This report is also available as an Acrobat file.

Contents
LEGAL ISSUES RELATING TO THE DEVELOPMENT AND USE OF WORLD WIDE WEB TECHNOLOGY AT EDUCATIONAL SITES

Codes of Practice and Guidelines

Introduction

A useful starting point for consideration of the approach to be taken to the legal issues facing HE institutions in the UK is the Joint Academic Network's (JANET) Acceptable Use Policy. JANET provides links between most HE institutions in the UK, and the Policy states that the system should not be used for the following purposes:

the creation or transmission (other than for properly supervised and lawful research purposes) of any offensive, obscene or indecent images, data or other material, or any data capable of being resolved into obscene or indecent images or material;
the creation or transmission of material which is designed or likely to cause annoyance, inconvenience or needless anxiety;
the creation or transmission of defamatory material
the transmission of material such that this infringes the copyright of another person.

In addition, HE institutions are required to "take all reasonable steps to ensure compliance with the conditions set out in this Policy document, and to ensure that unacceptable use of JANET does not occur. The discharge of this responsibility must include informing those at the Organisation with access to JANET of their obligations in this respect." Thus the Policy lays out some broad pointers as to what is considered unacceptable use of the system, and more importantly, places the onus for informing the end user, on the individual HE institutions. It is useful to note the "catch-all" nature of the second category, as use of such "catch-all" provisions in institutional regulations can provide the flexibility required to adequately regulate a rapidly changing environment.

Writing a code of practice.

It is important to remember when considering an institutional approach to the setting up and use of WWW servers and homepages, that the unwritten first rule of civil litigation is "never sue poor people". Thus, if a plaintiff is given the choice between suing a student or staff member, and suing an HE institution, they are unlikely to pursue the student or staff member. As a result, when writing an institutional code of practice, it is advisable to place precise restrictions on who may set up a Webserver on any machine within the institution - the fewer the Webservers that exist, the easier it is to develop effective regulation. Similarly, it is wise to maintain a clear separation between official institutional webpages and personal webpages. This may be achieved by restricting the use of official logos and designations to institutional webpages, and by placing a notification and disclaimer page between institutional webpages and links to personal webpages at the institution and all other webpages beyond the control of the institution. It is important to have a coherent structure of responsibility in place, particularly where an institution has a Webserver with multiple official departmental homepages or multiple official departmental Webservers. In such circumstances there should be a designated staff member within each of those departments with responsibility for their maintenance and content, and a staff member with the power to remove potentially damaging material from both institutional and personal webpages, as soon as it is brought to the attention of the institution, until such time as it can be verified whether or not some civil or criminal liability may be incurred by its display.

At present, if an institution allows personal webpages to be held on its machines, it is desirable to have both the notification and disclaimer page mentioned above, and also a statement in the code of practice to the effect that the institution does not exercise any editorial control over personal webpages. This may allow for a defence of "innocent dissemination" in circumstances where staff or students publish defamatory statements. However, this should be accompanied by a statement that where the institution is notified by third parties that defamatory, infringing or criminal material is being held on its machines it will take all reasonable steps to ensure its removal in a timely manner. This approach may become less practicable if the current draft Defamation Bill being circulated by the Lord Chancellor's Department becomes law, as this would require the institution to take reasonable steps to ensure defamatory material was not published.

There is a considerable degree of uncertainty at present as to whether such reasonable steps would entail an institution monitoring all web pages held on its machines, potentially an impossible task.. If that were to be the case, it would seem likely that most HE institutions would follow the lead already taken by several of their number, and simply ban all personal webpages from machines under their control.

The code of practice should also make clear the penalties for unacceptable use. Such penalties would usually include the statement that where there is a breach of the code of practice, or where an individual's webpage is deemed by the authorities at the institution to bring the name and/or reputation of that institution into disrepute, this may result in the temporary or permanent withdrawal of computer services.

As an adjunct to any code of practice, there should be a set of clear guidelines for individuals wishing to maintain webpages. These guidelines should contain advice as to the design and content of webpages, including use of university logos. They should also contain advice as to the type of sites which the institution considers it inappropriate or unacceptable for pages maintained on its machines to link to. These would probably include sites known to contain pornography, defamatory materials, illegally copied software and other copyrighted works, as well as other inappropriate materials, such as hacker manuals, and racist and sexist tracts. It should be noted that institutions have a wide discretion in deciding what is not appropriate, and may thus ban links to material which is not illegal per se. It may be helpful to put the institution's policy into context by including the JANET Acceptable Use Policy, as this demonstrates that the institution is to a large extent bound by its obligations to JANET, and that the restrictions imposed are not merely an arbitrary whim of the institution's computer services department or administration. The guidelines should also provide a brief summary of the relevant laws, in particular those relating to libel, obscenity, intellectual property and data protection. Prospective users of an institution's computer systems should be provided with a copy of the code of practice and the guidelines, and informed that use of the institution's computer systems will be taken as acceptance of the institutional rules contained within them. Login screens may also refer the user to their acceptance of the code of practice and guidelines each time they access the computer systems.

In a large HE institution, it is next to impossible to effectively monitor the use of WWW facilities by staff and students. However, a carefully thought-out code of practice combined with an effective regulatory system can be used to shield the institution from the majority of legal risks posed by the WWW, and it will ill behoove any HE institution to fail to take advantage of that protection in the coming years.

Considerations when creating a Code of Practice

A code of practice should:

Reflect a clear institutional approach to the setting up and use of Webservers and Webpages
Ensure a clear separation between institutional Webpages and personal Webpages, including notification and disclaimer when a user leaves the institutional Webpages.
Provide for a coherent internal structure of responsibility for general institutional and departmental Webpages, and the ability to respond quickly to remove potentially damaging material.
State that the institution does not exercise direct editorial control over personal Webpages.
Provide for sanctions for breach of the code of practice, including, where necessary, temporary or permanent removal of computer services.
Provide clear guidelines for WWW use for all institutional users.

Institutional Guidelines for using the World Wide Web.

The guidelines should:

Provide clear advice on the design and content of Webpages.
Provide clear advice as to types of sites considered unacceptable to link to.
Include the JANET Acceptable Use Policy.
Include a brief summary of the relevant laws, especially those relating to libel, obscenity, intellectual property and data protection.

Contents

Graphics Multimedia Virtual Environments Visualisation Contents