Acceptable Use Policy

Download as PDFDownload as PDF

Acceptable Use Policy

Title:   Acceptable Use Policy
Reference:  MF-POL-006
Issue:   13
Document owner:    John Chapman, Head of Janet policy and strategy
Authorised by:    Jeremy Sharp, Janet CTO
Date:  3 March 2022 (Effective from 1 April 2022)
Last reviewed: 3 March 2022

Document control          

1. Superseded documents: MF-POL-006 issue 12, dated May 2016

2. Changes made: Harmonising of definitions across policies

3. Changes forecast: None

Background

1.     The Janet Network (“Janet”) is the communications network operated by Jisc Services Ltd (Jisc) to serve UK education, research and other public sector purposes. Its primary purpose is to enable organisations in these communities to fulfil their missions of providing education, research, of supporting innovation, and of civic engagement more widely.

2.     This Acceptable Use Policy applies to two broad categories of organisation: those connecting directly to Janet in their own right (“Connected Organisation”); and those connecting indirectly, as a partner to the directly-connected organisation and with the connection made through the latter organisation’s own connection(s) to Janet (“Partner Organisation”). It also covers the granting of access to Janet to guests visiting an organisation with a Janet connection. In conjunction with MF-POL-007 the Janet Security Policy, it is an integral part of GEN-DOC-009 the Terms for Provision of the Janet Service (Janet Terms)[1].

3.     The Acceptable Use Policy does not determine the eligibility of any particular organisation or individual to have a connection to and use Janet services. This eligibility is determined by MF-POL-053 the Janet Network Connection Policy. The Acceptable Use Policy merely defines acceptable and unacceptable use of Janet by those who have been provided with access to Janet services under the terms of the Janet Network Connection Policy.

4.     Copies of the Janet Terms, the Janet Network Connection Policy and the Janet Security Policy may be found at ji.sc/policies.

The Policy

Acceptable Use

5.     Connected Organisations and their Partner Organisations may use Janet for the purpose of communicating with other Connected Organisations, and with organisations, individuals and services attached to networks which are reachable via Janet. All use of Janet is subject to the Janet Terms.

6.     Subject to clauses 8 to 16 below, Janet may be used by a Connected Organisation for any lawful activity in furtherance of the missions of the Connected Organisation. Use by the Connected Organisation may be in pursuance of activities for commercial gain as well as for not-for-profit activities. (See Note 1)

7.     It is the responsibility of the Connected Organisation to ensure that its users (and their Partner Organisations) use Janet services in accordance with the Acceptable Use Policy, and with current legislation. (See Note 2)

Unacceptable Use

8.     Janet may not be used by a Connected Organisation, Partner Organisation or their users for any activity that may reasonably be regarded as unlawful or potentially so. This includes, but is not limited to, any of the following activities. (See Note 3)

9.     Creation or transmission, or causing the transmission, of any offensive, obscene or indecent images, data or other material, or any data capable of being resolved into obscene or indecent images or material. (See Note 4)

10.  Creation or transmission of material with the intent to cause annoyance, inconvenience or needless anxiety.

11.  Creation or transmission of material with the intent to defraud.

12.  Creation or transmission of defamatory material.

13. Creation or transmission of material such that this infringes the copyright of another person.

14.  Creation or transmission of unsolicited bulk or marketing material to users of networked facilities or services, save where that material is embedded within, or is otherwise part of, a service to which the user or their User Organisation has chosen to subscribe.

15.  Deliberate unauthorised access to networked facilities or services. (See Note 5 and Note 6)

16.  Deliberate or reckless activities having, with reasonable likelihood, any of the following characteristics:

16.1.  wasting staff effort or Jisc resources, including time on end systems on another Connected Organisation’s network, and the effort of staff involved in the support of those systems;

16.2.  corrupting or destroying other users’ data;

16.3.  violating the privacy of other users;

16.4.  disrupting the work of other users;

16.5.  denying service to other users (for example, by overloading of access links or switching equipment, of Janet services, or of services or end systems on another Connected Organisation’s network);

16.6.  continuing to use an item of software or hardware after the Janet Network Operations Centre or its authorised representative has requested that use cease because it is causing disruption to the correct functioning of Janet;

16.7.  other misuse of Janet, such as the introduction of viruses, malware, ransomware or other harmful software via Janet to resources on Janet, or on another Connected Organisation’s network.

Access to Other Networks via Janet

17.  Where Janet is being used to access another network, any deliberate or persistent breach of the acceptable use policy of that network will be regarded as unacceptable use of Janet. Any activity as described in clause 16 above, and where applied either to a user of that network, or to an end system attached to it, will also be regarded as unacceptable use of Janet.

18.  Any deliberate or persistent breach of industry good practice (as represented by the current standards of the London Internet Exchange) that is likely to damage the reputation of Jisc will also be regarded prima facie as unacceptable use of Janet.

Compliance

19.  It is the responsibility of the Connected Organisation to take reasonable steps to ensure its users, Partner Organisations and their users comply with the conditions set out in this Policy document, and to ensure that unacceptable use of Janet is dealt with promptly and effectively should it occur. The discharge of this responsibility includes informing all users of the Connected Organisation with access to Janet of their obligations in this respect (see Note 7).

20.  Where necessary, service may be withdrawn from the Connected Organisation, in accordance with the Janet Terms. Where violation of these conditions is unlawful, or results in loss or damage to Janet resources or the resources of third parties accessible via Janet, the matter may be referred for legal action.

Explanatory notes

Note 1: The Acceptable Use Policy does not make any particular statement as to the acceptability of using Janet for activities resulting in commercial gain to the Connected Organisation, other than this is acceptable where lawful. However, it should be noted that there are legal constraints applying to a publicly funded Connected Organisation in such activities. Where the Connected Organisation is operating as an economic undertaking the issue of State Aid will need to be considered. There is also an issue of the status of both Janet and the User Organisation’s network as private networks. Both are addressed in the Janet Network Connection Policy.

Note 2: It is preferable for misuse to be prevented by a combination of responsible attitudes to the use of Janet on the part of its users and appropriate disciplinary measures taken by their Connected Organisations.

Note 3: The list of unacceptable activities in this section is not exhaustive. The purpose is to bring as clearly as possible to the reader’s attention those activities most commonly associated with the abuse and potentially unlawful use of a network.

Note 4: It may be permissible for such material to be received, created or transmitted where this is for properly supervised and lawful purposes. This may include, for example, approved teaching or research, or the reception or transmission of such material by authorised personnel in the course of an investigation into a suspected or alleged abuse of the institution’s facilities. The discretion to approve such use, and the responsibility for any such approval, rests with the Connected Organisation. Universities UK has provided guidance on handling sensitive research materials.

Note 5: Implicit authorisation may only be presumed where a host and port have been advertised as providing a service (for example by a DNS MX record) and will be considered to have been withdrawn if a complaint from the provider of the service or resource is received either by the Connected Organisation or by Jisc. For all other services and ports, access will be presumed to be unauthorised unless explicit authority can be demonstrated.

Note 6: Where a Connected Organisation wishes to commission or itself perform a test for vulnerabilities in its IT systems (for example, via “penetration testing”) this, as an action authorised by the Connected Organisation, will not be a breach of clause 15. However, the User Organisation should inform Jisc CSIRT, in advance of the test, of the source, nature and timing of the test. This is to avoid wasting the time and resources of Jisc CSIRT in investigating the perceived attack on the Connected Organisation, or automatically blocking it. Jisc CSIRT should be contacted via the details at https://www.jisc.ac.uk/csirt.

Note 7: In order to discharge this responsibility, it is recommended that each Connected Organisation establishes its own statement of acceptable use within the context of the services provided to its users. This should be cast in a form that is compatible with the provisions of this Acceptable Use Policy. Such a statement may refer to, or include material from this document. If material is included, this must be done in such a way as to ensure that there is no misrepresentation of the intent of the Janet Acceptable Use Policy.

[1] GEN-DOC-009 will be superseded in 2022 by the Master Services Agreement for Janet Connection Services

Acceptable Use Policy

Version: 12 in effect until 31 March 2022

Issued: May 2016

Reference: MF-POL-006

Owner: J. Sharp

Last Reviewed Date: 04/10/2021

Background

1. Janet is the name given to an electronic communications network and associated electronic  communications  networking  services  and  facilities  that  support  the  requirements  of  the  UK  education and research communities.  Organisations in the UK education and research communities use  Janet to  fulfil,  and  to  undertake  activities  supporting, their  missions of  providing  education, research, and business and community engagement.

2. This Acceptable Use Policy applies in the first instance to any organisation authorised to use Janet (a  “User Organisation”).    It  applies  also  to  use  of  Janet by  the  User  Organisation’s own members  and  all  those  to  whom  it  otherwise  provides  with  access  to  Janet (collectively,  its ''Members”).  In conjunction with the Janet Security Policy, it is an integral part of the Terms and Conditions for the Provision of the Janet Service (the “Janet Terms”).

3. The Acceptable Use Policy does not determine the eligibility of any particular organisation or individual to have a connection to and use Janet services.  This eligibility is determined by the Janet Network Connection Policy.    The  Acceptable  Use  Policy merely  defines  acceptable  and  unacceptable  use  of Janet by those who have been provided with access to Janet services under the terms of the  Janet Network Connection Policy.

4. Copies of the Janet Terms, and of the  Janet Network Connection Policy and Security Policies may be found on the Jisc website.

Acceptable Use

5. A User Organisation and its Members may use Janet for the purpose of communicating with other  User  Organisations  and  their  Members,  and  with  organisations,  individuals  and  services attached to networks which are reachable via Janet.  All use of Janet is subject to the Janet Terms.

6. Subject to clauses 8 to 16 below, Janet may be used by a User Organisation and its Members for  any  lawful  activity in  furtherance  of  the  missions  of  the  User  Organisation.    Use  by  the  User Organisation and its Members may be in pursuance of activities for commercial gain as well as for not for profit activities.  (See Note 1.)

7. It is the responsibility of the User Organisation to ensure that its Members use Janet services in accordance with the Acceptable Use Policy, and with current legislation.  (See Note 2.)

Unacceptable Use

8. Janet may  not  be  used  by  a  User  Organisation  or  its  Members  for  any activity  that  may reasonably be regarded as unlawful or potentially so.  This includes, but is not limited to, any of the following activities.  (See Note 3.)

9. Creation or transmission, or causing the transmission, of any offensive, obscene or indecent images,  data  or  other  material,  or  any  data  capable  of  being  resolved  into  obscene  or  indecent images or material.  (See Note 4.)

10. Creation or  transmission  of  material  with  the  intent  to  cause  annoyance,  inconvenience  or needless anxiety.

11. Creation or transmission of material with the intent to defraud.

12. Creation or transmission of defamatory material.

13. Creation or transmission of material such that this infringes the copyright of another person.

14. Creation  or  transmission  of  unsolicited  bulk  or  marketing  material  to  users  of  networked facilities or services, save where that material is embedded within, or is otherwise part of, a service to which the user or their User Organisation has chosen to subscribe.

15. Deliberate unauthorised access to networked facilities or services.  (See Note 5 and Note 6.)

16. Deliberate  or  reckless  activities  having,  with  reasonable  likelihood,  any  of  the  following characteristics:

16.1 wasting staff effort or Janet resources, including time on end systems on another User Organisation’s network, and the effort of staff involved in the support of those systems;

16.2 corrupting or destroying other users’ data;

16.3 violating the privacy of other users;

16.4 disrupting the work of other users;

16.5 denying service to other users (for example, by overloading of access links or switching equipment, of Janet services, or of services or end systems on another User Organisation’s network);

16.6 continuing to use an item of software or hardware after the Janet Network Operations Centre  or  its  authorised  representative has  requested  that  use  cease  because  it  is  causing disruption to the correct functioning of Janet;

16.7 other misuse of Janet, such as the introduction of “viruses” or other harmful software via Janet to resources on Janet, or on another User Organisation’s network.

Access to Other Networks via Janet

17. Where Janetis being used to access another network, any deliberate or persistent breach of the  acceptable  use  policy  of  that  network  will  be  regarded  as unacceptable  use  of  Janet.  Any activity as described in clause 16 above, and where applied either to a user of that network, or to an end system attached to it, will also be regarded as unacceptable use of Janet.

18. Any deliberate or persistent breach of industry good practice (as represented by the current standards of the London Internet Exchange) that is likely to damage the reputation of Janet will also be regarded prima facie as unacceptable use of Janet.

Compliance

19. It  is  the  responsibility  of  the  User  Organisation  to  take  reasonable  steps  to  ensure  its Members’  compliance  with  the  conditions  set  out  in  this  Policy  document,  and  to  ensure  that unacceptable use of Janetis dealt with promptly and effectively should it occur.  The discharge of this responsibility includes informing all Members of the User Organisation with access to Janet of their obligations in this respect.  (see Note 7.)

20. Where necessary, service may be withdrawn from the User Organisation, in accordance with the JanetTerms.  Where violation of these conditions is unlawful, or results in loss or damage to Janet resources or the resources of third parties accessible via Janet, the matter may be referred for legal action.

Explanatory Notes

Note 1: The Acceptable Use Policy does not make any particular statement as to the acceptability of using Janet for activities resulting in commercial gain to the User Organisation, other than this is acceptable where lawful.  However, it should be noted that there are legal constraints applying to a publicly funded User Organisation in such activities.  Where the User Organisation is operating as an economic undertaking the issue of State Aid will need to be considered.  There is also an issue of the status of both Janet and the User Organisation’s network as private networks.  Both are addressed in the Janet Eligibility Policy and more particularly in the Janet factsheets referenced therein.

Note 2: It is preferable for misuse to be prevented by a combination of responsible attitudes to the use of Janet resources on the part of its users and appropriate disciplinary measures taken by their User Organisations.

Note 3: The list of unacceptable activities in this section is not exhaustive.  The purpose is to bring as clearly as possible to the reader’s attention those activities most commonly associated with the abuse and potentially unlawful use of a network.

Note 4: It may be permissible for such material to be received, created or transmitted where this is for properly supervised and lawful purposes.  This may include, for example, approved teaching or research, or the reception or transmission of such material by authorised personnel in the course of an  investigation  into  a  suspected  or  alleged  abuse  of the  institution’s  facilities. The  discretion  to approve  such  use,  and  the  responsibility  for  any  such  approval,  rests  with  the  User  Organisation. Universities UK has provided guidance on handling sensitive research materials.

Note 5: Implicit authorisation may only be presumed where a host and port have been advertised as  providing  a  service  (for  example  by  a  DNS  MX  record)  and will  be  considered  to  have  been withdrawn if a complaint from the provider of the service or resource is received either by the UserOrganisation  or  by  Janet. For  all  other  services  and  ports,  access  will  be  presumed  to  be unauthorised unless explicit authority can be demonstrated.

Note 6: Where  a  User  Organisation  wishes  to  commission  or  itself  perform  a  test  for vulnerabilities in its IT systems (for example, via “penetration testing”) this, as an action authorised by the User Organisation, will not be a breach of clause 15.  However, the User Organisation should inform the Janet CSIRT, in advance of the test, of the source, nature and timing of the test.  This is to  avoid  wasting  the  time  and  resources  of  the  CSIRT  in  investigating  the  perceived  attack  on  the User Organisation, or automatically blocking it.

Note 7: In order to discharge this responsibility, it is recommended that each User Organisation establishes its own statement of acceptable use within the context of the services provided to its Members. This should be cast in a form that is compatible with the provisions of this Acceptable Use Policy. Such a statement may refer to, or include  material  from  this  document. If material is included,  this  must  be  done  in  such  a  way  as  to  ensure  that  there is no misrepresentation  of  the intent  of  the  JanetAcceptable Use  Policy. The  Janet  Service  Desk  can  advise  on  this  aspect  if required.

Comments