User Agreement

 

FutureGrid User Responsibility Agreement v 3.2

This form is based on “TeraGrid User Responsibility Agreement” but is modified to fit FutureGrid requirements. An updated form may be required once FutureGrid is more tightly integrated with TeraGrid.

Introduction

FutureGrid has legal and other obligations to protect shared resources as well as the intellectual property of users. Users share this responsibility by observing the rules of acceptable use that are outlined in this document.

FutureGrid resources include hardware, software, network connections, and storage. Each resource is finite and shared by the entire research community. Responsible conduct on the part of each user is essential to ensure equitable and secure access for all. Failure to use FutureGrid resources properly may result in the penalties outlined in section 5, including those imposed by FutureGrid, civil, and/or criminal penalties. Each time an application for FutureGrid resources is submitted, the Acceptance Statement, must be agreed upon. To simplify the process you can do this electronically. In case of questions, please send a request via http://archive.futuregrid.org/help.

1.0: Account, Password, and Certificate Management

FutureGrid will provide you with the accounts necessary to access allocated FutureGrid systems. An account is assigned for one user only and must not be shared with others—including students and/or collaborators. Community accounts are currently not supported.
Passwords and certificates are the keys to your account. Never share a password out-loud, or write it down where it could be found and/or associated with your account. Never use tools which openly expose them on the network, such as telnet. Make sure that file and directory permissions prevent others from reading or copying the private key portion of certificates, which is the equivalent of a password. Do not store your password(s) in unencrypted files or even in encrypted files if possible.  Set effective passphrases (see 1.1 below) on all private keys. External passwordless access methods to FutureGrid accounts are not permissible.

FutureGrid support staff will never ask for your password, and will never send a password via e-mail, set them to a requested string, or perform any other activity which could reveal it to others. If a support person insists that you share your password, report it to the FutureGrid helpdesk: http://archive.futuregrid.org/help.

1.1: Create Effective Passwords—Change Them Periodically

Create passwords that are difficult to guess and that cannot be found in a dictionary. Birthdays, family names, and single words are examples of easily-guessed passwords. Change your password periodically, even if you have no reason to believe that anyone else has it.

1.2: Community Account Management

Currently Community accounts are not supported by FutureGrid. For exceptions, please contact  http://archive.futuregrid.org/help.

1.3: Account Compromise or Suspicious Activity

FutureGrid provides tools that will help protect accounts from unauthorized use; however, it is your responsibility to use these tools properly. If you believe your account has been compromised or if you find signs of suspicious activity, take the following actions:

  • Notify the FutureGrid helpdesk immediately (http://archive.futuregrid.org/help)
  • Do not modify files found in your account
  • Do not execute unknown programs you might find
  • If possible, do not use your account until the issue is resolved

Some indications that a compromise has occurred include:

  • Files in your home directory or project areas which you did not create
  • Unexplained alteration or deletion of your files
  • Discrepancies between your allocation balance and what you think you have used

2.0: Unauthorized Use and Access

How you intend to use FutureGrid resources must be clearly defined in your project request. Subsequently, access is granted specifically for the research that is described in the request—nothing else. Just because you can access a resource does not mean that you have authorization to do so. You must operate within sanctioned parameters regardless of what may be technically possible. In case you need additional projects, you can apply for them separately.

3.0: Unacceptable Behavior

Below are examples of unacceptable behavior which are subject to the penalties described in section 5.0:

  • Using, or attempting to use, FutureGrid or other related resources without authorization or for purposes other than those stated on your allocation request
  • Tampering with, or obstructing the operation of the facilities
  • Reading, changing, distributing, or copying others' data or software without authorization
  • Using FutureGrid or other related  resources to attempt to gain unauthorized access to other (non-FutureGrid) sites
  • Activities in violation of local, state, or federal law

4.0: Reporting Suspicious Activity

You are responsible for immediately reporting exposed or compromised passwords, keys, passphrases, or certificates as well as suspicious activity on your account. Report all suspicious activity, whether or not you suspect an account or system has been compromised, to the FutureGrid help desk:  http://archive.futuregrid.org/help.

5.0: Penalties

Failure to abide by this agreement may result in a variety of penalties, including:

  • Temporary account suspension or permanent revocation without notice if there is suspicion of account or system compromise, malicious, or illegal activity.
  • Loss of all current projects allocations and the inability to obtain future allocations.
  • Abusive activity may be reported to your home institution for administrative review and/or action.
  • Civil litigation may be pursued to recoup costs incurred from unauthorized use of resources or incident response due to a system compromise or malicious activity.
  • Criminal penalties could result from violations of federal, state, or local laws. Incidents may be reported to the appropriate authorities for investigation and/or prosecution.

6.0: Classifications of Data

While FutureGrid and its partners support the spirit of open research, each provides technology to safeguard the confidentiality of data. Users are responsible for applying these tools effectively to protect intellectual property or confidential data used with or stored in FutureGrid resources.

6.1: Confidential Data

Users must know if there are confidentiality requirements associated with the type of data they are using. Not all information that is subject to confidentiality is intellectual property. Users are responsible for verifying that FutureGrid offers the level of protection that is required for the type of data being used.

6.2: Proprietary Data

Proprietary or private data (which may also be considered intellectual property) may have confidentiality requirements imposed by the owner of the data. Users are responsible for verifying that the FutureGrid partner sites offers the level of protection that is required for the type of data being used.

6.3: Regulated Data

State and federal laws as well as organizational policies may apply to the regulation of certain data. Some examples include:

  • Medical records
  • Student records
  • Personal identifying information (e.g. Social Security numbers)

It is your responsibility to be aware of the laws and policies that are associated with the data you are managing and to verify that the FutureGrid site used can provide the appropriate level of protection.

6.4: Sensitive but Unclassified Data, Applications, and Resources

Some data, applications, and/or FutureGrid or other related resources themselves may be considered "Sensitive but Unclassified" or “Export Controlled” by the federal government and may have restrictions.

7.0: Software Development

Software that is developed with allocations approved by FutureGrid User Office, or by proxy via the FutureGrid project allocations process, is subject to copyright restrictions according to the NSF General Grant Conditions (GC-1). See the July 2002 revision of GC-1, Copyrightable Material, Article 18: http://www.nsf.gov/awards/managing/general_conditions.jsp?org=NSF

8.0: Proper Acquisition and Licensing of Software

All software used on FutureGrid must have been appropriately acquired and properly licensed. Possession or use of illegally copied software is prohibited. Likewise users shall not duplicate copyright-protected software or materials, except as permitted by the owner of the copyright. Some software installed on FutureGrid esources may require special authorization in order to be used. Users must abide by the requirements for protecting it from misuse.

9.0: Publication

All work performed under a FutureGrid grant must be intended for publication in open literature. No proprietary or otherwise restricted publication may be based on work done under a FutureGrid grant. FutureGrid must be informed about your publication.

9.1: Acknowledgment of NSF, FutureGrid or other TeraGrid, and Resources Used

Acknowledgment of support from the NSF, FutureGrid should appear in the publication of any material (whether copyrighted or not) that is based on or developed wholly or partially with FutureGrid resources, as indicated in the FutureGrid account application process.

10.0: External Requirements in Addition to FutureGrid

Individual sites may be subject to state or local laws and/or have organizational policies with additional requirements beyond this policy. It is your responsibility to be aware of and abide by those laws and policies. Please contact the legal affairs department at your home institution for further guidance.

10.1: External Requirements for Non-Academic Users

Non-academic (corporate/industrial, government, etc.) users frequently must follow more stringent usage guidelines than those required by FutureGrid as a whole or by a particular FutureGrid participating organization. It is the user's responsibility to assure the FutureGrid resources used satisfy the requirements of their organization.

11.0: FutureGrid Support/Diagnostic Access

Authorized FutureGrid site personnel may review files for the purposes of aiding an individual or providing diagnostic investigation for FutureGrid or related systems. User activity may be monitored as allowed under policy and law for the protection of data and resources. Any or all files on FutureGrid or other related systems may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to authorized site or law enforcement personnel, as well as authorized officials of other agencies, both foreign and domestic. By using FutureGrid or other related systems, users acknowledge and consent to this activity at the discretion of authorized site personnel.

11.1: Access Notification

Access to user data and communications will not normally be performed without explicit authorization and/or advance notice unless exigent circumstances exist. Post-incident notification will be provided in such cases.

12.0: General Assistance

For general assistance with understanding this policy or how to fulfill your responsibilities as a user of FutureGrid resources, contact  http://archive.futuregrid.org/help.