[[PageOutline]] = GENI Opt-In Users = == Schedule == Monday July 9, 3.30pm - 5pm == Session Leaders == Richard Brooks, Clemson University == Agenda / Details == The performance of many network systems depends on the behavior of aggregate Internet traffic, which follows rules and statistics that are poorly understood. The usefulness of many applications depends on interactions between human beings, which are difficult to simulate. This implies that many GENI-based projects will need to use operational network traffic in order to produce reliable results. Many researchers hesitate to use operational network traffic, since there are many ethical and administrative issues related to using operational network traffic. These include: What privacy expectations do network users have? What privacy expectations should network users have? What are the liability implications for experimenters, universities, businesses and funding agencies of experimentation using network traffic containing information from individual users? Is it necessary (should it be necessary) for individual users to approve network experiments using their data flows? What safeguards should be provided to prevent disturbing network operations? What types of experiments on operational network traffic should not be performed? What steps should a prudent experimenter take before using operational data? Are there different classes of users that need to be considered (ex. students at the local university with IT approval, users who agree to join in a prototype system, the public at large)? This session will be a group discussion of these issues. One case history will be provided for a project using operational traffic. The role of the Institutional Review Board (IRB) will be discussed and reviewed. == Session Summary == In this session, attendees discussed; * When should opt in be recommended/required? * Could a boiler plate EULA and opt in framework/document be developed? * Proper organizations to vet/review proposed? * What is the liability of GENI and hosting organizations? * What happens if an experimenter's account is hacked and misused? * What steps should a prudent experimenter take before using operational data? * Classes of traffic not to analyze without opt-in * Classes of traffic not to analyze with opt-in * Does an experiment setup on multiple institutes require multiple IRB approval? * What safeguards should be provided to prevent disturbing network operations? Following solutions are proposed; * Suggestions of best practices/ checklist should be prepared. * Case studies should be done Dr Brooks presented the procedure his research group follow while doing network security experiments at Clemson University; * Consider negative effects * Discuss with local IT and testbed administrators * Consider data storage/archival/privacy issues * Prepare IRB information/application * Verify need for IRB, (if necessary) get approval * Run small test runs to verify lack of impact * Do research == Presentations == [attachment:OptIn-1.pdf Presentation used by Richard Brooks]. Contains topics discussed at the session.