Duke Policies

Computing and Electronic Communication

Security and Privacy

The purpose of this policy is to establish and promote the ethical, legal, and secure use of computing and electronic communications for all members of the university community.

The university cherishes freedom of expression, the diversity of values and perspectives inherent in an academic institution, the right to acknowledgment, and the value of privacy for all members of the Duke community. At the same time, the university may find it necessary to access and disclose information from computer and network users’ accounts to the extent required by law, to uphold contractual obligations or other applicable university policies, or to diagnose and correct technical problems. For this reason, the ultimate privacy of messages and files cannot be ensured. In addition, system failures may lead to loss of data, so users should not assume that their messages and files are secure.

Neither the university nor its agents restrict the content of material transported across its networks. While the university does not position itself as a censor, it reserves the right to limit access to its networks or to remove material stored or posted on university computers when applicable university policies, contractual obligations, or state or federal laws are violated. Alleged violations will receive the same academic due process as any other alleged violation of university policy, contractual obligations, or state or federal laws.

Acceptable Use

In making acceptable use of resources you must:

  • Use resources only for authorized purposes.
  • Protect your userid and system from unauthorized use. You are responsible for all activities on your userid or that originate from your system. Your userid and password act together as your electronic signature.
  • Access only information that is your own, that is publicly available, or to which you have been given authorized access.
  • Use only legal versions of copyrighted software in compliance with vendor license requirements.
  • Be considerate in your use of shared resources. Refrain from monopolizing systems, overloading networks with excessive data, degrading services, or wasting computer time, connection time, disk space, printer paper, manuals, or other resources.
  • Seek pre-approval from OIT before deploying/using code that potentially impacts server resources or automates processes (e.g., in registering for classes).

In making acceptable use of resources you must not:

  • Use another person’s system, files, or data without permission (note that permission from an individual user may not be
    sufficient—some systems may require additional authority).
  • Give your password to another person (including to your parents). Contact the OIT Help Desk if you need assistance with giving other people authority to access your files or e-mail.
  • Use computer programs to decode passwords or access-control information.
  • Attempt to circumvent or subvert system or network security measures.
  • Engage in any activity that might be purposefully harmful to systems or to any information stored thereon, such as creating or propagating viruses, worms, or “Trojan horse” programs; disrupting services; damaging files; or making unauthorized modifications to university data.
  • Make or use illegal copies of copyrighted software or other copyrighted works, store such copies on university systems, or transmit them over university networks.
  • Use mail or messaging services to harass another person.
  • Waste shared computing or network resources, for example, by intentionally placing a program in an endless loop, printing excessive amounts of paper, or by sending chain letters or unsolicited mass mailings.
  • Use the university’s systems or networks for commercial purposes; for example, by selling access to your userid or by performing work for profit with university resources in a manner not authorized by the university.
The above list only addresses some of the most common issues that arise with regard to computing. All prohibitions found in applicable law and other university policies also apply to the computer systems.

Group E-mail

Large-scale e-mail communications within groups or units, including surveys, announcements, etc., require the implicit or explicit prior approval of that group or unit. In the case of such communications from outside the unit, the approval must always be explicit. Visit the OIT web site for full information at oit.duke.edu/about/policies/group-email-policy.

Note that the above computing policies are subject to change. For current policies, visit oit.duke.edu.

Last Updated: 8/9/2017 Policy Owner: OIT