University Times

Tired of getting electronic junk mail, commonly known as SPAM? Received any unwanted e-mail advertisements lately? Computing and Information Services (CIS) would like to hear about your bothersome electronic clutter — especially instances containing inaccurate or offensive material — and asks that you send copies of un-asked-for messages electronically to them at: abuse@pitt.edu Robert Pack, vice provost for Academic Planning and Resources Management and interim director of CIS, acknowledged that junk e-mail is prevalent today. "The Internet is becoming more and more a public utility. It's being used by everybody for every purpose. But most of it is still not, generally speaking, illegal. We're in exactly the same environment as junk mail delivered to your home. There is free speech protection. It doesn't lend itself readily to regulation." But Pack said the University does have policies that deal with unsolicited e-mail. There are three kinds of potential violations: messages sent from University computers to the outside; those sent from the outside to University personnel; and those internal to the University. "In all these cases, University resources are involved, and so CIS is involved," Pack said. "Our function is largely fact-gathering. We do not prosecute per se; we turn over information regarding complaints to the proper channels." For example, a student misusing computer resources by sending non-academic material electronically is violating Pitt's student code of conduct guidelines and would be reported to the Student Judicial Board. Similarly, a faculty or staff member would be reported to the head of that person's unit and would be warned to stop the practice.

Pitt's Computer Access and Use Policy (policy number 10-02-05, in effect since 1993) covers internal University usage. In part, the policy states:

* University-owned computing equipment may be used only by faculty, staff and students for recognized instructional, research or administrative purposes within the University;

* Using a computer, computer system, computer network, or any other University property to devise or execute a scheme or artifice with the intent to defraud, or for the purpose of obtaining money, property, services, or any other property of value by means of false or fraudulent pretense or representation is prohibited.

According to the policy, violations could result in loss of computing privileges, suspension, termination, expulsion from the University or legal action.

George Mathews, data security officer at CIS, said, "We would hope people would alert us to any of these kinds of messages as well as those from the outside." According to Mathews, policies regarding unsolicited e-mail from non-University sources are necessarily non-specific because the law lags behind technology. "But CIS does what it can to deal with the problem," Mathews said. "Commercial or external [to the University] unsolicited e-mail is a violation of 'net-iquette,' — it drains people's resources and time — and we try to stop that, too." Mathews leads the CIS "incidents response team," which works with individual units, the general counsel's office and, if necessary, law enforcement officials.

"We track down the source of unsolicited e-mail and contact the source directly and we alert the company that provides the service to the source, like [America On-Line], and notify them that a subscriber may be violating their policies, as well," Mathews said. "We typically get about 10-12 complaints a month about unsolicited e-mail," he said. Usually, a warning is all that is needed and the e-mails stop. "The old adage, 'A word to the wise…' usually puts an end to it," Mathews said. "People sometimes say, 'Oh, I didn't know I was doing anything wrong.'" However, sometimes messages can create problems, as when an unsolicited e-mail from a local business promoting a sale was sent to a couple hundred people last December with false information about the Uni-versity's flexible spending account benefit. Human Resources responded to the inaccurate e-mail message by issuing an Audix announcement correcting the information and warning that "The University does not endorse or authorize solicitation on campus via any means, including e-mail." (The flexible spending accounts' plan year is July 1, 1998, through June 30, 1999. The deadline for dates of service of eligible expenses is June 30, 1999, according to Nancy Gilkes, Human Resources benefits manager.) Pack said the University does not give out e-mail lists for anything but small-group internal messages that relate to academic or research information, such as a department alerting all majors of a change in requirements. "We don't even let anyone have, say, the list of all freshmen for anything. "But e-mail lists are easy to generate," Pack said. "You can do web searches for names. You can just look in Pitt's phone book. There's no institutional way to stop people from creating the lists.

"Regarding unsolicited e-mail, we evaluate the content of the message for apparent violations of policy," Pack said. He said considerations include: Is this a message that merits a warning? Is it more serious than an annoyance? Is it offensive or inappropriate? Is it illegal? Messages that are suspected of illegality — for example, disseminating child pornography — are passed on to the Office of General Counsel, Pack said. "We compile the evidence. We determine the facts and prepare the record. That's our role." Pack said CIS does not review an alleged violator's record, monitor other activity or do any extra investigation. "Our role is to properly dispose of an incident," he said. He also said that CIS does not notify the complainer of any outcome, but asks that anyone who files a complaint to alert CIS if the unsolicited e-mails continue. "I get unsolicited e-mails with advertising all the time," Pack said. "Some of them have a mechanism for removing yourself from their list: clicking on a 'Take me off your subscription,' button, or something like that. I think that option is happening more and more." He recommends discretion in reporting unwanted e-mail. "Common sense says these messages may be an annoyance, like home junk mail, but, just like junk mail, sometimes a person will be interested, in a magazine subscription or some sort of advertising. If you're not, you throw it in the trash. You don't necessarily complain to the company." Pack urges computer users to avoid opening attachments to e-mail from an unfamiliar source without first saving them as a file. "If you open an attachment directly without saving it as a file it may have a virus. That's why all our computers are ordinarily set to alert you to save as a file as a first option," he said.

–Peter Hart