This Acceptable Use Policy (AUP) sets forth guidelines for customers, subscribers, clients and users of Kentec Communications, Inc. (KCI) who connect to and use the computer networks belonging to KCI and in which KCI is in administrative authority, as well as anyone sending data to or through KCI's networks. This includes dial-up access accounts, radio networks, digital subscriber lines, ethernet networks, dedicated telephone circuits, and any other form of subscription and/or connectivity used. The latest version of this AUP is available at the URL http://www.kci.net/UsagePolicy.html. Changes or Modifications to this AUP will be effective immediately upon posting to that URL.
Among other services, KCI provides network connectivity for dial-up and dedicated access to the Internet. KCI makes little attempt to filter or control the content of data and information entering its networks upon request of network users (by actions such as browsing the World Wide Web, downloading files or documents, or participating in online conversations). Illegal activity is explicitly prohibited, and KCI may take efforts to protect its customers and its own computing/network equipment from known spammers (eg. via blacklists) and potential vulnerabilities, but KCI does not make any warranty or guarantee of protection from network-based, application-based, or any other kind of attacks or attempts to control the computing equipment of its customers or users. KCI strongly encourages users to become aware of potential vulnerabilities and forms of computer and network attacks, and to take measures to eliminate and protect against them (run a firewall, use virus scanning software, install OS updates, etc.).
KCI does exert some control over the content of data and information originating from, and the use of networks and services available to its customers and users. It is not our intent to assume a dictatorial position, nor deny or prohibit legitimate uses of the Internet. Quite simply, there are both legal and practical obligations of an Internet Service Provider to contain the bounds of what use of its services is allowed and (especially) disallowed.
As outlined herein, the KCI AUP goes beyond the requirements to simply comply legally with current laws by imposing certain limits and restrictions on behavior and use of Internet services by its network users, though the behavior may not explicitly be illegal. Our aim is to aid in eliminating network/Internet abuse and misuse, as well as to protect ourselves and our users from adverse consequences that result from not doing so. Such consequences, even when caused by the actions of a single individual, often have an impact upon many others.
For example, sending Unsolicited Commercial Email (UCE) can result in being put on a "blacklist" such that all KCI users could be affected by the inability to send mail or to make network connections at all to sites that employ that blacklist. Therefore sending UCE (also known as "Spam") is against this AUP, even though it may not be explicitly illegal. (Currently it's the subject of many lawsuits/legal debates, and whether it will end up being illegal or not will be determined in time. Regardless, we don't allow it.)
As another example, when a wireless network user fails to take appropriate precautions to update or secure their machine they can become infected with viruses and network worms that give access to their machine to others, which is usually used for malevolent purposes, and often involves network scanning. As well as increasing the risk to other customers, the network traffic generated is often substantial; in worst-case scenarios, we have had individual users infected with a worm which debilitated the wireless infrastructure for several towns, denying access for literally hundreds of other users. As such, we require that all machines connected to our network be kept secure - the days of ignorantly connecting machines with no thought of configuration or security are over.
KCI explicitly disallows any activity or use of networks and services which is in violation of any applicable local, regional, state, federal or international law or ordinance. Customers may not post, retrieve, transmit, or store material on or through KCI equipment or networks that is in violation of any applicable law or regulation, including material that is threatening, defamatory, obscene, indecent, constitutes an illegal threat, or could otherwise adversely affect any individual, group or entity, as well as material that is protected by copyright, trademark, patent, trade secret or other intellectual property law. Installation, storage, or distribution of licensed software without having appropriate license (a.k.a. "pirate" or "warez" software) is prohibited.
Should evidence of such activity be produced to or encountered by KCI, investigation may be made and/or corrective action taken in the matter possibly including, but not limited to account termination and involvement with appropriate law enforcement officials.
Email / Usenet News
Sending unsolicited commercial email (UCE) advertisements or informational announcements, chain letters, and "junk mail," as well as posting similar Usenet News messages to unrelated news groups or posting a message to multiple newsgroups, collectively known as "spam," is prohibited; this includes spam originating from as well as proxied or relayed through any machine on KCI's networks. Forging any Email or News header, or providing false information during a SMTP conversation is prohibited. Additionally, using non-KCI servers or services to relay mail or news either without permission or in order to send spam is prohibited.
KCI does not monitor the content of outgoing Email or News postings, but does respond to reports of abuse of either, typically with account termination. KCI does cooperate with law enforcement personnel in determining the origin of threatening messages and regarding similar issues.
KCI utilizes several blacklists to block known spammers, misconfigured servers, etc. No exemptions from these blacklists will be made, for KCI customers or otherwise.
Attempting to defeat system or network security mechanisms, probe or scan systems and/or networks, forge network or application information, or cause a denial of service (DoS) to any system or network is explicitly forbidden, whether the system(s) and/or network(s) involved belong to KCI or otherwise, without express permission of the owner of the system/network. This includes, among similar activities, all of the following:
- Intercepting or diverting information, whether in transit or stored, for which you are not the intended recipient or would otherwise be allowed access to.
- Forging any part of an Email or News header, or information in headers of TCP/IP network packets.
- Using accounts for which you are not authorized to use, attempting to retrieve or determine account names and passwords, or otherwise attempting to bypass or manipulate an authentication system.
- Attempting to probe or scan systems or networks to determine potential vulnerabilities, services available, operating systems in use, or in order to map networks.
- Mailbombing and network flooding (ping floods, broadcast attacks, and the like).
- Attempting to cause any machine or application to crash or to consume resources such that services become unavailable or interrupted.
- Attempting to exploit vulnerabilities in any machine, application or service to gain unauthorized access to the system, use or misuse it for any purpose.
- Engaging in any activity that degrades, inhibits or circumvents KCI's ability to service and monitor its network and network infrastructure.
- Changing any assigned or listed hardware or IP addresses (dhcp, static or otherwise), or in any way attempting to conceal one's identity from KCI or masquerade as another user.
General Security Requirement
All machines attached to KCI's networks must be secured and updated/maintained regularly. At minimum, this entails using a firewall (a network firewall, host firewall, or both, as appropriate), installing operating system and application updates and fixes in a timely and regular manner, and use of an up-to-date virus scanner to scan email and any files obtained from others. Machines running public servers especially should be properly configured by someone competent and knowledgeable in computer and network security issues.
All common commercial operating systems are insecure in a default configuration, some much more so than others, and are generally not intended to be run that way. While computer and network security is quite a comprehensive topic, any users of KCI's networks must become familiar with basic procedures and requirements to prevent their machine(s) from being misused or abused by others, or have them maintained by someone that is. Computer security is not a setting that can be enabled or disabled, but the multifaceted collection of complimentary programs and hardware properly configured, with continued updating, evaluation, augmentation and/or replacement, and a general mindset and manner of conduct. Emphasis will be made of the ongoing nature of keeping a machine secure; it is not sufficient to just have it updated and secured upon initial installation.
You may liken this to the learning and practice required for driving on the highway system, and subsequent obedience to traffic laws, though we currently lack the analogous testing and licensing components. For some it comes easily, being involved with driving as they're brought up, and for others it takes diligent study and practice to understand and complete basic requirements. Once driving, you must continue to obey traffic laws, becoming aware of changes and additions to the laws as time progresses. As ones tastes change, budget allows, and misadventure or dilapidation requires, everyone exchanges their old vehicles for different, usually newer and more reliable models. And while KCI is not the "Internet police," we certainly are the administrative authority for our network and those using it.
Shared Service / Servers
Any machine connected to KCI's networks may not run a server or provide network services to others without express written permission. Examples include:
- Allowing downloads from your machine via peer-to-peer file sharing programs (eg. napster, kazaa, morpheus, gnutella, edonkey, etc.).
- Running servers for http, ftp, irc, dhcp, multi-user interactive forums (muds), email or news service.
- Hosting gaming servers.
- Providing dial-up or wireless access to others, including connecting an unsecured wireless access point to KCI's network to which others can gain access.
Note that using peer-to-peer programs to download files is allowed (pursuant to Illegal Activity above), but allowing others to download files from machines connected to KCI's networks is not. Requests for permission to allow peer-to-peer file sharing will be refused, barring unusual obligating circumstances.
Almost all wireless access points are very insecure in a default configuration. Use of a private wireless access point will almost certainly require familiarization with it's security features and explicit configuration to utilize them.
If through any action, whether intentional or negligent, on the part of a KCI network user the IP address(es) assigned to them are placed on any of the common internet blacklists, it is that user's obligation to effect removal of the addresses from the blacklist(s) through all necessary efforts. Having been brought to the user's attention, if after a reasonable amount of time the address is still blacklisted, or upon request of user, KCI may effect delisting for a fee, and/or take corrective measures.
Reporting System / Network / Service Abuse
Complaints, reports or concerns of illegal activity, or activity in violation of the terms of this AUP and originating within or upstream of KCI networks, including SPAM (UCE) should be directed to email@example.com .
Complaints or reports of such activity originating outside KCI (and upstream) networks should be directed to the authorities of the respective source. There is detailed information to help in determining such contact information available at http://spam.abuse.net/ .
AUP version: 20030522-01