(This is still a draft.)
BISmark-Passive collects limited information about how and when devices on your home network access the Internet. Specifically, it collects information about the devices connected to your home network, the type and amount of network traffic transferred by these devices, the domain names of popular Internet sites accessed by these devices, and the frequency of such access. BISmark-Passive never inspects or captures the application-level contents of your network traffic.
This statement describes the information collected as part of your participation in BISmark-Passive, as well as how this information is used, disclosed, and retained. This statement does not attempt to characterize the risks of collecting or storing the information, or the disclosure of this information as described below. You must assess and accept the risks of participating in BISmark-Passive before you agree to participate in the BISmark-Passive study.
- BISmark-Passive does not record URLs. For popular Web sites, we only record the domain name of the Web site. For example, if you watch a video on YouTube, we will record the fact that you visited www.youtube.com, but not the specific URL of the video, which would indicate the video you watched.
- BISmark-Passive does not record Personally Identifiable Information (PII). We do not record your name, e-mail address, mailing address, MAC addresses or IP addresses except as described above and in the BISmark Privacy Statement. We never request or record financial information, social security numbers, birth dates, etc.
- BISmark-Passive does not record application packet contents. We do not monitor the contents of e-mails, chat conversations, phone calls, file downloads, Web page contents, Internet login credentials, or anything else about your online activities except as described above.
BISmark-Passive is installed on your BISmark router and does not affect or install software on any of your personal network devices.
BISmark-Passive collects the following types of information about every device that accesses the Internet using your BISmark router:
- BISmark-Passive records the manufacturer of each network device that accesses the Internet using your BISmark router by recording the first 3 bytes of each device's hardware identifier (MAC address). We use this information to differentiate between classes of devices (e.g. a video game console vs. a desktop computer).
- BISmark-Passive counts the number of times your devices communicate with
popular Internet domains and subdomains. For example, if you visit
http://maps.google.com, we will record
maps.google.com, becausegoogle.comis on the list of popular domains. We collect this information to understand the frequency with which people access popular Internet sites. The set of domains that are monitored is based on the Alexa "Top Sites" list (http://www.alexa.com/topsites), and you can alter this list of monitored domains, or completely disable this collection activity. - BISmark-Passive records the types of network applications your devices use, and how frequently each application is used, by recording the quantity of network traffic associated with each TCP or UDP port number. We collect this information to understand the types of applications people commonly use from their home network. Examples of network applications include Web browsing, e-mail, instant messaging, and Skype.
- BISmark-Passive collects information about the distribution of network traffic by recording the size of each unit of information (packet) transmitted through your BISmark router, as well as the date and time at which the transmission occured. We collect this information to understand what an "average" home network traffic distribution looks like.
Although we believe it is unlikely, information collected by BISmark-Passive could potentially be used to identify you in certain circumstances. You must assess and accept the risks of participating in BISmark-Passive before you agree to participate in the study.
The following examples illustrate the types of information collected in different BISmark-Passive usage scenarios related to watching a video on YouTube:
- Watching a YouTube video on your laptop while it is not connected to your BISmark router. BISmark-Passive will not record any information in this case because it only monitors network activity through your BISmark router.
- Watching a YouTube video on your laptop while it is connected to your
BISmark router. BISmark-Passive will record:
- the fact that you visited youtube.com, because YouTube is on the list of popular sites,
- the amount of data of transferred to and from your laptop, including the size and timestamp of each packet transferred,
- the fact that the data transferred to and from your your laptop occured via a Web browser (TCP ports 53, 80, and 443), and
- the manufacturer of your laptop's network card.
- Watching a YouTube video on your laptop after removing youtube.com from the
list of popular sites. Now BISmark-Passive will not record the fact that you
visited YouTube. BISmark-passive will still record other general information
about this activity:
- the amount of data of transferred to and from your laptop, including the size and timestamp of each packet transferred,
- the fact that the data transferred to and from your your laptop occured via a Web browser (TCP ports 53, 80, and 443), and
- the manufacturer of your laptop's network card.
- Visiting a subdomain of a popular site. Suppose you read a blog post at
http://yourfriendsblog.blogspot.com/posts/my-first-post. If you haven't
removed Blogspot from the list of popular sites then BISmark-Passive will
record the fact that you visited
yourfriendsblog.blogspot.com(not justblogspot.comand not the full URL.)
All of the information described above will be collected, maintained, and used by the BISmark-Passive team. We may disclose this information outside of the BISmark-Passive team in the following ways:
- The BISmark-Passive team will utilize the collected data to produce scholarly works such as articles, reports, and presentations that will be published and publicly accessible. These results will typically contain aggregated and derivative information, but may contain raw information, excluding PII as noted in the BISmark Privacy Statement.
- Any information collected as part of BISmark-Passive may potentially be disclosed in response to a lawful request by law enforcement or other legal processes or authorities.
All data collected by BISmark-Passive will be retained for the duration of the study, or until you choose to terminate your participation in the study.
We take measures to protect the information collected as described above. We encrypt information as it is transmitted between the BISmark gateway and our servers, or between your computer and our servers during enrollment. We have implemented access controls to limit access to information stored on our servers.