Guidelines for Performing Safe Measurement on the Internet
draft-irtf-pearg-safe-internet-measurement-03

Document Type Active Internet-Draft (pearg RG)
Author Iain Learmonth 
Last updated 2020-05-20 (latest revision 2020-05-18)
Replaces draft-learmonth-pearg-safe-internet-measurement
Stream IRTF
Intended RFC status Informational
Formats plain text xml pdf htmlized (tools) htmlized bibtex
Stream IRTF state Active RG Document
Consensus Boilerplate Unknown
Document shepherd Shivan Sahib
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to Shivan Sahib <shivankaulsahib@gmail.com>
Network Working Group                                       I. Learmonth
Internet-Draft                                               Tor Project
Intended status: Informational                              May 18, 2020
Expires: November 19, 2020

       Guidelines for Performing Safe Measurement on the Internet
             draft-irtf-pearg-safe-internet-measurement-03

Abstract

   Researchers from industry and academia often use Internet
   measurements as part of their work.  While these measurements can
   give insight into the functioning and usage of the Internet, they can
   come at the cost of user privacy.  This document describes guidelines
   for ensuring that such measurements can be carried out safely.

Note

   Comments are solicited and should be addressed to the research
   group's mailing list at pearg@irtf.org and/or the author(s).

   The sources for this draft are at:

   https://github.com/irl/draft-safe-internet-measurement

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on November 19, 2020.

Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

Learmonth               Expires November 19, 2020               [Page 1]
Internet-Draft          Safe Internet Measurement               May 2020

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

1.  Introduction

   Performing research using the Internet, as opposed to an isolated
   testbed or simulation platform, means that experiments co-exist in a
   space with other users.  This document outlines guidelines for
   academic and industry researchers that might use the Internet as part
   of scientific experimentation to mitigate risks to the safety of
   other users.

1.1.  Scope of this document

   Following the guidelines contained within this document is not a
   substitute for any institutional ethics review process, although
   these guidelines could help to inform that process.  Similarly, these
   guidelines are not legal advice and local laws must also be
   considered before starting any experiment that could have adverse
   impacts on user safety.

   The scope of this document is restricted to guidelines that mitigate
   exposure to risks to Internet user safety when measuring properties
   of the Internet: the network, its constiuent hosts and links, or its
   users traffic.

   For the purpose of this document, an Internet user is an individual
   or organisation that uses the Internet to communicate, or maintains
   Internet infrastructure.

1.2.  Threat Model

   A threat is a potential for a security violation, which exists when
   there is a circumstance, capability, action, or event that could
   breach security and cause harm [RFC4949].  Every Internet measurement
   study has the potential to subject Internet users to threat actions,
   or attacks.

   Many of the threats to user safety occur from an instantiation (or
   combination) of the following:

   Surveillance: An attack whereby an Internet user's information is
   collected.  This type of attack covers not only data but also
   metadata.

Learmonth               Expires November 19, 2020               [Page 2]
Internet-Draft          Safe Internet Measurement               May 2020

   Inadequate protection of collected data: An attack where data, either
   in flight or at rest, was not adequately protected from disclosure.
   Failure to adequately protect data to the expectations of the user is
   an attack even if it does not lead to another party gaining access to
   the data.

   Traffic generation: An attack whereby traffic is generated to
   traverse the Internet.

   Traffic modification: An attack whereby the Internet traffic of users
   is modified.

   Any conceivable Internet measurement study might be considered an
   attack on an Internet user's safety.  It is always necessary to
   consider the best approach to mitigate the impact of measurements,
   and to balance the risks of measurements against the benefits to
   impacted users.

1.3.  Measurement Studies
Show full document text