Perspectives

Defining Your ISPs Boundaries: Acceptable Use Policies

An Acceptable Use Policy (AUP) defines the acceptable uses to which a network and the hosts, routers, and services that comprise that network can be put. More importantly, it defines specific types of activity that are not allowed on that network, and actions which may be taken in the event that the policy is violated. Acceptable Use Policies frequently include restrictions on activities such as attempts to compromise computer security ("hacking"), distribution of unsolicited mass e-mail ("Spam"), and copyright violations.

Member cooperatives are encouraged to establish an Acceptable Use Policy, and have their subscribers sign that policy as a condition of service. Two examples of Acceptable Use Policies are available on the TrueBand ISP members' website. Members should consult with their legal representatives when establishing the wording of their policy document. Members who do not have an Acceptable Use Policy for their subscribers may still be held accountable for the behavior of their subscribers. Having an Acceptable Use Policy provides a valuable tool for enforcing appropriate behavior of subscribers to your network services.

Conventionally, the address to report issues typically covered by an Acceptable Use Policy is ěabuse@domain.î TrueBand Internet Services suggests that our members establish a similar e-mail address in their own domains.

TrueBand's Acceptable Use Policy and Our Members

Below is NRTC's own Acceptable Use Policy. This is the standard to which we hold our members. In writing your own policy, you may want to consider some of the provisions contained here.

Acceptable Use Policy

The NRTC TrueBand's Internet Service Acceptable Use Policy is intended to help enhance the use of the Internet by preventing unacceptable use. All users of NRTC TrueBand's Internet Services must comply with this Policy. By using the NRTC TrueBand Internet Service, you confirm your acceptance of, and agree to be bound by, this Policy.

The NRTC TrueBand Internet Service supports the free flow of information and ideas over the Internet and does not actively monitor use of Internet services under normal circumstances.

We do not exercise editorial control over the content of any Web site, electronic mail transmission, newsgroup or any other material created or accessed through NRTC TrueBand Internet services. NRTC TrueBand Internet Service does not endorse or stand behind the accuracy, truthfulness, or reliability of any information (including statements of opinion or advice) provided on or by means of NRTC TrueBand Internet Service. NRTC TrueBand Internet Service does not accept responsibility for the content of the materials or information published by others nor the violation of any laws resulting from such publication. NRTC TrueBand Internet Service may, at its sole discretion, remove any materials that may be illegal or may subject NRTC to liability or which may violate this Policy.

Violations of Acceptable Use Policy

You are responsible for your communications via, and your use of, the NRTC TrueBand Internet Service. The following constitute Violations of the NRTC TrueBand Internet Service Acceptable Use Policy:

1. Illegal Use: Use of NRTC TrueBand Internet Service to publish, post, distribute or disseminate defamatory, infringing, obscene or other unlawful material or information via NRTC TrueBand Internet Service, or violate any applicable local, state, national or international law either intentionally or unintentionally.
2. Harassment: Use of NRTC TrueBand Internet Service to threaten, harass, stalk, abuse or otherwise violate the legal rights (including rights of privacy and publicity) of others.
3. Unauthorized Access: Intercept or attempt to intercept E-mail, attempt to access the accounts of others, or attempt to penetrate the security measures of NRTC TrueBand Internet Service whether or not the intrusion resulted in corruption or loss of data. This includes, but is not limited to, intentionally seeking information on, obtaining copies of, or modifying files, email or other data, or passwords belonging to other users without permission.
4. Forgery: Internet email sent, or caused to be sent, to or through NRTC TrueBand Internet Service's network that makes use of or contains invalid or forged headers, invalid or non-existent domain names or other means of deceptive addressing is prohibited. Similarly, email that is relayed through a third party's mail server without the permission of that third party, or which employs similar technologies to hide or obscure the source of the email is unauthorized.
5. Copyright or Trademark Infringement: Upload, email or posting of files that contain software or other material protected by intellectual property laws, rights of privacy or publicity, copyright, trademark, patent, trade secret or any other applicable law unless you own or control the rights thereto or have received all necessary consents.
6. Fraudulent Activity: Use of NRTC TrueBand Internet Service services to make fraudulent offers to sell or buy products, items, or services or to advance any type of financial scam such as "pyramid schemes", "ponzi schemes" or "chain letters" is expressly prohibited.
7. Security and Resource Infringements: Use NRTC TrueBand Internet Service in a manner that adversely affects the availability of its resources to other users including unauthorized security probing activities or other attempts to evaluate the security integrity of a network or host system without permission. Including but not limited to port scanning, network attacks, and the transmission of viruses or virus hoaxes.
8. Unsolicited / Bulk E-mail: Send E-mail to users for any purpose other than personal communication, including but not limited to, transmit unsolicited commercial or bulk email, advertise or offer to sell goods or services to other users.

Reporting of Violations

NRTC TrueBand Internet Service requests that anyone who believes that there is a violation of this Acceptable Use Policy direct the information to NRTC. In order to pursue a violation report, the following information is necessary:

• The IP Address used to commit the alleged violation
• The date and time of the alleged violation in Eastern Time
• Evidence of the alleged violation

E-mail with full header information provides all of the above, as do syslog files. Other situations will require different methods of providing the information above. NRTC TrueBand Internet Service may take any of the following actions in response to a violation report:

• Written warning
• Suspension of offending user's account
• Termination of offending user's account
• Bring legal action against offending subscriber
• Report the violation to governmental authorities.

TrueBand Security Violation Investigative Process

TrueBand ISP deploys a defined process in response to reports of security violations, SPAM e-mail, copyright infringement, and other Acceptable Use Policy issues originating with our members or their subscribers, described below:

1. Investigate the matter. When TrueBand ISP receives a report of possible violation, the first response is to investigate the issue. In most cases, enough information is provided to identify the member cooperative and the subscriber involved. If insufficient information has been provided, we will respond asking for additional details so that the issue can be investigated.
2. Contact the member. TrueBand ISP will contact the member cooperative providing them with details of the issue and the identity of the subscriber if possible. In some cases, it may not be possible for TrueBand ISP to identify the subscriber due to incomplete information provided in the initial report, or because the subscriber does not authenticate through our servers.
3. Recommend solution. TrueBand ISP may be able to provide recommendations to rectify the problem to the member cooperative. These may include suggesting anti-virus software, firewall hardware, or termination of a particular subscriber account. The cooperative member is responsible for any action taken, which should be reported to TrueBand ISP to indicate that an effort is being made to correct the problem.
4. Reply sent. When the investigation is brought to resolution, TrueBand ISP replies to the entity that reported the issue, indicating that the issue is being investigated and appropriate action will be taken. No further details will be provided without a warrant issued by a law enforcement agency. While TrueBand ISP will cooperate fully with any criminal investigation, we also are obligated to protect the privacy of our members and their subscribers.
5. Escalation required for continued violations. Continued reports of the same activity will be treated similarly; however, TrueBand ISP may take additional steps to protect its network, member cooperatives, and their subscribers from such activity. These steps include, but are not limited to, disabling or filtering IP addresses, disabling subscriber accounts, or terminating member services.

Recommended AUP Response Strategies for TrueBand Internet Services Members

TrueBand Internet Services recommends that its members take specific steps in response to reports of security violations, Spam, copyright infringement, or other Acceptable Use Policy issues originating with the members' subscribers. Many of these recommendations are similar to the steps taken by TrueBand ISP on receiving a report of such activity originating with a member or their subscriber:

1. Investigate. First, the member should investigate the issue. In most cases, enough information is provided to identify the subscriber involved. Usually, all that is needed is the exact date and time (including the time zone) of the activity, and the IP address from which it originated. Firewall log files, anti-virus activity reports, and email message headers all include this information. If you are unsure how to interpret the information provided, feel free to pass it on to TrueBand Internet Servicesí technical staff for assistance. If insufficient information has been provided, respond to the persons reporting the issue asking for additional details so that the issue can be investigated.
2. Attempt to identify the subscriber. Member cooperatives can determine the subscriber identity from their log files. If the IP address is assigned to a subscriber pool that uses TrueBand ISP's authentication servers, the member may be able to identify the subscriber by searching for the date and time and IP address in their billing data file. The billing data file can be downloaded from the TrueBand ISP members' site. However, it may be simpler to pass the details to TrueBand Internet Servicesí technical staff, and we can attempt to identify the user for the member. In some cases, it may not be possible for TrueBand ISP to identify the subscriber due to incomplete information provided in the initial report, or because the subscriber does not authenticate through our servers.
3. Contact subscriber. Contact the subscriber and let them know that you've received reports of activity in violation of the Acceptable Use Policy. In some cases, they may not be aware of the problem, and frequently just letting the subscriber know there is a problem is sufficient to stop the activity. In any case, such contact should be documented with either e-mail or a call log, in the event that it becomes necessary to take further action.
4. Explore Solutions and offer Recommendations. TrueBand ISP may be able to recommend solutions to the matter, which may include suggesting anti-virus software or firewall solutions. You may pass some of these recommendations on to your subscriber. However, it is not advised that members suggest specific products to their customers. Doing so may make you liable in the event that the product does not perform as expected. Instead, you may suggest that they check computer magazines at the local library or on the Internet for product reviews. If you do recommend hardware or software to alleviate the problem, it is best to note that no security product is perfect, and all of them require proper configuration and updates to function effectively.
5. Report Resolution to TrueBand. Members are responsible for final decision and action taken. Report resolution to TrueBand ISP to indicate that an effort is being made to correct the problem.
6. Send Reply to Reporting Entity. Send a reply to the reporting entity, indicating that the issue is being investigated and appropriate action will be taken. No further details need to be provided without a warrant issued to a law enforcement agency. While members should cooperate fully with any criminal investigation, they also are obligated to protect the privacy of their subscribers.
7. Actions to Consider if Violations Continue. In the event that the activity continues (as shown by reports from times after the subscriber was contacted), or is believed to be intentional and immediately harmful, it may be necessary to disable that subscriber's account.

Member Inaction Leads to TrueBand Action

In the event that the member is unable or unwilling to take steps to correct the problem, TrueBand Internet Services may take steps to protect its network, member cooperatives, and their subscribers from such activity. These steps include, but are not limited to, disabling or filtering IP addresses (blocking access to the person attempting access), disabling subscriber accounts, or terminating member services.

Home | Partnering With TrueBand | Business Solutions | Internet Access
Internet Services | Resources | Member Login | NRTC.coop