Cornell's IT policies exist to maintain, secure, and ensure legal and appropriate use of the university's information technology infrastructure. Security and privacy policies work together to provide the campus community with a high quality, trusted, and secure campus computing environment. They also help protect and secure property interests, data, and intellectual property.
The development, formulation, and promulgation of university-level IT policies requires coordination with the University Policy Office. See University Policy 4.1, Formulation and Issuance of University Policies.
University IT Policies
University IT Policies include:
- 5.0: Abuse of Computers and Network Systems
- 5.1: Responsible Use of Information Technology Resources
- 5.2 Mass Electronic Mailing: Policy (DFA website) | Procedures
- 5.3 Use of Escrowed Encryption Keys: Policy (DFA website)
- 5.4.1 Security of Information Technology Resources
- 5.4.2 Reporting Electronic Security Incidents
- 5.5 Stewardship and Custodianship of Electronic Mail
- 5.6 Recording and Registration of Domain Names: Policy (DFA website) | Procedures
- 5.7 Network Registry: Policy (DFA website) | Procedures
- 5.8 Authentication of IT Resources
- 5.9 Privacy of the Network
- 5.10 Information Security
Campus Code of Conduct
Violations listed under Policy 5.0: Abuse of Computers and Network Systems and Policy 5.1: Responsible Use of Electronic Communications are also violations of the Campus Code of Conduct.
The Campus Code of Conduct sets forth standards of behavior that apply to all faculty, students, staff, and university-registered organizations. The Board of Trustees and the University Assembly each have authority over different sections of the Code, and the Code is amended from time to time to foster a safe and productive learning and living environment. Regarding computer usage, the Code of Conduct specifically makes it a violation "to recklessly or maliciously interfere with or damage, in violation of university rules, computer or network resources or computer data, files, or other information." The Code also makes it clear that "misappropriation of data or copyrighted materials, including computer software, may constitute theft." Violations of university policies, including computer usage policies, also constitute violations of the Code of Conduct.
Violations of the Campus Code of Conduct are handled by the Office of the Judicial Administrator according to the procedures defined in the Code. More serious incidents (e.g., felonies) may be turned over to local and/or federal law enforcement agencies, as appropriate. Individuals who feel they have been victimized by computer abuse violations may choose to refer the matter to the JA, or may choose to pursue the matter outside the university (for example, through the civil or criminal courts).
Code of Academic Integrity
The Code of Academic Integrity was adopted by the Faculty Council of Representatives and applies to all students. It prescribes adherence to a set of values, expected not only in coursework, but also in the use of university resources. The code includes computer and network related concepts and examples of violations, such as: initiating or encouraging the promulgation of chain letters and other types of electronic broadcast messages, tapping phone lines or other network cables, subverting or obstructing a computer or network by introducing a worm or virus, supplying false or misleading information to access computer or network systems, improperly obtaining or using another's password to access computers or network systems, and unauthorized access to data, computers or networks.
Violations of the Code of Academic Integrity are handled by the Dean of the appropriate college according to the procedures defined in the code. The computer and network related violations are also covered under Policy 5.0: Abuse of Computers and Network Systems and Policy 5.1: Responsible Use of Electronic Communications. Refer to the examples under these policies to determine where to direct reports of incidents.