, 7 days per week.
• To be cooperative in reserved computing facilities, such as classrooms or labs when scheduled for use for instruction, testing, or workshops.
• To comply with posted policies governing the use of public computing and printing facilities.
• To respect all contractual and license agreements, privacy of information, and the intellectual property of others.
• To comply with College, federal, state, and local regulations regarding access and use of information resources (e.g., College policies regarding the Institutional Information System and dissemination of information outside the campus, Federal Copyright Act, The Family Education Rights and Privacy Act, Gramm-Leach-Bliley Act, codes of professional responsibility, etc.).
• To maintain your own system accounts (to include files, data and processes associated with those accounts); for personal computer files, data, and processes, this includes taking appropriate action to back up your personal computer system. (The Technology Resource Center can assist you in setting up backup procedures.)
• To exercise due diligence in protecting any computer which you connect to the Hartwick network from viruses, worms, and security vulnerabilities by regularly using anti-virus software (provided by the Technology Resource Center for College-issued computers or personally purchased anti-virus software for personally owned computers), installing available security updates/patches for your operating system and any applications you use, and avoiding the installation of untrusted programs on your computer.
• To keep your technology accounts (computer, network, D2L, Datatel, voice/calling card/voice mail) secure. If you suspect unauthorized access, report it to your supervisor or the Student Life Office and to the Technology Resource Center, or to Campus Safety.
• Not to share your privileges with others. Your access to technology resources is not transferable to another member of the Hartwick community, to family members, or to an outside individual or organization. If someone wishes access to Hartwick’s technology resources, s/he should contact the Technology Resource Center.
• To present web pages and blogs that reflect the highest standards of quality and responsibility. As page or blog owner, you are responsible for the content of your web page or blog as well as that all links and references from these are consistent with this and other College policies, copyright laws, and applicable local, state, federal laws. College-hosted web pages and blogs are not to be used for commercial purposes or for activities not related to the purposes of the College, without written authorization from the College.
• To contribute information to College wikis that reflect the highest standards of quality, accuracy, and responsibility.
• To understand the implications of sharing personal information or data via the Internet, World-Wide Web, email, instant messaging, or other services that either are open to access by others on and off-campus, or that can be forwarded to others.
• To record your name and an appropriate greeting on your voice mail account.
• To report violations or suspected violations of this policy to Campus Safety or Technology Resources.

Examples of Violations of Appropriate Use
Authorized Access/Accounts

• Attempting to obtain unauthorized access or circumventing user authentication or security of any host, network or account (“cracking”). This includes accessing data not intended for the user, logging into a server or account which you are not expressly authorized to access, or probing the security of systems or networks.
• Supplying or attempting to supply false or misleading information or identification in order to access Hartwick’s technology resources.
• Sharing your passwords or authorization codes with others (computing, email, voice mail, long distance code, etc.).
• Using technology resources for unauthorized uses.
• Logging onto another user’s account; sending email, voice mail, etc. from another individual’s account or from an anonymous account.
• Unauthorized use of the College’s registered Internet domain name(s).
• Using another person’s telephone authorization code, line, calling card, or network system access for chargeable services.
• Using voice services to incur charges for collect or third-party calls which are billed to the College and not to your direct line.
• Changing your Hartwick College-issued machine name to a name that is different from that assigned by the Technology Resource Center without authorization.
• Connecting computers or other devices to the College network that have not been registered with, or approved by, the Technology Resource Center.

Services

• Attempting to interfere with service to any user, host, or network. This includes “denial of service” attacks, “flooding” of networks, deliberate attempts to overload a service, port scans and attempts to “crash” a host.
• Use of any kind of program/script/command designed to interfere with a user’s computer or network session or collect, use, or distribute another user’s personal information (spyware).
• Damaging a computer or part of a computer or networking or telecommunications system.
• Knowingly spreading computer viruses.
• Modifying the software or hardware configuration of College technology resources, including dismantling computers in the lab for the purposes of connecting a notebook computer to the peripherals.
• Excessive use of technology resources for frivolous purposes, such as game playing or downloading of media files. This causes congestion of the network or may otherwise interfere with the work of others, especially those wanting to use public access computers or network and Internet resources.
• Violating copyright laws.
• “Hacking” on computing and networking systems.
• Using College technology resources (networks, central computing systems, public access systems, voice and video systems) for new technologies research and development without College review and authorization.
• Failure to follow the College’s guidelines for use and/or deployment of wireless access points (WAPs).

Software, Data & Information

• Inspecting, modifying, distributing, or copying software or data without proper authorization, or attempting to do so.
• Violating software licensing provisions.
• Installing software on public access and other College machines without appropriate authorization from the Technology Resource Center or the department to which the machines belong.
• Installing any diagnostic, analyzer, “sniffer,” keystroke/data capture software or devices on College technology resources.
• Breaching confidentiality agreements for software and applications; breaching confidentiality provisions for institutional or individual information.

Email/Internet Messaging/Voice Mail/Voice Services

• Harassment or annoyance of others, whether through language, frequency or size of messages, or number and frequency of telephone calls.
• Sending email or voice mail to any person who does not wish to receive it, or with whom you have no legitimate reason to communicate. If a recipient asks to stop receiving mail from you, you must not send that person any further mail.
• Sending unsolicited bulk mail messages (“junk mail” or “spam”) which, in the College’s judgment, is disruptive to system resources or generates a significant number of user complaints. This includes bulk mailing of commercial advertising, informational announcements, political tracts, or other inappropriate use of system email distribution lists. Forwarding or otherwise propagating chain email and voice mail and pyramid schemes, whether or not the recipients wish to receive such mailings. This includes chain email for charitable or socially responsible causes.
• Malicious email or voice mail, such as “mailbombing” or flooding a user or site with very large or numerous items of email or voice mail.
• Forging of email header or voice mail envelope information.
• Forging email from another’s account.
• Sending malicious, harassing, or otherwise inappropriate voice mail from another’s voice line.
• Collecting replies to messages sent from another institution, organization, or Internet Service Provider where those messages violate this Appropriate Use Policy or the Appropriate Use Policy of that other provider.

College-hosted Web Pages, Blogs, Wikis & Servers

• Posting content on your web page, blog, or wiki that provides information on and encourages illegal activity, or is harassing and defaming to others.
• Linking your web page, blog, or wiki to sites whose content violates College policies, and/or local, state, or federal laws and regulations.
• Running websites, blogs, or wikis that support commercial activities or running server systems under the College’s registered domain name, HARTWICK.EDU or a variation thereof, without the College’s authorization. Contact the Technology Resource Center, 607-431-4357, if you have questions about authorization or wish to apply for authorization.

College Bulletin and Discussion Boards

• Posting a message whose subject or content is considered unrelated to the subject matter of the bulletin or discussion board to which it is posted. For moderated listservs, the decision as to whether a post is unrelated will be made by the moderator. For discussion boards that are not moderated, we employ the practice of “self-policing”–that is, members serve as moderators, commenting (to the sender, to the list) about inappropriate posts.
• Posting chain letters of any type.
• Forging header information on posts to College bulletin or discussion boards.

Enforcement of this Policy

To protect the security of the College’s systems, and in accordance with Article 5, Section 52-C*2 of the New York State Civil Rights Law, all employees are advised that any and all telephone conversations or transmissions, electronic mail or transmissions, or internet access or usage by an employee by any electronic device or system, including but not limited to the use of a computer, telephone, wire, radio or electromagnetic, photoelectronic or photo-optical systems may be subject to monitoring, access, interception or disclosure by Hartwick College at any and all times and by lawful means.

Reporting Violations or Suspected Violations
Reports of violations or suspected violations should be made to Campus Safety or the Technology Resource Center.

Response to Violations
Campus Safety and Information Technology will investigate and respond to reports of violations or suspected violations. As part of this response, Information Technology reserves the right to immediately disconnect any system or terminate user access.

Sanctions
The College will enforce applicable penalties and/or immediately terminate access to College systems and network services to any user in cases where technology resources have been used in a manner that is disruptive or is otherwise believed to be in violation of this policy and/or other College policies or law. As a recognized agent under the Digital Millennium Copyright Act, the College will act in accordance with the provisions of this act in the event of notification of alleged copyright infringement by any user.

Instances of inappropriate use of technology resources will be referred to the appropriate official for disciplinary action by the College and will be subject to this policy as well as to other applicable College policies and guidelines. In addition, individuals may be subject to civil suit and/or local, state, and federal prosecution depending on their actions. Among sanctions that can be imposed for violation of this or other applicable College policies, the College reserves the right to restrict an individual’s access to technology resources. The College’s Information Technologies Division reserves the right to deny employment within the division to any individual found in violation of this policy. Academic departments reserve the right to refuse admission to or dismiss students from their programs as a sanction for violation of this policy.

The Digital Millennium Copyright Act (DMCA) was passed in 1998 and is designed to protect the rights of copyright holders in the use of their work. It allows for criminal and civil penalties for copyright infringement. Members of the Hartwick College community should be aware that:

• Copyright laws (intellectual property laws) protect the rights of people who create “works” (such as music, video, books, photos) by making sure that the copyright holders have the final control over the use of their work and receive compensation for their efforts.
• Buying the “work” does not give you the right to do whatever you want with the work (e.g. making copies and giving them away), unless the copyright owner specifically allows it.
• The use of file-sharing peer-to-peer programs (such as BitTorrent, Kazaa, Limewire, Morpheus, etc.), leaving copyrighted material in shared folders, and posting copyrighted material on YouTube, Facebook or other sites can be done only with permission of the copyright owner. Otherwise it is illegal.
• Copyright owners take unauthorized use seriously, and organizations representing them can sometimes detect which computers are doing the illegal sharing.
• If you are downloading or sharing files to avoid paying for them, it’s probably illegal.

Downloading, posting, and sharing copyrighted material without appropriate authorization by the copyright holder is a violation of both the DMCA and Hartwick College’s User Responsibilities and Appropriate Use Policy.

Hartwick College may be notified when a member of the Hartwick community is allegedly in violation of the DMCA. Typically, the DMCA requires the College to attempt to identify the computer system on which the alleged infringing material is stored or posted, contact the computer owner, and request that the material be deleted and/or file-sharing activity ended.

Unauthorized distribution of copyrighted material, including peer-to-peer file sharing, may subject a student to civil and criminal liabilities. In general, anyone found liable for civil copyright infringement may be ordered to pay either actual damages or “statutory” damages between $750 and $30,000 per work infringed, and possibly court costs and attorneys’ fees as well. Willful copyright infringement can also result in criminal penalties, including imprisonment of up to five years and fines of up to $250,000 per offense. See also Institutional Requirements for combating the unauthorized distribution of copyrighted material by users of the institution’s network and the U.S. Copyright Office’s FAQ.

Hartwick College’s policy and procedure for addressing notices of alleged copyright infringement includes provisions for research fees, fines and disciplinary sanctions, including loss of all College network access privileges. See applicable section of Student Code of Conduct and Campus Policies.

Legal sources of music and videos:
Music: Lists from the Recording Industry Association of America
Movies and TV Shows: Lists from the Motion Picture Association of America
Miscellaneous: Lists from Educause

The RIAA (Recording Industry Association of America) and the MPAA (Motion Picture Association of America) have been making news lately with lawsuits concerning copyright infringement. Given the popularity of programs like BitTorrent, UTorrent Vuze, eMule and other peer-to-peer programs, it is easy to get caught up in the file-sharing frenzy and lose sight of the bigger picture.

Sharing copyrighted materials on Hartwick’s campus is not only a violation of the College’s Responsible Use of Technology Policy, but it is also illegal! If the College receives a complaint that your computer is involved with downloading copyrighted materials, IT, Student Life, and Campus Safety are compelled to act upon that complaint. Then the following can occur:

1. FINES: If legal action is taken, the offender can face some stiff fines–the RIAA has requested fines of $150,000 for each illegal recording found on a user’s computer.
2. INCONVENIENCE: If we find that your computer is offering copyrighted materials illegally, you will be asked to bring your computer to the Technology Services Center for deletion of the material in question. If you do not do so in a timely manner, you risk revocation of email and Internet access.
3. DISCIPLINARY ACTION: Since this is a violation of College policies, Student Life is notified for further disciplinary action. The RIAA or MPAA will also be notified that we have found the source of the illegal copyrighted materials and have carried out our legal responsibilities to remove the material from our network. While we do not provide the person’s name at this point, the recent direction of court cases indicates that the College could be compelled to do so in the future.
4. REVOCATION OF EMAIL/INTERNET ACCESS: Violations of College policies can result in the revocation of email and Internet access privileges.

Given the consequences above, is it worth the risk for a few free songs or movies? If you use peer-to-peer programs on your computer, it is strongly recommended that you remove these programs and any illegal files. If you need help doing this, please contact the Technology Resource Center at x4357.

Other Reasons to Avoid Peer-to-Peer Programs

There are additional reasons to avoid peer-to-peer programs. Does your computer exhibit the following symptoms?

1. It seems sluggish when opening programs and files.
2. Advertisements pop up all the time.
3. Your hard drive activity light flashes even when you are not using the system.
4. Your browser’s homepage has been changed without your knowledge, and it now redirects you to another web page.
5. New toolbars in your browser show up for software that you did not install.
6. Your Internet browser crashes with errors.

When you start downloading software from the Internet, you may get more than you bargained for. Spyware and adware software come along for the ride with some of these programs. Spyware will track your surfing behavior to create a marketing profile of you that will be sold to advertising companies. Adware is the software that gives you those annoying pop-up ads. If you see any of the symptoms above, you probably have spyware on your computer. But even if you don’t see anything, you may still be infected, because there could be spyware that is silently tracking, collecting, and then sending your surfing behavior to advertising companies–extracted from the spybot’s web page.

The Technology Resource Center has seen an increase in email that appears to be from legitimate sources (banks, PayPal, etc.), but the messages ask for personal information. Never share any of your personal information by replying to these emails or going to the websites they ask you to use. Read this information for tips on how to identify fraudulent email.

Be wary of any seemingly legitimate email request for account information, often under the guise of asking you to verify or reconfirm confidential personal information such as credit card numbers, account numbers, Social Security Numbers, passwords, or other sensitive information.

It’s often hard to detect a fraudulent email. That’s because the email address of the sender often seems genuine (such as support@yourbank.com), as do the design and graphics. But there are clear signs to be aware of. For example, fraudulent emails often try to extract personal information from you (Phishing) in one of two ways:

1. By luring you into providing it on the spot (e.g., by replying to the email), or
2. By including links to a website that tries to get you to disclose personal data.

Like the email, a fraudulent website is designed to trick you into believing that it belongs to a company you know, by using its brands, domain names, and graphics. The ultimate goal of this fraud is to use your information to gain unauthorized access to your bank or financial accounts or to engage in other illegal activities.

Never reply to any email requesting your personal information, or one that sends you personal information and asks you to update or confirm it. If you receive an email that you are suspicious of, contact the company through an address or telephone number which you know to be genuine.

If you suspect that you have provided confidential account or personal information to a fraudulent website, change your password immediately, monitor your account activity frequently, and report any suspicious activity to the real company–using an address or phone number that you know to be genuine.

The Department of Justice recommends following three simple rules when you see emails or websites that may be part of a “phishing” scheme: Stop, Look, and Call.

Stop: Phishers typically include upsetting or exciting (but false) statements in their emails with one purpose in mind: they want people to react immediately to that information by clicking on the link and entering the requested data without taking time to think through what they are doing. Resist the impulse to click immediately. No matter how upsetting or exciting the statements in the email may be, there is always enough time to check out the information more closely.

Look: Look more closely at the claims made in the email, think about whether those claims make sense, and be highly suspicious if the email asks for your personal information such as account numbers, usernames, or passwords. For example:

• If the email indicates that it comes from a bank or other financial institution where you have a bank or credit card account, but tells you that you have to enter your account information again, that makes no sense. Legitimate banks and financial institutions already have their customers’ account numbers in their records. Even if the email says a customer’s account is being terminated, the real bank or financial institution will still have that customer’s account number and identifying information.

• If the email says that you have won a prize or are entitled to receive some special deal, but asks for financial or personal data, be highly suspicious. Legitimate companies that want to give you a real prize don’t ask you for extensive amounts of personal and financial information before you’re entitled to receive it.

Call: If the email or website purports to be from a legitimate company or financial institution, call or email that company directly and ask whether the email or website is really from that company. To be sure that you are contacting the real company or institution where you have accounts, credit card account holders can call the toll-free numbers on the backs of their cards, and bank customers can call the telephone numbers on their bank statements.

Wireless routers which are not installed and managed by Hartwick College Information Technology are not permitted on the Hartwick College campus.

Personal wireless routers may create interference with our enterprise wireless access points and impact the network performance of wireless network users. They can also allow unauthorized access by individuals who have no association to Hartwick College, even someone sitting in a parking lot. This can result in excessive bandwidth use, or worse, the theft of private information due to unencrypted or poorly encrypted network traffic. Personal wireless routers may also confuse faculty, staff, students or guests with an unknown and unsecure wireless network.

Hartwick’s wireless network has approximately 250 wireless access points. These are managed access points which are configured to provide optimal connection and speed. This means that a personal wireless router may slow down or drop the network for many other nearby users, because the configuration of the personal router may conflict with the College’s devices.

Personal wireless routers use the same wired infrastructure (path to the Internet) as the College’s devices and will experience the same variable speed especially during peak hours. Using a personal wireless router will not increase network speed and will likely cause poor performance for the owner and for others nearby.

IT will identify personal wireless routers by using wireless network management tools. If a personal router is found, we will take steps to disable the device’s network connection.

If you want to use a wireless router in wired mode only to have more Ethernet ports in your room, you must disable the wireless feature. This is done through the router’s settings. If you need assistance, or if you have questions about the College’s network, please contact the Technology Resource Center at 607-431-4357 or by emailing technology@hartwick.edu.

College-Supported Hardware

Only hardware purchased through one of our vendors is fully supported by the College.

College-Supported Software

• Datatel is the college-wide administrative software package.
• Windows 10 & 11 are the supported Windows operating systems for laptops and desktops.
• Microsoft Office  – includes Word, Excel, Access and Power Point. All employees may upgrade their College computer to the most current version of Office at no cost.
• Hartwick Gmail is the supported e-mail software.
• Microsoft Edge, Firefox, Safari or Google Chrome (versions installed by the TRC) is the supported web browser.
• Microsoft Endpoint Protection (versions installed by the TRC) is the supported anti-virus program.
• WS-FTP (file transport software)
• Adobe Acrobat Reader (The reader is free and is installed by Hartwick. If you need to write files in Adobe Acrobat format, you will need to purchase Adobe Acrobat (the writer portion of the Adobe software), available for purchase from the Technology Resource Center, x4357.)
• SPSS statistical software
• Zoom videoconferencing software
• Software drivers for the hardware issued by the College

Students, faculty and staff who still intend to use hardware or software packages that are not on this supported list should contact the Technology Resource Center – x4357 (HELP), or send email to Technology@hartwick.edu

Administrative Departments with Special or Advanced Software or Hardware Needs:
The Technology Resource Center’s primary goal is to provide excellent technical support for students, faculty and staff using College-supported software and hardware.

Administrative departments that may need specialized or customized software applications which meet the department’s needs but do not meet the College’s software/hardware standards should be aware that the Technology Resource Center can provide general technology advice (per the College-supported software list above) and assistance where feasible.

Once a department decides to install and maintain special or customized software applications, that department’s responsibilities include (but are not strictly limited to):

• Funding and arranging for the software/hardware purchase
• Funding and arranging for any consulting or training required to install and maintain the software applications, plus any ongoing maintenance costs
• Identifying trained departmental staff who can adequately support the department’s software application, with a backup plan to cover vacations or other times when those key staff are not available
• Doing backups and providing a secure environment for their departmental data (disaster recovery plans, who has access to the data, who can modify/delete records, etc.)
• Managing the business relationship with the vendor which supplies the software/hardware

If your department is considering buying or developing special software applications, you should contact the Technology Resource Center at x4357 to learn whether there is a Datatel module to meet your needs and to what extent the Technology Resource Center can help.

In order to protect Hartwick College’s critical business information and data and to comply with The Financial Services Modernization Act of 1999 (also known as Gramm-Leach-Bliley Act), the Department of Information Technology recommends the adoption and review of the College’s various practices pertaining to safeguarding and dissemination of College information and information about the College’s constituents. The recommended practices primarily build upon the policies adopted for “authorized access and use” at the time that the College implemented the Datatel system, and mostly affect the technologies areas; however, some of the recommended policies and procedures have a broader, College-wide impact, including some of our third-party service providers. The purpose of this document is to define the College’s Information Security Plan (the Plan), to provide an outline to assure ongoing compliance with federal regulations related to the Plan, and to position the College to address future changes in privacy and security regulations.

The Financial Services Modernization Act of 1999 (FSMA) (Gramm-Leach-Bliley (GLB)) Requirements

The FSMA requires that the College appoint an Information Security Plan Coordinator, conduct a risk assessment of likely security and privacy risks and identify such risks, design and implement a safeguards program/information security plan, institute a training and awareness program for all employees who have access to covered data and information, oversee service providers and contracts, and require them to demonstrate safeguards, and evaluate and adjust the Information Security Plan periodically.

Clark Hall
Hartwick College
Oneonta, New York