This action might not be possible to undo. Are you sure you want to continue?
use of computers, and voice and data communication networks" (as listed in the calendar). the preamble to these regulations states that "these regulations have the status of regulations for discipline which apply to all members of the university. any breach of these regulations will automatically be considered a breach of discipline. in this context 'members of the university' encompasses all staff (including those holding honorary appointments), students and accredited visitors." regulation 8 further provides that "individual departments may lay down additional regulations at the discretion of the head of department. these additional regulations have the same status as the university regulations." the remainder of this document contains a copy of the university regulations and the supplemental departmental regulations currently in force. explanatory comments and cross-references are given [in italic in brackets]. see also the computing services regulations, * university telephony and computing regulations disclaimer. the explanatory comments are provided for guidance only: they are a personal interpretation of the relevant regulations and legislation. this interpretation might not be shared by the university authorities in the event of disciplinary proceedings. i. university regulations 1. background the use of computers is regulated by three acts of parliament - the data protection act 1984, the copyright, designs and patents act 1988 and the computer misuse act 1990. similarly the use of the public data telephone networks is regulated by the telecommunications act 1984. these and several other acts (including the obscene publications act 1978 as amended by the criminal justice act 1994) identify a number of prohibited actions related to the use of computers which, if proven in a court of law may lead the perpetrator to a fine or imprisonment or both, or a suit for damages in the civil courts. the following regulations are framed to remind all members of the university of their legal obligations under these acts of parliament. in addition, the use of computer software may also be subject to the terms of licence agreements in which the university has entered and which are enforceable by the licensor in the civil courts. these regulations have the status of regulations for discipline which apply to all members of the university. any breach of these regulations will automatically be considered a breach of discipline. in this context `members of the university' encompasses all staff, students and accredited visitors. 2. data protection members of the university are allowed only to hold, obtain, disclose or transfer personal data (as defined by the data protection act 1984) as permitted by the university's current registration with the data protection registry and in accordance with data protection principles as set out in that act. if in doubt the university's data protection officer should be consulted before any personal data is stored in a computer system.
3. copyright members of the university will comply with the provisions of the copyright designs and patents act 1988 (as amended) in relation to any computer program or data set and shall not act in any way contrary to the terms of any licence agreement applying there to. [this is a formal way of saying "thou shalt not use pirated software". it is an offence under this act to use unlicensed software: staff and students must ensure that they have complied with the licensing requirements of any software that they mount on a university or departmental computer system. note also that copyright extends to data, and the act covers images and other information published on the world wide web without the permission of the copyright owner.] 4. computer misuse i) members of the university are allowed only to use those computing resources, data or voice communications facilities, which have been allocated to them by the responsible computing management. the responsible computing management is the head of department or dean of faculty concerned. for groups which are not organised as departments, the head of the budgetary group shall determine at what level the duties of the responsible computing management shall be discharged. ii) computing resources, including data and voice communications networks may only be used for properly authorised purposes. iii) computing, data and voice communications resources may only be used by the person to whom they are granted. members of the university may not lend or give resources to any other person unless they are explicitly authorised to do so by the responsible computing management. [in particular, students do not have authority to grant anyone else access to the facilities that they have been given, and if they do so they will be held responsible for what that other person does.] iv) members of the university may not access, alter, erase or add to computer material which has not been generated by them unless they are explicitly authorised to do so by the responsible computing management. [this is the wording that appears in the calendar. in fact, the act makes it an offence to attempt such actions] v) authorised users of computer systems must take reasonable care to prevent unauthorised use of the computing resources allocated to them. vi) members of the university may not use computer systems or networks in such a way as to compromise the integrity or performance of the systems or networks. [these regulations cover the activity commonly known as 'hacking'. breach of any of these regulations is prima facie evidence of an offence under the computer misuse act.] 5. data and voice networks i) members of the university must abide by any `conditions of use' of data or voice networks which are published by the responsible computing management for the protection of the integrity and efficiency of the network.
[in particular, any use of the internet is subject to the 'conditions for acceptable use' published by ukerna, the managing body of the janet network. broadly speaking, anything related to academic work is permissible, and any commercial activity is unacceptable. in case of doubt, members of the department should consult the systems and networks manager.] ii) members of the university must not cause obscene, pornographic, discriminatory, defamatory or other offensive material, or material that otherwise infringes a right or inherent right of another person to be transmitted over the university, national or public networks, or cause such to be stored in university computer systems. [it is a criminal offence to publish pornographic material e.g. by including such material in a web page. possession of pornographic images involving a minor is a criminal offence: possession of other pornographic images is not a criminal offence, but is nevertheless an offence against these regulations. the reference to 'a right or inherent right' clearly prohibits the publishing of copyright material. it is important to note that this clause also covers material that might be construed as infringing the rights of an individual under the equal opportunities act.] 6. codes of conduct members of the university must observe fully the terms and conditions set out in codes of conduct by which the university has agreed to abide, copies of which are available in computing services. 7. withdrawal of service i) the responsible computing management may withdraw access to facilities from any user for the purposes of investigating a breach of these regulations. any withdrawal of service lasting for longer than 2 weeks must be notified to the user's head of department. ii) the responsible computing management may withdraw access to facilities from any user found to be guilty of a breach of these regulations. [the department has a reciprocal agreement with computing services: if services are withdrawn on departmental systems they will also be withdrawn on computing services systems, and vice versa.] 8. additional regulations individual departments may lay down additional regulations at the discretion of the head of department. these additional regulations have the same status as the university regulations. 9. liability i) the university accepts no liability for the correctness of any results produced using computer facilities, data or voice networks, for any failure of equipment to produce results nor for any consequential loss or damage. ii) the university will hold the individual user personally liable for any costs or claims which may arise from any use of university computing and/or communications facilities, whether authorised or not by the responsible computing management. ii. departmental supplemental regulations 1. computer accounts all staff and students are given a departmental computer account with a unique login name and password. to be granted an account the user must be present in the departmental staff/student database.
guests and bona fide visitors to the department may be granted a temporary account. to enable such an account the guest or visitor must contact a departmental academic sponsor who, with the approval of their head of group, then completes and submits a guest account application form to the department manager. the department manager will add the user to the ecs staff/student database and pass the user details to the computer systems account manager for the account to be made. the guest must sign the request and agree to abide by the departmental and university regulations, as well as any further regulations on the application form. the sponsor is considered liable for the guest's actions. 2. the account and password the following regulations apply to all departmental accounts: (i) the account is only to be used by its owner. (ii) a password is assigned by the computer systems account manager when the account is created: the user must change this immediately. (ii) the password must not be divulged to anyone. [see university regulation 4 which spells out the implications of the computer misuse act. giving your password to someone else might be seen as aiding and abetting an attempt to gain illegal access to departmental systems.] (iii) a password may be changed by its owner but the new password must conform to security measures in force at the time. [currently these are that the password must be at least 6 characters, that it must not be a dictionary word, name, telephone number, car registration number or anything likely to be associated with its owner and it should not consist solely of lower-case letters. when choosing a password, be sure to select something that can be typed quickly, so that onlookers can not see what it is.] 3. account access (i) users must take reasonable steps to protect their own accounts from access by others: the owner will be held responsible for any improper use. in particular you must not allow any other person to login to your account. [if you need to share access to files and data with another user you should use e-mail. if you wish to allow more general sharing you can set general read permission on the file(s).] (ii) course lecturers and project supervisors may be given access to students' files related to coursework/project work if there is prima-facie evidence of plagiarism. (iii) the head of department (or his/her nominee) or systems and networks manager may authorise a member of system support staff to examine any file (including the mail spool) if there is reason to believe that these regulations are being contravened in any way. (v) large files on the student disks which appear not to be part of coursework assignments may be deleted at short notice to recover disk space. [this applies particularly to graphics, video and audio files (including
.gif, .bmp, .jpg, .mpg, .wav and .mp3 formats)] (vi) some accounts may be issued with a disk quota limit. this quota may be raised on application to the computer systems account manager. 4. use of the internet and the world wide web (i) any reasonable use of the internet is permitted, although users should bear in mind that the load placed on the network by excessive use (e.g. downloading large graphics, video or audio files) will degrade its performance for other users, not only in the department but also the university and even on a national scale. [university regulations 5(i) and 5(ii) are particularly relevant in the context of internet usage.] (ii) the department runs a firewall system which is designed to offer security to the internal network while enabling regular (academic related) work to continue with the minimum of disruption. a) the default policy on the firewall as of september 1st 1999 is to deny (block) unrecognised inbound traffic to the department. b) users wishing to enable new inbound services through the firewall should apply to the systems and networks manager to have the service approved. an application form is available which must include the host the service is running on, the type of protocol and the port number(s) in use. c) a number of inbound services are restricted to systems staff maintained servers only. these include: telnet, rlogin, rsh, ssh, pop, imap and smtp. d) a copy of the current firewall policy is available on request from the systems and networks manager. (iii) staff and students are allowed to maintain personal home pages on the web, hosted on departmental systems. [staff and research student pages may be on a research group machine or an infrastructure machine as determined by the systems and networks manager. all standard account web pages are held on the main ecs web server. some student-authored pages are hosted on the 'cslib' machine.] (iv) students may not operate web servers on computers attached to the departmental network (except for the 'cslib' server or approved final year student projects). (v) the departmental firewall restricts access to web servers from outside ecs. any research groups or individual staff members who wish to operate a web server on the departmental network must do so subject to the following conditions: a)all such servers must be registered. this is done via a request to the systems and networks manager which should include the host name, the ip address, the port on which the server listens, and a brief statement of the purpose of the server and a summary of the content. approved web servers will be enabled through the firewall. b)the welcome page of a server operated by an individual must display a
clear and unambiguous disclaimer saying that the department is not responsible for the content. c)except where prevailing legislation dictates otherwise, the department will accept no liability in respect of legal action arising out of the operation of a private server. the person registering a server accepts personal responsibility and liability. d)private servers will be sampled from time to time. any found to contain unacceptable material (whether enabled through the firewall or not) will be disabled. e)publicised and accurate details of the technical maintainer and content maintainer of every web server are required. the ecs webmaster will expect to have this information made readily available to him/her. [university regulation 5(ii) is relevant here. bear in mind that any web material appearing within the ecs.soton.ac.uk domain is liable to influence the image of the department and the university.] (vi) the use of computer systems to deliver bulk unsolicitied e-mail is forbidden. 5. network connection points i) departmental users wishing to connect new network devices to the departmental network should contact the systems and networks manager to obtain an internet protocol (ip) address for the device. the request should include location of the device, the (research) group the device belongs to, the desired name, and the primary contact person for the device. ii) users are not permitted to interfere with any element of the trunking, cabling, network equipment or office face plate of the data network without the expressed agreement of the systems and networks manager or a member of the systems support team. additional network cabling and/or active network equipment may only be fitted by a member of the systems support team. [university regulation 6(ii) is comparable here, though the authority within the department is the systems and networks manager.] iii) any network device believed to be causing problems for other services or users on the departmental network or the internet as a whole may be disconnected without notice by the systems and networks manager or a delegated member of the systems support staff.