Test Traffic Measurement Service Data Disclosure Policy Henk Uijterwaal RIPE NCC Document ID: ripe-300 Date: 23 January 2004 Obsoletes: ripe-180 ____________________________________________________________________ 1 Introduction This document describes the Data Disclosure Policy (also referred to as the acceptable use policy or AUP) for the the data collected by the RIPE NCC Test Traffic Measurement Service (TTM) [1]. It describes who can access the data from this service, what one can do with the data and conditions that must be fulfilled before data can be published outside the RIPE Test Traffic Working Group (TT-WG) and the organisations hosting the test boxes. This policy is based on discussion in the RIPE TT-WG. It replaces the old policy as described in [2]. Existing users of the service will be asked to confirm that they agree with this change in policy. New test boxes will only be installed if the hosts agree with this version of the policy. 2 General principles This policy is based on 2 principles: * Avoid abuse while giving as much freedom as possible to use the data. * A simple procedure that describes the basic idea and is easy to follow rather than a heavy document that attempts to describe every possible case. Collecting data with the test-boxes means collecting data about organisations and the performance of their networks. This is a delicate matter as nobody wants to see an analysis that puts the performance of his networks in a bad light, particularly if the scientific merits of the analysis cannot be proven. On the other hand, the results of TTM can be a valuable tool for day-to-day operations, long-term planning and scientific research. One does not want to be too restrictive about what can be done with the data. To implement these principles, 3 basic rules are set: * The RIPE NCC controls the distribution of the data. * All data analysis should be peer reviewed before publication. * All reports should include a pointer to the official description of the data as well as appropriate credit and copyright statements. These basic rules are discussed in the next sections for two cases: section 3 discusses the situation for the owners of a test-box and their customers, section 4 for all others. The latter category generally consists of researchers doing scientific analysis of the data in order to better understand the behaviour of the Internet. 3 Participating Organisations This section deals with organisations that own a Test Box and participate in the service, and their customers. Customers are loosely defined as any organization that uses the network of the test box host in order to connect to the rest of the Internet. There may or may not be a formal business relation. Sites owning a Test Box are called ``test box hosts'' in the remainder of this document, 1 Access to the data There are several ways in which a test box host can access the data: 1. Through an interface on the test box. This shows the data as it is being collected, with a delay of only a few minutes. Access to this interface is restricted to IP addresses specified by the test box host and allocated to the host or its customers. The host will make the customer aware of this policy. 2. Through the RIPE NCC website. Processed data (plots, summaries) will be put on the RIPE NCC web site without password restrictions (but see section 4 below). Plots can be copied to another, internal web site if necessary, provided that proper credits are given and the test box host makes the users of that site aware of this policy. 3. Through the RIPE NCC ftp-site. Unprocessed data will be put on an ftp-server on request. The U