Code of conduct SURFfilesender

The SURFfilesender service (“the service”) is designed solely as a short-term storage facility to enable the sending of large files, between authorized named users, and is explicitly not designed as an archival or reliable storage or general unspecified public access service.

• The SURFfilesender service is not backed up, nor are files stored in any redundant fashion, Users should never assume that a file placed on this server is the archival or reliable or sole copy of that file. SURF explicitly provides no warranty for the integrity or reliability of the service more than as stated in de service Level Specification in Appendix A, and users of the service fully understand and accept any and all risks for the use of the service, including that files placed on the service may be lost and not recoverable, or that intended recipients may not be able to retrieve the files in a timely manner or that the system be compromised or breached.
• Files placed on the service are not encrypted unless User encrypts the files before using the service, or uses the encyption option. The only protection against an arbitrary user gaining access to the file is the obscurity of the coded URL used to retrieve it, which is not secure.  Users placing files on the service take personal responsibility for violations of any statutes that prohibit placing files on a service like the SURFfilesender service. Likewise, without encryption by the User, retrieval of files placed on the service are protected only in that the recipient needs a non-secure identifier typically provided to them by the person storing the file and that such an identifier may potentially be compromised. Therefore, the service should, without encryption by the User, not be used to store content that the sender views as requiring a high degree of security or confidentiality, where the inadvertent disclosure of such content will cause financial, reputational, or other unacceptable harm to the owner of the files.
• In addition to the other term and conditions of these policies, you agree that you will not:
  • use the service to breach or violate any confidentiality obligations or privacy requirements, including, without limitation, by collecting or harvesting confidential information
  • Use the service to misappropriate or violate the rights of any third party, including, without limitation, using the service to store, send, or make available materials protected by intellectual property rights of third parties without the permission of the owner of the intellectual property rights, unless otherwise permitted by applicable law.
  • damage, disrupt, interfere with, diminish, or render the service inaccessible or unusable, or attempt to do so, or encourage or assist others to do so.
  • initiate a denial of service attack from or against the service or release a virus, trojan horse, worms or other malware or spyware from or against the service.
  • use the service to engage in fraudulent activity.
  • use the service to perpetrate a hoax or engage in phishing schemes or forgery or other similar falsification or manipulation of data.
  • use the service to abuse, harass, stalk, threaten, or otherwise violate the legal rights of others.
  • use the service to libel or defame others.
  • use the service to store, host, view or distribute child pornography.

• The use of the service to store and send files that violate copyright or other intellectual property laws or statutes is explicitly prohibited, and use for any other criminal or illegal purpose is also strictly prohibited. SURF reserves the right to examine the contents of files placed on the service in order to respond to what it believes are legitimate claims of violation of intellectual property, child pornography or other statutes. Where SURF believes that contents may violate other criminal statutes, it may contact appropriate law enforcement officials as it deems appropriate and necessary and provide them with access to the files in question.
• All files placed on the SURFfilesender service will be deleted without further notice and without exception with a maximum of three (3) weeks after they are placed on the server whether or not they have been successfully retrieved by intended recipient(s). Once files are automatically or manually deleted from the system, the system does do a secure deletion of the file contents (i.e., the contents are written over). Files are not backed up prior to deletion. Under no condition will this deletion window be extended.
• In order to use the service, SURFfilesender requires authentication by a SURF participant and requires that the participant identity provider (IdP) provide eduPersonTargetedID and e-mail address attributes. SURFfilesender keeps a permanent log of those attributes, the date and time of the upload, and the filename(s) that were uploaded to the SURFfilesender service, as well the e-mail address of the recipient(s) who were notified of the file(s) availability. The log also tracks every time someone downloads the file using the coded URL that is created when the file is stored. This information is kept even after the actual file contents are deleted. The online log will be deleted from the database of SURFfilesender per four months. After four months data will be destroyed. SURF reserves the right to look at the log in order to maintain the system and to monitor abuse.  SURF monitors whether a given file is being downloaded an inordinately large number of times, or if the volume of retrieval requests to a specific file consumes sufficient bandwidth to significantly degrade the service to other users.  In such cases, SURF may take actions, including examining the contents of the file to see whether such a complaint is meritorious, notifying the person who stored the file of the problem, and/or appropriate local or federal authorities, as appropriate to the specific conditions and as dictated by law or regulations, up to and including deletion of the file if such abuse is causing significant degradation in system performance.