At Lehigh University information is a valuable asset and must be protected from unauthorized disclosure, modification, or destruction. Prudent information security policies, standards, guidelines, and procedures must be implemented to insure not only the safety and security of those within our community, but also insure that the confidentiality, integrity, and availability of information and associated services are not compromised, and the academic and business missions of the University can safely and successfully be maintained.
The following policy applies to the use of Lehigh University's computing and networking facilities and systems which include, but are not limited to, the computers, terminals, networks, printers and other peripherals, devices, data files, and software owned, maintained or managed by the University (the "Computer Systems and Facilities"). These policies also apply to the use of the Computer Systems and Facilities whether such use is initiated on the University’s campus or off campus as well as to any user owned (BYOD) devices utilized to connect to Lehigh’s network and information systems. Any network traffic exiting the University is subject to the acceptable use policies of the networks through which it flows, as well as to the policies listed here.
This policy applies to all users including employees, students, contractors, and all other 3rd parties whom access information systems owned or utilized by Lehigh University.
Access to the University's Computer Systems and Facilities is a privilege granted solely to the University’s registered faculty, staff, students, alumni, and guest users. Accordingly, the University reserves the right to limit, restrict or extend computing and networking privileges and access to its Computer Systems and Facilities. Suspected unauthorized use of any Lehigh University computer system, including use of an account not specifically assigned to you by the University is subject to monitoring (Electronic Communications and Privacy Act, 18 USC 2701-2711). Reference Enforcement (6.0 Enforcement below)
The Computer Systems and Facilities are to be used to support University-related activities and in accordance with the academic and business missions of Lehigh University. These activities include: Lehigh University courses, research projects, departmental activities, professional and scholarly activities, and related personal communications. Nothing in this policy is meant to limit legitimate faculty-supervised academic activities. All users of the Computer Systems and Facilities must act responsibly and maintain the integrity of these resources. All non-departmental servers (World-Wide Web, ftp, etc.) which are connected directly to any University network resource must be approved by Library and Technology Services prior to accessing the external network and all hosts may be monitored for use and systems compliance and restricted for any systems non-compliance or malicious, suspicious, or prohibited activity.
External computer and network IDs, for use on University Computer Systems and Facilities, must be authorized by the University.
Examples of prohibited uses include, but are not limited to, the following:
Disclosing the password of a computer or network ID entrusted to you or using a computer or network ID that was not assigned to you by the University to access Computer Systems and Facilities, unless the University has authorized multiple access for the ID.
Obtaining or attempting to obtain unauthorized access to another's computer or network ID.
Disguising or attempting to disguise the identity of the account or machine you are using in an identified malicious activity .
Impersonating any individual or entity or otherwise misrepresenting your affiliation with the University through the use of a Lehigh computer or network ID.
Using the Computer Systems and Facilities to gain or attempt to gain unauthorized access to remote computers.
Deliberately performing an act that will interfere with the normal operation of the Computer Systems and Facilities. This includes, but is not limited to, tampering with components of a local area network (LAN) or the high-speed backbone network, creating excessive network traffic or otherwise blocking communication lines, or interfering with the operational readiness of a computer.
Running or installing a program (or providing another person with a program to run or install) on any Computer System or Facility which could damage a file or computer system and/or reproduce itself. Such programs include but are not limited to, computer viruses, spyware, and worms.
Deliberately circumventing or attempting to circumvent data protection schemes or exploiting or failing to promptly report any security loopholes.
Violating the terms of applicable software licensing agreements and copyright laws. Such violations include but are not limited to making unauthorized copies of software.
Deliberately performing any act which is wasteful to the Computer Systems and Facilities or which unfairly monopolizes the Computer Systems and Facilities to the exclusion of others. These acts include, but are not limited to, sending mass mailings or chain letters, creating unnecessary multiple jobs or processes, or obtaining unnecessary output or printed material. Printing excessive copies of any documents, including resumes, theses, and dissertations, on Library and Technology Services printers is also prohibited.
Placing the following types of information or software on any Computer System or Facility or on any system connected directly to the Computer Systems and Facilities:
That which infringes upon the rights of another person;
That which violates the privacy of another person;
That which is abusive, profane, or sexually offensive to the average person;
That which consists of information which may injure someone else and/or lead to a lawsuit or criminal charges. Examples of such information include libelous statements, pirated software, destructive software, or copyrighted images and information without permission; or
That which consists of any advertisements for commercial enterprises.
Using the Computer Systems and Facilities to harass others. Harassment may include but is not necessarily limited to sending annoying, threatening, libelous, or sexually, racially, or religiously offensive messages through electronic means.
Monitoring or attempting to monitor another user's data communications.
Reading, copying, changing, or deleting another user's files or software (or attempting to do any of the foregoing), without permission from the owner.
Using the Computer Systems and Facilities for personal or financial gain; provided, however that the Computer Systems and Facilities may be used either directly or indirectly for personal or financial gain if such use is related to a valid University function and the user has obtained any necessary approvals.
Installing unauthorized wireless access points. All wireless access points on the Lehigh campus must be coordinated through Library and Technology Services and must conform to specified standards. Library and Technology Services reserves the right to block network access to any devices including wireless access point not conforming to these standards.
Using the Computer Systems and Facilities in violation of other policies of the University or in violation of the University Code of Conduct.
Using the Computer Systems and Facilities for academic dishonesty including plagiarism.
Using the Computer Systems and Facilities in any way that violates any applicable law, rule, or regulation or in any way that subjects the University to liability.
Misuse of Library resources. Electronic resources licensed by the Lehigh Libraries are governed by agreements that restrict access to the Lehigh University community and to visitors in the library buildings. Use is limited to individual, noncommercial purposes, without systematic downloading, distribution, or retention of substantial portions of information.
The above policies supplement the University Code of Conduct, which covers such acts as theft of computer services (including copyrighted computer programs), theft or mutilation of the University’s property such as equipment, and the unacknowledged or unauthorized appropriation of another’s computer program, or the results of that program, in whole or in part, for a computer-related exercise or assignment.
If any Computer System or Facility is threatened, the Computer Systems and Facilities may be monitored and user files may be examined under the direction of the Vice Provost for Library and Technology Services or the Lehigh Chief Information Security Officer. In addition, the University will comply with all governmental and law enforcement subpoenas, warrants, or orders requiring the examination of user files. The above policies supplement the University Code of Conduct, which covers such acts as theft of computer services (including copyrighted computer programs), theft or mutilation of the University’s property such as equipment, and the unacknowledged or unauthorized appropriation of another’s computer program, or the results of that program, in whole or in part, for a computer-related exercise or assignment.
Users are expected to notify Library and Technology Services about violations of applicable laws and policies and potential loopholes in the security of the Computer Systems and Facilities. Users are also expected to cooperate with Library and Technology Services in its operation of the Computer Systems and Facilities and in the investigation of misuse or abuse of the Computer Systems and Facilities.
Those who do not abide by these policies should expect at least suspension of computer privileges and possible action under standard University rules for misconduct and existing disciplinary, personnel, or judicial processes.
Offenders may also be subject to criminal prosecution under federal or state law, and should expect Library and Technology Services to pursue such action. As an example, under Pennsylvania law, it is a felony punishable by a fine of up to $15,000 and imprisonment up to seven years for any person to access, alter or damage any computer system, network, software or database, or any part thereof, with the intent to interrupt the normal functioning of a person (18 Pa.C.S. 7611(a)(1)). Disclosing a password to a computer system, network, etc., knowingly and without authorization, is a felony punishable by a fine of up to $15,000 and imprisonment of up to seven years, as is intentional and unauthorized access to a computer, interference with the operation of a computer or network, or alteration of computer software (18 Pa.C.S. 7611(a)(2) and (3)).
Employees found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
Information Security, firstname.lastname@example.org
Library & Technology Services
8A East Packer Ave,
Bethlehem, PA 18015
Lehigh University provides a leading-edge library and technology environment that enables flexibility, innovation, and effectiveness in all areas of the academic enterprise, including learning and the student experience, research, administration, community-building and outreach.
27 Memorial Drive West, Bethlehem, PA 18015