This supplement gives interpretations and procedures that are specific to OIT systems. It is meant to be used with the Acceptable Use Policy for Computing and Information Technology Resources and the Guidelines for Interpretation and Administration of the Acceptable Use Policy for Computing and Information Technology Resources.
In addition to this document, specific computers and labs may have their own rules. These should be posted clearly at the facility, or pointers included in the login message. Violations of those rules are considered violations of Acceptable Use, and may be reported using the procedure in this document.
Interfering with Systems and Networks
Copyright Violations
Filesharing Issues
Issues with IRC
Commercial or Political Use of OIT Resources
Harrassment
Bulk Email or SPAM
Chain Letters
Issues with Netnews
Cooperation with System Administrators
Interfering with Systems and Networks
Both the policy and guidelines documents indicate that computer resources may not be used to interfere with or inhibit other users. However enough cases have come up recently that it seems worthwhile to elaborate on this point.
Bandwidth Use
Problems often occur when someone creates a program that does something lots of times. For example, if you write a program that looks at the same web page thousands of times, this will normally cause a problem. Both the servers that handle web pages, and the network that gets the pages for you, are designed for normal human use. They are not designed to cope with programs that ask for the same thing many times. Similarly, sending the same request via email a large number of times (even in the same email message) will often cause problems. So will repeatedly opening and closing network connections, continuously sending "ping" packets, etc.
Networks can only handle a limited amount of traffic. UMass Amherst is fortunate to have a fairly robust connection to the Internet. However smaller educational institutions and commercial sites may not have connections that are as robust. It is possible for a single person at UMass to do things that will effectively shut down network access for a smaller site. If you do this, you are liable not only for University discipline, but also for prosecution. Generally you should be safe if you only use standard system tools in the ways they are intended to be used: viewing web pages yourself, logging in to a computer and using it for legitimate purposes, etc. If you start writing programs or scripts that use these tools repeatedly or in unusual ways, it is your responsibility to make sure that what you are doing will not cause problems for the rest of the network.
Although the parameters are subject to change, the maximum outbound traffic from on campus residents to off campus destinations should not exceed 1 Gigabyte of data during a twenty-four (24) hour period. If you exceed that threshold, your bandwidth may be limited, or your connection may be temporarily disconnected. Users who have a legitimate need to transfer this amount of data may be contacted to verify that their usage is appropriate, and not the result of a compromised (hacked) computer or network.
Individuals, departments or students operating computers or networks that consume an excessive amount of bandwidth are subject to having their consumption limited to ensure adequate capacity for the majority of users. For administrative systems, a good-faith attempt will be made to contact a responsible party prior to curtailment or disconnection of a computer or service. In all cases, the legitimate business needs of the University will be considered the highest priority traffic, and the use of resources for entertainment or other personal uses will not be considered essential and may be severely limited.
Disruption of Core Network Services
While it is normally safe to use standard system tools, the same does not necessarily apply to all customized system tools. For example, certain members of the IRC community distribute programs for disrupting IRC connections. Such a tool is in itself suspicious, since disrupting someone else's activity is generally a violation of Acceptable Use. What's worse, some of these tools work by creating a network overload. Thus they may not only disrupt the person you are trying to disrupt -- they may interfere with the entire system or the network itself. The use of such tools is not appropriate.
The University Office of Information Technologies (OIT) will be the sole provider of network “services” such as DNS and DHCP on OIT networks. Any computer or equipment that replicates or disrupts these services will be immediately disconnected. Computers or devices that require a static IP address must have one properly assigned by OIT. All residential computers must use an IP address assigned by DHCP (there are no exceptions). Static addresses may be requested for administrative computers from hostmaster@oit.umass.edu. Such requests must be made by an employee of the University that is responsible for managing the computer or device.
Enforcement
The university's telecommunications network accommodates many thousands of users on and off campus. The network is constantly monitored to track volume and performance. In the event that the campus network experiences significant degradation due to excessive utilization of resources or a network based attack from internal or external computers or networks, the University reserves the right to take any measure necessary to insure stability and performance. These measures may include rate-limiting, filtering, or disconnection of any computer, network, or building that is involved. Whenever possible, prior notice will be given; however in emergency, after-hours, or widespread network disruptions this may not always be possible.
Copyright Violations
When the University receives a notice of infringement from a copyright holder or designated agent in compliance with the DMCA (Digital Millennium Copyright Act), the University will take any measures necessary to remove the ability to access the infringing material via the network without prior notice. This activity is illegal, and a violation of the OIT AUP and will not be tolerated from either the Residential, or the Academic computer networks.
Filesharing Issues
File Sharing provides a convenient way to transfer information, and facilitate collaboration on projects. It can also make it convenient for a hacker or virus to invade a computer! Many of the latest viruses take advantage of shared directories that aren’t adequately protected. Today’s hackers can take advantage of these same vulnerabilities to place files called trojans in a computer to use in gathering information and attacking other machines.
File sharing is not prohibited by OIT, but it is recommended that this tool be used only when other, safer solutions, such as Secure FTP are inadequate, and that the shared folders are protected by secure passwords which are only shared with trusted friends and associates.
Issues with IRC
Many of our complaints from other sites involve users of IRC (Internet Relay Chat). Here are some of the most common:
- Using IRC software (commonly called "proxies") that let users hide their identity or appear to be coming from a different computer than they actually are
- Using IRC software (commonly called "bots") to harrass or interfere with other users or the IRC system in general
- Using IRC software to overload a system or otherwise interfere ("nuking", "DOSing")
People often think that nuking is a harmless prank. Unfortunately the software used to do this often operates by overloading the network on the other end. OIT provides a very fast network. We can easily generate enough network traffic to take another institution or company off the Internet.
Commercial or Political Use of OIT Resources
Commercial or political use is covered in both the policy and guidelines documents. This is being mentioned here simply because commercial use is one of the most common violations of acceptable use. Here are some of the most common examples of things we consider commercial use:
- Using a UMass system to host a web page for any business, including your private consulting practice, your political campaign, or to campaign for another person
- Referring people to a UMass email address for commercial or political use (e.g. in print ads or commercial web pages)
There are often ambiguities about what is permitted. Do not plan to "ask forgiveness" after the fact! You are best advised to "ask permission" before starting to develop any information that may be interpreted as "commercial" in nature. In such cases, please feel free to call the OIT Help Desk at 414.545.9400 or fill out our Help Request form.
Harrassment
- It is a violation to send email that a reasonable person would consider harassment, including email to any person that has requested you not to send them email, or repeated email to someone you don't have a pre-existing relationship with
- All email must contain a valid From: field, identifying an email address to which questions and complaints may be directed
Bulk Email or SPAM
Special issues apply to email to large numbers of people. This is a potential problem, for both policy and technical reasons. Therefore, it is considered a violation of acceptable use to send substantially the same email message to more than 50 users. Exceptions are:
- When the use has been approved by the system administrator, after verifying that it does not violate policies
- When the mail uses majordomo, listserv, or another facility that has been specifically engineered to handle mailing lists. These systems will also allow users to join and leave lists themselves, except in the case of a few UMass internal lists, where appropriate University officials have established lists that do not permit users to leave
While this document covers only OIT Resources, there is another document on bulk email, discussing this issue in more depth and covering computing resources as well. Those rules are consistent with this document.
This includes the restriction against commercial or political use and the general requirement that all activities must abide by the law. There are now laws against unsolicted commercial email in some areas.
Chain Letters
Chain letters are letters that come to you asking that you participate in a pyramid scheme to make money, receive goods, or in some cases simply send well wishes on to "5 of your friends" for good luck. If you know math you will recognize that chain letters attempt to create exponential growth. If not stopped, they will quickly overwhelm any network or mail system. Thus it doesn't matter whether items of value are involved or not. Chain letters have been illegal if sent through the United States Postal Service (USPS) for many years.
Many Internet chain letters often start out by saying "this is absolutely legal", or "I used to think this was illegal, but I checked with a lawyer and it's not". The USPS and FBI say that this is false. These schemes (and various related ones, including some multilevel marketing scams) are considered to violate Federal laws against both gambling and wire fraud. We (and most ISP's) will take action against any chain letter, or any other form a communication that asks each individual to send something to lots of others.
The best action for you to take is to simply delete any message that appears to be a "chain letter." In this way you protect both yourself and the sender.
Issues with Netnews
We expect our users to follow community standards in use of netnews. This includes (but is not limited to):
- biding by any rules specified in the charters of the newsgroup
- Abiding by rulings of the moderator in moderated groups (and not attempting to bypass moderation for moderated groups)
- Posting only to relevant groups
- Not sending substantially the same posting to more than 10 groups
In some other areas it is hard to codify acceptable behavior in a policy such as this, because certain standards differ from group to group. These standards often include the level of personal attack and strong language that are allowed. In certain groups there are other standards. We expect our users to follow prevailing standards. If you consistently violate those standards, readers may complain to the system administrator. If a system administrator or other OIT staff person instructs you that your postings are inappropriate, we will expect cooperation. (See the next section.) This policy is intended to deal with violations of group charters or similar standards for a group. University policy does not permit content-based censorship. Thus this rule may not be used by staff to control what views may be expressed by users.
Cooperation with System Administrators
From time to time activities may interfere with operation of the system, even though they may not clearly be prohibited by the Acceptable Use Policy. In such cases, the system administrator or other OIT staff person may contact you and ask you to stop doing something. You are expected to comply with such instructions. Once you have received such a warning, any further activity of the same kind will be treated as a violation of Acceptable Use.
This is intended to allow staff to intervene when immediate action is required to stop a concrete problem, such as overloading a system or network, interfering with other users' normal use of the system, or a security breach. It is not intended to give system administrators arbitrary authority. If you think a staff member has acted inappropriately in asking you to stop something, you may ask for the decision to be reviewed, in accordance with University policies and procedures. However you will be expected to comply with the ruling of the staff while this review is happening.
