Acceptable use policy

Last updated April 05, 2024

An acceptable use policy (AUP), acceptable usage policy or fair use policy (FUP) is a set of rules applied by the owner, creator, possessor or administrator of a computer network, website, or service that restricts the ways in which the network, website or system may be used and sets guidelines as to how it should be used. AUP documents are written for corporations,^[1] businesses, universities,^[2] schools,^[3] internet service providers (ISPs),^[4] and website owners,^[5] often to reduce the potential for legal action that may be taken by a user, and often with little prospect of enforcement.

Acceptable use policies are an integral and critical part of the framework of information security policies; it is often common practice to ask new members of an organization to sign an AUP before they are given access to its information systems, just in case. For this reason, an AUP must be concise and clear. While at the same time covering the most important points about what users are, and are not allowed to do with the IT systems of an organization, it should refer users to the more comprehensive security policy where relevant. It should also, and very notably define what sanctions will be applied if a user breaks the AUP. Compliance with this policy should as usual, be measured by regular audits.

In some cases a fair usage policy applied to a service allowing nominally unlimited use for a fixed fee simply sets a cap on what may be used. This is intended to allow normal usage but, prevent what is considered excessive. For example, users of an "unlimited" broadband Internet service may be subject to suspension, termination, or bandwidth limiting for usage which is continually excessive, unfair, affects other users enjoyment of the broadband service. Also, it is not consistent with the usage typically expected on a particular access package.^[6] The policy is enforced directly, without legal proceedings.

Terminology

AUP documents are similar to and often serve the same function as the Terms of Service document (e.g., as used by Google Gmail and Yahoo!), although not always. In the case of IBM for instance, the Terms of Use are about the way in which IBM presents the site, how they interact with visitors of the site and little to no instruction as to how to use the site.

In some cases, AUP documents are named Internet and E-mail Policy, Internet AUP, Network AUP, or Acceptable IT Use Policy. These documents, even though named differently, largely provide policy statements as to what behavior is acceptable from users of the local network/Internet connected via the local network.

Common elements of AUP statements

In general, AUP statements/documents often begin with a statement of the philosophy of the sponsoring organization and intended reason as to why Internet use is offered to the users of that organization's network. For example, the sponsoring organization adopts a philosophy of self-regulation and offers the user connection to the local network and also connection to the Internet providing that the user accepts the fact she/he is going to be personally responsible for actions taken when connected to the network or Internet. This may mean that the organization is not going to provide any warning system should the user contravene policy, maintaining that it is up to the user to know when his/her actions are in violation of policy.^{[ citation needed ]} Often Acceptable Use Policy documents provide a statement about the use of the network and/or Internet and its uses and advantages to the business, school or other organisation sponsoring connection to the Internet.^[7] Such a statement may outline the benefit of email systems, ability to gain information from websites, connection with other people through the use of instant messaging, and other similar benefits of various protocols including the relatively new VoIP services.

The most important part of an AUP document is the code of conduct governing the behaviour of a user whilst connected to the network/Internet. The code of conduct may include some description of what may be called netiquette which includes such items of conduct as using appropriate/polite language while online, avoiding illegal activities, ensuring that activities the user may embark on should not disturb or disrupt any other user on the system, and caution not to reveal personal information that could be the cause of identity theft.

Most AUP statements outline consequences of violating the policy. Such violations are met with consequences depending on the relationship of the user with the organisation. Common actions that schools and universities take is to withdraw the service to the violator and sometimes if the activities are illegal the organization may involve appropriate authorities, such as the local police. Employers will at times withdraw the service from employees, although a more common action is to terminate employment when violations may be hurting the employer in some way, or may compromise security. Earthlink, an American Internet service provider has a very clear policy relating to violations of its policy.^[8] The company identifies six levels of response to violations:

issue warnings: written or verbal
suspend the Member's newsgroup posting privileges
suspend the Member's account
terminate the Member's account
bill the Member for administrative costs and/or reactivation charges
bring legal action to enjoin violations and/or to collect damages, if any, caused by violations.

Central to most AUP documents is the section detailing unacceptable uses of the network, as displayed in the University of Chicago AUP. Unacceptable behaviours may include creation and transmission of offensive, obscene, or indecent document or images, creation and transmission of material which is designed to cause annoyance, inconvenience or anxiety, creation of defamatory material, creation and transmission that infringes copyright of another person, transmission of unsolicited commercial or advertising material and deliberate unauthorised access to other services accessible using the connection to the network/Internet. Then there is the type of activity that uses the network to waste time of technical staff to troubleshoot a problem for which the user is the cause, corrupting or destroying other user's data, violating the privacy of others online, using the network in such a way that it denies the service to others, continuing to use software or other system for which the user has already been warned about using, and any other misuse of the network such as introduction of viruses.

Disclaimers are often added in order to absolve an organisation from responsibility under specific circumstances. For example, in the case of Anglia Ruskin University a disclaimer is added absolving the University for errors or omissions or for any consequences arising from the use of information contained on the University website. While disclaimers may be added to any AUP, disclaimers are most often found on AUP documents relating to the use of a website while those offering a service fail to add such clauses.

Particularly when an AUP is written for a college or school setting, AUPs remind students (or when in the case of a company, employees) that connection to the Internet, or use of a website, is a privilege, as demonstrated in the Loughborough University's Janet Service AUP and not a right. Through emphasising this "privilege" aspect, Northern Illinois University then make the connection that any abuse of that privilege can result in legal action from the University.

In a handbook for writing AUP documents, the Virginia Department of Education indicate that there are three other areas needing to be addressed in an AUP:

a statement that the AUP is in compliance with state and national telecommunication rules and regulations
a statement regarding the need to maintain personal safety and privacy while accessing the Internet
a statement regarding the need to comply with Fair Use Laws and other copyright regulations while accessing the Internet

Through a cursory reading of AUP statements found by a Google Search the variation of the inclusion of these items in AUP documents is highly variable. However, those statements in a school or university setting are more likely to include a statement to address at least the "personal safety" issue.

Enforceability

Example:

6.3 This Policy shall be governed by the laws of England and the parties submit to the exclusive jurisdiction of the Courts of England and Wales.

Due to the many jurisdictions covered by the Internet, the AUP document needs to specify the jurisdiction, which determines the laws that are applicable and govern the use of an AUP. Even if a company is only located in one jurisdiction and the AUP applies only to its employees, naming the jurisdiction saves difficulties of interpretation should legal action be required to enforce its statements.

AUP can be effectively enforced with Content and URL filters.

Related Research Articles

An Internet filter is software that restricts or controls the content an Internet user is capable to access, especially when utilized to restrict material delivered over the Internet via the Web, Email, or other means. Content-control software determines what content will be available or be blocked.

An end-user license agreement or EULA is a legal contract between a software supplier and a customer or end-user, generally made available to the customer via a retailer acting as an intermediary. A EULA specifies in detail the rights and restrictions which apply to the use of the software.

In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. It improves privacy, security, and performance in the process.

The National Science Foundation Network (NSFNET) was a program of coordinated, evolving projects sponsored by the National Science Foundation (NSF) from 1985 to 1995 to promote advanced research and education networking in the United States. The program created several nationwide backbone computer networks in support of these initiatives. Initially created to link researchers to the NSF-funded supercomputing centers, through further public funding and private industry partnerships it developed into a major part of the Internet backbone.

Terms of service are the legal agreements between a service provider and a person who wants to use that service. The person must agree to abide by the terms of service in order to use the offered service. Terms of service can also be merely a disclaimer, especially regarding the use of websites. Vague language and lengthy sentences used in these terms of service have caused concerns about customer privacy and raised public awareness in many ways.

A privacy policy is a statement or legal document that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data. Personal information can be anything that can be used to identify an individual, not limited to the person's name, address, date of birth, marital status, contact information, ID issue, and expiry date, financial records, credit information, medical history, where one travels, and intentions to acquire goods and services. In the case of a business, it is often a statement that declares a party's policy on how it collects, stores, and releases personal information it collects. It informs the client what specific information is collected, and whether it is kept confidential, shared with partners, or sold to other firms or enterprises. Privacy policies typically represent a broader, more generalized treatment, as opposed to data use statements, which tend to be more detailed and specific.

Bandwidth throttling consists in the limitation of the communication speed, of the ingoing (received) or outgoing (sent) data in a network node or in a network device such as computers and mobile phones.

Be Unlimited was an Internet service provider in the United Kingdom between 2004 and 2014. Initially founded as an independent company by Boris Ivanovic and Dana Tobak in 2005, it was bought by Spanish group Telefónica Europe in 2006 before being sold on to BSkyB in March 2013 in an agreement which saw BSkyB buy the fixed telephone line and broadband business of Telefónica Europe which at the time traded under the O2 and BE brands. The deal saw BSkyB agree to pay £180 million initially, followed by a further £20 million after all customers had been transferred to Sky's existing business. The sale was subject to regulatory approval in April 2013, and was subsequently approved by the Office of Fair Trading on 16 May 2013.

Internet censorship is the legal control or suppression of what can be accessed, published, or viewed on the Internet. Censorship is most often applied to specific internet domains but exceptionally may extend to all Internet resources located outside the jurisdiction of the censoring state. Internet censorship may also put restrictions on what information can be made internet accessible. Organizations providing internet access – such as schools and libraries – may choose to preclude access to material that they consider undesirable, offensive, age-inappropriate or even illegal, and regard this as ethical behavior rather than censorship. Individuals and organizations may engage in self-censorship of material they publish, for moral, religious, or business reasons, to conform to societal norms, political views, due to intimidation, or out of fear of legal or other consequences.

Corporate censorship is censorship by corporations. It is when a spokesperson, employer, or business associate sanctions a speaker's speech by threat of monetary loss, employment loss, or loss of access to the marketplace. It is present in many different kinds of industries.

File sharing is the practice of distributing or providing access to digital media, such as computer programs, multimedia, program files, documents or electronic books/magazines. It involves various legal aspects as it is often used to exchange data that is copyrighted or licensed.

The Internet is accessible to the majority of the population in Egypt, whether via smartphones, internet cafes, or home connections. Broadband Internet access via VDSL is widely available. Under the rule of Hosni Mubarak, Internet censorship and surveillance were severe, culminating in a total shutdown of the Internet in Egypt during the 2011 Revolution. Although Internet access was restored following Mubarak's order, government censorship and surveillance have increased since the 2013 coup d'état, leading the NGO Freedom House to downgrade Egypt's Internet freedom from "partly free" in 2011 to "not free" in 2015, which it has retained in subsequent reports including the most recent in 2021. The el-Sisi regime has ramped up online censorship in Egypt. The regime heavily censors online news websites, which has prompted the closure of many independent news outlets in Egypt.

Hart v. Comcast was a suit filed by Jon Hart, a citizen of California against Comcast in Alameda County. Comcast is a provider of internet access and services. The suit alleged that Comcast was illegally interfering with certain types of internet traffic, such as BitTorrent. The suit alleged that Comcast is guilty of false advertising for advertising high speed services yet deliberately using technology to interfere with access speeds. The suit also claimed Comcast's actions violated established Federal Communications Commission policies on Net Neutrality. The case has since been settled out of court.

Cyberethics is the philosophic study of ethics pertaining to computers, encompassing user behavior and what computers are programmed to do, and how this affects individuals and society. For years, various governments have enacted regulations while organizations have defined policies about cyberethics.

Perfect 10, Inc. v. CCBill LLC, 488 F.3d 1102, is a U.S. court case between a publisher of an adult entertainment magazine and the webhosting, connectivity, and payment service companies. The plaintiff Perfect 10 asserted that defendants CCBill and CWIE violated copyright, trademark, and state law violation of right of publicity laws, unfair competition, false and misleading advertising by providing services to websites that posted images stolen from Perfect 10's magazine and website. Defendants sought to invoke statutory safe harbor exemptions from copyright infringement liability under the Digital Millennium Copyright Act, 17 U.S.C. § 512, and from liability for state law unfair competition, false advertising claims and right of publicity based on Section 230 of the Communications Decency Act, 47 U.S.C. § 230(c)(1).

<i>Comcast Corp. v. FCC</i> 2010 US Court of Appeals for the District of Columbia case

Comcast Corp. v. FCC, 600 F.3d 642, is a case at the United States Court of Appeals for the District of Columbia holding that the Federal Communications Commission (FCC) does not have ancillary jurisdiction over the content delivery choices of Internet service providers, under the language of the Communications Act of 1934. In so holding, the Court vacated a 2008 order issued by the FCC that asserted jurisdiction over network management policies and censured Comcast from interfering with its subscribers' use of peer-to-peer software. The case has been regarded as an important precedent on whether the FCC can regulate network neutrality.

Since the arrival of early social networking sites in the early 2000s, online social networking platforms have expanded exponentially, with the biggest names in social media in the mid-2010s being Facebook, Instagram, Twitter and Snapchat. The massive influx of personal information that has become available online and stored in the cloud has put user privacy at the forefront of discussion regarding the database's ability to safely store such personal information. The extent to which users and social media platform administrators can access user profiles has become a new topic of ethical consideration, and the legality, awareness, and boundaries of subsequent privacy violations are critical concerns in advance of the technological age.

Internet bottlenecks are places in telecommunication networks in which internet service providers (ISPs), or naturally occurring high use of the network, slow or alter the network speed of the users and/or content producers using that network. A bottleneck is a more general term for a system that has been reduced or slowed due to limited resources or components. The bottleneck occurs in a network when there are too many users attempting to access a specific resource. Internet bottlenecks provide artificial and natural network choke points to inhibit certain sets of users from overloading the entire network by consuming too much bandwidth. Theoretically, this will lead users and content producers through alternative paths to accomplish their goals while limiting the network load at any one time. Alternatively, internet bottlenecks have been seen as a way for ISPs to take advantage of their dominant market-power increasing rates for content providers to push past bottlenecks. The United States Federal Communications Commission (FCC) has created regulations stipulating that artificial bottlenecks are in direct opposition to a free and open Internet.

Net bias is the counter-principle to net neutrality, which indicates differentiation or discrimination of price and the quality of content or applications on the Internet by ISPs. Similar terms include data discrimination, digital redlining, and network management.

Network eavesdropping, also known as eavesdropping attack, sniffing attack, or snooping attack, is a method that retrieves user information through the internet. This attack happens on electronic devices like computers and smartphones. This network attack typically happens under the usage of unsecured networks, such as public wifi connections or shared electronic devices. Eavesdropping attacks through the network is considered one of the most urgent threats in industries that rely on collecting and storing data. Internet users use eavesdropping via the Internet to improve information security.

References

↑ "IS.SEC.005". Hospital Corporation of America. 2007-12-01. Archived from the original on October 30, 2006. Retrieved 2008-12-13.
↑ "Policy on Acceptable Use of Electronic Resources". University of Pennsylvania. Archived from the original on 18 December 2008. Retrieved 2008-12-13.
↑ "2008-2009 Code of Student Conduct" (PDF). Charlotte County Public Schools. Archived from the original (PDF) on 2019-01-20. Retrieved 2008-12-13.
↑ "EMBARQ ACCEPTABLE USE POLICY & VISITOR AGREEMENT". 2006-10-20. Archived from the original on 20 November 2008. Retrieved 2008-12-13.
↑ "MySpace.com Terms of Use Agreement". Myspace. 2008-02-28. Archived from the original on 16 December 2008. Retrieved 2008-12-13.
↑ TalkTalk Fair Usage Policy Archived 2015-10-20 at the Wayback Machine "Tiscali UK Ltd - Fair usage policy". 2014-03-01. Archived from the original on 2014-03-01., typical fair usage conditions for
↑ "Acceptable Use Policies: A Handbook". Virginia Department of Education. Archived from the original on 31 March 2007. Retrieved 27 June 2021.
↑ "ACCEPTABLE USE POLICY". EarthLink. Retrieved 2020-11-08.

External links

Critiquing Acceptable Use Policies by Dave Kinnaman. Archived from the original on 6 July 2022. Retrieved 2023-11-17.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "IS.SEC.005". Hospital Corporation of America. 2007-12-01. Archived from the original on October 30, 2006. Retrieved 2008-12-13.

[2] "Policy on Acceptable Use of Electronic Resources". University of Pennsylvania. Archived from the original on 18 December 2008. Retrieved 2008-12-13.

[3] "2008-2009 Code of Student Conduct" (PDF). Charlotte County Public Schools. Archived from the original (PDF) on 2019-01-20. Retrieved 2008-12-13.

[4] "EMBARQ ACCEPTABLE USE POLICY & VISITOR AGREEMENT". 2006-10-20. Archived from the original on 20 November 2008. Retrieved 2008-12-13.

[5] "MySpace.com Terms of Use Agreement". Myspace. 2008-02-28. Archived from the original on 16 December 2008. Retrieved 2008-12-13.

[6] TalkTalk Fair Usage Policy Archived 2015-10-20 at the Wayback Machine "Tiscali UK Ltd - Fair usage policy". 2014-03-01. Archived from the original on 2014-03-01., typical fair usage conditions for

[7] "Acceptable Use Policies: A Handbook". Virginia Department of Education. Archived from the original on 31 March 2007. Retrieved 27 June 2021.

[8] "ACCEPTABLE USE POLICY". EarthLink. Retrieved 2020-11-08.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]