General
Copyright InformationGeneralCopyright Information
General
Copyright Information
GeneralCopyright Information
GeneralWhat is data?As defined in University policy/guideliens/standards, data is information regardless of the medium on which it resides (e.g., tape, cartridge, disk, hard drive, etc.), and regardless of its form (e.g. text, graphic, video, voice, etc.). Date Revised : 2006-02-24
What is computer security?Computer security is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (also known as "intruders") from accessing any part of your computer system. Detection helps you to determine whether or not someone attempted to break into your system, if they were successful, and what they may have done. Date Revised : 2003-06-05
Why should I care about computer security?Although you may not consider your access and communications "top secret," you do not want others accessing confidential information, reading your email, using your computer to attack other systems, sending forged email from your computer, or examining information stored on your computer. Computer security is what helps ensure the confidentiality, accuracy, availability and integrity of the information you use to perform your work or enhance your studies at the University. Date Revised : 2003-06-05
Why should I use a personal firewall on my computer?Hackers are constantly scanning home user systems for known vulnerabilities. Network firewalls (whether software or hardware-based) can provide some degree of protection against these attacks. However, no firewall can detect or stop all attacks, so it is not sufficient to install a firewall and then ignore all other security measures. Date Revised : 2003-09-03
What is a firewall?The Firewalls FAQ (http://www.faqs.org/faqs/firewalls-faq/) defines a firewall as "a system or group of systems that enforces an access control policy between two networks." Firewalls allow you to define access policies for inbound connections to the computers they are protecting. Many also provide the ability to control what services (ports) the protected computers are able to access on the Internet (outbound access). Most firewalls intended for home use come with pre-configured security policies from which you can choose, and some allow you to customize these policies for their specific needs. Date Revised : 2003-06-05
What are some good personal firewall software that I can use on my computer at work or home?There are several personal firewalls available. If you are looking for personal firewall software for a University computer, you should check with your campus IT or desktop support group to determine if your campus uses a standard personal firewall software. This software may also be available for home use. Date Revised : 2003-09-03
Should temporary employees and consultants sign the University's Computing Awareness and Data Security Compliance Statement?Yes. Although temporary, these employees are working with University data and should therefore, sign the University's Computing Awareness and Data Security Compliance Statement. When consultants are hired the contract should include a paragraph regarding data confidentiality and the proper use of University computing resources however, since most people do not have access to contracts to verify that such clauses are included, the office contracting the consultant should have all consultants accessing University data sign a University's Computing Awareness and Data Security Compliance Statement. Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF) Date Revised : 2006-03-22
I am going to take a break or do other work for a while. Do I have to log off of the University computer?Yes. You should if you will not be accessing data for an extended time. Leaving yourself logged on while you step away from your desk for an extended period of time leaves your id and system vulnerable for misuse. Remember, anything done using your id is your responsibility. Another alternative if you are an XP user is to lock your computer (ctrl alt del then select lock computer) . XP users also use an available general setting to automatically lock their computer after a set amount of time of inactivity. Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF) Date Revised : 2006-03-22
Why does my connection "time out" after a several minutes?System time out features are used to disconnect access to an application, web page, computer, etc. so that an unattended computer is not available for anyone to use to obtain unauthorized access to a computer, application or data. If you are logged on and have not transmitted data to the system, and the system has its time out feature turned on, your connection will be disconnected after a specified period of "idle time". Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF) Date Revised : 2006-03-22
Can I listen to music using a radio stream on my computer at work?Maybe. You should obtain approval from your supervisor. Listening to music using a radio stream on your computer is very resource intensive. You should also contact your system administrator to determine if there are any restrictions on resource usage for your computer. Date Revised : 2006-02-24
What is VPN and do I need it?VPN stands for virtual private network and is a secure method of transporting data over a network that uses the Internet to connect you to remote computers. You will need VPN access if you need to use any of the Information Technology Division (I.e., ITD) computer applications available from the Commonwealth of Massachusetts. These applications include accounting (i.e., . MMARS), payroll (i.e., PCRS) , insurance (i.e., MAGIC) and other state related information. For more information contact the University Information Technology Services Total Service Center at 508-856-UITS(8487) or email them at uits.tsc@umassp.edu You may also need VPN access if you access PeopleSoft or Campus applications from a remote location. For more information contact the following units/individuals: ITD application access University Information Technology Services Total Service Center at 508-856-UITS(8487) or email them at uits.tsc@umassp.edu PeopleSoft VPN access The data custodian for the PeopleSoft application to which you need access. Campus VPN Campus help desk or information technology unit. Date Revised : 2005-11-07
What is a data custodian?A Data Custodian is the individual(s) responsible for making decisions about the sensitivity and criticality of specific University systems and data stored in these systems; determining the classification of data under their control; documenting the use of the specific system(s); and determining which University staff require access to that system and its data. University policy may restrict or dictate the Data Custodian's role regarding data design and control (e.g., a policy indicating how access to Institutional Data should be handled would take precedent over individual Data Custodian decisions/ determinations). Examples of Data Custodians are: the Directors of Human Resources would have Data Custodian responsibility over payroll and personnel information and a Principal Investigator is the Data Custodian for research data related to their grant. Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF) Date Revised : 2006-03-22
How do I determine who my system's or email administrator is?Each system can have a different administrator. Check your campus main web page for information:
Is there a group on campus that can assist departments with identifying system vulnerabilities & risks?Contact your campus IT department. Date Revised : 2004-03-24
What is the difference between a policy and a guideline?University policies are documents that contain concise statements of direction and required action issued by the Board of Trustees. These documents are assigned a Board of Trustee's document number (e.g., Doc.T97-010.) University Guidelines also referred to as standards are statements designed to achieve the requirements of University Policies by establishing specific mandatory criteria that must be met in Campus Procedures, and by University employees, students and other authorized users. These documents are issued by the President. Campus Procedures are statements designed to comply with the mandatory requirements of University Guidelines by establishing specific criteria that must be met by University students, staff, consultants, etc. Date Revised : 2006-02-24
Where do I report violations of the University Data and Computing guidelines/standards?Email reports of violations to securitytraining@umassp.edu. Date Revised : 2006-02-24
Why does data need to be backed up?How do you prepare to protect your home in the event of a disaster? Most homeowners and businesses know to keep insurance policies up to date and to purchase a structure that is not only built with strong materials and enduring construction, but also that is in a location conducive to the purposes of that structure. You should try to restore files periodically as a test to ensure that the backups are good and your files can be restored if needed. Another important fact to keep in mind is that not only can natural disasters (such as fires or floods) destroy our computers, but also system failures and file corruption can. We've all experienced the heartache of writing up a large e-mail or Word document when all of the sudden in the middle of typing your machine locks up for no reason and won't work without completely shutting down. Say goodbye to that file or e-mail! To avoid this check to see if your system or software includes an automatic save/backup function and use this function or periodically save your email. Tips for keeping data updated, backed-up, and stored appropriately: Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF) Date Revised : 2004-02-24
What is the difference between a master copy and a backup copy of software?A master copy is usually a copy made and stored so that additional backups can be made if the backups used to restore a corrupted file/software is damaged. A backup copy is one used to restore a file/software when a disaster occurs. Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF) Date Revised : 2006-03-22
How do I take care of disks to make sure I can read the data stored on them?Proper disk maintenance practices include: clearly labeling disks backing up data, application and operating system disks storing disks away from extreme cold/heat protecting disks from dust, excessive moisture or water keeping disks away from magnetic devices including radios, telephones, keys, wall magnets, etc. Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF) Date Revised : 2006-03-22
What to do if you receive a virus warning?DO NOT circulate virus warnings without first checking with an authoritative source or verifying that the warning has been sent from a real response team or antivirus organization. Authoritative sources are your campus help desk, computer system security administrator, or a valid hoax virus site such as the one supported by the Department of Energy (Computer Incident Advisory Capability - CIAC). Different response teams (CIAC, CERT, ASSIST, NASIRC, etc.) issue real warnings about viruses and other network problems. Warnings without the name of the person sending the original notice or warnings with names, addresses and phone numbers that do not actually exist are probably hoaxes. If a name and number are noted in the warning, contact that person to see if they really wrote the warning and if they really encountered the virus. If they are passing on a rumor, the address of the person does not exist or if there is any questions about the authenticity of the warning, do not circulate it to others. Instead, send the warning to your campus help desk or computer security manager and let them validate it. When in doubt, do not send it out to the world. Some valid hoax virus sites are:
What are hoaxes?Hoaxes are electronic mail messages outlining supposedly real viruses, which the sender has encountered or detailing a story that is untrue (e.g., people shot after flashing headlights at another driver). The hoax messages are then sent to several people urging them to send the warning to others and so on and so on and so on. The purpose of the hoax is to have others unwittingly use up computing resources by sending the hoax warning to hundreds of Internet mail users. Before you sent out any hoax notices you should verify that the virus/warning is not a hoax by checking one of the hoax sites (for example : http://www.symantec.com/avcenter/ or http://urbanlegends.miningco.com/) and by contacting your system administrator.
How do I Identify a Hoax?There are two basic factors that make a successful virus hoax, they are: Date Revised : 2003-06-05
What is a trojan horse?Trojan horse programs are a common way for hackers to trick you into installing "back door" programs. These can allow hackers easy access to your computer without your knowledge, the ability to change your system configurations, or the ability to infect your computer with a computer virus. Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF) Date Revised : 2006-03-22
How will I know if the security of my computer has been compromised?One way to identify suspicious behavior on your computer is to look for files and/or programs that you did not install, or for other behavior that is unexpected and out of the ordinary. If a program runs or opens by themselves (and didn't use to do so), you may be infected with a Trojan horse. Another indicator that your computer may be infected or under attack is if the computer's speed becomes very slow all of a sudden. While this is cause for suspicion, we recommend using antivirus software (and a firewall, if you have one installed) to warn you of infections and attacks. Date Revised : 2003-06-05
Who would want to break into my computer?Intruders (also referred to as hackers, attackers, or crackers) may be interested in obtaining confidential University data and would use your authorized access to obtain this data. The hackers may also not care about your identity or your University computer system access. Often they want to gain control of your computer so they can use it to launch attacks on other computer systems. Having control of your computer gives them the ability to hide their true location as they launch attacks, often against high-profile computer systems such as government or financial systems. Intruders may be able to watch all your actions on the computer, or cause damage to your computer by reformatting your hard drive or changing your data. Date Revised : 2003-06-05
How easy is it to break into my computer?Unfortunately, hackers are always discovering new vulnerabilities (informally called "holes") to exploit in computer software. The complexity of software makes it increasingly difficult to thoroughly test the security of computer systems. When holes are discovered, computer vendors will usually develop patches to address the problem(s). However, it is up to your system administrator to obtain and install the patches, or correctly configure the software to operate more securely. It is your responsibility to report problems to your system administrator. Most of the incident reports of computer break-ins received at the CERT/CC could have been prevented if system administrators and users kept their computers up-to-date with patches and security fixes. Date Revised : 2003-06-05
Can a hacker attack my computer system if is turned off?No. A hacker cannot attack your computer if it is powered off or otherwise completely disconnected from the network. Turn off your computer or disconnect its Internet interface when you are not using it. Date Revised : 2003-07-17
What is identity theft?Identity theft occurs when someone uses another person's personal information such as name, Social Security number, driver's license number, credit card number or other identifying information to take on that person's identity in order to commit fraud or other crimes. Date Revised : 2006-05-17
What should I do if I discover fraudulent use of my personal information?Individuals whose personal information was involved in a data security incident can request a free initial fraud alert to be placed on their credit files by calling any one of the three major national credit bureaus:
When contacting the Credit Reporting Agency, you should request the following:
What do I do if I think someone has stolen my Social Security number?Contact the Social Security Administration immediately: Date Revised : 2006-05-17
What do I do if I am a victim of identity theft?ID Theft Clearinghouse Privacy Rights Clearinghouse - Identity Theft Resources Date Revised : 2006-05-17
Where can I learn more about identity theft?Two good resources with information about identity theft are:
Date Revised : 2006-03-29
What is phishing?Phishing is a form of criminal activity using social engineering (gaining information from unsuspecting legitimate users) techniques, characterized by attempts to fraudulently obtain sensitive information, such as passwords and credit card account details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an email.
Date Revised : 2006-03-29
What is social engineering?Social engineering is the practice of obtaining confidential information by manipulation of legitimate users. A social engineer will commonly use the telephone or Internet to trick people into revealing sensitive information or getting them to do something that is against typical policies. By this method, social engineers take advantage of the natural tendency of a person to trust his or her word, rather than exploiting computer security holes. It is generally agreed upon that users are the weak link in security and this principle is what makes social engineering possible. An example of a social engineering attack is the use of email attachments that contain malicious viruses/worms. Many users,blindly click on any attachments they receive, thus allowing the malicious code into their computer. The simplest, but a still effective attack is tricking a user into thinking one is an administrator and requesting a password or pin number for various purposes. Users of Internet systems frequently receive messages that request password, pin number or credit card information in order to "set up their account" or "reactivate settings" or some other benign operation in what are called phishing attacks. Legitimate computer system administrators rarely, if ever, need to know the user's password to perform administrative tasks. Social engineering also includes face-to-face manipulation to gain physical access to computer systems. Date Revised : 2006-03-29
What is spyware?Spyware refers to any software that covertly gathers user information through the user's Internet connection without their knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware/shareware programs that can be downloaded from the Internet. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about email addresses and even passwords and credit card numbers. A common way to become a victim of spyware is to download certain peer to peer (i.e., p2p) file swapping/sharing products that are available today. Spyware steals from the user by using the computer's memory resources and also by eating bandwidth as it sends information back to the spyware's home base via the user's Internet connection. Because spyware is using memory and system resources, the applications running in the background can lead to system crashes or general system instability. Spyware also has the ability to monitor keystrokes, scan files on the hard drive, snoop other applications, install other spyware programs, read cookies , change the default home page on your browser, consistently relaying this information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party. For more information about spyware and how to lower your risk of spyware infection go to http://onguardonline.gov/spyware.html Date Revised : 2006-03-28
What is adware?Adware is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. Adware often takes the form of spyware, in which information about the user's activity is tracked, reported, and often re-sold, often without the knowledge or consent of the user. A number of software applications are available to help computer users search for and modify adware programs to block the presentation of advertisements and to remove spyware modules. Some well known adware programs include Aurora, 180Search Assistant, and 123 Messenger. Date Revised : 2006-03-29
How do I remove adware or spyware from my computer?AdAwares and Spybot - Search & Destroy are free utilities that can tell you if any spyware or adware has been installed on your computer, and remove it
Are Internet auction sites safe?Internet auctions can be a great resource for buyers and sellers, however there are some risks as they have become a new "playground" for fraudulent scams to obtain money for non-existent goods. For more information go to http://onguardonline.gov/auctions.html Date Revised : 2006-03-29
What is a rootkit?A rootkit is a term used to define a Trojan (or technology) used to hide the presence of a malicious object (process, file, registry key, network port) from the computer user or administrator. Date Revised : 2006-08-24
What is a botnet?Botnets are a collection of software robots, or bots, which run autonomously. The term is generally used to refer to a collection of compromised machines running programs (usually referred to as worms, Trojan horses, or backdoors). A botnet's originator can control the group remotely, usually for nefarious purposes. A bot typically runs hidden. Generally, the perpetrator of the botnet has compromised a series of systems using various tools (exploits, buffer overflows, etc.). Newer bots can automatically scan their environment and copy themselves using vulnerabilities and weak passwords. Generally, the more vulnerabilities a bot can scan and propagate through, the more valuable it becomes to a botnet owner community. Botnets serve various purposes, including denial of service attacks, creation or misuse of SMTP mail, relays (i.e., standard for email transmission across the Internet) for spam, click fraud (i.e., a type of fraud that occurs in pay per click online advertising when a person, automated script or computer program imitates a legitimate user of a web browser clicking on an ad, for the purpose of generating an improper charge per click.), and the theft of application serial numbers, login IDs, and financial information such as credit card numbers.
What is a denial of service attack?A denial-of-service (DoS) attack causes your computer to crash or to become so busy processing data that you are unable to use it. Examples include attempts to: "flood" a network, thereby preventing legitimate network traffic disrupt connections between two machines, thereby preventing access to a service; prevent a particular individual from accessing a service; disrupt service to a specific system or person. Not all service outages, even those that result from malicious activity, are necessarily denial-of-service attacks. Date Revised : 2003-06-05
What is an IP address?IP addresses are analogous to telephone numbers. When you want to call someone on the telephone, you must first know their telephone number. Similarly, when a computer on the Internet needs to send data to another computer, it must first know its IP address. IP addresses are typically shown as four numbers separated by decimal points, or dots. For example, 0.24.254.3 and 192.168.62.231 are IP addresses. Date Revised : 2006-02-24
What is a public record?The Massachusetts General Laws (e.g. MGL) broadly define "public records" to include all documentary materials or data, regardless of physical form or characteristics, which are made or received by any officer or employee of any Massachusetts governmental entity. Public records may be made by handwriting, or by typewriting, or in print, or by the photographic process, or by the microphotographic process, or by any combination of the same. As a result, all photographs, papers and electronic storage media including electronic mail of which a governmental employee is the "custodian" constitute "public records." There are, however, thirteen narrowly construed exemptions to this broad definition of "public records." For more information on the MGL, Chapter 66 - Public Records and other MGL's go to http://www.state.ma.us/legis/laws/mgl/index.htm. Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF) Date Revised : 2006-02-24
What is business continuity planning?As defined in University policies/guidelines/standards, Business Continuity Planning is the process of identifying critical data systems and business functions, analyzing the risks of disruption to the data systems and business functions, determining the probability of a disruption occurring and then developing plans to enable those systems and functions to be resumed in the event of a disruption. The process includes testing and maintaining the business resumption plans to ensure they are effective. Policy Referenced : Business Continuity and Planning Guidelines(PDF) Date Revised : 2004-02-24
How does encryption work?Encryption works by encoding the text of a message with a key. In traditional encryption systems, the same key was used for both encoding and decoding. In the new public key encryption systems, keys come in pairs: one key is used for encoding and another for decoding. In this system everyone owns a unique pair of keys. One of the keys, called the public key, is widely distributed and used for encoding messages. The other key, called the private key, is a closely held secret used to decrypt incoming message. Under this system, a person who needs to send a message to a second person can encrypt the message with that person's public key. The message can only be decrypted by the owner of the secret private key, making it safe from interception. Date Revised : 2003-06-05
What is ITD?ITD refers to the Information Technology Division (i.e., ITD). This is the department that handles computer access issues for the Commonwealth of Massachusetts. The ITD computer system contains applications to access accounting, payroll, insurance and other state related data. For more information regarding ITD go to http://www.state.ma.us/itd/index.htm. Date Revised : 2003-06-05
What is MMARS?Classic MMARS or New MMARS are the Massachusetts Management Accounting and Reporting System. They are centralized, financial database system specifically designed to support the financial functions performed by the Commonwealth of Massachusetts. For general information go to http://www.state.ma.us/osc/Homeview/Lesson/Mmars.htm. Classic MMars stores financial data prior to July 2003 and NewMMARS stores data from July 2003 to present. Eventually Classic MMars will be retired. To find out how to get access to MMARS contact the Information Technology Services Total Service Center at 508-856-UITS(8487) or email them at uis.tsc@umassp.edu Date Revised : 2005-03-11
What is MAGIC?MAGIC refers to the Massachusetts Group Insurance Commission computer application available on the Information Technology Division computers. MAGIC access is given to specific University Human Resources employees only. To find out how to get access to MAGIC contact the Information Technology Services Total Service Center at 508-856-UITS(8487) or email them at uits.tsc@umassp.edu. Date Revised : 2006-02-24
I want to use peer to peer applications but do not want the program's to allow others to be able to upload from my computer. How can I do this?Disable your peer to peer program's uploading capability. For more information regarding how to do this, go to http://security.uchicago.edu/peer-to-peer/no_fileshare.shtml Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF) Date Revised : 2006-03-22
Copyright InformationI want to download music and movies using peer to peer (i.e., p2p) sharing. What issues should I be aware of?The following issues should be considered:
Date Revised : 2006-02-24
GeneralWhat is user authentication?User authentication is any system that is used for determining, and verifying, the identity of a user. User name and password is a simple form of user authentication. Date Revised : 2003-06-05
What is online piracy and why is it illegal?Online piracy is the unauthorized uploading of copyrighted material (sound or video) and making it available to the public, or downloading a sound or video recording from the Internet even if the recording is not sold. Online piracy is in violation of the U.S. Copyright law. Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF) Date Revised : 2006-03-22
Copyright InformationHow do I know if something is copyrighted?When you buy music legally, there is usually a copyright mark somewhere on the product. Stolen music generally doesn't bear a copyright mark or warning. Either way, the copyright law still applies. A copyrighted creative work does not have to be marked as such to be protected by law. Reference: Responsible/Acceptable Use of Computing and Data Resources (PDF) Date Revised : 2006-08-23 Date Reviewed: 2007-11-05
How do I know what's legal and what's not when it comes to copying music?If you distribute copyrighted music without authorization from the copyright owner, you are breaking the law. (Distribution can mean anything from "sharing" music files on the Internet to burning multiple copies of copyrighted music onto blank CD-Rs.) Reference: Responsible/Acceptable Use of Computing and Data Resources (PDF) Date Revised : 2006-08-23 Date Reviewed: 2007-11-05
GeneralWhere can I find legally downloadable music on the Internet?The web site http://www.campusdownloading.com/legal.htm will give you a list of sites for legal music on the Internet along with other helpful information related to music downloading. Date Revised : 2006-08-23
What legal downloading services are available?Most legal music/video downloading services function on a subscription basis that allows users to license the use of or buy copies of music/video online. Each service has their own fees, requirements and offerings (e.g., music, television shows, feature movies, articles, interviews, ring tones, community interaction, etc.) so you should look at all before making a decision. Additionally, your campus may offer one or more of the legal downloading services for free or at a discounted rate so be sure to contact your Information Technology group before buying a service on your own. The web site http://www.campusdownloading.com/legal.htm will give you a list of sites for legal music on the Internet along with other helpful information related to music downloading. Some of the legal downloading services available are:
Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)
Copyright InformationMay I scan any image I wish and post it on my Web site?The short answer is "no". While it is physically and technically easy to scan images out of books and magazines, and to place computer-readable (GIF and JPG) copies in one's web site, the fact that it is physically and technically easy does not make it legal or moral. The safest course of action is to obtain permission from the copyright owner before posting a scanned image into your web site. Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF) Date Revised : 2006-03-22 Date Reviewed: 2007-11-05
Who finds/detects illegal downloading or online piracy?Copyright owners or their agents search for copyright infringement using tools developed specifically for this function.
Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF) Date Revised : 2006-03-22 Date Reviewed: 2007-11-05
GeneralCan I use E-mail or instant messenger services to exchange songs with my friends?The use of e-mail or instant messenger services to exchange songs is governed by the same copyright laws that apply to any other form of reproduction or distribution. Date Revised : 2006-08-23
Copyright InformationDo MIDI, WAV, and MP3 files violate the copyright laws?MIDI, WAV and MP3 files are files which, when played back through appropriate software and hardware, reproduce sounds, music, or voices. The file, if prepared without permission, is likely to be an unauthorized derivative work, giving rise to liability under the copyright laws. The Copyright Act prevents the unauthorized copying of a work of authorship. A copyright is the set of exclusive legal rights authors have over their works for a limited period of time. These rights include copying the works (including parts of the works), making derivative works, distributing the works, and performing the works (this means showing a movie or playing an audio recording, as well as performing a dramatic work). Reference : Responsible/Acceptable use of Computing and Data Resources (PDF) Date Revised : 2006-03-22 Date Reviewed: 2007-11-05
Is it legal to post music that is no longer copyrighted?Copyrights don't last forever. Eventually all creative work becomes part of what is called the public domain at which point anyone and everyone is free to copy and distribute it as they please. But just because a particular recording has gone out of print doesn't mean its copyright has lapsed. If it hasn't, then you need to get permission from the copyright holder before you post it. If you do not know if the music is in the public domain DO NOT post it. Reference: Responsible/Acceptable Use of Computing and Data Resources (PDF) Date Revised : 2006-08-23 Date Reviewed: 2007-11-05
Am I breaking the law if I upload or download copyrighted music and leave it on my hard drive for less than 24 hours?Reproducing or distributing copyrighted music without the permission of the copyright holder is against the law regardless of how long you hold on to the music. Reference: Responsible/Acceptable Use of Computing and Data Resources (PDF) Date Revised : 2006-08-23 Date Reviewed: 2007-11-05
Is it illegal to upload music onto the Internet even if I don't charge for it?Yes, if the music is protected by copyright and you don't have the copyright holder's permission. U.S. copyright law prohibits the unauthorized distribution of copyrighted creative work whether or not you charge money for it. Reference: Responsible/Acceptable Use of Computing and Data Resources (PDF) Date Revised : 2006-08-23 Date Reviewed: 2007-11-05
What if I upload or download music to or from a server that is based outside of the U.S.?If you are in the United States, U.S. law applies to you regardless of where the server may be located. Date Revised : 2006-08-23
What will happen to you if you are found liable for copyright infringement?In the US, if the copyright owner previously registered the copyright with the Copyright Office, then you may have to pay amounts of money set forth in the copyright statute, anywhere from $500 to $20,000. You may also have to pay the attorneys' fees of the copyright owner. In the US, regardless of whether or not the copyright owner previously registered the copyright, you may have to pay actual damages. In addition, the court may order impoundment and destruction of the instrumentalities that made the copying possible. This may include your computer, your hard disk, your backup media, your MIDI keyboard, your modem, and other hardware and software. Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF) Date Revised : 2006-03-22 Date Reviewed: 2007-11-05
What happens to someone found illegally downloading music or movies?The copyright owner or their agent (in many cases this is the Recording Industry Association of America - RIAA) will send a Digital Millenium Copyright Act (i.e., DMCA) take-down notice to the online service provider (the University in the case of UMass students, faculty or staff) hosting the user. The user is issued the notice and required to remove the offending material or respond with a statement, under penalty of perjury, that the downloaded material is not infringing on copyright. Violation of the U.S Copyright law is punishable by fines and/or imprisonment. Under federal law, first-time offenders who commit copyright violations that involve digital recordings can face criminal penalties of as much as five years in prison and/or $250,000 in fines. You could also be sued by the copyright holder in civil court, which could cost you hundreds of thousands of dollars more in damages and legal fees. University penalties may included a written warning, temporary or permanent disconnection from the University network, education, community service, academic probation, loss of housing, suspension or expulsion. Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF) Date Revised : 2006-03-22 Date Reviewed: 2007-11-05
I am a copyright holder and think by copyright has been infringed, what do I do?If a copyright holder believes that University users are infringing copyright protected work, they may send a notice to the designated agent Digital Millenium Copyright Notice agent. For a list of University of Massachusetts campus and UMassONLINE copyright agents go to http://www.copyright.gov/onlinesp/list/. Notification of claimed infringement must contain the information required by and otherwise comply with the Digital Millennium Copyright Act, Title 17, Section 512(c) of the United States Code. Date Revised : 2006-08-23 Date Reviewed: 2007-11-05
|
|
 |
|
|
|||||||||||||||||||
|
Security AwarenessGeneral FAQPrivacy Policy | Site Map | Contact the Webmaster
This page last updated on January 5, 2007. |
|
|||||||||||||||||||
|
|
|
|||||||||||||||||||
This is an