(145) Interim Internet Usage Policy
The Patent and Trademark Office (PTO) is in the process of providing
Internet access to PTO employees. Effective January 27, 1997, PTO
employees who have electronic mail (e-mail) accounts on the PTOnet will
have the capability to send and receive mail through the Internet. PTO
is also deploying Netscape browser software to all PTOnet servers.
Policies and guidelines governing use of the Internet were distributed
to all PTO employees in July of 1996 in a document titled "Rules of the
Road." PTO employees must follow the "Rules of the Road" when using the
Internet (copy attached).
In view of the fact that all communications and data transmitted from or
to the applicant by the Internet are neither encrypted nor secure, and
in order to ensure that usage of the Internet by PTO employees will not
violate the confidentiality requirements of 35 U.S.C. 122, the following
interim Internet usage policy is being published. The policies and
guidelines set forth below are interim since the public has not yet had
an opportunity to comment on them. PTO will publish a Notice in the
Federal Register and Official Gazette requesting comments from the
public on the use of the Internet in PTO patent and trademark
examination.
(1) PTO employes are NOT permitted to use the Internet e-mail to conduct
official PTO business where sensitive data will be exchanged or where
there exists a possibility that sensitive data could be identified
unless there is an express waiver of the confidentiality requirements
under 35 U.S.C. 122 by the applicant. Sensitive data includes
confidential information related to patent applications (see Rules 4 and
5 of the "Rules of the Road"). The following is a sample form which may
be used by applicant for waiver of the confidentiality requirements of
35 U.S.C. 122:
"Recognizing that Internet communications are not secured, I hereby
authorize the PTO to communicate with me concerning any subject matter
of this application by electronic mail. I understand that a copy of
these communications will be made of record in the application file."
Where an express waiver of 35 U.S.C. 122 is given by the applicant and
upon mutual agreement between applicant and the PTO employee,
communications via Internet e-mail, other than those under 35 U.S.C. 132
or which otherwise require a signature, may be used. In such cases, a
printed copy of the Internet e-mail communications must be given a paper
number, entered into the Patent Application Locating and Monitoring
System (PALM) and entered in the application file. At the present time,
a response to an Office action may NOT be communicated by applicant to
the PTO via Internet e-mail. Where communication via Internet e-mail is
initiated by a registered practitioner, or an applicant in a pro se
case, sufficient information must be provided to show representative
capacity in compliance with 37 CFR 1.34. Examples of such information
are the attorney docket number and registration number.
PTO employees are NOT permitted to initiate communica-tions with
applicant via Internet e-mail except where an express waiver of 35 U.S.C
122 is of record in the application.
(2) Where the Internet is used to search and retrieve prior art
information, PTO employees must restrict their search operations to
determining the general state of the art. Internet prior art search
strategies that could disclose sensitive information such as the
elements of an invention are NOT permitted.
The policies and guidelines set forth in this Interim Internet Usage
Policy document are intended to be an extension of the policies and
guidelines set forth in the "Rules of the Road" and they are not
intended to be a replacement of the policies and guidelines in the
"Rules of the Road." Final policies and guidelines will be published at
a later date.
Questions concerning these policies and guidelines regarding Internet
usage and suggestions as to how Internet usage capability may be
expanded without violating the confidentiality requirements of 35 U.S.C.
122 may be addressed to the Office of the Deputy Assistant Commissioner
for Patent Policy and Projects, Assistant Commissioner for Patents,
Washington, D.C. 20231.
Feb. 10, 1997 BRUCE A. LEHMAN
Assistant Secretary of Commerce and
Commissioner of Patents and Trademarks
PTOnet AND PTO SYSTEMS
RULES OF THE ROAD
PTOnet, PTO Systems and other computing resources are shared among PTO
employees. PTOnet provides access to PTO business systems that operate
on the PTO information technology infrastructure. and provides access to
remote locations through secure gateways. In the near future, PTOnet
will provide access to the Internet. The PTOnet and PTO Systems "Rules
of the Road" are intended to help PTO employees use the PTO's computing
and network facilities responsibly, safely, and efficiently, thereby
maximizing the availability of these facilities to all employees.
Complying with these rules will help maximize access to these
facilities, and help assure that your use of them is responsible, legal,
and respectful of privacy. While use of PTO automation resources is
voluntary, PTO employees must follow the "Rules of the Road" when using
these resources.
The "Rules of the Road" amplify and clarify previous PTO policy on
PTOnet and PTO System use, including Internet access via Pioneer. The
rules are grouped into the following three categories:
o Complying with the intended use of PTOnet and PTO Systems
o Assuring ethical use of PTOnet and PTO Systems
o Assuring proper use of PTOnet and PTO Systems
The following is a more detailed discussion of the individual rules
associated with each category. The "Rules of the Road" are also
discussed in appropriate sections of the PTO's Office Automation
Services Guide. Each PTO Cost Center may supplement the "Rules of the
Road" for better administration of information within its own domain.
I. Complying with the Intended Use of PTOnet and PTO Systems
It is important that each employee understand the purpose of PTOnet
and PTO systems so that their use is in compliance with that purpose.
II. Assuring Ethical Use of PTOnet and PTO Systems
Along with the many opportunities that PTOnet and PTO Systems provide
for PTO employees to share information, comes the responsibility to use
the system in accordance with PTO standards of conduct. These standards
are outlined in the PTO Employee Handbook. Appropriate use of PTOnet and
PTO systems includes maintaining the security of the system, protecting
privacy, and conforming to applicable laws, particularly copyright and
harassment laws.
RULE 3: Don't Let Anyone Know Your Password(s)
While you should feel free to let others know your username (this is
the name by which you are known to the whole PTOnet. PTO Systems and
Internet community), you should never let anyone know your account
passwords. This includes even trusted friends, and computer system
administrators (e.g. Information System staff).
Giving someone else your password is like giving them a signed blank
check, or your charge card. You should never do this, even to "lend"
your account to them temporarily. Anyone who has your password can use
your account, and whatever they do that affects the system will be
traced back to your username -- if your username or account is used in
an abusive or otherwise inappropriate manner, the PTO will hold you
responsible.
When creating or changing your password, always use a password that you
can easily remember but is unique enough that it cannot be easily
guessed by your co-workers. Never use the names of spouses, children,
pets or birthdates, as these can easily be compromised.
RULE 4: Don't Violate the Privacy of Other Users
The Electronic Communications Privacy Act (18 USC 2510 et seq., as
amended) and other Federal laws protect the privacy of users of wire and
electronic communications. The facilities of the PTOnet and PTO System
are in place to facilitate the sharing of information among PTO
employees, our international partners, and our customers. All users of
PTOnet and PTO Systems should make sure that their actions don't violate
the privacy of other users, even if unintentionally.
Some specific areas to watch for include the following:
o Don't try to access the files of directories of another user without
clear authorization from that user.
o Don't try to intercept or otherwise monitor any network
communications not explicitly intended for you.
o Don't use names or other personal identifiers in communications
that might be of a sensitive or confidential nature.
o Don't intentionally seek information about, browse, obtain copies
of, or modify files, mail, or passwords belonging to others, whether
they are at the PTO or elsewhere, unless specifically authorized to do
so by those individuals. Don't attempt to decrypt or translate encrypted
material belonging to another person or organization.
o Don't attempt to alter the "From" line of your Interact user-ID or
other attributes of origin in electronic mail, messages, or postings.
o Don't edit or change the content of an e-mail message when sending
a reply to the message's originator or forwarding the message to another
person without indicating where and how the message was edited.
o Don't create any shared programs that secretly collect information
about PTO users.
o RULE 5: Don't Transmit Classified or Sensitive Data.
Every attempt has been made to ensure that appropriate security
mechanisms are in place for protecting information from unintended
access, from within the system or from the outside. However, these
mechanisms, by themselves, are not sufficient. PTOnet and PTO System
users should ensure that they take appropriate action to safeguard
classified or sensitive data. Users are instructed to implement the
following requirements:
o Don't transmit classified data, data subject to a secrecy order, and
data under seal through Internet or e-mail, or post such data on
bulletin boards.
o Don't store or transmit sensitive data without proper protection as
defined in applicable Federal laws and regulations. Sensitive data
should not be posted on bulletin boards. Data should be considered
sensitive if they might be exempt from Freedom of Information Act (FOIA)
disclosure or protected under the Privacy Act. Sensitive data include
records about individuals in which there is a reasonable expectation of
privacy, trade secrets or confidential business information, and
confidential information related to Patent and Trademark applications.
o Don't transmit data that are part of PTO's decision making process
over the Internet.
The following are examples of sensitive data that should not be
discussed or transmitted on PTOnet or related computing services:
o Anything with sensitive personnel data such as names with SSN, leave
balances, salaries. benefits for which an employee is signed up, etc.
o Anything dealing with the details surrounding an Employee Relations
or Union issue.
o Sensitive procurement information (this is in the $1 million or
over category, not purchase orders).
o Anything dealing with the details surrounding contract award prior
to award.
o All information categorized as Source Selection Information by
Section 27 of the Office of Federal Procurement Policy Act (41 U.S.C.
423) that concerns the number, identity, ranking, or evaluation of
offerors in response to an ongoing procurement action.
o Information marked by an offeror as proprietary.
o Source selection information, including bid prices prior to bid
opening, proposed costs/prices in response to a solicitation. source
selection plans, technical evaluation of proposals, cost or price
evaluations, competitive range determinations, ranking of offers, and
reports or evaluations of source selection panels.
o Anything dealing with budget policy prior to the budget submission,
particularly as it may deal with PTO employees.
o Passwords or other computer security related items.
[1195 OG 89]