DataSharingDeclaration.md

#DRAFT

This is a draft data sharing declaration.

##Yeti Data Sharing Declaration

The Yeti Project has standards for data sharing that all Participants agree to. Each Participant must make a declaration that they will follow these standards.

"Participant" in this declaration means anyone that wishes to either submit or access Yeti Data. For example, this includes operators of Yeti root servers, operators of resolvers using those servers, or Yeti researchers. Only Participants who have executed this Data Sharing Declaration may submit or have access to Yeti Data.

"Yeti Data" means data files provided by Participants or generated by Yeti systems or Participants and residing on Yeti systems with the intention of sharing. Examples of Yeti Data include, but are not limited to: (a) raw packet captures, generally in the form of “pcap” files; (b) name server query log files; (c) archived zone files; and (d) other types of log files relating to network traffic, attacks, or application transactions.

1. Types of Yeti Data.

   1. Raw: data submitted by Participants (for example pcap captures);
   2. Generated: data generated by Yeti systems and applications (for example Benchmarks, Monitoring);
   3. Derivative: data derived by analysis from one or more Raw data sets.

2. Categories of Yeti Data.

   1. Confidential. Unless otherwise specified at the time of submission or generation, all Yeti Data shall be deemed Confidential and may not be disseminated to any parties, whether or not they are Yeti Participants. All such Confidential Yeti Data may be used by Yeti Participants, provided that they (i) shall hold all Confidential Yeti Data in the highest confidence, (ii) shall not disclose, disseminate or publicize any Confidential Yeti Data to any person or entity, and (iii) shall take all action necessary or appropriate to hold all Confidential Yeti Data in the highest confidence.

   2. Exceptions to Confidentiality. Confidential Yeti Data shall not include: (A) Yeti Data already in possession of the non-disclosing party through lawful means or through independent development, (B) Yeti Data which are publicly available when received or thereafter becomes publicly available through no fault of the non-submitting party, and (C) Yeti Data which are required to be disclosed as a result of a final order of a court of competent jurisdiction in a proceeding in which the submitting party has had a reasonable opportunity to contest disclosure.

   3. Non-Confidential. If a Participant wishes certain Yeti Data to be treated as Non-Confidential, Participant shall clearly designate such Yeti Data at the time of submission or generation as Non-Confidential Yeti Data. All such Non-Confidential Yeti Data may be disseminated to any parties, whether or not they are Yeti Participants.

3. Submission of Yeti Data. Each time Participant submits any Yeti Data to Yeti, Participant must designate what restrictions, if any, are to be placed on the Yeti Data. This includes whether such Yeti Data are Confidential or Non-Confidential, attributable or anonymous, whether redistributable or not, and so forth, as appropriate. Participant is solely responsible for designation of any applicable restrictions. In the absence of any such designated restrictions, the Yeti Data submitted shall be deemed to be Confidential. Certain Yeti Data collected will have defined designations. Participant is solely responsible for designation of any applicable restrictions if none have been otherwise defined.

4. Source-Identifying Yeti Data. Participant may choose, at its own discretion, to “anonymize” source-identifying elements (for example IP addresses) prior to submitting Yeti Data.