Acceptable Use of Technology Resources ("Acceptable Use Policy")

Responsible Executive

Associate Vice Chancellor for Information Technology and Chief Information Officer

Responsible Office

Office of Technology Projects and Governance, Berkeley IT

Contact
Jenny Bombasaro Brady
IT Policy Program Manager, Berkeley IT

Issued

1/8/2025
Effective

 1/8/2025
Revised

N/A
Supersedes

Computer Use Policy
Next Review 1/8/2030

I. Policy Summary

In support of the University's mission of teaching, research, and public service, the University of California, Berkeley provides computing, networking, and information resources to the campus community.  This policy defines how those resources may be used.

II. Definitions

  1. Property: The term "property" refers to all land, buildings, facilities or other grounds or structures, or any item in possession of or owned, used, maintained or controlled by the University or designated by the campus as subject to these policies. Property also includes computers and network systems owned, maintained or controlled by the University or funded by University budgets or designated by the campus as subject to these policies.

  2. Institutional Information: A term that broadly describes all data and information created, received and/or collected by UC or on its behalf. 

  3. IT Resources: A term that broadly describes IT infrastructure, software and/or hardware with computing and networking capability. These include, but are not limited to: portable computing devices and systems, mobile phones, printers, network devices, industrial control systems (SCADA, etc.), access control systems, digital video monitoring systems, data storage systems, data processing systems, backup systems, electronic media, Logical Media, biometric and access tokens and other devices that connect to any UC network. This includes both UC-owned and personally owned devices while they store Institutional Information, are connected to UC systems, are connected to UC Networks, or are used for UC business.  

III. Policy Scope

Use of UC Berkeley IT resources, whether by students, employees, alumni, or members of the public, must comply with University of California policies, rules, and regulations, as well as local, state, and federal laws. The University of California Electronic Communications Policy (ECP) governs all electronic communications, whether by the Web or other developing media.

IV. Why We Have This Policy

  1. Computers and networks can provide access to resources on and off campus, as well as the ability to communicate with other users worldwide. Such open access is a privilege, and requires that individual users act responsibly. Users must respect the rights of other users, respect the integrity of the systems and related physical resources, and observe all relevant laws, regulations, and contractual obligations.

  2. Berkeley campus departments or units that provide online services ("technology service providers") must comply with all applicable University regulations and laws governing personal privacy and the confidentiality of information. Users who are authorized to obtain  Institutional Information must ensure that it is protected to the extent required by law or policy after they obtain it.

  3. Individuals may have rights of access to information about themselves contained in computer files, as specified in international, federal, and state laws. Files may be subject to search under court order. In addition, system administrators may access user files as required to protect the integrity of computer systems. For example, following organizational guidelines, system administrators may access or examine files or accounts that are suspected of unauthorized use or misuse, or that have been corrupted or damaged. See “System Monitoring” below.

V. Policy Detail 

1. Existing Legal Context

All existing laws (federal and state and international, if applicable) and University regulations and policies apply, including not only those laws and regulations that are specific to computers and networks, but also those that may apply generally to personal conduct.

2. Allowable Uses

IT Resources may be provided by University units or sub-units in support of the teaching, research, and public service mission of the University, and of the administrative functions that support this mission.

A. Accessibility

All electronic communications intended to accomplish the academic and administrative tasks of the University shall be accessible to allowable users with disabilities in compliance with law and University policies. Alternate accommodations shall conform to law and University policies and guidelines.

B. Personal Use

University IT Resources may be used for incidental personal purposes provided that use does not result in noticeable incremental costs to the university, interfere with the user’s employment or other obligations to the university, or violate any of the provisions in this policy or the UC ECP.

3. Misuse

    1. Examples of misuse include, but are not limited to, the activities in the following list. 

      1. Attempting to access, accessing, or exploiting resources one is not authorized to access. This includes,

        1. Using a computer account that you are not authorized to use. 

        2. Obtaining a password for a computer account without the consent of the account owner.

        3. Using the Campus Network to gain unauthorized access to any computer systems.

      2. Interfering with, tampering with, or disrupting resources; knowingly performing an act which will interfere with the normal operation of computers, terminals, peripherals, or networks, or that could reasonably be expected to cause excessive strain on IT Resources. See also #14 below.

      3. Knowingly running or installing on any computer system or network, or giving to another user, or transmitting, a program intended to damage or to place excessive load on a computer system or network. This includes but is not limited to programs known as malware, e.g. computer viruses, Trojan horses, worms, and other malicious software.

      4. Attempting to circumvent data protection schemes or uncover security loopholes.

      5. Downloading sensitive or confidential electronic information/data to computers that are not adequately configured to protect it from unauthorized access;

      6. Violating terms of applicable software licensing agreements or copyright laws.

      7. Deliberately wasting computing resources.

      8. Using electronic mail to harass others.

      9. Sending mass emails/messages in violation of the Campus Online Activities Policy.

      10. Masking the identity of an account or machine. (Activities will not be considered misuse when authorized by appropriate University officials for security or performance testing).  

      11. Posting materials electronically that violate existing laws or the University's codes of conduct.

      12. Attempting to monitor or tamper with another user's electronic communications, or reading, copying, changing, or deleting another user's electronic information without the explicit agreement of the owner. 

      13. Disclosing any electronic information/data that you do not have a right to disclose. This includes UC Berkeley's prohibition against employees automatically forwarding email from their Berkeley email accounts to private email service providers.

      14. Using University IT Resources for personal political activity in violation of Section 322 of the Berkeley Campus Regulations Implementing University Policies, which applies to members of the University community, including faculty, staff and students, guests, and non-affiliates. See also, #2 above.

      15. Use of the University's name (including the berkeley.edu domain) or seal in violation of the Campus Online Activities Policy or the UC ECP Sec III.D.4-5.

      16. Use of IT Resources for the purpose of representing, giving opinions, or otherwise making statements on behalf of the University or any unit of the University without being appropriately authorized to do so [from UC ECP Sec III.D.4]. (See the Campus Online Activities Policy for additional policies around web publishing).

      17. To protect University email from unauthorized access and unintended redistribution, University employees may not automatically forward email from their Berkeley email accounts to private email service providers. 

      18. University electronic communications resources may not be used for:

        1. Unlawful activities;

        2. Commercial purposes not under the auspices of the University;

        3. Personal financial gain (except as permitted under applicable academic personnel policies);

        4. Personal use inconsistent with Section III.D of the UC ECP, Allowable Uses; or

        5. Uses that violate other University or campus policies or guidelines. The latter include, but are not limited to, policies and guidelines regarding intellectual property and sexual or other forms of harassment.

4. Additional Use Policies

The Acceptable Use Policy applies to use of all Berkeley Campus IT Resources. Additional computer and network use policies and terms and conditions may be in place for specific IT services offered by the campus, including but not limited to: email (Appropriate Use and Service Policy), Collaboration Services, and CalNet. Additionally, the University of California Electronic Communications Policy (ECP) applies to all University electronic communications resources and electronic communications records. You must familiarize yourselves with any service-specific policies when you agree to use those services.

5. System Monitoring

During the performance of their duties, personnel who operate and support Campus IT Resources may periodically need to monitor transmissions or observe certain transactional information to ensure the proper functioning and security of Campus IT Resources. On these and other occasions, systems personnel might observe the contents of email electronic communications. Except as provided in the ECP or by law, they are not permitted to seek out the contents or transactional information where not germane to the foregoing purposes, or disclose or otherwise use what they have observed.

Such unavoidable inspection of electronic communications by Campus IT Resource support personnel is limited to the least invasive degree of inspection required to perform their duties. This authorization to perform system support duties does not exempt personnel from the prohibition against disclosure of personal and confidential information, except insofar as such disclosure equates with good faith attempts to route an otherwise undeliverable electronic communication to its intended recipients.

Any personal and confidential information observed during the normal duties of system operation and maintenance will be treated with strictest confidentiality, except in cases where it is evidence for violations of law, or University policies. In these cases, the nature or contents of that information will be disclosed only to proper authorities.

Except as authorized under the conditions specified in the ECP Section IV. B., systems personnel shall not intentionally search email electronic communications records or transactional information for violations of law or policy. However, as required by the Whistleblower Policy and Whistleblower Protection Policy, they shall report violations discovered inadvertently in the course of their duties.

V. Policy Violations  

1. Reporting Misuse

Report misuse of campus electronic communication resources to abuse@security.berkeley.edu. For abuse from off-campus, see: How do I report Computer or Network Misuse? (bottom of the page)

Complaints alleging misuse of campus computing and network resources will be directed to those responsible for taking appropriate investigatory and/or disciplinary action.

2. Consequences of Policy Violations

In addition to any possible legal liability (civil or criminal) resulting from violators of this federal or California state laws or regulations, violators of this Policy may be subject to disciplinary action up to and including dismissal or expulsion, pursuant to UC and UC Berkeley policies, collective bargaining agreements, codes of conduct, or other instrument governing the individual’s relationship with the University. 

Violations of University policies governing the use of University IT Resources may result in restriction of access to those resources. Violations of local, state, or federal laws also may result in the restriction of computing privileges, and will be reported to the appropriate University and law enforcement authorities. Minor infractions of this policy or those that appear accidental in nature are typically handled informally by electronic mail or in-person discussions. More serious infractions are handled via formal procedures. In some situations, it may be necessary to suspend account privileges to prevent ongoing misuse while the situation is under investigation.

Infractions by students may result in the temporary or permanent restriction of access privileges, notification of a student's academic advisor and/or referral of the situation to the Center for Student Conduct. Those by a faculty or staff member may result in referral to the department chairperson or administrative officer.

Insufficient security measures may result in devices being blocked from network access. The campus Procedures for Blocking Network Access specify how the decision to block is made and the procedures involved. 

Reproduction or distribution of copyrighted works, including, but not limited to, images, text, or software, without permission of the owner, is an infringement of U.S. Copyright Law and is subject to civil damages and criminal penalties including fines and imprisonment.

VI. Related Policies and Procedures 

A. Service-Specific Use Policies:

B. Source Policies and Other Related Policies:

  • UC Electronic Communications Policy - UC systemwide policy that establishes allowable uses and restrictions for use of UC electronic communications resources. The UC ECP also establishes policy around the examination, monitoring, and disclosure of electronic communications records without the record holder's consent. UC Berkeley's implementation of these systemwide policies is available on the Campus Privacy Website

  • Berkeley Campus Regulations Implementing University Policies - Campus policy establishing parameters for use of campus computing services (section 260) and use of campus resources for personal political activity (section 322).

  • Information Security Roles and Responsibilities Policy - Identifies, defines, and clarifies roles and responsibilities at UC Berkeley with respect to the security and protection of Institutional Information and IT Resources.

  • Campus Online Activities Policy - Establishes policy and offers guidelines where other existing policies do not specifically address issues particular to the use of electronic resources. It also clarifies the applicability of law and of other University or Campus policies to online activities.

  • Campus Information Technology Security Policy - Identifies policies that apply to all campus electronic information resource security, establishes activities that are specifically prohibited, and outlines consequences of violations.

Topics

Policies topic page, Information Technology topic page