use of departmental computer systems and networks by staff and students is

subject to the "university regulations for the use of computers, and voice
and data communication networks" (as listed in the calendar). the preamble
to these regulations states that

"these regulations have the status of regulations for discipline which apply
to all members of the university. any breach of these regulations will
automatically be considered a breach of discipline. in this context 'members
of the university' encompasses all staff (including those holding honorary
appointments), students and accredited visitors."

regulation 8 further provides that

"individual departments may lay down additional regulations at the

discretion of the head of department. these additional regulations have the
same status as the university regulations."

the remainder of this document contains a copy of the university regulations

and the supplemental departmental regulations currently in force.
explanatory comments and cross-references are given [in italic in brackets].

see also the computing services regulations,

* university telephony and computing regulations

disclaimer. the explanatory comments are provided for guidance only: they
are a personal interpretation of the relevant regulations and legislation.
this interpretation might not be shared by the university authorities in the
event of disciplinary proceedings.

i. university regulations
1. background
the use of computers is regulated by three acts of parliament - the data
protection act 1984, the copyright, designs and patents act 1988 and the
computer misuse act 1990. similarly the use of the public data telephone
networks is regulated by the telecommunications act 1984.

these and several other acts (including the obscene publications act 1978 as
amended by the criminal justice act 1994) identify a number of prohibited
actions related to the use of computers which, if proven in a court of law
may lead the perpetrator to a fine or imprisonment or both, or a suit for
damages in the civil courts. the following regulations are framed to remind
all members of the university of their legal obligations under these acts of
parliament. in addition, the use of computer software may also be subject to
the terms of licence agreements in which the university has entered and
which are enforceable by the licensor in the civil courts.

these regulations have the status of regulations for discipline which apply
to all members of the university. any breach of these regulations will
automatically be considered a breach of discipline. in this context `members
of the university' encompasses all staff, students and accredited visitors.
2. data protection
members of the university are allowed only to hold, obtain, disclose or
transfer personal data (as defined by the data protection act 1984) as
permitted by the university's current registration with the data protection
registry and in accordance with data protection principles as set out in
that act. if in doubt the university's data protection officer should be
consulted before any personal data is stored in a computer system.
3. copyright
members of the university will comply with the provisions of the copyright
designs and patents act 1988 (as amended) in relation to any computer
program or data set and shall not act in any way contrary to the terms of
any licence agreement applying there to.

[this is a formal way of saying "thou shalt not use pirated software". it is
an offence under this act to use unlicensed software: staff and students
must ensure that they have complied with the licensing requirements of any
software that they mount on a university or departmental computer system.
note also that copyright extends to data, and the act covers images and
other information published on the world wide web without the permission of
the copyright owner.]
4. computer misuse

i) members of the university are allowed only to use those computing

resources, data or voice communications facilities, which have been
allocated to them by the responsible computing management. the responsible
computing management is the head of department or dean of faculty concerned.
for groups which are not organised as departments, the head of the budgetary
group shall determine at what level the duties of the responsible computing
management shall be discharged.

ii) computing resources, including data and voice communications networks

may only be used for properly authorised purposes.

iii) computing, data and voice communications resources may only be used by
the person to whom they are granted. members of the university may not lend
or give resources to any other person unless they are explicitly authorised
to do so by the responsible computing management.

[in particular, students do not have authority to grant anyone else access
to the facilities that they have been given, and if they do so they will be
held responsible for what that other person does.]

iv) members of the university may not access, alter, erase or add to
computer material which has not been generated by them unless they are
explicitly authorised to do so by the responsible computing management.

[this is the wording that appears in the calendar. in fact, the act makes it
an offence to attempt such actions]

v) authorised users of computer systems must take reasonable care to prevent

unauthorised use of the computing resources allocated to them.

vi) members of the university may not use computer systems or networks in
such a way as to compromise the integrity or performance of the systems or
networks.

[these regulations cover the activity commonly known as 'hacking'. breach of

any of these regulations is prima facie evidence of an offence under the
computer misuse act.]
5. data and voice networks

i) members of the university must abide by any `conditions of use' of data

or voice networks which are published by the responsible computing
management for the protection of the integrity and efficiency of the
network.
[in particular, any use of the internet is subject to the 'conditions for
acceptable use' published by ukerna, the managing body of the janet network.
broadly speaking, anything related to academic work is permissible, and any
commercial activity is unacceptable. in case of doubt, members of the
department should consult the systems and networks manager.]

ii) members of the university must not cause obscene, pornographic,

discriminatory, defamatory or other offensive material, or material that
otherwise infringes a right or inherent right of another person to be
transmitted over the university, national or public networks, or cause such
to be stored in university computer systems.

[it is a criminal offence to publish pornographic material e.g. by including

such material in a web page. possession of pornographic images involving a
minor is a criminal offence: possession of other pornographic images is not
a criminal offence, but is nevertheless an offence against these
regulations. the reference to 'a right or inherent right' clearly prohibits
the publishing of copyright material. it is important to note that this
clause also covers material that might be construed as infringing the rights
of an individual under the equal opportunities act.]
6. codes of conduct
members of the university must observe fully the terms and conditions set
out in codes of conduct by which the university has agreed to abide, copies
of which are available in computing services.
7. withdrawal of service

i) the responsible computing management may withdraw access to facilities

from any user for the purposes of investigating a breach of these
regulations. any withdrawal of service lasting for longer than 2 weeks must
be notified to the user's head of department.

ii) the responsible computing management may withdraw access to facilities

from any user found to be guilty of a breach of these regulations.

[the department has a reciprocal agreement with computing services: if

services are withdrawn on departmental systems they will also be withdrawn
on computing services systems, and vice versa.]
8. additional regulations
individual departments may lay down additional regulations at the discretion
of the head of department. these additional regulations have the same status
as the university regulations.
9. liability

i) the university accepts no liability for the correctness of any results

produced using computer facilities, data or voice networks, for any failure
of equipment to produce results nor for any consequential loss or damage.

ii) the university will hold the individual user personally liable for any
costs or claims which may arise from any use of university computing and/or
communications facilities, whether authorised or not by the responsible
computing management.
ii. departmental supplemental regulations
1. computer accounts

all staff and students are given a departmental computer account with a
unique login name and password. to be granted an account the user must be
present in the departmental staff/student database.
guests and bona fide visitors to the department may be granted a temporary
account. to enable such an account the guest or visitor must contact a
departmental academic sponsor who, with the approval of their head of group,
then completes and submits a guest account application form to the
department manager. the department manager will add the user to the ecs
staff/student database and pass the user details to the computer systems
account manager for the account to be made. the guest must sign the request
and agree to abide by the departmental and university regulations, as well
as any further regulations on the application form. the sponsor is
considered liable for the guest's actions.
2. the account and password
the following regulations apply to all departmental accounts:

(i) the account is only to be used by its owner.

(ii) a password is assigned by the computer systems account manager when the
account is created: the user must change this immediately.

(ii) the password must not be divulged to anyone.

[see university regulation 4 which spells out the implications of the

computer misuse act. giving your password to someone else might be seen as
aiding and abetting an attempt to gain illegal access to departmental
systems.]

(iii) a password may be changed by its owner but the new password must
conform to security measures in force at the time.

[currently these are that the password must be at least 6 characters, that
it must not be a dictionary word, name, telephone number, car registration
number or anything likely to be associated with its owner and it should not
consist solely of lower-case letters. when choosing a password, be sure to
select something that can be typed quickly, so that onlookers can not see
what it is.]
3. account access

(i) users must take reasonable steps to protect their own accounts from
access by others: the owner will be held responsible for any improper use.
in particular you must not allow any other person to login to your account.

[if you need to share access to files and data with another user you should
use e-mail. if you wish to allow more general sharing you can set general
read permission on the file(s).]

(ii) course lecturers and project supervisors may be given access to

students' files related to coursework/project work if there is prima-facie
evidence of plagiarism.

(iii) the head of department (or his/her nominee) or systems and networks
manager may authorise a member of system support staff to examine any file
(including the mail spool) if there is reason to believe that these
regulations are being contravened in any way.

(v) large files on the student disks which appear not to be part of
coursework assignments may be deleted at short notice to recover disk space.

[this applies particularly to graphics, video and audio files (including

.gif, .bmp, .jpg, .mpg, .wav and .mp3 formats)]

(vi) some accounts may be issued with a disk quota limit. this quota may be
raised on application to the computer systems account manager.
4. use of the internet and the world wide web

(i) any reasonable use of the internet is permitted, although users should
bear in mind that the load placed on the network by excessive use (e.g.
downloading large graphics, video or audio files) will degrade its
performance for other users, not only in the department but also the
university and even on a national scale.

[university regulations 5(i) and 5(ii) are particularly relevant in the

context of internet usage.]

(ii) the department runs a firewall system which is designed to offer

security to the internal network while enabling regular (academic related)
work to continue with the minimum of disruption.

a) the default policy on the firewall as of september 1st 1999 is to

deny (block) unrecognised inbound traffic to the department.

b) users wishing to enable new inbound services through the firewall

should apply to the systems and networks manager to have the service
approved. an application form is available which must include the host the
service is running on, the type of protocol and the port number(s) in use.

c) a number of inbound services are restricted to systems staff

maintained servers only. these include: telnet, rlogin, rsh, ssh, pop, imap
and smtp.

d) a copy of the current firewall policy is available on request from

the systems and networks manager.

(iii) staff and students are allowed to maintain personal home pages on the
web, hosted on departmental systems.

[staff and research student pages may be on a research group machine or an

infrastructure machine as determined by the systems and networks manager.
all standard account web pages are held on the main ecs web server. some
student-authored pages are hosted on the 'cslib' machine.]

(iv) students may not operate web servers on computers attached to the
departmental network (except for the 'cslib' server or approved final year
student projects).

(v) the departmental firewall restricts access to web servers from outside
ecs. any research groups or individual staff members who wish to operate a
web server on the departmental network must do so subject to the following
conditions:

a)all such servers must be registered. this is done via a request to the
systems and networks manager which should include the host name, the ip
address, the port on which the server listens, and a brief statement of the
purpose of the server and a summary of the content. approved web servers
will be enabled through the firewall.

b)the welcome page of a server operated by an individual must display a

clear and unambiguous disclaimer saying that the department is not
responsible for the content.

c)except where prevailing legislation dictates otherwise, the department

will accept no liability in respect of legal action arising out of the
operation of a private server. the person registering a server accepts
personal responsibility and liability.

d)private servers will be sampled from time to time. any found to

contain unacceptable material (whether enabled through the firewall or not)
will be disabled.

e)publicised and accurate details of the technical maintainer and

content maintainer of every web server are required. the ecs webmaster will
expect to have this information made readily available to him/her.

[university regulation 5(ii) is relevant here. bear in mind that any web
material appearing within the ecs.soton.ac.uk domain is liable to influence
the image of the department and the university.]

(vi) the use of computer systems to deliver bulk unsolicitied e-mail is

forbidden.
5. network connection points

i) departmental users wishing to connect new network devices to the

departmental network should contact the systems and networks manager to
obtain an internet protocol (ip) address for the device. the request should
include location of the device, the (research) group the device belongs to,
the desired name, and the primary contact person for the device.

ii) users are not permitted to interfere with any element of the trunking,
cabling, network equipment or office face plate of the data network without
the expressed agreement of the systems and networks manager or a member of
the systems support team. additional network cabling and/or active network
equipment may only be fitted by a member of the systems support team.

[university regulation 6(ii) is comparable here, though the authority within

the department is the systems and networks manager.]

iii) any network device believed to be causing problems for other services
or users on the departmental network or the internet as a whole may be
disconnected without notice by the systems and networks manager or a
delegated member of the systems support staff.