WHAT IS RARENET?
Rarenet (Rapid Response Network) is an active network of people who in some form or another are working on digital emergency response. The group is composed by technical experts, support organizations and individuals who are connected to civil society, activists and journalists on the ground.
The network coordinates efforts between the different members by sharing emergency cases and knowledge on digital emergencies with the aim of supporting people who are facing digital threats.
Currently, Rarenet operates on best efforts of all members and its activities are endorsed by the entire group.
The goal of the Rarenet initiative is to close the gap and increase cooperation between two large groups: civil society, activists on the one side and organizations or individuals working in Information Technologies’ security on the other side.
Rarenet is composed by members of both groups that have decided to donate time and resources to the community in order to globally improve the security awareness of civil society, journalists and activists. Rarenet also helps to report incidents that has been made aware of and provide solutions.
Funding of the Rarenet comes from direct contributions from its members and it does not rely on any kind of external resources. If not decided by the group as a whole, Rarenet will not seek funding for its coordination activities.
The kick-off of this initiative started in late 2013 during a Rapid Response meeting in The Hague. As a result, the participants of the meeting established and joined the Rarenet network. To manage how the initiative grows the funding group decided that the following ground rules apply to the network:
* New memberships
New members have to be vetted by at least 2 other current members. Applications for membership has to be announced to the group and any member of the group has the right to veto a potential member. In addition, a recommendation for a potential member can be revoked. If a member has less than two recommendations or has been vetoed, the access to the Rarenet is automatically disabled.
A member of an organization cannot propose new members from within the same organization.
In order to keep the group small and flexible, the soft limit of members of the same organization should be two. Unless the organization can prove the additional benefits to the Rarenet of having more then two people from one single organization.
The total group size should not exceed 50 persons.
* Exiting members
Any member may leave the group at any time without the need to give any explanation.
The success of the initiative will depend on the commitment of the members. Therefore, the group might decide periodically to remove users who are inactive for more than 6 months. This measure guarantees the inclusion of new and more active members.
Confidentiality applies to who is member of the Rarenet, the content of the conversations and the cases discussed.
– The content of the conversations:
The content is considered highly confidential and should not be shared externally. If a request for assistance in a case (a) is shared amongst the group and another member (b) has a solution, it is good practice to get back to the requesters and ask permission for and under which conditions to forward it to a third party.
– The membership of the list:
Both the identification of the members as well as their organizations should be considered confidential to the members, in order to avoid targeted attacks by external parties.
An “intake” address for the list may be shared with other communities on a case-by-case basis in order to allow them to contact the list directly if they are aware of something targeting a member of the group (without having to know exactly the target).
Where applicable, all the members should share with the group details of their infrastructures (ASNs, IPs, domains) in their constituency in case they can have a direct impact in case of security incident.
Sharing information regarding the groups, the members and details on the constituency have to be accepted by 2/3 of the members answering to the survey within 2 weeks.
DEFAULT INFORMATION SHARING POLICY
The default policy of the Rarenet is that you can not share information unless you ask for permission to the list. This includes; IP addresses, names and organizations. In addition this includes taking active responsibility of minimizing sensitive data when forwarding a problem from the list to a third party.
USE OF MAILINGLIST
There is no definitive rule on what can be shared on the mailing list and what cannot. However, it should be noted that Rarenet runs an operational mailing list and there are some general guidelines on what can be discussed.
The mailing list IS a place where members can share technical issues, digital problems from specific countries, raise questions on specific incidences and/or bring problems from the field to the list.
The mailing list IS NOT a place for chat session/tea session.
To increase clarity on the list it is recommended to use markers in the header that describe what the email is: e.g. case, question, technical issue or other.
Rarenet has an strict anti trolling policy. To prevent flame wars from happening on the list or members ignoring the code of conduct of the Rarenet, the group has one person who has contact with each member individually and has the mandate to intervene when the code of conduct is breached.
In addition, it should also be noted that the member that invites a new member to the list is responsible to mentor the new member into following this code of conduct and has the responsibility to intervene when breached.
MODIFICATION TO THIS DOCUMENT
Modifications in the mission letter have to be accepted by 2/3 of the members within two weeks.