Teaching Students About Responsible Use of Computers

There has been some discussion in Risks Forum recently about what action universities might appropriately take to instill a sense of ethics in the use of computers by their students. M.I.T.'s Project Athena provides some 800 networked engineering workstations for undergraduates to use in any way they find helpful to their education. Accordingly, Project Athena has assumed that one of its responsibilities is to open a discussion of ethical use with its user community. The primary action that Project Athena has taken is the publication of a set of principles . These principles are general, for the most part, following M.I.T.'s usual approach of appealing to basic concepts rather than spelling out many detailed rules. There is no claim that publicizing these principles completely solves any problem nor that it completely answers any question, but it does represent one organization's attempt to take a step in the right direction. Some version of these principles have been posted for about four years, and whenever we have an incident serious enough to ask a student to talk to the director, these principles have provided a useful starting point for the conversation.

Principles of Responsible Use of Project Athena

Project Athena is M.I.T.'s computing facility for education. It consists of a networked system of workstations and services, and includes communication features that offer many opportunities for members of the M.I.T. community to share information. With that ability to share comes the responsibility to use the system in accordance with M.I.T.'s standards of honesty and personal conduct. Those standards. outlined in the M.I.T. Bulletin under academic procedures, call for all members of the community to act in a responsible. ethical and professional way. What follows are guidelines in applying those standards to use of Project Athena facilities.

Intended Use

The hardware granted to Project Athena, and the software licensed for that hardware, are intended for educational use, broadly construed, by members of the M.I.T. community. Use of Athena resources by anyone outside M.I.T. requires approval of the provost, and the sale of such use is improper. The use of Project Athena's facilities for sponsored research activities that normally would make use of other M.I.T. facilities requires specific authorization of the director.

Privacy and Security

The operating systems used by Project Athena encourage sharing of information. Security mechanisms for protecting information from unintended access, from within the system or from the outside, are minimal. These mechanisms, by themselves. are not sufficient for a large community in which protection of individual privacy is as important as sharing. Users must supplement the system's security mechanisms by using the system in a manner that preserves the privacy of others. For example. users should not attempt to gain access to the files or directories of another user without clear authorization from the other user (typically that authorization is expressed by setting file access permissions to allow public or group reading). Nor should users attempt to intercept any network communications, such as electronic mail or user-to-user dialog. A shared program should not be stored or communicated on the systems. Examples of such personal information are grades or letters of recommendation.

System Integrity

Actions taken by users intentionally to interfere with or to alter the integrity of the system are out of bounds. Such actions include unauthorized use of accounts, impersonation of other individuals in communications, attempts to capture or crack passwords or encryption, and destruction or alteration of data or programs belonging to other users. Equally unacceptable are intentional efforts to restrict or deny access by legitimate users to the system.

Intellectual Property Rights

Some software and data that reside on the system are owned by users or third parties, and are protected by copyright and other laws, together with licenses and other contractual agreements. Users must abide by these restrictions. Such restrictions may include prohibitions against copying programs or data for use on non-Athena systems or for distribution outside M.I.T.. against the resale of data or programs or the use of them for non-educational purposes or for financial gain, and against public disclosure of information about programs (e.g., source code) without the owner's authorization. It is the responsibility of the owner of protected software or data to make any such restrictions known to the user.

Jerome H. Salter
Athena Project, M.I.T.

From Communications of the ACM, Vol. 32, No. 6, June 1989.
Copyright ACM

Last updated 94/12/06

Reprinted with permission on ACM under a blanket agreement with the Virginia Tech Educational Infrastructure Grant, 1993.