The University at Buffalo has policies that define responsible use of
computers and networks. There are also federal, state and local laws governing
many interactions that occur on the Internet. You need to be aware of what
your responsibilities are and what the process is for adjudicating violations.
You also need to know what rights and responsibilities you have and how
you can get help if your rights are violated.
[UB thanks Cornell University for its graphic and content assistance
in the preparation of this document.]
Table of Contents
Student Conduct Rules
Conduct Rules set forth standards of behavior that apply to all
students. The Board of Trustees has authority over different sections
of the Rules, and the Rules are amended from time to time to foster a safe
and productive learning and living environment. Violations of university
policies, including computer usage policies, also constitute violations
of the Student Conduct Rules.
Violations of the Student Conduct Rules are handled by the Student Wide
Judiciary (SWJ) according to the procedures defined in the Rules. More
serious incidents (e.g., felonies) may be turned over to local and/or federal
law enforcement agencies, as appropriate. Individuals who feel they have
been victimized by computer abuse violations may choose to refer the matter
to the SWJ, or may choose to pursue the matter outside the university (for
example, through the civil or criminal courts).
All violations listed under the UB IT Computer and Network Usage
Policy and the UB IT Resources Conditions of Use Policy
are also violations of the Student Conduct Rules. To direct reports to
the most appropriate place, see the specific examples under the policies
below. In most cases, reports regarding alleged computer or network related
violations involving members of the UB community can be made directly to
the Computer Discipline Officer
UB IT Computer and Network
IT Computer and Network Usage Policy was developed in 1997 and applies
to all faculty, students and staff. The basic premise is that
use of a computer or network does not extend to whatever an individual
is capable of doing with it. Just because you are able to circumvent
restrictions or security, doesn't mean that you are allowed to do so.
Violations by students of the UB IT Computer and Network Usage
Policy are handled by the Student Wide Judiciary according to the procedures
defined in the Student Conduct Rules. Violations by faculty and staff
handled by their supervisor or chair, who may handle it directly, or may
refer it to Human Resources. Alleged violations of this policy can be reported
directly to the Computer Discipline Officer.
If the person responsible is not affiliated with the university, or cannot
be identified, the incident should still be reported to the Computer
Discipline Officer. In addition, some instances may violate federal
Federal computer security violations
for more information.
Examples (not a comprehensive list) of policy violations include:
accessing, or attempting to access, another individual's data or information
without proper authorization (e.g. using another's UBIT Name and password
to look at their personal information)
obtaining, possessing, using, or attempting to use someone else's password
regardless of how the password was obtained (e.g. password sharing)
tapping phone or network transmissions (e.g. running network sniffers
making more copies of licensed software than the license allows
(i.e. software piracy)
sending a crippling number of files across the network (e.g. e-mail
"bombing" or "spamming")
releasing a virus, worm or other program that damages or otherwise harms
a system or network
preventing others from accessing services
unauthorized use of university resources
sending forged messages under someone else's UBIT Name (e.g. sending
hoax messages, even if intended to be a joke)
using university resources for unauthorized purposes (e.g. using
personal computers connected to the campus network to set up web servers
for illegal, commercial or profit-making purposes)
unauthorized access to data or files even if they are not securely protected
(e.g. breaking into a system by taking advantage of security holes, or
defacing someone else's web page)
UB IT Resources Conditions
of Use Policy
The UB IT
Resources Conditions of Use Policy is an official university policy
that applies to all faculty, students and staff. It deals with authorized
and responsible use, and serves as a supplement to the UB IT Computer
and Network Use Policy. Report alleged violations to the Computer
All students at UB pay a technology fee to provide for a robust and up-to-date
information technology (IT) infrastructure on campus. This technology fee
does not provide an absolute right for access to the IT infrastructure, but is
coupled with its responsible and legal use, as detailed in this document and
What are some violations
of University at Buffalo policy?
The section on University-wide Policies and Codes
describes what activities constitute responsible use as well as violations.
Following is more detail about some violations that CIT frequently gets
Sharing UBIT Names and passwords (unauthorized
Your UBIT Name and password are provided only for your use. UBIT Names
provide access to a wide range of services that are restricted for use
by you personally (such as UBlearns, grades, address information, bursar
bill, registration, etc.) and are restricted for use by the UB community.
If you share your UBIT Name with spouses, family members, friends or roommates,
then you are giving them access to services they are not authorized to
use. They will also have access to all of your personal information. They
may even embarrass you by posting to a news group in your name or by modifying
your web page.
DO NOT SHARE YOUR PASSWORD WITH ANYONE. If you suspect that
someone may have discovered your password, change it immediately.
DO NOT USE ANYONE ELSE'S PASSWORD. Using someone else's password
to access services or data is also a violation of policy, regardless of
how the password was obtained.
Chain e-mail and hoaxes
The most important thing to remember is if you get chain e-mail, do
not help propagate it. Chain e-mail usually contains phrases like "pass
this on", "forward - do not delete", "don't break the chain", "this is
safe, don't worry", "let's see how long this takes to get back to the start",
"this has been around the world 20 times", "7 years of good luck!", "I
don't wanna die", "your mom would want you to do this", etc. Often there
is some story about how lucky a person has been since they forwarded the
chain e-mail, or how unlucky they were because they didn't. Sometimes chain
e-mail is disguised - it tells of some kid who is dying and wants post
cards, or it warns about e-mail viruses or internet shutdowns. Don't fall
for it. It's all chain mail and it's designed to get you to forward it.
In recent years, chain mail hoaxes of various sorts have become
widespread on the Internet. Some are virus warnings like "Good Times",
"PenPal", and "Irina". Others are like the "Naughty Robot" that claims
to have all your credit card numbers. They tell you to forward the "warning"
to everyone you know. Most hoaxes start out as pranks, but often live on
for years, getting passed around by new people who have just joined the
Internet community. Don't believe every warning you get via e-mail. You
should not pass these warnings on unless you verify the authenticity. You
should contact the CIT HelpDesk or check out one
of the many sites on the Internet that track hoaxes:
If you get chain e-mail from someone with a UB e-mail address, you
can report it to the Computer Discipline Officer.
You will need to include a copy of the chain e-mail in your report. In
most cases, a first offense results in a warning. Subsequent offenses result
in a referral to the Student Wide Judiciary for disciplinary action. If
you get chain e-mail from someone not affiliated with UB, you can reply
to the sender and let them know you are not happy about getting chain e-mail
from them, or you can delete and ignore it. If you choose to complain,
follow the instructions in Reporting
incidents to other sites. Most places have policies regarding the propagation
of chain e-mail and will deal with it on their end.
Electronic communication that is repeated and unwanted may constitute
harassment. In general, communication targeted at a specific individual
with the intent to harass or threaten is a violation of UB policy. If you
receive unwanted e-mail or other form of communication, you may want to
consider notifying the sender that it is unwanted. Many times a person
will not realize that their communication is unwanted unless you tell them.
If the sender continues to communicate after being placed on notice, or
if you feel uncomfortable confronting the sender, the incident should be
reported to the Computer Discipline Officer. You
should also contact the UB campus police (Bissell Hall, or 645-2222)
if the situation is potentially serious and requires immediate attention.
electronic copies of anything that can be used as evidence.
Altering electronic communications to hide your identity or impersonate
another person is considered forgery. All e-mail, news posts, or any other
form of communication using university systems should contain your name
and/or UBIT Name. Forgery includes using another person's identity or using
an identity that's fake (like god@heaven or anon@nowhere). Forgeries intended
as pranks or jokes are still considered violations.
Tapping phone or network transmissions
Running a network "sniffer" program to examine or collect data from
the network, including wireless networks, is considered tapping a network.
Flooding someone with numerous or large e-mail messages in an attempt
to disrupt them or their site is known as "e-mail bombing". Often this
is done to retaliate because someone has done something annoying. But more
often than not e-mail bombing will either cause problems for your local
system or disrupt service for thousands of other innocent bystanders. If
you are having a problem with someone, pursue an acceptable method to report
the situation. If it's a UB person, then contact the Computer
Discipline Officer. If it's someone outside of UB, then follow
the instructions in Reporting
incidents to other sites.
Interfering with activities of others
This can be any activity that disrupts a system and interferes with
other people's ability to use that system. In some cases, consuming more
than your "fair" share of resources can constitute interference. Some examples
e-mail bombing that causes a disk to fill up, the network to bog down,
or an e-mail application to crash;
posting many messages to a single news group or mailing list making it
difficult for subscribers to carry on their normal discussion;
running a server with a file-sharing application that slows down the network
by consuming excessive bandwidth.
As stated in the UB IT Computer and Network Usage Policy, legitimate
use of a computer or network does not extend to whatever an individual
is capable of doing. In some cases, operating systems have security holes
or other loopholes that people can use to gain access to the system or
to data on that system. This is considered unauthorized access. If someone
inadvertently turns on file sharing on their personal computer, you do
not have the right to read or delete their files unless you have been given
explicit permission from the owner. This is much like accidentally leaving
your house door unlocked. You wouldn't expect a burglar to use that as
an excuse for robbing you.
Commercial use of university resources
Using e-mail to solicit sales or conduct business, setting up a web
page to advertise or sell a service, or posting an advertisement to a news
group all constitute commercial use. Even if you use your own personal
computer, but you use the university's network (either from a dorm room,
office or via dial-up access from home), you are in violation of the policy.
Occasional, casual sales are allowed; UB provides a convenient facility in the
Because UB is a state supported institution, the use of any of its
facilities, including computers and networks, for political activities is
strictly forbidden. Political Activities include but are not limited to: campaigning
or fundraising. However, this not intended in any way to restrict the
usual academic and personal discussions in the area of politics.
Everything listed under What is illegal under
local, state and federal laws? is a violation of university policy.
This is not a comprehensive list, but it contains the activities most frequently
What are NOT violations
of University at Buffalo policy?
Dealing with Unsolicited e-mail (spam)
The amount of unsolicited e-mail (spam) has increased as more
people take advantage of Internet communications. You get things like this
in the U.S. Postal mail on a regular basis - catalogs, advertisements,
solicitations, and political propaganda are some examples. This form of
speech is usually protected under the first amendment, even though some
people may find some of the content objectionable. UB does not monitor
or censor e-mail and therefore cannot prevent the flow of spam. You
can either delete and ignore spam (this is the recommended approach)
.Do not reply to the sender, even to request to be removed from
the list, as this is often a ploy to verify that your email address is
valid. Many people ask why the university does not put a stop to junk mail.
Most junk mail comes from sites around the Internet, not from within UB.
We have no control over what these sites send and cannot distinguish unwanted
junk mail from e-mail that people want to receive.
Uncivil, antagonistic or derogatory speech that is disrespectful of
classes of people is commonly referred to as hate speech. Although hate
speech may be extremely offensive (particularly to members of the targeted
group), posting hate speech does not generally constitute a violation of
university policies. This is because, especially as an educational institution,
UB is committed to the protection of freedom of expression. In exceptional
cases, however, the university may decide that hate speech directed to
classes of individuals presents such a hostile environment that certain
restrictive actions are warranted. Refer to the Responsible
Use of Electronic Communications policy for more information.
Possession of adult material is not a violation of policy unless the
material is illegal. See sections below on Obscenity,
Pornography, and Distribution of Pornography
to Minors. UB does not monitor or censor newsgroups, email or any other
electronic communications. However, if you would like to set up your personal
computer to block pornography, you can obtain one of the many tools available
for this purpose. These include
Patrol, Net Nanny, and
Because the university does not censor adult materials, these materials
are easily accessible on the network. If you are concerned about exposing
your children to such materials, this is another reason why YOU SHOULD
NOT SHARE YOUR PASSWORD with them. In any case, please remember that it
is a violation of university policy to share your password with anyone,
including members of your family.
What is illegal under
local, state and federal laws?
Any activity that is illegal is a violation of UB policy. Alleged violations
will be referred to the campus Judicial Administrator. In addition, offenders
may be investigated and/or prosecuted by the appropriate local, state or
federal authorities. For more information on the law, check out Cornell
Law School's Legal Information Institute.
Child pornography, material that depicts minors in a sexually explicit
way, is illegal. Under the federal child pornography statute (18
USC section 2252), anyone under the age of 18 is a minor. States also
have child pornography statues and the age of minority varies by state.
uploading or downloading child pornography is a federal offense.
is also illegal to advertise or seek the sale, exchange, reproduction or
distribution of child pornography. Lewd exhibition of genitals can constitute
sexual conduct and therefore, any graphic files containing images of naked
children could violate the federal child pornography statute.
Distribution of pornography to minors
Possession of non-obscene adult pornography is legal, but it is illegal
to distribute to minors.
Obscenity is illegal. Virtually every state and municipality has a
statute prohibiting the sale and distribution of obscenity, and the federal
government prohibits its interstate transportation. The Supreme Court in
Miller v. California, 413 U.S. 15, (1973), narrowed the permissible scope
of obscenity statutes and applied this three part test to determine constitutionality:
(a) whether the average person applying contemporary community standard
would find the work, taken as a whole, appeals to the prurient interest;
(b) whether the work depicts or describes in a patently offensive way sexual
conduct specifically defined in applicable state law; and (c) whether the
work taken as a whole lacks serious literary, artistic, political, or scientific
The contemporary community standard is historically the standard of
the community in which the material exists. Many online activist argue
that the contemporary community standard in cases that arise online ought
to be determined by the online community. However, a federal prosecution
of a California couple that offered a members-only bulletin board service,
concentrating on pornography, resulted in a conviction of the California
couple under the federal obscenity statute and Tennessee community standards.
In that case a postal worker in Memphis downloaded some material from this
California bulletin board service. See United
States v. Thomas, 1996 U.S. App. LEXIS 1069 (6th Cir. Jan. 29, 1996).
Scams and pyramid schemes
Beware of money-making "opportunities" on the Internet. A common scam
is the pyramid scheme. You get an e-mail message with a subject like "MAKE
MONEY FAST" and it instructs you to send money to the people on the list
and then add your name to the bottom of the list and send it on to some
number of people. At UB, this is considered chain mail, but it is
also illegal under 18
U.S.C section 1302. The US
Postal Service and the Federal
Trade Commission provide information to help individuals identify scams
and report them. Pyramid schemes that use US Postal mail to send money
are considered mail fraud and can be reported to the USPS.
Almost all forms of original expression that are fixed in a tangible
medium are subject to copyright protection, even if no formal copyright
notice is attached. Written text (including e-mail messages, news posts,
and web pages), recorded sound, digital images, and computer software are
some examples of works that can be copyrighted. Unless otherwise specified
by contract, the employer generally holds the copyright for work done by
an employee in the course of employment.
Copyright holders have many rights, including the right to reproduce,
adapt, distribute, display, and perform their work. Reproducing, displaying
or distributing copyrighted material without permission infringes on the
copyright holder's rights. However, "fair use" applies in some cases. If
a small amount of the work is used in a non-commercial situation and does
not economically impact the copyright holder it may be considered fair
use. For example, quoting some passages from a book in a report for a class
assignment would be considered fair use. Linking to another web page from
your web page is not usually considered infringement. However, copying
some of the contents of another web page into yours or use of video clips
without permission would likely be infringement.
Unauthorized duplication, distribution or use of someone else's intellectual
property, including computer software, constitutes copyright infringement
and is illegal and subject to both civil and criminal penalties. The ease
of this behavior online causes many computer users to forget the seriousness
of the offense. As a result of the substantial amounts of money the software
industry loses each year from software piracy, the software companies enforce
their rights through courts and by lobbying for and getting stiffer criminal
penalties. It is a felony to reproduce or distribute ten illegal copies
of copyrighted software with a total value of $2,500 within a 180 day period.
Penalties for a first time felony conviction of software piracy include
a jail term of up to ten years and fines up to $250,000.
Sound recording piracy
Another form of copyright infringement is the unauthorized duplication
and distribution of sound recordings. Online piracy is increasing as many
people use the Internet to illegally distribute digital audio files (e.g.
MP3 format). The Recording Industry Association of America (RIAA) monitors
the Internet daily and scans for sites that contain music. They have been
successful in getting the sound recordings removed from those sites. You
can report violations to the RIAA directly (see section on Outside
Federal copyright law grants the copyright owner in a sound recording
(typically, a record company) the exclusive right to reproduce, adapt,
distribute and, in some cases, digitally transmit their sound recordings.
Therefore, the following activities, if unauthorized by the copyright owner,
may violate their rights under federal law:
Making a copy of all or a portion of a sound recording onto a computer
hard drive, server or other hardware used in connection with a web site
or other online forum. This includes converting a sound recording into
a file format (such as a .wav or mp3 file) and saving it to a hard drive
Transmitting a copy or otherwise permitting users to download sound recordings
from a site or other forum; and/or
Digitally transmitting to users, at their request, a particular sound recording
chosen by or on behalf of the recipient.
If you reproduce or offer full-length sound recordings for download
without the authorization of the copyright owner, you are in violation
of federal copyright law and could face civil as well as criminal penalties.
statements on your web site, such as "for demo purposes only" or that the
sound files must be "deleted with 24 hours," does not prevent or extinguish
this liability. See Copyright infringement
for more information on what is considered "fair use".
There are several entities you may need to contact before you can use
recorded music online. First, you should understand that the copyright
in a sound recording is distinct from the copyright in the recording's
underlying musical composition. Thus, even if you have secured the necessary
licenses for publicly performing musical compositions (from, for example,
ASCAP, BMI and/or SESAC) or for making reproductions of musical compositions
(from, for example, the Harry Fox Agency), these licenses only apply to
the musical composition, not the sound recording. Licenses to utilize particular
sound recordings must be secured from the sound recording copyright owners
-- generally the record company that released the recording.
Federal computer security violations
The primary federal statute regarding computer fraud 18
U.S.C section 1030 was amended in October, 1996 to protect computer
and data integrity, confidentiality and availability. Examples of violations
theft of information from computers belonging to financial institutions
or federal agencies, or computers used in interstate commerce;
unauthorized access to government computers;
damage to systems or data (intentionally or recklessly);
trafficking in stolen passwords;
extortionate threats to damage computers.
Bomb threats and hoaxes
It is illegal to send a message via e-mail that threatens other persons
or property. While this might seem obvious, every year a number of individuals
send what they believe are "hoax messages". Such messages may be investigated
by federal authorities with the result that the senders end up with their
names in the files of the FBI and/or CIA. This is not an exaggeration!
It also violates UB's policies to send certain kinds of hoax messages
(for example, April Fool's jokes that appear to be from a professor or
some other university official). Such hoaxes constitute forgery and will
be referred for appropriate disciplinary action.
Useful Contact Information
This page is developed and maintained by the Computer
Discipline Officer of Academic Computing, CIT. Please write to us
with your feedback.
Student Wide Judiciary (SWJ), 252 Capen Hall, (716) 645-6154,
Open to students, this office handles complaints of alleged violations
of the Student Conduct Rules.
UB Campus Police, Bissell Hall, (716) 645-2222,
web site: www.public-safety.buffalo.edu
This office accepts reports of possible criminal or illegal activities
and is open 24 hours. All serious or potentially dangerous incidents should
be reported to the police immediately.
CIT HelpDesk, (716) 645-3542, web site: www.cit-helpdesk.buffalo.edu
Open to anyone, this office assists in diagnosing and troubleshooting
Computer Discipline Officer, (716)
Open to anyone, this office accepts complaints of alleged violations
of computer and network policies and works with appropriate authorities
to investigate and prosecute, as needed. This office accepts and investigates
reports of security incidents, including system compromise (hacking), denial
of service, or unwanted connections (scanning or probing).
Copyright Infringement Agent, E-mail:
Open to anyone, this office investigates allegations of copyright infringement
under the Digital Millennium Copyright Act.
Office of the University Ombudsman, 252 Capen
Hall, (716) 645-6154
Open to all members of UB, this office assists in resolution of problems
and conflicts within the UB community.
Office of Equity, Diversity, and
Affirmative Action Administration, 406 Capen Hall, (716) 645-2266, E-mail:
Open to UB faculty, staff and students, this office handles allegations
of discrimination, sexual harassment, and other forms of harassment.
Group Legal Services (GLS), 366 Student Union,
call for appointment: (716) 645-3056
This office provides free assistance to UB students charged with violations
of the Student Conduct Rules.
Last updated May 19, 2004