FutureSystems has legal and other obligations to protect shared resources as well as the intellectual property of users. Users share this responsibility by observing the rules of acceptable use that are outlined in this document.
FutureSystems resources include hardware, software, network connections, and storage. Each resource is finite and shared by the entire research community. Responsible conduct on the part of each user is essential to ensure equitable and secure access for all. Failure to use FutureSystems resources properly may result in the penalties outlined in section 5, including those imposed by FutureSystems, civil, and/or criminal penalties. Each time an application for FutureSystems resources is submitted, the Acceptance Statement must be agreed upon. To simplify the process you can do this electronically. In case of questions, please send a request via https://portal.futuresystems.org/help.
1.0: Account, Password, and Certificate Management
FutureSystems will provide you with the accounts necessary to access allocated FutureSystems systems. An account is assigned for one user only and must not be shared with others—including students and/or collaborators. Community accounts are currently not supported.
Passwords and certificates are the keys to your account. Never share a password out-loud, or write it down where it could be found and/or associated with your account. Never use tools which openly expose them on the network, such as telnet. Make sure that file and directory permissions prevent others from reading or copying the private key portion of certificates, which is the equivalent of a password. Do not store your password(s) in unencrypted files or even in encrypted files if possible. Set effective passphrases (see 1.1 below) on all private keys. External passwordless access methods to FutureSystems accounts are not permissible.
FutureSystems support staff will never ask for your password, and will never send a password via e-mail, set them to a requested string, or perform any other activity which could reveal it to others. If a support person insists that you share your password, report it to the FutureSystems helpdesk: https://portal.futuresystems.org/help.
1.1: Create Effective Passwords—Change Them Periodically
Create passwords that are difficult to guess and that cannot be found in a dictionary. Birthdays, family names, and single words are examples of easily-guessed passwords. Change your password periodically, even if you have no reason to believe that anyone else has it. FutureSystems passwords and passphrases should be unique. Do not re-use passwords from other accounts or systems.
1.2: Community Account Management
Currently Community accounts are not supported by FutureSystems. For exceptions, please contact https://portal.futuresystems.org/help.
1.3: Account Compromise or Suspicious Activity
FutureSystems provides tools that will help protect accounts from unauthorized use; however, it is your responsibility to use these tools properly. If you believe your account has been compromised or if you find signs of suspicious activity, take the following actions:
- Notify the FutureSystems helpdesk immediately (https://portal.futuresystems.org/help)
- Do not modify files found in your account
- Do not execute unknown programs you might find
- If possible, do not use your account until the issue is resolved
Some indications that a compromise has occurred include:
- Files in your home directory or project areas which you did not create
- Unexplained alteration or deletion of your files
- Discrepancies between your allocation balance and what you think you have used
2.0: Unauthorized Use and Access
How you intend to use FutureSystems resources must be clearly defined in your project request. Subsequently, access is granted specifically for the research that is described in the request—nothing else. Just because you can access a resource does not mean that you have authorization to do so. You must operate within sanctioned parameters regardless of what may be technically possible. In case you need additional projects, you can apply for them separately.
3.0: Unacceptable Behavior
Below are examples of unacceptable behavior which are subject to the penalties described in section 5.0:
- Using, or attempting to use, FutureSystems or other related resources without authorization or for purposes other than those stated on your allocation request
- Tampering with, or obstructing the operation of the facilities
- Reading, changing, distributing, or copying others' data or software without authorization
- Using FutureSystems or other related resources to attempt to gain unauthorized access to other (non-FutureSystems) sites
- Activities in violation of local, state, or federal law
- Using, or attempting to use, FutureSystems or other related resources for personal gain or profit, or for the personal gain or profit of others, or for any commercial purpose.
4.0: Reporting Suspicious Activity
You are responsible for immediately reporting exposed or compromised passwords, keys, passphrases, or certificates as well as suspicious activity on your account. Report all suspicious activity, whether or not you suspect an account or system has been compromised, to the FutureSystems help desk: https://portal.futuresystems.org/help.
Failure to abide by this agreement may result in a variety of penalties, including:
- Temporary account suspension or permanent revocation without notice if there is suspicion of account or system compromise, malicious, or illegal activity.
- Loss of all current projects allocations and the inability to obtain future allocations.
- Abusive activity may be reported to your home institution for administrative review and/or action.
- Civil litigation may be pursued to recoup costs incurred from unauthorized use of resources or incident response due to a system compromise or malicious activity.
- Criminal penalties could result from violations of federal, state, or local laws. Incidents may be reported to the appropriate authorities for investigation and/or prosecution.
6.0: Classifications of Data
While FutureSystems and its partners support the spirit of open research, each provides technology to safeguard the confidentiality of data. Users are responsible for applying these tools effectively to protect intellectual property or confidential data used with or stored in FutureSystems resources. FutureSystems is not encrypted and not certified for processing any confidential, proprietary, regulated, sensitive, or protected data.
6.1: Confidential Data
Users must know if there are confidentiality requirements associated with the type of data they are using. Not all information that is subject to confidentiality is intellectual property. Users are responsible for verifying that FutureSystems offers the level of protection that is required for the type of data being used.
6.2: Proprietary Data
Proprietary or private data (which may also be considered intellectual property) may have confidentiality requirements imposed by the owner of the data. Users are responsible for verifying that the FutureSystems partner sites offers the level of protection that is required for the type of data being used.
6.3: Regulated Data
State and federal laws as well as organizational policies may apply to the regulation of certain data. Some examples include:
- Medical records
- Student records
- Personal identifying information (e.g. Social Security numbers)
It is your responsibility to be aware of the laws and policies that are associated with the data you are managing and to verify that the FutureSystems site used can provide the appropriate level of protection.
6.4: Sensitive but Unclassified Data, Applications, and Resources
Some data, applications, and/or FutureSystems or other related resources themselves may be considered "Sensitive but Unclassified" or “Export Controlled” by the federal government and may have restrictions.
7.0: Software Development
Software that is developed with allocations approved by FutureSystems User Office, or by proxy via the FutureSystems project allocations process, is subject to copyright restrictions according to the NSF General Grant Conditions (GC-1). See the July 2002 revision of GC-1, Copyrightable Material, Article 18: http://www.nsf.gov/awards/managing/general_conditions.jsp?org=NSF
8.0: Proper Acquisition and Licensing of Software
All software used on FutureSystems must have been appropriately acquired and properly licensed. Possession or use of illegally copied software is prohibited. Likewise users shall not duplicate copyright-protected software or materials, except as permitted by the owner of the copyright. Some software installed on FutureSystems esources may require special authorization in order to be used. Users must abide by the requirements for protecting it from misuse.
All work performed under a FutureSystems grant must be intended for publication in open literature. No proprietary or otherwise restricted publication may be based on work done under a FutureSystems grant. FutureSystems must be informed about your publication.
9.1: Acknowledgment of NSF, FutureSystems or other resources Used
Acknowledgment of support from the NSF and FutureSystems should appear in the publication of any material (whether copyrighted or not) that is based on or developed wholly or partially with FutureSystems resources, as indicated in the FutureSystems account application process.
10.0: External Requirements in Addition to FutureSystems
Individual sites may be subject to state or local laws and/or have organizational policies with additional requirements beyond this policy. It is your responsibility to be aware of and abide by those laws and policies. Please contact the legal affairs department at your home institution for further guidance.
10.1: External Requirements for Non-Academic Users
Non-academic (corporate/industrial, government, etc.) users frequently must follow more stringent usage guidelines than those required by FutureSystems as a whole or by a particular FutureSystems participating organization. It is the user's responsibility to assure the FutureSystems resources used satisfy the requirements of their organization.
11.0: FutureSystems Support/Diagnostic Access
Authorized FutureSystems site personnel may review files for the purposes of aiding an individual or providing diagnostic investigation for FutureSystems or related systems. User activity may be monitored as allowed under policy and law for the protection of data and resources. Any or all files on FutureSystems or other related systems may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to authorized site or law enforcement personnel, as well as authorized officials of other agencies, both foreign and domestic. By using FutureSystems or other related systems, users acknowledge and consent to this activity at the discretion of authorized site personnel.
11.1: Access Notification
Access to user data and communications will not normally be performed without explicit authorization and/or advance notice unless exigent circumstances exist. Post-incident notification will be provided in such cases.
12.0: General Assistance
For general assistance with understanding this policy or how to fulfill your responsibilities as a user of FutureSystems resources, contact https://portal.futuresystems.org/help.