Computer Misuse

All use of the computing and network facilities in the Department of Physics, as well as all other computing and network facilities throughout the University of Oxford and associated Colleges, is subject to certain rules. These rules concern what is considered unacceptable behaviour and misuse, as well as what may infringe licence terms or may be otherwise illegal. Note that all use is permitted for bona fide purposes only, and is subject to proper authorisation.

System administrators have the right to access users' files and examine network traffic, but only if necessary in pursuit of their role as system administrators, and they must conform to the advice given in Advice to IT Facility Providers. System Administrators must make all reasonable effort to avoid explicitly examining the contents of users' files.

Users must always give due consideration to the need to maintain the reputation of the Department, the University and its members.

The University and the Department regard computer misuse as a serious matter, which may warrant disciplinary (or even criminal) proceedings, and withdrawal of network access.

Misuse of computing and network facilities and unacceptable behaviour include (but are not limited to) the following:

• attempting to gain unauthorised access to a facility;
• making offensive material available over the Web;
• generating, sending or viewing pornographic material;
• using someone else's username and/or password;
• disregarding the privacy of other people's files;
• giving your username or password to someone else, or being otherwise careless with them;
• generating messages which appear to originate with someone else, or otherwise attempting to impersonate someone else;
• sending messages which are abusive or a nuisance or otherwise distressing;
• displaying offensive material in a public place;
• introducing programs with malicious intent;
• trying to interfere with someone else's use of the facilities;
• disregard for "computer etiquette";
• sending chain email;
• being wasteful of resources;
• software piracy (including infringement of software licences or copyright provisions);
• using the facilities for commercial gain without explicit authorisation;
• physically damaging or otherwise interfering with facilities.

Software Rules

The Software supplied by the Department, and computer-readable databases made available over the network, may be used subject to relevant licence agreements. The specific licences applying to individual items of software and data are available on request.

Policies agreed by the Physics department Computing committee

• The Physics Department Information Security Policy should also be consulted.
• The department has developed standardised managed, desktop systems for Windows, OSX and Linux with the expectation that these will meet the needs of the vast majority of Physics staff. Use of these systems ensures users can be well supported, the network and other shared resources are protected and reliable and that systems are compliant with licensing and copyright laws. Where users can demonstrate that their needs cannot be met by these offerings they should discuss the situation with IT support who will suggest an appropriate solution. In cases where other solutions are unworkable, the user may be given the right to manage a system themselves. [PMC approved Jan 2013]
• Users must consult a member of IT support staff before reloading their allocated desktop or laptop system.
• Users are not allowed to manually set the network address of any system unless permission is given by a member of ITSUPPORT.
• Users should not normally run as administrator unless required by specific applications. In particular, general web browsing as an administrator must be avoided.
• Certain applications may be disallowed on managed desktops when it is clear that they pose a risk to the network through security problems (such as difficulty in patching poorly written applications via central procedures). Currently, real player is the only example. Alternatives will be made available.
• The storage, duplication, sending or receiving of software which has the sole purpose to violate copyright or software licensing is forbidden. Examples of this are (but not limited to) Keygens or software cracks.
• The storage, duplication, sending or receiving of any software or data that violates copyright or intellectual property is forbidden.
• End users must be able to prove ownership of any software which has been purchased privately and then installed on departmental or university equipment. If software has been purchased privately, the user must keep some form of receipt or original licensing/activation information and produce on request.

Combined Higher Education Software Team (CHEST).

In general, all software and data use is subject to the Code of Conduct produced by the CHEST. The full Code of Conduct relating to the use of software or computer readable data provided through CHEST deals is available for inspection in the Help Area at CHEST.

Other Rules

Attention is drawn to the following other requirements relating to use of computing facilities in the Department (and elsewhere):

• The University IT rules
• Computer Misuse Act 1990 ;
• Data Protection Act 1998;
• General Data Protection Regulation. (University guidance)
• Copyright Laws;
• Federation Against Software Theft (FAST) guidelines;
• The UK academic network terms and conditions and acceptable use policy.

Excerpts from the Proctors' Memorandum Computer Misuse

The University regards computer misuse as a serious matter, which may warrant disciplinary action.

Use of computing equipment and computer software owned and/or controlled by the University (including computer networks and systems accessed via the network) is permitted for bona fide purposes subjected to the necessary authorisation. Use of such equipment, which has not been authorised, explicitly or implicitly, may lead to proceedings under the University's disciplinary procedures. The University reserves the right forthwith to withdraw the permission to use such equipment pending investigation of allegations of unauthorised use.

Unauthorised use of computing equipment may also give rise to legal proceedings under the provisions of the Computer Misuse Act 1990.

Explicit authorisation will normally, in the case of multi-user facilities, involve the assignment of a username and password for the purpose in question. In the case of smaller-scale facilities, such as a departmental micro-computer system open to general use, less formal authorisation procedures will often be appropriate.

Examples of implicit authorisation include services which are advertised by the University as being freely available, e.g. currently the LIBRARY and INFO Services on the University Data Network, or usernames on password-protected systems for which the password is openly published for use within the University. Implicit authorisation to use facilities not controlled by the University should not be assumed, as responsibility for regulating the use of such facilities lies within the organisations concerned.

Data Protection Act 1998

Any member of the Department holding or intending to keep personal data of any kind on a computer must comply with the provisions of the Data Protection Act.

Taken from the University of Oxford Proctors' Memorandum , General Regulations.

Data retention following departure

When users leave the department their accounts will be closed and the data in the home directories deleted after 90 days. This applies to all operating systems supported by Physics IT.

This matches the time that central University IT keeps data on OneDrive and Nexus 365 and is applied to meet GDPR regulations. Finishing IT use - Nexus365

If a user has data that will be required after they leave they should discuss this with their supervisor and the IT team before they leave. Research data referred to in papers should be stored according to the funding bodies requirements. The use of Oxford Research Archive may be considered. Other advice can be found on Research Data Oxford

Data that was stored in a group data area should be passed to the supervisor or the PI of the project they were working on. Personal data should not be stored on group data disks.