Guidelines for Performing Safe Measurement on the Internet
draft-irtf-pearg-safe-internet-measurement-01

Document Type Active Internet-Draft (pearg RG)
Last updated 2019-08-06 (latest revision 2019-07-08)
Replaces draft-learmonth-pearg-safe-internet-measurement
Stream IRTF
Intended RFC status Informational
Formats plain text xml pdf html bibtex
Stream IRTF state Active RG Document
Consensus Boilerplate Unknown
Document shepherd No shepherd assigned
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                       I. Learmonth
Internet-Draft                                               Tor Project
Intended status: Informational                              July 8, 2019
Expires: January 9, 2020

       Guidelines for Performing Safe Measurement on the Internet
             draft-irtf-pearg-safe-internet-measurement-01

Abstract

   Researchers from industry and academia often use Internet
   measurements as part of their work.  While these measurements can
   give insight into the functioning and usage of the Internet, they can
   come at the cost of user privacy.  This document describes guidelines
   for ensuring that such measurements can be carried out safely.

Note

   Comments are solicited and should be addressed to the research
   group's mailing list at pearg@irtf.org and/or the author(s).

   The sources for this draft are at:

   https://github.com/irl/draft-safe-internet-measurement

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 9, 2020.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

Learmonth                Expires January 9, 2020                [Page 1]
Internet-Draft          Safe Internet Measurement              July 2019

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

1.  Introduction

   Performing research using the Internet, as opposed to an isolated
   testbed or simulation platform, means that experiments co-exist in a
   space with other users.  This document outlines guidelines for
   academic and industry researchers that might use the Internet as part
   of scientific experimentation to mitigate risks to the safety of
   other users.

1.1.  Scope of this document

   Following the guidelines contained within this document is not a
   substitute for any institutional ethics review process, although
   these guidelines could help to inform that process.  Similarly, these
   guidelines are not legal advice and local laws must also be
   considered before starting any experiment that could have adverse
   impacts on user safety.

1.2.  Active and passive measurements

   Internet measurement studies can be broadly categorized into two
   groups: active measurements and passive measurements.  Active
   measurements generate traffic.  Performance measurements such as TCP
   throughput testing [RFC6349] or functional measurements such as the
   feature-dependent connectivity failure tests performed by
   [PATHspider] both fall into this category.  Performing passive
   measurements requires existing traffic.

   Both active and passive measurements carry risk.  A poorly considered
   active measurement could result in an inadvertent denial-of-service
   attack, while passive measurements could result in serious violations
   of user privacy.

   The type of measurement is not truly binary and many studies will
   include both active and passive components.  Each of the
   considerations in this document must be carefully considered for
   their applicability regardless of the type of measurement.

Learmonth                Expires January 9, 2020                [Page 2]
Internet-Draft          Safe Internet Measurement              July 2019

2.  Consent

   In an ideal world, informed consent would be collected from all users
   that may be placed at risk, no matter how small a risk, by an
   experiment.  In cases where it is practical to do so, this should be
   done.

2.1.  Informed Consent

   For consent to be informed, all possible risks must be presented to
   the users.  The considerations in this document can be used to
   provide a starting point although other risks may be present
   depending on the nature of the measurements to be performed.

2.2.  Informed Consent: Case Study

   A researcher would like to use volunteer owned mobile devices to
   collect information about local Internet censorship.  Connections
   will be made from the volunteer's device towards known or suspected
   blocked webpages.
Show full document text