1. Authority
This document is published by the Director of the University Information Service (UIS) as the Authorised Officer for services under the supervision of the Information Services Committee (ISC) and specifies the designated use of the Cambridge University Data Network (CUDN) for the purposes of the Rules made by the ISC.
2. Definition of CUDN
The CUDN is the name given to the collection of networking services and facilities operated by University Information Services in support of the communication requirements of the University of Cambridge, its Colleges and affiliated institutions.
3. Definition of User
This document applies to any institution, organisation, or person authorised to use the CUDN, whether by section 4 below or by specific authorization by the Director of the UIS. Such institution, organisation, or person is hereinafter referred to as the User.
4. Specified Classes of Persons Authorised for Use of the CUDN
Staff and resident students of the University, and staff, fellows and students of the University's Colleges are authorised to use the CUDN whilst holding those positions; persons designated as Visiting Scholars by the Head of their University department or, in the case of a College, their Head of House are authorised to use the CUDN whilst so designated. Members of other institutions or organisations which have a direct connection to the CUDN are authorised to use the CUDN but only when accessing the CUDN via that connection. (Such persons are not authorised to use other University facilities in order to make use of the CUDN unless explicit authorization to use those facilities has been given.)
5. Provision of Third Party Access
Occasional access to the CUDN may be provided by a User for temporary visitors in the same manner that the User may provide access to other facilities, e.g. a telephone system. In such cases, the User shall ensure that the facility is not abused. A User shall not otherwise, without the prior agreement of the UIS, provide any individual, institution, or organisation who is not a User with direct or indirect access to the CUDN [1].
6. Connection of Private Networks
Where a User is authorised to connect their own network, referred to hereinafter as a Private Network, to the CUDN, the User must ensure that any use of the Private Network which results in use of the CUDN is in accordance with the Authorization for Use of the CUDN.
7. Use of Other Networks connected to the CUDN
When the CUDN is being used to access another network, abuse of the acceptable use policies of that other network is contrary to the Authorization for Use of the CUDN. In particular, acceptable use of JANET is specified by the JANET Acceptable Use Policy[2].
8. Specified Purposes for Use of the CUDN
The CUDN shall be used only in accordance with the Aims of the University, the Rules made by the UIS, each as promulgated from time to time, and subject to the following conditions [3].
8.1 The CUDN shall be used only in accordance with all applicable legislation currently in force [4].
8.2 The CUDN shall not be used for the transmission or deliberate reception of defamatory material[5].
8.3 The CUDN shall not be used for the transmission of unsolicited commercial or advertising material.
8.4 The User should be aware that the CUDN is part of the Internet which is an open network across which information is, in general, transferred without encryption or other means of obscuring the transmitted material. The content of communications may therefore become accessible to those other than the intended recipient(s). Moreover, other information relating to the transmission of a communication, such as means of identifying the source and destination, is routinely available to those who operate the CUDN and the other networks which make up the Internet.
a) If the User becomes aware of information, other than information which is intended to be publicly available, for which the User is not the intended recipient, the User shall keep that information confidential and may, at the User's discretion, forward the information to the intended recipient, advise the sender of the unintended reception, or destroy the information. Save that, if the information appears to refer to the misuse of a computer system or network or to any criminal activity, the User may disclose the information to a relevant authority which may include the UIS management and/or the Police.
b) The UIS shall have the right to record and/or analyse data relating to the transmission of information on the CUDN for investigating network problems (including, but not limited to, performance), the misuse of computers connected to the CUDN or elsewhere, or use of the network which is not in accordance with relevant acceptable use policies; in each case the problem or offence may be actual or, with reasonable grounds, suspected. This data may also be recorded for the purposes of accounting and/or statistical analysis, whether for the production of historical reports or for load prediction relating to the network or to local or remote network services. The conditions in (a) above shall also apply to members of staff of the UIS except in so far as disclosure is essential for the execution of their duty.
c) In cases when the recording and/or analysis of data (in (b) above) relates to the information contained in high-level protocol data units (for example the user's data in an electronic mail message), the investigation of each case shall be individually authorised by the Director of the UIS or the Director's nominated deputy.
8.5 It is the responsibility of the institution, organisation or individual person for whom the CUDN connection is provided to take reasonable steps to ensure compliance with the conditions of use and to ensure that unacceptable use of the CUDN does not occur. The discharge of this responsibility must include making the documents Authorised Use of the CUDN (this document) and JANET Acceptable Use Policy [4] known to those who use that CUDN connection.
8.6 The institution, organisation or individual person for whom the CUDN connection is provided shall provide a contact person who shall be reasonably accessible and shall have the authority and willingness to act to assist UIS in diagnosing and remedying problems in the User's equipment connected to the CUDN, the User's Private Network or any equipment connected to the Private Network when those problems are interfering with the proper operation of the CUDN or any networks to which the CUDN is connected.
8.7 Users and staff responsible for equipment connected to the CUDN will keep the operating and associated software up to date and will allow automatic updating where practical and appropriate.
8.8 Users and staff responsible for equipment connected to the CUDN will install and keep anti-malware and anti-virus software up to date and will allow automatic updating where practical and appropriate.
8.9 The UIS shall have the right of access to any equipment connected to the CUDN or a Private Network to determine whether and how that equipment or network may be interfering with the proper operation of the CUDN or any networks to which the CUDN is connected.
8.10 The UIS shall have the right to remove or disable the CUDN connection if the UIS believes that the User, the Private Network, or any connected equipment is interfering with the proper operation of the CUDN or any networks to which the CUDN is connected, or is abusing the usage conditions.
8.11 The UIS shall have the right to perform tests over the CUDN to investigate network performance, reliability and security. In particular, these tests may investigate the vulnerability of computers connected either directly to the CUDN or a Private Network.
8.12 If a User believes that the UIS is behaving unreasonably in the exercise of the rights of this Clause (8), they may report this to the Chairman of the ISC who may appoint one or more persons to investigate the actions of the UIS in this respect and to report their findings to the ISC.
8.13 The University, its Colleges and affiliated institutions, their agents and servants shall not be held responsible for loss or damage, direct or indirect, arising from use of the CUDN or any of the networks to which it is connected, whether directly or indirectly.
[1] This footnote provides explicit detail concerning the provision of CUDN access to third parties as specified in clause 5 above.
The essence is that access to the CUDN must not be provided to third parties (individuals or organisations), except under the circumstances specified below and subject to any additional conditions that the hosting institution may apply.
- A member of University or college staff, a college Fellow, or a student of the University registered for a degree or engaged in a recognised course of study, or anyone designated as a Visiting Scholar by the Head of their University department or, in the case of a College, their Head of House can be permitted to access the CUDN from any institution with a CUDN connection (see clause 4).
- Members of other institutions or organisations which have a direct connection to the CUDN are authorised to access the CUDN only via that connection and are not therefore permitted to access the CUDN from other institutions (see clause 4).
- A temporary visitor, e.g. for the day, to a particular institution may be allowed access to the CUDN in the same way that the visitor might be allowed to make the odd telephone call; such access is subject to supervision by the institution to ensure that it is not abused (see clause 5).
- All other use by outsiders requires explicit authorization by the Director of the UIS (see clause 3) and that authorization will specify the conditions under which access to the CUDN is permitted. Use of JANET, if relevant, will require an appropriate licence and may require the payment of fees (e.g. JANET secondary connection licence fees) by the user. Advice should be sought from the Director of the UIS in these circumstances. See also Access to the CUDN and JANET for outside organisations
- Individuals and institutions are not allowed to provide access to services on their own computer systems via the CUDN to others outside the University unless those services are in furtherance of the aims of the University (see clause 8).
[2] The JANET Acceptable Use Policy is available from http://community.ja.net/library/acceptable-use-policy.
[3] The document Use and Misuse of Computing Facilities gives more details of the allowable use of the CUDN in accordance with this document and the Rules made by the Information Services Committee.
[4] This legislation includes, but is not limited to,
- Offences Against the Person Act 1861: e.g. psychological damage being caused by a message.
- Obscene Publications Acts, as amended by the Criminal Justice and Public Order Act 1994.
- Protection of Children Acts, as amended by the Criminal Justice and Public Order Act 1994: particularly in relation to indecent pseudo-photographs of a child.
- Telecommunications Act, as as amended by the Criminal Justice and Public Order Act 1994: particularly in relation to the transmission of grossly obscene or offensive messages and messages designed to cause annoyance, inconvenience or needless anxiety. Also regarding fraudulent use of a telecommunications system.
- Indecent Displays Act
- Official Secrets Act: particularly in relation to disclosure of information will or is likely to damage the security services, international relations, or a criminal investigation.
- Computer Misuse Act 1990: particularly in attempting to secure unauthorised access to or in damaging information held on a computer.
- Criminal Damage Act 1971: particularly in relation to physical harm caused to a computer caused by unauthorised access.
- Data Protection Act 1998 (superseding that of 1984): particularly in relation to holding or disclosing personal data.
- Interception of Communications Act 1985: particularly in intercepting or disclosing messages except in the course of duty.
- Copyright, Designs and Patents Act 1988: particularly in copying programs or data, publishing works of art or performances of music and/or video images.
[5] Criminal libel can occur whether the defamatory statements are true or false and whether or not the statements are made available only to one other person, but the material must be likely to cause serious damage to a person's reputation or a disturbance of the peace. Civil libel does not require serious damage but it is a defence to show that the words were true in fact or substance. This footnote is too small to contain the full legal details relating to libel and similar actions.