Computer Crimes Policy
CALIFORNIA POLYTECHNIC STATE UNIVERSITY, SAN LUIS OBISPO
ADMINISTRATIVE BULLETIN 90-3
Information technology plays an increasingly important role in determining the ultimate success of the university in the accomplishment of its goals. It touches every academic discipline and administrative services provided by the university. Cal Poly students encounter information systems and services from the moment they contact the university by telephone until their eligibility for graduation is computed and their degree awarded. With basic computer literacy a fundamental requirement at Cal Poly, students invariably encounter computers in the classroom. Computer technology is increasingly used in all majors and programs at Cal Poly. Actual techniques and systems used by professionals are simulated in the university classroom, as much as possible. In all aspects of education, Cal Poly is committed to excellence, and achieving excellence requires the increased use of technology.
Senate Bill 304 (Computer Crime) has been Chaptered (1076) and incorporated in the Penal Code and has a direct bearing on existing campus policy concerning appropriate use of computer resources. The legislation provides that ". . . a community college, state university, or academic institution accredited in this state is required to include computer-related crimes as a specific violation of college or university student conduct policies and regulations that may subject any student to specified disciplinary sanctions . . ." The Trustees have implemented this portion of the legislation by adding the following to Title 5, Section 41301 relating to Student Discipline:
(n) Engaging in any computer offenses listed in California Penal Code Section 502 on a computer system, computer network, or any data, software or programs owned, leased, or operated by a campus of the California State University.
Penal Code Section 502 provides that it is a crime to knowingly access and without permission alter, damage, delete, destroy, or otherwise use any data, computer, computer system, or computer network in order to defraud, deceive, or extort, or wrongfully control or obtain money, property, or data, or to knowingly access and without permission take, copy, or make use of any data from a computer, computer system, or computer network, or to knowingly access and without permission add, alter, damage, delete, or destroy any data, software, or program, or to knowingly and without permission disrupt or cause the disruption of computer services, or to knowingly and without permission provide or assist in providing a means of accessing a computer, computer system, or network or introduce a computer contaminant. Penal Code Section 502 also provides the following definitions of terms:
- Access means to gain entry to, instruct, or communicate with the logical, arithmetical, or memory function resources of a computer, computer system, or computer network.
- Computer network means any system, which provides communications between one or more computer systems and input/output devices including, but not limited to, display terminals and printers connected by telecommunication facilities.
- Computer program or software means a set of instructions or statements, and related data, that when executed in actual or modified form, cause a computer, computer system, or computer network to perform specified functions.
- Computer services include, but are not limited to, computer time, data processing, or storage functions, or other uses of a computer, computer system, or computer network.
- Computer system means a device or collection of devices, including support devices and excluding calculators which are not programmable and capable of being used in conjunction with external files, one or more of which contain computer programs, electronic instructions, input data, and output data, that performs functions including, but not Limited to, logic, arithmetic, data storage and retrieval, communication and control.
- Data means a representation of information, knowledge, facts, concepts, computer software, computer programs or instructions. Data may be in any form, in storage media, or as stored in the memory of the computer in transit or presented on a display device.
- Supporting documentation includes, but is not limited to, all information, in any form, pertaining to the design, construction, classification, implementation, use, or modification of a computer, computer system, computer network, computer program, or computer software, which information is not generally available to the public and is necessary for the operation of a computer, computer system, computer network, computer program, or computer software.
- Injury means any alteration, deletion, damage, or destruction of a computer system, computer network, computer program, or data caused by the access.
- Victim expenditure means any expenditure reasonably and necessarily incurred by the owner or lessee to verify that a computer system, computer network, computer program, or data was or was not altered, deleted, damaged, or destroyed by the access.
- Computer contaminant means any set of computer instructions that are designed to modify, damage, destroy, record, or transmit information within a computer, computer system, or computer network without the intent or permission of the owner of the information. They include, but are not limited to, a group of computer instructions commonly called viruses or worms, which are self-replicating or self-propagating and are designed to contaminate other computer programs or computer data, consume computer resources, modify, destroy, record, or transmit data, or in some other fashion usurp the normal operation of the computer, computer system, or computer network.
It is illegal to knowingly access and without permission alter, copy, damage, delete, destroy or otherwise use any computer data, computer system or computer network in order to defraud, deceive, or extort, or wrongfully control or obtain money, property, software, or data or introduce a computer contaminant. Such activities could result in: University disciplinary action, legal action, including fines and/or imprisonment, and/or victims of computer crime may bring civil suit for injury.
Any incident of suspected computer misuse as defined in this policy should be reported to the Public Safety Department. Offices which may be involved in the university's response to reported instances of computer misuse, in addition to Public Safety, include: Personnel and Employee Relations, Vice President for Academic Affairs, Vice President for Student Affairs, Vice President for Information Systems, academic schools and departments.
APPROVED BY: Warren J. Baker, President
DATE: November 26, 1990