Internet Acceptable Use Guidelines for IBM Employees
Version 1.0
IBM Corporation
Document Number: INETGUID
(Draft Date) January 29, 1996
IBM Internet Coordination Council
N. Trio, Chairman
Watson Research Center
[email][email protected][/email], NRT at WATSON
Table of Contents
Introduction
General Principles
- Approved Use Of Computer Services
- Handling Classified Data
- Downloading Materials From The Internet
- Internet Service Facilities
- Electronic Mail
- Telnet
- Usenet
Introduction
The Internet is a rapidly growing and important resource for IBM employees, and can provide a competitive advantage to us in the form of information gathering, improved external communications, and increased customer responsiveness. However, as we use the Internet to connect with our customers, suppliers and other organizations, it is important to remember the following points:
- The Internet is used by millions of people worldwide. Not all Internet users have IBM’s best interests in mind.
- You should presume that any information you send across the Internet will be read by a large number of unknown people.
As more and more of our employees use the Internet to connect with our customers, suppliers and other key organizations, it is important we all understand appropriate “netiquette”. As we use the Internet, we must also keep in mind that IBM’s information and computing assets are critical to our company’s success, and as a result, must be protected from loss, modification or destruction.
We want our employees to use the Internet to get connected to people and vital sources of information around the world. This guideline document is meant to provide useful tips and techniques to promote effective and secure Internet communications.
Document Control and Availability: This document will be reviewed annually, and will be re-issued when revisions are necessary. Obsolete copies should be destroyed as soon as practical, and shall be the responsibility of the holder.
Softcopy of this document is available from the IBM internal World Wide Web (WWW) server (http://w3.ibm.com/iug.html).
General Principles
IBM’s visibility on the Internet is rapidly increasing both inside and outside our company. Not all the do’s and don’ts can be put down on paper–your best guide to appropriate work-related uses of the Internet are both the IBM Business Conduct Guidelines and common sense. Your good judgment can guide you to appropriate uses of the Internet and will help enhance the image of IBM.
Your first obligation is to protect IBM information assets. Generally, all servers being put on the Internet for access by non-IBMers should be approved by IBM management with appropriate safeguards to protect IBM intellectual property.
Here are the basic principles to follow when accessing the Internet from an “ibm.com”, or other IBM address designation:
- Adhere to IBM’s Business Conduct Guidelines
- Adhere to the Acceptable Use Policy for the Internet gateway you are using
- Use only services you have authorization to access
- Always represent yourself as yourself — never someone else
- Do not store or send unencrypted IBM Confidential information on the Internet
- Ensure that any software placed on the Internet complies with applicable licensing agreements and copyrights
- Comply with applicable licensing agreements and copyrights when downloading software from the Internet
- Do not place on the Internet any material that would be considered inappropriate, offensive or disrespectful to others, and do not access such material
- Do not send or forward IBM internal electronic mail through the Internet (e.g. do not use “.forward” files to forward your mail outside of IBM)
Approved Use Of Computer Services
When an employee connects to the Internet using the “ibm.com” or other IBM address designation, it should be for IBM business-related activity. IBM Business Conduct Guidelines state that “IBM equipment, systems, facilities and supplies must be used only for conducting IBM’s business or for purposes authorized by management.” This applies to both internal IBM systems and to IBM’s connections to the Internet.
IBM contractors can use the Internet for IBM business purposes to the extent needed to conduct a stated assignment, with IBM management approval.
Personal use of IBM computing equipment may only be approved by IBM management if such use is clearly insignificant, does not interfere or compete with IBM business, and does not involve any incremental cost to IBM.
Specifically, the Internet should not be used:
- For personal gain or profit
- To represent yourself as someone else
- For solicitation of IBM employees
- To provide information about, or lists of, IBM employees to others
- For commercial solicitations of non-IBM business enterprise
- When it interferes with your job or the jobs of other employees
- When it interferes with the operation of the Internet gateways
Any questions concerning personal use of IBM computing resources, or about use of the Internet, should be discussed with your manager.
Using IBM computer systems to send or reply to “chain letters”, or to distribute or obtain offensive or inappropriate material, is prohibited.
- While there is no universally accepted definition of what constitutes “offensive” or “inappropriate” material, you should consider adhering to the following rule-of-thumb; If the material is something IBM would not put in our publications, or post in our building’s visitor lobbies, you probably should not distribute or obtain it through the Internet. If you still have questions concerning whether or not the material is offensive or inappropriate, you should discuss it with your manager.
Handling Classified Data
IBM material which is classified IBM Confidential must not be stored or sent on the Internet. Local management can make exceptions for IBM Confidential material when appropriate contracts are in place with the information recipients, and when data encryption is used.
If you receive another company’s classified data from the Internet, you must comply with that company’s requirements for protecting the data. Any questions concerning protection of non-IBM information should be discussed with your manager or your local legal counsel.
Downloading Materials From The Internet
Most information and software that is accessible on the Internet is subject to copyright or other intellectual property right protection. Therefore, nothing should be copied or downloaded from the Internet for use within IBM unless express permission to do so is stated by the material owner.
Materials distributed over the Internet in the form of “shareware” or “freeware”, often come with express requirements or limitations attached (e.g., not to be used for commercial purposes; can not charge others for use or distribution; subject to a copyright or attribution notice being affixed to each copy, must distribute source code, etc.) If there are such terms applied, you must read and understand them before downloading the software, and make a copy of the terms if possible. If you think that IBM will not be able to comply with any part of the terms, do not download the material. Any time you are unsure about the meaning of the restrictive language or have questions about it, you should contact an IBM attorney to review it before downloading or using the material.
IBM employees must seek assistance and approval from IBM General Legal or Intellectual Property Law counsel before incorporating anything downloaded from the Internet (or any external on-line service) into a product or material IBM intends to distribute externally.
When downloading software, as a courtesy to others, try to do large file transfers during off hours for the server.
Internet Service Facilities
Electronic Mail
Electronic mail is the most commonly used facility on the Internet. When communicating outside IBM, remember:
- Do not send mail so that it appears to have come from someone else
- Do not send binary data via electronic mail unless it is encoded as a MIME attachment or printable text, such as a unencoded file
- Do not automatically forward your mail to an Internet site…this includes .forward files. Also, don’t use autoreply functions such as IAMAWAY or DELEGATE for replying to Internet mail that comes in (can cause major problems for mailing lists and is considered bad form on the Internet)
Telnet
Trying to remotely access a system you are not authorized to use is called “fishing.” Unless you have prior authorization, do not try to get into open ports, or try to access servers you have no authorization to get into.
Usenet
Usenet is a conferencing system similar to IBM forums. Usenet exchanges tend to be more open, more candid, and more adversarial at times.
If you are new to Usenet, subscribe to “news.announce.newusers,” which provides information on “netiquette” (etiquette on the Internet).
Usenet is for the most part a pretty friendly place. However, if you are on Usenet and find yourself being “attacked,” be thoughtful about how you respond. Remember, you’re responding from an IBM address even though you may be expressing your own opinion . In many cases, the best thing is to limit your replies to the facts, or withdraw from the conversation altogether.
Here are some other guidelines for IBM participation in Usenet:
- Read a particular Usenet group for a while before posting on it
- Limit the newsgroups you are posting information or replies to–be a group expert
- Never blindly post something to a large number of groups; known as “spamming”
- Make sure your provide a legitimate Internet address in your Usenet “reply to” line, for example, “[email][email protected][/email]”–not JOE at XXXVM7 or your workstation address
- Keep your “signature” on postings short–no more than 3 lines
- Don’t say something on Usenet you wouldn’t say to someone standing next to you
- Consider using a disclaimer, such as: “these opinions are mine and not necessarily those of IBM.”