Violations of University Policy
This article applies to: Policy
University-wide policies describe what activities constitute responsible use as well as violations. Following is more detail about some violations that IT@Cornell frequently gets questions about.
Sharing NetIDs and Passwords (unauthorized use)
Your NetID and password are provided only for your use. NetIDs provide access to a wide range of services that are restricted for use by you personally (such as grades, address information, bursar bill, salary, benefits) or are restricted for use by the Cornell community (such as email, library services, downloads of licensed software ). If you share your NetID with spouses, family members, friends or roommates, then you are giving them access to services they are not authorized to use. They will also have access to all of your personal information. They may even embarrass you by posting to a news group in your name or by modifying your web page. See NetID Terms and Conditions and NetID Frequently Asked Questions.
DO NOT USE ANYONE ELSE'S PASSWORD. Using someone else's password to access services or data is also a violation of policy, regardless of how the password was obtained.
Chain Email and Virus Hoaxes
The most important thing to remember is if you get chain e-mail, do not help propagate it. Chain e-mail usually contains phrases like "pass this on", "forward - do not delete", "don't break the chain", "this is safe, don't worry", "let's see how long this takes to get back to the start", "this has been around the world 20 times", "7 years of good luck!", "I don't wanna die", "your mom would want you to do this", etc. Often there is some story about how lucky a person has been since they forwarded the chain e-mail, or how unlucky they were because they didn't. Sometimes chain e-mail is disguised--it tells of some kid who is dying and wants post cards, or it warns about e-mail viruses or internet shutdowns. Don't fall for it. It's all chain mail and it's designed to get you to forward it.
In the past, chain mail hoaxes of various sorts have become widespread on the Internet. Some are virus warnings like "Good Times", "PenPal", and "Irina". Others are like the "Naughty Robot" that claims to have all your credit card numbers. They tell you to forward the "warning" to everyone you know. Most hoaxes start out as pranks, but often live on for years, getting passed around by new people who have just joined the Internet community. Don't believe every warning you get via e-mail. You should not pass these warnings on unless you verify the authenticity. If you have any doubts or if you get chain e-mail from someone with a Cornell email address, contact the IT Service Desk or email@example.com. You will need to include a copy of the chain e-mail in your report. In most cases, a first offense results in a warning. Subsequent offenses result in a referral to the Judicial Administrator for disciplinary action.
If you get chain e-mail from someone not affiliated with Cornell, if you know the sender, you can reply and let them know you are not happy about getting chain e-mail from them, or you can delete and ignore it. If the sender is unknown to you, don't confirm to them that they have a valid email address by writing back. If you choose to complain, follow the instructions in Reporting incidents to other sites. Most places have policies regarding the propagation of chain e-mail and will deal with it on their end.
Electronic communication that is repeated and unwanted may constitute harassment. In general, communication targeted at a specific individual with the intent to harass or threaten is a violation of Cornell policy. If you receive unwanted e-mail or other form of communication, you may want to consider notifying the sender that it is unwanted. Many times a person will not realize that their communication is unwanted unless you tell them. If the sender continues to communicate after being placed on notice, or if you feel uncomfortable confronting the sender, the incident should be reported to the Office of the Judicial Administrator. You should also contact the Cornell Police if the situation is potentially serious and requires immediate attention. Save electronic copies of anything that can be used as evidence.
Altering electronic communications to hide your identity or impersonate another person is considered forgery. All e-mail, news posts, or any other form of communication using university systems should contain your name and/or NetID. Forgery includes using another person's identity or using an identity that's fake (like god@heaven or anon@nowhere). Forgeries intended as pranks or jokes are still considered violations.
Tapping Phone or Network Transmissions
Running a network "sniffer" program to examine or collect data from the network, including wireless networks, is considered tapping a network.
Flooding someone with numerous or large e-mail messages in an attempt to disrupt them or their site is known as "e-mail bombing". Often this is done to retaliate because someone has done something annoying. But more often than not e-mail bombing will either cause problems for your local system or disrupt service for thousands of other innocent bystanders. If you are having a problem with someone, pursue an acceptable method to report the situation. If it's a Cornell person, determine what violation is occurring and report it as outlined for that type of violation. If it's someone outside of Cornell, then follow the instructions in Identifying the Source of Inappropriate Email and Reporting It.
Interfering with Activities of Others
This can be any activity that disrupts a system and interferes with other people's ability to use that system. In some cases, consuming more than your "fair" share of resources can constitute interference. Some examples are:
- Email bombing that causes an account to fill up, the network to bog down, or an email application to crash.
- Posting many messages to a single news group or mailing list making it difficult for subscribers to carry on their normal discussion.
- Running a file-sharing application that slows down the network by consuming excessive bandwidth.
As stated in the Policy Regarding Abuse of Computers and Networks, legitimate use of a computer or network does not extend to whatever an individual is capable of doing. In some cases, operating systems have security holes or other loopholes that people can use to gain access to the system or to data on that system. This is considered unauthorized access. If someone inadvertently turns on file sharing on their personal computer, you do not have the right to read or delete their files unless you have been given explicit permission from the owner. This is much like accidentally leaving your house door unlocked. You wouldn't expect a burglar to use that as an excuse for robbing you.
Commercial Use of University Resources
Using e-mail to solicit sales or conduct business, setting up a web page to advertise or sell a service, or posting an advertisement to a news group all constitute commercial use. Even if you use your own personal computer, but you use the university's network (either from a dorm room, office or via dial-up access from home), you are in violation of the policy.
Everything listed under Illegal Activities is a violation of university policy. This is not a comprehensive list, but it contains the activities most frequently asked about.
Cornell IT Service Desk
Normal Business Hours: Monday-Friday, 8am-6pm (Eastern Time)
Emergency Service Disruptions: After Hours Support