Internet Usage Guidelines in a Commercial Setting
John R. Patrick
Networked Applications Services
Nicholas R. Trio
IBM T.J. Watson Research Center
Many companies are now looking to the Internet as a mode of communicating with their customers, partners and the public as well as a channel for commercial activity. However, the Internet is also a very new arena for many of these people who have never had open access as they find themselves gaining with the Internet.
At the same time, companies and individuals have developed less than positive reputations in the public eye based on how they interacted with the Internet community.
Providing guidance to users of the Internet is an important aspect of being a good citizen and presenting one’s company as a positive asset to the Internet community. This paper describes the process and issues we went through at IBM to produce our guidelines and the role that they play in how IBM interacts with the Internet.
Commercial organizations, as a percentage of entities on the Internet, continues to grow. The perception in the past has been that these companies would exploit the Internet for their own ends and have no concern for the health of the Internet itself.
The Internet is a very different communications medium than most companies have ever before experienced. There is little if any regulation on the content or business relatedness of the information, and indeed, it’s a place where there are few barriers to prevent anyone from contacting anyone else, whether desirable or not by the recipient.
Companies now understand that how they are viewed on the Internet is critical to the success of their business dealings and their reputation. This sensitivity leads companies to provide guidance to employees on what is considered appropriate and inappropriate usage and conduct when using the Internet.
At IBM, we understood early on that our image on the Internet was directly related to how our employees presented themselves. We wanted to provide guidance to help enhance that image, but also to provide help to the employee to learn how to communicate in a very new and very different environment.
The Internet at IBM
IBM’s Internet growth has mirrored closely the rest of the Internet. In 1990, IBM had four Internet connections, and has moved to approximately thirty five by 1995. At the same time, we went from a community who really knew the Internet to a rapid influx of people who didn’t “grow up” in the Internet community but wanted or needed to interact on the Internet.
In the past, there were hurdles for general users to get Internet access. IBM has now pushed for every employee to “get connected” to the Internet and use it as an everyday part of the work environment. This push has come from all levels from the technical ranks to the top executives of IBM.
At the same time, IBM has it’s own internal conferencing systems, where the mode of interaction is very different and more controlled than that on the Internet. Many IBMers were simply unaware of the nature of how people interact on the Internet.
Because of this and the fact that IBM has been changing itself moving toward more openness and personal responsibility, many employees would ask about appropriate usage of the Internet. The IBM Internet community decided to create a guideline for helping these employees use the Internet.
Getting the right people together
As opposed to many business issues, the people most involved with the culture and mores of the Internet were not the businessmen, but the grass-roots technical personnel who have been using the network for a long time. In addition, people from human resources (personnel), legal and corporate communications needed to be involved.
This process of developing an Internet acceptable use policy (AUP) for IBM brought together for the first time many people who would not otherwise get to work together. Many of the traditional barriers had to come down to make this work and all involved wanted that to happen.
This project was instrumental in changing the attitudes of the divergent groups with respect to their visions of others (e.g. the technical folks found the business folks very understanding in wanting to approach the Internet on the Internet’s own terms, and the business folks found the technical folks concerned about the business aspects of IBM’s use of the Internet.
Issues involved in the IBM AUP
The basic issue was to bring together the day by day experiences of using the Internet and the business requirements and policies of IBM. On one hand, we wanted our employees to learn and use the Internet without worrying about doing something “bad”, but we also wanted to reinforce the requirements having to do with using IBM’s systems.
The group started with the general goal of clearly wanting IBMers on the Internet and have them use it as other business professionals would. We also decided that we would allow for personal usage, since it encourages people to learn about the Internet and it’s uses.
Basically, we wanted to use the current set of IBM policies and merge them with what the Internet community considered good Internet practices to come up with these guidelines.
We wanted to make clear that certain activities would not be tolerated because they weren’t in accordance with IBM’s policies (release of IBM proprietary information, for example), but also things that were frowned upon on the Internet (e.g. chain letters, forging e-mail and news postings).
From there, we moved to specific services such as Telnet, FTP and Usenet. Usenet turned out to be the toughest area since it requires a high degree of interaction (it’s not quite as as Telnet and FTP) and it’s a different type of communication from that within IBM’s walls (Usenet having less controls over content and business relatedness) . Since people using Usenet are interacting with a wide variety of people, IBM employees had to understand how to respond in difficult situations, and indeed, when to not respond at all. We wanted to do all we could to discourage inappropriate advertising and other types of postings that were considered bad form on the Internet.
Users at IBM had a large role in these guidelines. They were made available for public review and discussion so that we could find out if there was anything that would hinder their work or use of the Internet within the guidelines.
Results of the new guidelines
Since the general employee population had a chance to review them, the acceptance level was very high. We still have an anomaly in that the policies for using internal conferencing mechanisms are still more restrictive than using similar facilities on the Internet.
We’ve certainly seen a major reduction in the number of complaints coming into [email protected] based on IBMers usage of the Internet. This has reduced the workload on not only the postmaster, but the management and human relations personnel in dealing with these kinds of problems.
We also now have something that we can use to educate the users on what the Internet is and how to use it, as well as a way to measure whether their usage is acceptable or not.
Clearly, any company that is interested in doing business on the Internet needs to be aware of how it’s perceived as an Internet citizen: a positive asset or a liability to the health of the Internet. A major part of this perception is how company employees use and are viewed on the Internet.
A set of corporate Internet usage guidelines is critical to maintain and enhance this image, as well as gain maximum utility from the Internet. Sensitivity and balance must be maintained between business needs and the culture and norms of generally acceptable Internet behavior.
Appendix – the IBM Internet Usage Guidelines
The Internet is a rapidly growing and important resource for IBM employees, one that can provide critical competitive advantage to us in the form of information gathering, improved external communications, and increased customer responsiveness.
As more and more of our employees use the Internet to connect with our customers, suppliers and other key organizations, it is important we all understand the appropriate “netiquette” and how to protect IBM assets when using the Internet.
We want our employees to use the Internet to get connected to people and vital sources of information around the world. These brief guidelines are meant to provide useful tips and techniques to promote effective Internet communications. Updates to the guidelines will be available on the “Get connected” world wide web server which is now available for access by IBM’ers via the Multi Protocol Network at http://w3.nas.ibm.com
IBM Internet Guideline
These guidelines will help you find appropriate uses of the Internet for IBM business purposes.
IBM’s visibility on the Internet is rapidly increasing both inside and outside our company. Not all the do’s and don’ts can be put down on paper–your best guide to appropriate work-related uses of the Internet are both the IBM Business Conduct Guidelines and common sense. Your good judgment can guide you to appropriate uses of the Internet and will help enhance the image of IBM.
Your first obligation is to protect IBM information assets. Generally, all servers being put on the Internet for access by non-IBMers should be approved by IBM management with appropriate safeguards to protect IBM intellectual property. Here are the general principles for Internet use for IBM business purposes:
- Adhere to the IBM Business Conduct Guidelines
- Adhere to the Acceptable Use Policy for the Internet gateway you are using
- Use only services you have authorization to access
- Always represent yourself as yourself — never someone else
- Do not send material classified IBM Confidential on the Internet (see section below for detail)
- Any software placed on the Internet must comply with applicable licensing agreements and copyrights
- Material that would be considered inappropriate, offensive or disrespectful to others should not be accessed or stored
General Use Guidelines
When an employee connects to the Internet using the “ibm.com” or other IBM address designation, it should be for IBM business-related activity. IBM Business Conduct Guidelines state that “IBM equipment, systems, facilities and supplies must be used only for conducting IBM’s business or for purposes authorized by management.” This applies to both internal IBM systems and to IBM’s connections to the Internet.
Specifically, the Internet should not be used:
- For personal gain or profit
- To represent yourself as someone else
- For solicitation of IBM employees
- To provide information about, or lists of, IBM employees to others
- For commercial solicitations of non-IBM business enterprise
- When it interferes with your job or the jobs of other employees
- When it interferes with the operation of the Internet gateways
You must also adhere to the specific Acceptable Use Policy for the Internet gateway being used. Contractors can use the Internet for IBM business purposes to the extent needed to conduct a stated assignment, with IBM management approval. Consult with your manager if in doubt about any use of the Internet.
IBM material which is classified IBM Confidential should not be stored or sent on the Internet. Local management can make exceptions for IBM Confidential material when appropriate contracts are in place and encryption is used. IBM Internal Use Only data can be transmitted if there are appropriate agreements in place with the recipient. Encryption is not needed.
Internet Access and Facilities:
Electronic mail is the most commonly used facility on the Internet. When communicating outside IBM, remember:
- No form of chain letter should be sent on the Internet
- Do not send mail so that it appears to have come from someone else
- Do not send binary data via electronic mail unless it is encoded as printable text, such as an unencoded or MIME file
- Do not automatically forward your mail to an Internet site
Telnet: trying to remotely access a system you are not authorized to use is called “fishing.” Unless you have prior authorization, do not try to get into open ports, or try to access FTP servers.
When downloading software, you must comply with your local IBM procedures for the importation of software, even if it’s “public domain.” As a courtesy to others, try to do large file transfers during off hours for the server.
Usenet Conference Participation: Usenet is a conferencing system similar to IBM forums. Usenet exchanges tend to be more open, more candid, and more adversarial at times. If you are new to Usenet, subscribe to “news.announce.newusers,” which provides information on “netiquette” (etiquette on the Internet). Usenet is for the most part a pretty friendly place. However, if you are on Usenet and find yourself being “attacked,” be thoughtful about how you respond. Remember, you’re responding from an IBM address even though you may be expressing your own opinion . In many cases, the best thing is to limit your replies to the facts, or withdraw from the conversation altogether. Here are some other guidelines for IBM participation in Usenet:
- Read a particular Usenet group for a while before posting on it
- Limit the newsgroups you are posting information or replies to–be a group expert
- Never blindly post something to a large number of groups; known as “spamming”
- Make sure your provide a legitimate Internet address in your Usenet “reply to” line, for example, “[email][email protected][/email]”–not JOE at XXXVM7 or your workstation address
- Keep your “signature” on postings short–no more than 3 lines
- Don’t say something on Usenet you wouldn’t say to someone standing next to you
- Consider using a disclaimer, such as: “these opinions are mine and not necessarily those of IBM.”
— [email][email protected][/email], [email][email protected]bm.com[/email]