University Times

Pitt employees may occasionally use office computers to touch up their resumes or send personal e-mail — assuming it's not obscene, libelous or harassing — without risk of being fired or prosecuted.

But aside from incidental use, Pitt-owned computer equipment should be used for University business, teaching and research.

Non-academic, commercial activities are prohibited, although faculty and staff may use Pitt electronic resources for professional consulting work as long as it's related to their University duties and/or academic disciplines, the employee's supervisor approves, and the employee isn't acting as a broker of services for external organizations.

Those are among the guidelines in a proposed revision of a Pitt policy governing access to, and use of, University electronic resources.

The revised document also addresses e-mail and voice-mail privacy issues. (One piece of advice: Never assume that pushing a "delete" button purges electronic files and messages forever.) And it outlines a process for reporting suspected computer-related fraud, harassment and other e-crimes.

The revision has been in the works since 1996, when Chancellor Mark Nordenberg asked Vice Provost for Research George Klinzing to head a committee on e-mail/v-mail privacy. The committee recommended revising outdated University policies on access to, and use of, University-owned electronic resources.

This month, Faculty Assembly and Senate Council joined Klinzing's committee and the Deans Council in endorsing the revised documents. Following the June 8 Senate Council vote, Chancellor Nordenberg stopped short of saying he will give final approval to the revisions as written, but said he supports their general aims.

Some of the prohibited acts cited in the revised document are plainly criminal — for example, using a computer, system or network with intent to forge, defraud or harass. Others may be less obviously sinful, such as clogging network services with electronic chain mail or large-scale, indiscriminate postings, i.e. "spams." Under the proposed policy, disciplinary actions would range from loss of computing privileges to termination of employment and even legal action, depending on the violation.

The document warns that deleted files and messages "may exist on the system or backup tapes for a considerable amount of time" and that passwords do not guarantee privacy or security.

The proposal would forbid random or systematic monitoring of employees' electronic communications. Supervisors and administrators would violate University policy if they viewed files marked "private" or that even appeared to be private in nature.

However, the University could monitor electronic communications and access files if there was a reasonable suspicion that users were breaking federal, state or local laws; violating Pitt policy, rules or regulations; or disrupting computer networks or systems.

The proposal states: "Such monitoring or access shall be done only by an administrator or the applicable electronic communications facilities, with the approval, or at the direction, of the head of the responsibility center for such electronic communications facilities, or at the direction or with the approval of an officer of the University."

— Bruce Steele