Policies

The Columbia Law School Information Technology (CLS IT) department maintains policies about the use and security of its systems in the interests of protecting its users and ensuring the reliability of mission critical systems. All users of our facilities are expected to be familiar with these policies. Violations of CLS IT policies can lead to the suspension of computer account(s) pending investigation of circumstances. Serious violations CLS IT policy will be referred directly to the appropriate academic or outside authorities. Unauthorized use of University computing facilities can be a criminal offense. The penalties may be as severe as suspension or dismissal of enrollment, termination of employment from the University, and/or criminal prosecution by appropriate law enforcement agencies. 
 
Access/User Responsibilities: (back to top)
IT IS EVERY USER'S RESPONSIBILITY TO BE AWARE OF THIS POLICY.  Any user who finds a possible security lapse on any CLS IT system is obligated to report it to CLS IT. Don't attempt to use the system under these conditions until the system administrator has investigated and resolved the problem.  The user agrees to remain entirely liable for any and all activities conducted via the user's account.  Each user is responsible for all matters pertaining to the proper use of their account.  This includes choosing safe passwords, (e.g., passwords that are at least six characters long, are not found in any dictionary, and contain a combination of numbers and letters) and ensuring that file protections are set correctly (where applicable).  The CLS IT permits access to systems on the understanding that the information in those systems is confidential.  Each user must take appropriate measure to preserve the confidentiality of that information.  In addition, system and security administrators conduct regular reviews of file system security and  login names, including password checks.  Users found to have easily guessed passwords may be required to change them the next time they log on.  Users may not  share passwords and login accounts. Every user is provided with an account in his/her own name, accessible with a private password to access specific computer systems/resources maintained by CLS IT. These accounts are to be used solely for the performance of assigned faculty/student/administrator functions within CLS IT.  Individual CLS IT login names and/or passwords cannot be transferred to or used by another individual.  It is the responsibility of Departmental Supervisors to advise CLS IT when employees leave unexpectedly and/or with short notice so that the data in their accounts can be protected/deactivated/deleted.  Unauthorized attempts to gain access to another person's CLS IT login name and/or password or to gain privileged access or access to any account, applications, and/or data not belonging to you on any CLS IT system is not permitted.  No CLS IT system may be used to gain unauthorized access to other systems.  No CLS IT system may be used for unethical, illegal, or criminal purposes, or to damage any part of the CLS IT network or accounts on CLS IT network, as well as other networks or accounts on other networks.  Use of CLS IT facilities by outside individuals or organizations requires special permission from CLS IT and to the appropriate software vendors where applicable.  Use of any Columbia University or administrative system by individuals or organizations outside Columbia University requires explicit authorization from AIS/AcIS and all appropriate data custodians.  Use of CLS IT systems for commercial uses, except by approved outside organizations, is strictly prohibited. Such prohibited uses include, but are not limited to, development of programs, data processing or computations for commercial use and preparation and presentation of advertising material.  CLS IT reserves the right to prevent other Internet users from accessing its network, either in part or in whole, for any reason deemed detrimental to the CLS IT network or computer facilities.  

Conduct: (back to top)
Frivolous, disruptive, or inconsiderate conduct in the computer labs or terminal areas is not permitted.  Users are prohibited from using the CLS IT network or computer facilities for the purpose of harassing or threatening other people.  No CLS IT system may be used for playing computer games.  

Connectivity: (back to top)
The user is responsible for providing and maintaining the necessary cabling, hardware and software used for dial-up service at the user's site.  All telephone company installation and recurring charges are the user's responsibility.  It is understood that CLS IT does not own or control the telecommunications facilities used to access its network, except those specifically identified as belonging to CLS IT.  Dial-up accounts are not to be used for permanent network connectivity or nailed connections (connections that remain up even though no interactive usage occurs). 

Content: (back to top)
CLS IT exercises no control whatsoever over the content of the information passing through its network.  The user can not use the CLS IT network to transmit certain kinds of information which violates export control laws and regulations of the United States, whether that information is received abroad or by foreign nationals within the United States.  Since CLS IT exercises no control whatsoever over the content of information passing through its network, the entire burden of complying with such laws and regulations rests with the user. The user agrees to comply with such laws and regulations and to indemnify and hold CLS IT harmless from any damages it may suffer resulting from any violation of the export control laws of the United States. In short, transmission of any material in violation of any local, state, federal or international regulation(s) is prohibited.  This includes, but is not limited to, copyrighted material, material legally judged to be threatening or obscene, or material protected by trade secret. 
Copying, storing, displaying, or distributing copyrighted material using University systems or networks without the express permission of the copyright owner, except as otherwise allowed under the copyright law, is prohibited. Under the Federal Digital Millennium Copyright Act of 1998, repeat infringements of copyright by a user can result in termination of the user's access to University systems and networks. See information on copyright at http://www.columbia.edu/cu/help/copyright-info.html.  

Damages: (back to top)
CLS IT will not be responsible for any damage the user suffers from use of CLS IT network. This includes, but is not limited to, loss of data resulting from delays or service interruptions caused by CLS IT's own negligence, CLS IT's vendors, other third parties, or the user's errors or omissions.  Use of any information obtained via CLS IT's network is at the user's own risk.  CLS IT specifically denies any responsibility for the accuracy or quality of information obtained through its network.  The user agrees to indemnify and hold harmless CLS IT from any claims resulting from the user's use of the service which damages the user or another party. 

Data Integrity/Ownership: (back to top)
All data archived by CLS IT for recovery purposes is the property of CLS IT.  

Email: (back to top)
Electronic mail on all our systems is as private as we can make it.  Attempts to read another person's electronic mail or other protected files is prohibited and will be treated with the utmost seriousness.  The system administrators will not read mail or non-world-readable files unless absolutely necessary in the course of their duties, and will treat the contents of those files as private information at all times.  User's cannot use the CLS IT network to distribute unsolicited bulk electronic mail (UBE) or inappropriate commercial postings (spam) to Usenet newsgroups. UBE or spam directing recipients to a site served by CLS IT network is prohibited.  No CLS IT system may be used for sending nuisance messages such as chain letters and obscene or harassing messages.  Users are not allowed to "impersonate" other users or user groups, real or fabricated, by modifying email header information in an effort to deceive the recipient(s); i.e., email spoofing is specifically prohibited.  University policy prohibits the use of University resources to solicit contributions or support for any charity, except those authorized by the University.  

Resources: (back to top)
All users of CLS IT login names and administrative systems should be aware that these systems are CLS IT resources.  Many people use the CLS IT systems for daily work. Obstructing this work by consuming gratuitously large amounts of system resources or by deliberately crashing the machine(s) will not be tolerated.  It is the user's responsibility to comply with this policy by running large jobs at off-peak hours.  At no time may the user consume excessive network resources, including but not limited to, disk space, RAM, processor time, network bandwidth, etc., that could cause denial of service to other users of CLS IT resources.  

System Monitoring/Legal Action: (back to top)
All access, access attempts, and use are recorded in various system logs.  System and security administrators review the logs routinely in the course of their work.  Formal security audits including the review of system logs will occur at least twice yearly, and are subject to increase in frequency when abnormal and/or suspicious data is discovered during the course of regular system maintenance and/or monitoring.  CLS IT facilities and computer systems are for the use of authorized users only.  Individuals using CLS IT computer systems without authority, or in excess of their authority, are subject to having all of their activities on CLS IT computer systems monitored and recorded by system personnel.  In the course of monitoring individuals improperly using CLS IT computer systems, or in the course of system maintenance, the activities of authorized users may also be monitored.  Anyone using CLS IT computer systems implicitly consents to such monitoring and is advised that if such monitoring reveals evidence of criminal activity, system personnel may provide the evidence of such monitoring to law enforcement officials.  CLS IT reserves the right to cooperate with law enforcement to the extent permissible by law.  CLS IT's network may only be used for lawful purposes and in accordance with this policy.  This policy may be modified by CLS IT at any time.  Continued use of CLS IT's network following such modifications constitutes acceptance of this policy, as modified.  If any provision of this policy is held by a court of competent jurisdiction to be contrary to law, the remaining provisions of this policy will remain in full force and effect.  This policy supersedes all previous representations, understandings, or agreements and shall prevail not withstanding any variance with terms and conditions of any order submitted.  This policy shall be deemed to have been made in the city of New York, New York, and shall be construed in accordance with the laws of the State of New York. All actions or proceedings relating, directly or indirectly, to this policy shall be litigated only in courts located within the city of New York, New York.