From the HelpCenter From the HelpCenter
| Suzie: It's so cool, Tamara. Bobby set his password to my name! Now whenever he logs in, he thinks of me. So I set my password to his name and birthday. I wouldn't want him to think that I love him any less than he loves me.
Tamara: Oh, yeah, you have to do that! While you're over there, will you log in for me? I want to see if Tom sent me mail about where to meet for dinner, but my nails are still wet. Like this color? It's Tropic Ooze. Suzie (giggling): Uhh, maybe you want to read this mail yourself... I think Tom is thinking about skipping dinner and going straight to dessert!
|
Now, a quick letter to senator.smith@senate.gov:
"Dear Bill, I hate you and I hope someone thinks to waste you before I get around to it.
Love, yer gun-toting buddy Quentin Q. Quarrell --
qqq200@nyu.edu."
Ed: I don't know, I had to register this network card and give them my name and everything. Are you sure it's okay?
Samantha: What's the matter, don't you trust me? I just have to go to this anthropology chat room that has all the info I need to finish this project. Otherwise, I'll fail this course! Pleeease?
Ed: Well, okay, I guess. It is for schoolwork, and I'm not telling you my password or anything, so it must be all right. Just let me finish up my Urdu homework first.
Suzie: Do you know some guy named Ed? He sent you a way creepy letter.
Tamara: Huh? Let me see that -- Eeewww! That's gross! He's a freak from my Urdu class -- I don't even speak to him. How'd he get my address? I'm going to report him to Campus Security!
 |
And now, a word from our sponsor...The problems we've seen so far on "As the E-mail Bounces" could have been prevented if the users had looked at the Rights and Responsibilities they accepted when they first activated their accounts. If you are interested in the full texts of all the statements, the documents are available at www.nyu.edu/its/standards/. |
"I understand that computer accounts are for sole use by the account owner, and I will not share my account with other individuals or use an account assigned to another individual."Often, users are the greatest threat to the security of their own accounts. Passwords are more often given away to friends than they are stolen by strangers. It's not a question of trusting your friends, but of trusting all the people that they know. And although the sharing Bobby and Suzie are doing seems harmless, almost cute, such a situation can easily turn ugly. The couple breaks up, and the once-trusted loved one is now an enemy with access to private information, and the ability to do a lot of damage in your name.
"Each holder of an ACF account, or of any school or departmental account permitting network access, has the responsibility to use resources ... in an ethical and legal manner."
"I will respect the privacy and reasonable preferences of other users (both at NYU and elsewhere on all connected networks), including the privacy of their accounts and data."
The firmest boundary of acceptable behavior is the law. Just because you're using a university account doesn't mean you are exempt from any federal, state or local laws -- including threatening a senator, which, by the way, is a felony. Additionally, the University Policy on Student Conduct further defines appropriate behavior within the NYU community.
Above and beyond laws and policies, we also expect you to behave ethically. The scenario above shows two lapses in judgement. By leaving himself logged in, Quentin left his account vulnerable to the mischief of others (see more on this in Scene 3). His mistake gave Tom the opportunity to behave unethically without fear of getting caught.
Scenes 3 and 4: Accountability
"I will take precautions to safeguard passwords and other privileged information to which I have been given access. Any passwords, verification codes or electronic signature codes assigned to me are for my individual use only. I will regard them as personal identifiers of my computer use, similar to my signature on a document."
"I understand that I am responsible for all actions performed from my computer account."
Letting other people use your account is the same as letting them pretend to be you. Anything that they do, you have done. But your computer also contains private information specific to you. Your computer has your name on it, just as your account does.
Ed let Samantha use his laptop, with an Ethernet card registered in his name and with network software such as Netscape or Eudora preset with his account information. Did he send the nasty e-mail to Tamara, or is Samantha causing trouble? From a network perspective, it doesn't matter. Every correspondence coming out of that machine is marked as his, whether he sent it or not. By sharing the laptop, he took responsibility for any mail that she sent.
So, what other trouble can students get themselves into around campus? Let's tune back in to "As the E-mail Bounces."
Paul: Yeah, the colors are cool and I love the movie, but can't you move that image over a bit? You can't see the top line of the order form.
Mary: Oops! We can't mess with the order form if the whole point is for people to buy our album. Man, this website is the Rockin' Balladeers' ticket to worldwide fame! Don't forget to put the banner ad for the record company at the bottom of the page, or else we won't be able to pay the rent on the studio next month. Good thing you get this page free from NYU or else we'd be rehearsing in a box on the street!
This is not an appropriate use of an NYU account.
"I understand that my access to NYU computing resources is for the sole purpose of facilitating my work as a University student, staff member or faculty member."We are a non-profit institution. Your account is to be used for educational purposes, not commercial purposes. You cannot make money from a business run through your account; you cannot provide advertising on your website for a commercial business; nor can you trade advertising on your page for services or other non-monetary compensation.
Bart: Nah, he's already ticked at me for the 'bot software I hid in his is7 account. Can we use it to redirect some of the traffic coming to your ftp site? We don't want anyone sniffing around to see your hacked copies of PhotoShop and Win98.
We all know that hacking is bad, don't we?
"I will respect the integrity and security of the systems and network, and will exercise care to maintain their security."
"I will not attempt to monitor other individuals' computer or network use, nor will I attempt to obtain their passwords or any other private information."
"I will not make unauthorized copies of software, or perform unauthorized installations of software or reconfigurations of systems."Hackers like these guys are most people's idea of a security threat. Not surprisingly, it is against our rules of service to enter or attempt to enter machines on which you do not have an account, or to monitor others' use of their own accounts. Because the is* systems are shared resources, this also means that you cannot install software of any kind on those servers.
Clearly, you cannot violate copyright laws by giving away pirated software, or "warez." That's illegal.
Staffer: Well, have you asked him to stop?
Caller: Loads of times, but he says we can't do anything to him! I even have a transcript of the last session, which I saved.
Staffer: You can e-mail a copy of the transcript to postmaster@nyu.edu and we can have our security staff follow up on the complaint. Just so you know, though, we won't be able to tell you about any measures taken against the user, since students are protected by privacy laws.
It seems that the man with the barking habit needs a lesson in respect.
"I understand that my use of computing resources accessed via NYU-NET -- whether provided by organizations within or outside the University -- may be subject to additional norms of behavior or regulations specific to the resource, which I agree to follow."We do not restrict the areas of the Internet that you can go to with an NYU account, nor do we tell you what you can say while you are out there. However, many chat services, public websites, moderated newsgroups and mailing lists have their own rules, and we expect you to abide by them. When you subscribe to such services or use them, take note of their rules. If you do not like them, do not use the service.
We also expect you to respect another user's request that you not correspond with them, either by e-mail or in a chat. If you keep writing to them, it could be considered harassment, which is also illegal.
When we get a complaint, we follow up on the report to check for truth and accuracy. First, we check public logs and information sent to us to make sure that they match and are not forged or changed in some way. If necessary, we also have the authority to go into your account to confirm, for example, the presence of illegally obtained software. Rest assured that this level of intervention is saved for only the most extreme cases.
"All persons accessing New York University computing resources will be held accountable for their conduct. As a matter of routine, use of NYU computer systems and NYU-NET is monitored and recorded by authorized University staff members in order to safeguard the security and smooth operation of these resources."Additionally, system administrators do general scans of the is* systems and NYU-NET to ensure consistent service and reasonable network traffic. Often, we catch people doing bad things because of network traffic spikes, which directly impact other users. When you bog down the network, you inconvenience many people you weren't intending to target, and we will find you.
"Any abuse or violation of the rules outlined here (or of other rules and practices governing the use of computer networks to which NYU is attached) will lead to account suspension and immediate review, with the possibility of account revocation, further disciplinary action in accordance with New York University rules and procedures, and referral to local, state and federal law enforcement authorities."If there has been a violation of the ACF standards, we will first call you in for a meeting with ACF security staff. However, if the offense is more serious, or happens repeatedly, the case may be referred to your dean (or supervisor in the case of an employee) for further follow up. If the actions violate the laws of the State of New York or the United States, we may also refer it to law enforcement officials.
While I have tried to amuse you, dear reader, with these stories, their message is quite serious. Actions that you take through your NYU-Internet account do not happen in a vacuum. We expect you to follow the standards of conduct dramatized here because transgressions of those standards can have serious consequences.![[ C ]](../icons/CSmFall98.gif){kind=icon}
Posted October 5,1998
|
|
|
|