# V. Measurement ### Part 5 — Web Measurement & Collection Doctrine #### 1. Purpose, Non-Negotiables, and System Objective 1.1 **System objective.** Establish a lawful, low-harm, reproducible doctrine for measuring the web as **critical digital infrastructure**, producing decision-grade artifacts (metrics, benchmarks, AEPs) that are **contestable**, **correctable**, and **comparable over time**—without becoming surveillance, enforcement, or operational intrusion. 1.2 **Primary use cases.** The doctrine is designed to support:\ 1.2.1 enterprise and infrastructure **risk baselining** (security, privacy, resilience, accessibility, integrity);\ 1.2.2 **longitudinal benchmarking** (drift, concentration, control adoption, resilience posture);\ 1.2.3 evidence-based governance inputs (standards alignment intelligence; ecosystem risk visibility);\ 1.2.4 **AEP production** with explicit uncertainty, provenance, and reliance bounds. 1.3 **Non-negotiables (hard invariants).** The Guild shall maintain:\ 1.3.1 **Lawfulness** (jurisdiction-aware, consent-aware, contract-aware);\ 1.3.2 **Non-intrusion** (no bypass, no exploitation, no harmful load, no covert collection);\ 1.3.3 **Minimum necessary** (collect the least needed to produce the declared metric);\ 1.3.4 **Safety engineering** (rate limits, backoff, stop conditions, operator harm avoidance);\ 1.3.5 **Reproducibility** (declared RS level, lineage, replayability requirements);\ 1.3.6 **Contestability** (dispute pathways, correction clocks, no silent edits);\ 1.3.7 **Neutrality** (no procurement steering, no enforcement posture, no targeted takedown logic);\ 1.3.8 **Rights preservation** (privacy-by-default; no identity dossiers; non-discrimination posture). 1.4 **Separation doctrine (always in force).**\ 1.4.1 Measurement outputs are **observations and assessed signals**, not orders.\ 1.4.2 Intelligence products are **not** enforcement directives, censorship instructions, legal determinations, or compliance conclusions.\ 1.4.3 Any operational response is executed **only** by adopting organizations under their own authority, counsel, and controls. *** #### 2. Definitions for Measurement Posture 2.1 **Observatory science.** Measurement of web properties using publicly observable signals and consented telemetry, engineered for safety, minimization, and reproducibility. 2.2 **Non-intrusive measurement.** Standard protocol interactions and public-source ingestion that do not circumvent controls, degrade service, or harvest restricted information. 2.3 **Measurement boundary.** The explicit line between (i) what is measured and (ii) what is not measured, including exclusions for sensitive categories, restricted content, and identity. 2.4 **Measurement event.** A time-bound run with a declared purpose, scope, method ID, dataset ID, tooling version, and run manifest. 2.5 **Measurement artifact.** Any output derived from measurement events (metrics, scores, benchmark results, trend series, AEP component inputs) with labels, uncertainty, and correction paths. *** #### 3. Authorized Collection Classes 3.1 **Class A — Public endpoint observation (protocol-normal).**\ Collect signals available from standard interactions with public endpoints, including:\ 3.1.1 DNS resolution outcomes, DNSSEC validation results, TTL behavior;\ 3.1.2 TLS handshake metadata, certificate chain properties, protocol/cipher posture;\ 3.1.3 HTTP response metadata (headers, status codes, caching/security directives) and publicly retrievable structural signals;\ 3.1.4 availability and latency observations using safety-bounded probes. 3.2 **Class B — Public logs and registries.**\ Ingest signals from public or open registries/logs where lawful and appropriate, including:\ 3.2.1 certificate transparency and related public integrity logs;\ 3.2.2 publicly documented standards registries, vulnerability databases, and open governance sources;\ 3.2.3 public domain ownership and change-history signals where legally available. 3.3 **Class C — Public content and structural metadata (minimized).**\ 3.3.1 Capture only what is necessary for declared measures (e.g., accessibility signals, provenance assertions, schema validity indicators).\ 3.3.2 Content capture defaults to **metadata-first** (structure, presence/absence, conformance signals) and avoids collecting human content unless strictly required for the metric. 3.4 **Class D — Lawful third-party feeds (licensed and bounded).**\ 3.4.1 Integrate only feeds with lawful provenance and explicit usage rights.\ 3.4.2 Record contractual constraints, refresh cycles, transformation rules, and attribution requirements. 3.5 **Class E — Consented telemetry (opt-in enterprise/infrastructure).**\ 3.5.1 Accept telemetry only under explicit consent and contract.\ 3.5.2 Enforce tenant isolation, access control, and revocation.\ 3.5.3 Apply purpose limitation and minimize raw retention. 3.6 **Class F — Reproducibility assets (minimal replay bundle).**\ 3.6.1 Store run manifests, hashes, environment descriptors, and method references needed to replay or audit at the declared RS level.\ 3.6.2 Prefer **hash-and-pointer** over raw storage whenever feasible. *** #### 4. Prohibited Methods and Bright-Line Restrictions 4.1 **No bypass / no intrusion.** The Guild shall not:\ 4.1.1 attempt authentication bypass, authorization probing, credential attacks, session fixation, or privilege escalation;\ 4.1.2 exploit vulnerabilities, chain exploits, or simulate attacker playbooks to extract restricted data;\ 4.1.3 evade access controls or defeat rate limits. 4.2 **No destructive or degrading behavior.** The Guild shall not:\ 4.2.1 perform stress testing, DDoS-like traffic patterns, or amplification techniques;\ 4.2.2 run scans that materially degrade operator availability or impose undue cost. 4.3 **No covert collection or deception.** The Guild shall not:\ 4.3.1 deploy covert beacons, clandestine trackers, or hidden collection mechanisms;\ 4.3.2 misrepresent identity to gain access to restricted systems. 4.4 **No restricted or illicit data.** The Guild shall not ingest:\ 4.4.1 breach-derived datasets;\ 4.4.2 unlawfully obtained logs;\ 4.4.3 data whose usage violates contractual or legal constraints. 4.5 **No personal-data default posture.**\ 4.5.1 Personal data is excluded by default.\ 4.5.2 Any exception requires a decision record with strict necessity, minimization, enhanced handling class, and explicit correction/remedy posture. 4.6 **No enforcement simulation.** Measurement must not be designed to operationalize coercion, censorship, or enforcement. *** #### 5. Load Safety Engineering and Operator Harm Avoidance 5.1 **Safety-bounded interaction.** Measurement tooling must behave as a “good citizen” on the public internet. 5.2 **Rate limits and backoff policy (required).** Each measurement method must define:\ 5.2.1 maximum request rate per target and per domain;\ 5.2.2 concurrency limits;\ 5.2.3 exponential backoff with jitter;\ 5.2.4 retry ceilings;\ 5.2.5 adaptive throttling on operator signals (429, timeouts, server errors). 5.3 **Stop conditions (required).** Tooling must stop measurement when:\ 5.3.1 error rates exceed defined thresholds;\ 5.3.2 response patterns suggest distress;\ 5.3.3 operator requests cessation via published channels where feasible. 5.4 **Measurement identification posture.**\ 5.4.1 Where feasible and safe, traffic should be attributable to measurement activity (research identification).\ 5.4.2 Where identification increases abuse risk or creates operator harm, the Guild may minimize identification while retaining internal accountability logs and published doctrine. 5.5 **Non-interference rule.** Measurement shall not alter target state, configuration, or content. No persistent writes. No state mutation. *** #### 6. Minimization, Sensitive Data Avoidance, and Redaction Controls 6.1 **Minimum necessary doctrine.** The default is “collect less, prove more”: maximize inference quality using minimal data, with uncertainty disclosure. 6.2 **Default exclusions (mandatory).** The Guild shall not intentionally collect:\ 6.2.1 credentials, tokens, session identifiers;\ 6.2.2 private communications or gated content;\ 6.2.3 personal identifiers, user profiles, or behavioral histories;\ 6.2.4 children/health/political/other sensitive categories as a default;\ 6.2.5 location-precise or identity-linking signals unless strictly necessary and authorized. 6.3 **Incidental encounter handling.** If sensitive data is encountered:\ 6.3.1 do not store raw unless strictly necessary for correction;\ 6.3.2 truncate, hash, or redact immediately;\ 6.3.3 quarantine under elevated handling class where needed;\ 6.3.4 record the incident and remediation path. 6.4 **Purpose limitation and re-use.** Data cannot be re-used for new purposes without:\ 6.4.1 a decision record;\ 6.4.2 updated labels and reliance bounds;\ 6.4.3 re-evaluation of rights and harm. *** #### 7. Transparency, Notices, Opt-Out, and Boundary Signaling 7.1 **Public doctrine disclosure.** The Guild shall publish the measurement doctrine and safety posture in accessible form. 7.2 **Opt-out posture (where feasible).**\ 7.2.1 Provide opt-out channels for certain classes of measurement when feasible and consistent with scientific integrity.\ 7.2.2 Record opt-out elections and reflect them as measurement boundary changes. 7.3 **Impact disclosure.** When opt-outs affect benchmark comparability:\ 7.3.1 publish non-equivalence notes;\ 7.3.2 adjust confidence intervals;\ 7.3.3 avoid misleading comparatives. 7.4 **Non-retaliation.** Opt-out elections shall never trigger punitive publication, shaming, or targeted measurement escalation. *** #### 8. Jurisdictional, Cross-Border, and Sovereignty Considerations 8.1 **Jurisdiction-aware execution.** Measurement methods must declare jurisdictional constraints, including:\ 8.1.1 lawful basis assumptions;\ 8.1.2 cross-border transfer implications;\ 8.1.3 localization requirements where applicable. 8.2 **Sovereign/air-gapped research zones.** Where deployments occur in sovereign or regulated contexts:\ 8.2.1 measurement may be executed within controlled research zones;\ 8.2.2 outputs are exported only under declared handling and lawful transfer posture;\ 8.2.3 the doctrine remains non-intrusive and non-executing. 8.3 **Non-equivalence warnings.** Differences across jurisdictions (rights, legal regimes, enforcement environments) must be reflected as non-equivalence notes in artifacts. 8.4 **Sanctions/export control posture.** Measurement and publication must comply with relevant restrictions; constraints are recorded and disclosed at the appropriate handling level. *** #### 9. Retention, Deletion, and Lifecycle Discipline 9.1 **Retention principle.** Retain only what is required for:\ 9.1.1 reproducibility at the declared RS level;\ 9.1.2 contestability and correction;\ 9.1.3 longitudinal comparability (prefer aggregates and minimized series). 9.2 **Lifecycle controls.**\ 9.2.1 Define retention windows per collection class and per artifact family.\ 9.2.2 Provide deletion and aggregation procedures that preserve auditability of changes. 9.3 **Versioned datasets.**\ 9.3.1 Benchmark datasets are versioned with lineage and refresh cadence.\ 9.3.2 Deprecation is recorded; prior versions remain citable with warnings and supersession pointers. 9.4 **No reliance traps.** Historical artifacts remain available, but must carry deprecation labels when unsafe or outdated. *** #### 10. Measurement Integrity, Anti-Gaming, and Tamper Awareness 10.1 **Anti-gaming posture.** The Guild assumes measurement can be gamed and must design controls accordingly. 10.2 **Tamper indicators.** Methods should detect and record signals consistent with:\ 10.2.1 content cloaking;\ 10.2.2 inconsistent responses to measurement signatures;\ 10.2.3 synthetic compliance patterns;\ 10.2.4 manipulation of headers, policies, or assertions to inflate scores. 10.3 **Disclosure minimization for resilience.** The Guild shall publish enough to enable contestability and science, but not enough to enable reliable gaming or targeted abuse. 10.4 **Benchmark defense.** Where benchmarks are public:\ 10.4.1 publish methodology at a level that supports reproducibility;\ 10.4.2 maintain randomized sampling controls and drift monitoring;\ 10.4.3 support appeals without revealing exploitably precise scoring shortcuts. *** #### 11. Contestability, Disputes, and Corrections for Measurement Outputs 11.1 **Who may dispute.** Eligible disputants include operators, affected parties, and qualified reviewers, subject to handling constraints. 11.2 **Grounds for dispute.**\ 11.2.1 methodological error;\ 11.2.2 misattribution or mistaken dependency mapping;\ 11.2.3 sampling bias or non-equivalence misrepresentation;\ 11.2.4 data freshness, drift, or tool regression;\ 11.2.5 harmful disclosure or dual-use risk. 11.3 **Correction clocks and tiers.**\ 11.3.1 urgent: safety, rights, or exploitability risk;\ 11.3.2 standard: accuracy or methodology corrections;\ 11.3.3 periodic: quarterly recalibration and drift corrections. 11.4 **No silent edits.** Any correction must:\ 11.4.1 create a new version;\ 11.4.2 link to the superseded artifact;\ 11.4.3 describe change scope and impact;\ 11.4.4 update uncertainty and limitations. *** #### 12. Measurement-to-Artifact Binding and Evidence Readiness 12.1 **Mandatory binding metadata.** Every published metric/benchmark must include:\ 12.1.1 method identifier and version;\ 12.1.2 run manifest and toolchain version;\ 12.1.3 dataset identifiers and lineage;\ 12.1.4 sampling disclosure and non-equivalence notes;\ 12.1.5 uncertainty/confidence disclosure;\ 12.1.6 handling class and distribution posture;\ 12.1.7 dispute and correction pathway. 12.2 **AEP readiness rule.** If a measurement supports enterprise decision pathways, it must be expressible as an AEP component with:\ 12.2.1 explicit reliance bounds (R0–R4);\ 12.2.2 limitations and “do not use for…” warnings;\ 12.2.3 correction clocks and supersession pointers. 12.3 **Decision safety posture.** Guild outputs must not be represented as sufficient for single-source decisions; adopters must apply independent verification appropriate to their risk tier and legal duties. *** #### 13. Publication Hygiene and Non-Operational Boundary Notice 13.1 **Boundary notice (always attached).** Publications derived from measurement must carry plain-language boundary text stating:\ 13.1.1 “observatory, not surveillance”;\ 13.1.2 “intelligence, not enforcement”;\ 13.1.3 “governance tooling, not regulated execution”;\ 13.1.4 “as-is, correctionable, contestable.” 13.2 **Controlled detail levels.** Technical disclosure is calibrated to prevent exploitation enablement while maintaining scientific integrity and contestability. 13.3 **Distribution logs where required.** For controlled artifacts, dissemination is recorded by handling class, including recipients (where permissible), timestamps, and expiry rules. *** #### 14. Compliance with the Guild Integrity Spine 14.1 **Precedence.** This Part operates subject to the Charter’s handling rules, dual-use controls, competition hygiene, and rights safeguards. 14.2 **Stop-the-line authority.** Where measurement methods, datasets, or publications risk harm, coercion, exploitability, or rights violation, the Integrity Steward may suspend the activity by recorded notice pending review. 14.3 **Auditability.** The Guild maintains internal records sufficient to demonstrate doctrine compliance: method specs, run manifests, rate policies, stop events, redactions, dispute outcomes, and correction logs. *** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.therisk.global/organization/cooperation/nexus-guilds/future-of-web/v.-measurement.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.