Who can use project data or services and in what ways.
We are currently trying to find the best approach to copywrighting and licensing this project. Below are some thoughts we have, but they are not final - read on for more!
Our current thoughts about licensing are to use a CC+ BY-NC-SA 4.0 license.
Choosing a license and which license to use is a big decision that has cultural and other implications (e.g. deciding with whom and how to share will also affect who participates and how they do so).
Because we know not everyone is a lawyer or speaks "licensese," this is how the above-listed permissions break-down, along with some examples to give you a sense of the expectations we have in using those terms, should they be adopted:

Attribution (BY)

"You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use."
We made this inclusion in order to provide credit to the wonderful contributors to this project. There are many similar potential efforts out there, but since DEF is a volunteer organization and many of our Partners are as well, we felt it important to not only recognize their contributions but also provide a pathway for others to discover the work by attributing it as a source of their efforts.
From our perspective, this needn't be arduous, just reference to the project with a link should suffice, since all the license data will be linked to the project itself.

Non-Commercial (NC)

"You may not use the material for commercial purposes."
This was an important baseline we felt necessary to include in order to protect contributors, especially government personnel or those with unique insights into a given nook in the ecosystem.
Why would they need protection?
In many instances, information about how a group or entity functions, much less key personnel or contact information, serves as a barrier. In some cases, this is problematic (as many startups and small businesses can attest when trying to work with government). In other cases, it is protective, such as the fact that contact information and rolodexes of government employees are not publicly posted (protecting against not only unwanted solicitation, but also spam, social engineering, and even information warfare efforts).
We chose to take the more protective "non-commercial" baseline so that people would feel more comfortable contributing information. That certainly does not prevent the license from being abused, but sets a standard of behavior for what we expect as a community.
The option for additional-licensesopens up a side door for the potential to have commercial entities use project efforts under a separate agreement. Additionally, we believe that Security and Privacywill be important part of this effort and have Partners with whom we are exploring ways to offer more robust data while still protecting its use to those unlikely to abuse it (or whose access can be curtailed if abuse occurs). All great Ethics questions!

Share Alike (SA)

"If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original."
We felt it was reasonable to request that those who use project material extend the same sharing and openness we establish here to any efforts they may undertake.
Here are a few potential applications, just to give a sense of how we interpret this:
  • For Academic users, we would expect sharing of research, studies, or other results of the derivative or associated work (at least sufficient to add back to the goals of this project).
  • Those in Government might find it more challenging to apply this standard, as many derivations might include non-public or even classified observations, but we believe it is wholly reasonable to still expect a reintroduction of findings so long as national security itself is not at stake.
  • On the Non-Profit front, this maybe looks like a video about the learnings or some sort of event where the benefits or impact is discussed so others can appreciate it.
  • Lastly, our Commercial contributors and collaborators might find that a blog or social media post capturing reflections from studying the networks, relationships, and questions raised by the product fits them well while staying within the non-commercial constraint.
In all cases, we aim to help people act in ways that are going to not only benefit them, but also benefit others in mutually reinforcing ways, creating virtuous (not vicious) cycles.

Additional Licenses (CC+)

"CC+ is a protocol providing a simple way for users to get rights beyond the rights granted by a CC license. For example, a work's Creative Commons license might offer noncommercial rights. With CC+, the license can link to a resource indicating how a reuser may secure commercial rights or other additional permissions or services such as warranty, permission to use without attribution, or even access to physical media."
While we felt it was important to include non-commercialas an element of the license, we understand that we do not know many potential uses that would benefit the broader national security community, meaning that any restrictions have the potential to be harmful.
For this reason we chose the CC+ implementation (indicative of a plain Creative Commons license with additional permissions available under a separate agreement). You can see more under Additional Licenses or Contact Us with any questions or ideas.