cminet.net ACCEPTABLE USAGE POLICY
(CMI AUP)
This Acceptable Usage Policy (AUP) sets forth guidelines for customers, subscribers, and clients of Colorado Mobile Inet. (CMI) who connect to and use the computer networks belonging to CMI and in which CMI is in administrative authority, as well as anyone sending data to or through CMI's networks. This includes dialup access accounts, radio networks, digital subscriber lines, ethernet networks, dedicated telephone circuits, and any other form of subscription and/or connectivity used. The latest version of this AUP is available at the URL Changes or Modifications to this AUP will be effective immediately upon posting to that URL.
Introduction
Among other services, CMI provides network connectivity for dialup and dedicated access to the Internet. CMI makes little attempt to filter or control the content of data and information entering its networks upon request of network users (by actions such as browsing the World Wide Web, downloading files or documents, or participating in online conversations). Illegal activity is explicitly prohibited, and CMI may take efforts to protect its customers and its own computing/network equipment from known spammers (via the Real-Time Black List) and potential vulnerabilities, but CMI does not make any warranty or guarantee of protection from network-based, application-based, or any other kind of attacks or attempts to control the computing equipment of its customers or users. CMI strongly encourages users to become aware of potential vulnerabilities and forms of computer and network attacks, and to take measures to eliminate and protect against them (run a firewall, use virus scanning software, install OS updates, etc.).
CMI does exert some control over the content of data and information originating from, and the use of networks and services available to its customers and users. It is not our intent to assume a dictatorial position, nor deny or prohibit legitimate uses of the Internet. Quite simply, there are both legal and practical obligations of an Internet Service Provider to contain the bounds of what use of its services is allowed and (especially) disallowed.
As outlined herein, the CMI AUP goes beyond the requirements to simply comply legally with the current laws by imposing certain limits and restrictions on behavior and use of Internet services by its network users, though the behavior may not explicitly be illegal. Our aim is to aid in eliminating network/Internet abuse and misuse, as well as to protect ourselves and our users from adverse consequences that result when not doing so. Such consequences, even when caused by the actions of a single individual, often have and impact upon many others.
E.g. Sending Unsolicited Commercial Email (UCE) can result in being put on a "blacklist" such that all CMI users could be affected by the inability to send mail, or make any network connections at all to sites that choose to honor the blacklist. Therefore sending UCE (also known as "Spam") is against this AUP, even though it may not be explicitly illegal. (Currently it's the subject of many lawsuits/legal debates, and whether it will end up being illegal or not will be determined in time. Regardless, we don't allow it.) As another example, when a wireless network user fails to take appropriate precautions to update or secure their machine they can become infected with viruses and network worms that give access to their machine to others, which is usually used for malevolent purposes, and often involves network scanning. As well as increasing the risk to other customers, the network traffic generated is often substantial; in worst-case scenarios, individual users infected with a worm will debilitate the wireless infrastructure, denying access for literally hundreds of other users. As such, we require that all machines connected to our network be kept secure.
Illegal Activity
CMI explicitly disallows any activity or use of networks and services, which is in violation of any local, regional, state or federal law or ordinance. Customers may not post, retrieve, transmit, or store material on or through CMI equipment or networks that is in violation of any applicable law or regulation, including material that is threatening, defamatory, obscene, indecent, constitutes an illegal threat, or could otherwise adversely affect any individual, group or entity, as well as material that is protected by copyright, trademark, patent, trade secret or other intellectual property law. Installation, storage, or distribution of licensed software without having appropriate license (a.k.a. "pirate" or "warez" software) is prohibited.
Should evidence of such activity be produced to or encountered by CMI, investigation may be made and/or corrective action taken in the matter possibly including, but not limited to account termination and involvement with appropriate law enforcement officials.
Email / Usenet News
Sending unsolicited commercial email (UCE) advertisements or informational announcements, chain letters, and "junk mail," as well as posting similar Usenet News messages to unrelated news groups or posting a message to multiple newsgroups, collectively known as "spam," is prohibited. Forging any Email or News header, or providing false information during a SMTP conversation is prohibited. Additionally, using non-CMI servers or services to relay mail or news either without permission or in order to send spam is prohibited.
CMI does not monitor the content of outgoing Email or News postings, but does respond to reports of abuse of either, typically with account termination. CMI does cooperate with law enforcement personnel in determining the origin of threatening messages and regarding similar issues.
CMI utilizes several blacklists to block known spammers, misconfigured servers, etc. No exemptions from these blacklists will be made, for CMI customers or otherwise.
System/Network Security
Attempting to defeat system or network security mechanisms, probe or scan systems and/or networks, forge network or application information, or cause a denial of service (DoS) to any system or network is explicitly forbidden, whether the system(s) and/or network(s) involved belong to CMI or otherwise, without express permission of the owner of the system/network. This includes, among similar activities, all of the following:
- Intercepting or diverting information, whether in transit or stored, for which you are not the intended recipient or would otherwise be allowed access to.
- Forging any part of an Email or News header, or information in headers of TCP/IP network packets.
- Using accounts for which you are not authorized to use, attempting to retrieve or determine account names and passwords, or otherwise attempting to bypass or manipulate an authentication system.
- Attempting to probe or scan systems or networks to determine potential vulnerabilities, services available, operating systems in use, or in order to map networks.
- Mail bombing and network flooding (ping floods, broadcast attacks, and the like).
- Attempting to cause any machine or application to crash or to consume resources such that services become unavailable or interrupted.
- Attempting to exploit vulnerabilities in any machine, application or service to gain unauthorized access to the system, use or misuse it for any purpose.
- Engaging in any activity that degrades, inhibits or circumvents CMI's ability to service and monitor its network and network infrastructure.
- Changing any assigned or listed hardware or IP addresses (dhcp, static or otherwise), or in any way attempting to conceal one's identity from CMI or masquerade as another user.
General Security Requirement
All machines attached to CMI's networks must be secured and updated/maintained regularly. At minimum, this entails using a firewall (a network firewall, host firewall, or both, as appropriate), installing operating
system and application updates and fixes in a timely and regular manner, and use of an uptodate virus scanner to scan email and any files obtained from others. Machines running public servers especially should be properly configured by someone competent and knowledgeable in computer and network security issues.
All common commercial operating systems are insecure in a default configuration, some much more so than others, and are generally not intended to be run that way. While computer and network security is quite a
comprehensive topic, any users of CMI's networks must become familiar with basic procedures and requirements to prevent their machine(s) from being misused or abused by others, or have them maintained by someone that is. Computer security is not a setting that can be enabled or disabled, but the multifaceted collection of complimentary programs and hardware properly configured, with continued updating, evaluation, augmentation and/or replacement, and a general mindset and manner of conduct. Emphasis will be made of the ongoing nature of keeping a machine secure; it is not sufficient to just have it updated and secured upon initial installation.
You may liken this to the learning and practice required for driving on the highway system, and subsequent obedience to traffic laws, though we currently lack the analogous testing and licensing components. For some it comes easily, being involved with driving as they're brought up, and for others it takes diligent study and practice to understand and complete basic requirements. Once driving, you must continue to obey traffic laws, becoming aware of changes and additions to the laws as time progresses. As ones tastes change, budget allows, and misadventure or dilapidation requires, everyone exchanges their old vehicles for different, usually newer and more reliable models. And while CMI is not the "Internet police," we certainly are the administrative authority for our network and those using it.
Shared Service / Servers
Any machine connected to CMI's networks may not run a server or provide network services to others without express written permission. Examples include:
- Allowing downloads from your machine via peertopeer file sharing programs (eg. napster, kazaa, morpheus, gnutella, edonkey, etc.).
- Running servers for http, ftp, irc, dhcp, multiuser interactive forums (muds), email or news service.
- Hosting gaming servers.
- Providing dialup or wireless access to others, including connecting an unsecured wireless access point to CMI's network to which others can gain access.
Note that using peertopeer programs to download files is allowed (pursuant to Illegal Activity above), but allowing others to download files from machines connected to CMI's networks is not. Requests for permission to allow peertopeer file sharing will be refused, barring unusual obligating circumstances.
Almost all wireless access points are very insecure in a default configuration. Use of a private wireless access point will almost certainly require familiarization with it's security features and explicit configuration to utilize them.
Miscellaneous
If through any action, whether intentional or negligent, on the part of a CMI network user the IP address(es) assigned to them are placed on any of the common internet blacklists, it is that user's obligation to effect removal of the addresses from the blacklist(s) through all necessary efforts. Having been brought to the user's attention, if after a reasonable amount of time the address is still blacklisted, or upon request of user, CMI may effect delisting for a fee, and/or take corrective measures.
Reporting System / Network / Service Abuse
Complaints, reports or concerns of illegal activity, or activity in violation of the terms of this AUP and originating within or upstream of CMI networks, including SPAM (UCE) should be directed to .
Complaints or reports of such activity originating outside CMI (and upstream) networks should be directed to the authorities of the respective source. There is detailed information to help in determining such contact information available at
I understand and agree to the terms of the CMInet Acceptable Usage Policy
Accepted by ______
Print Name ______
Date ______