Every employee who uses a SAO computer has responsibilities that are
described in Smithsonian Staff Handbook 1600. The following are some key points from that
Use SAO computers carefully, appropriately, and responsibly. As a general rule, use SAO
computers only for SAO related work.
Do not copy software in violation of copyright law or software licensing agreements.
Do not hack or attempt to use computing resources for which you do not have
Protect your password(s), change them as required, and do not share accounts.
Scan new software for computer viruses before executing it.
Protect sensitive data (e.g. personal, financial) according to the procedures established for
the system that processes it. Protect the data regardless of the media (floppy disks, hard disks, or
Back up data when it changes, in order to provide the basis for recovering from a virus or a
Electronic Mail and Internet
Electronic mail is a common form of communication within the Smithsonian Astrophysical
Observatory. Many legal and ethical questions need to be settled as a result of this technology.
Some Smithsonian Astrophysical Observatory's policies include:
Do not send harassing, obscene, fraudulent, or defamatory E-mail.
E-mail is not confidential like a letter sent through the U.S. Post Office. Although E-mail will ordinarily be treated as confidential, confidentiality is not guaranteed. There are
instances where system administrators will need to access messages for system
maintenance purposes. System administrators are authorized to take any action needed
to protect their systems. Illegal activity will be investigated under the auspices of the
Inspector General. E-mail is not like a telephone conversation. A mail message can become part of the
official record, particularly when such messages are saved (messages are automatically
saved by a backup program on a daily basis in many mail systems). Use caution in sending
E-mail pertaining to issues that may become (legally) controversial.
Many SAO computers are connected to the Internet. The internet is an electronic highway that
allows users to access computers throughout the world. Our membership on this network is a
privilege that is dependent on adherence to ethical and acceptable use policies which your
system administrator should make available to you.
Misuse of computer resources includes, but is not limited to physical misuse, unauthorized
access, improper use, illegal use, interfering with others, improper experimentation, and
improper alteration of system files. Some examples follow. Note that examples from any
category may be illegal, not just those specifically cited as illegal.
Modifying or removing computer equipment, software, or peripherals without proper
Accessing computers, computer software, computer data, or networks without
authorization, whether or not SAO owns these resources.
Taking advantage of another user's naivete or negligence to gain access to any computer
account, data, software, or file. This includes examining, copying, renaming, changing, or
deleting files belonging to someone else without the owner's permission; and actions such
as using the terminal of someone who has failed to log off.
Using computer resources for a purpose other than the purpose for which they were
intended or authorized.
Any use that would be considered defamatory or obscene.
Participating in activities that promote computer crime or misuse, including but not
limited to posting passwords, account numbers, credit card numbers, and system vulnerabilities
on bulletin boards.
Writing or executing programs to bypass security mechanisms, steal passwords or data,
or "crack" passwords.
Violating any software licensing or copyright.
Copying or redistributing copyrighted computer software, data, or reports without
proper, recorded authorization.
Reproduction of copyrighted software documentation, except as explicitly permitted by
the copyright holder.
Any use that violates Federal, state, or local laws or regulations.
Interfering with Other Users
Harassing or threatening other users or interfering with their access to SAO computing
Sending fraudulent mail or breaking into another user's electronic mailbox.
Encroaching on others' use of computing resources (e.g., tying up a multi-user computer
with game playing, sending frivolous or excessive messages, attempting to crash or tie up
Disclosing or removing proprietary or sensitive information, software, printed output, or
magnetic media without the explicit permission of the owner.
Reading another user's data or programs on a display screen, as printed output, or via
electronic means (e.g., electronically eavesdropping or intercepting data transmissions)
without the owner's explicit permission.
Testing the security mechanism of another computer.
Creating, offering, or releasing malicious or destructive programs such as viruses,
worms, logic bombs, and Trojan horse programs.
Any use that might compromise the security mechanisms of another SAO computer.
Improper Alteration of System Files
Unauthorized modification of accounting system files or audit trails to alter or delete
records of use.
Unauthorized modification of system files to change user privileges or passwords.
Modification of system files to intentionally cause the system to crash.
Investigating Computer Misuse
The system administrator can take immediate action if necessary to protect the integrity of the
system when he or she suspects computer fraud or abuse.
Note: Monitoring of electronic transmissions, or logging them for subsequent investigation, is not permitted unless all users (authorized and unauthorized) are warned of this possibility in
Investigation of possible computer abuse is justified if either the Computation Facility System Security Officer or the Computation Facility System Administrator:
Is an eyewitness to a computing abuse,
Observes an unusual degradation of service or other aberrant behavior on the system,
network, or server and has evidence that implicates the user as the source of the problem,
Receives a complaint of computing abuse or degradation of service and has evidence that
leads to a user's computing activity as the probable source of the problem or abuse.
Penalties may include the restriction or loss of computing privilege and other disciplinary
actions. Any actions taken by the SAO do not preclude enforcement of Federal, state, or local
laws, which may result in additional penalties.
The organizations that sponsor Bitnet and Internet have formal policies governing their use.
As a member of these networks, the SAO is bound to adhere to their ACCEPTABLE USE
POLICIES, which users should obtain from the System Security Officer or the network
If a VIOLATION of these policies occurs while using non-SAO computing resources, the
penalty will be the same as it would be for a violation using SAO resources, if:
the violation originates from an SAO computer network, or
the violation occurs in performance of SAO work, or
the original access was granted under the auspices of the SAO.
For additional information contact:
Van McGlasson, Computation Facility Manager, 496-7508
Return to Table of Contents