Policy date: 23 May 2007
This statement summarizes the ANT project position on data privacy to our data providers and consumers.
Our goal in this policy is that ANT should not fundamentally change the privacy of network users of monitored networks. We follow best-current-practices in network data collection (for example, see RFC-1262).
To that end:
We do not collect any user data (packet data contents sent between users).
We do collect packet headers, however we collect only the first fraction of a packet (to get the header). We immediately run a program (the “scrubber”) that examines each packet and deletes any partially captured user data. (This program runs automatically, immediately after capture and before any user examines the data.)
We ensure that all IP addresses collected with packet headers are anonymized.
We scramble (with prefix-preserving anonymization using a cryptographic key) the lowest 8 bits of any IP addresses in the packet headers. The cryptographic keys used for this are rotated and discarded regularly. Once these keys are discarded it is impossible to determine the the low-order 8-bits of the original IP address.
In addition we scramble (with prefix-preserving anonymization using a second cryptographic key) the complete 32-bits any IP addresses in the packet headers. The cryptographic keys used for this are rotated and discarded regularly. Once these keys are discarded it is impossible to determine either the lower-order 8 bits or the full original IP address.
We use the data for networking research in a privacy-respectful matter.
We ensure that:
a. Any published results contain no personally identifiable information. a. We never attempt to translate anonymized data back to the identity of a specific individual. a. We keep collected data stored securely.
a. Any published results by data users contain no personally identifiable information. a. Data users never attempt to translate anonymized data back to the identity of a specific individual. a. Data users keep collected data stored securely. a. Data users will not further propagate the provided data. a. Data users credit the source of data in any published results.