Research Ethics in the 2.0 Era: New Challenges for Researchers and IRBs, University of Pittsburgh Institutional Review Board Educational Series, October 5, 2012
social pharmacy d-pharm 1st year by Pragati K. Mahajan
Research Ethics in the 2.0 Era: New Challenges for Researchers and IRBs
1. Research Ethics in the 2.0 Era:
NEW CHALLENGES FOR RESEARCHERS
AND IRBS
Michael Zimmer, PhD
Assistant Professor, School of Information Studies
Director, Center for Information Policy Research
University of Wisconsin-Milwaukee
zimmerm@uwm.edu
www.michaelzimmer.org
2. Outline
• What does “Research in the 2.0 era” look like?
• Illuminating cases of new 2.0 research…
• …which expose conceptual gaps in our ethical
frameworks
• Closing the gaps for researchers & IRBs
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 2
3. What do we mean by “2.0”?
• “Web 2.0” refers to new Internet-based services
that let people collaborate and share information
online in innovative ways
• Core characteristics:
• Web as a platform; data & services in the cloud
• Community, collaboration, and peer production
• Social, sharing and open data flows
• Ease of use; interface driven; hidden back-end
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 3
4. Research in the 2.0 era
• Using 2.0 tools to engage in (traditional) research
• Cloud-based survey & data-collection tools
• Subject recruitment via email, social media
• Storing, processing, sharing data in the cloud
• Using 2.0 as the site for your research
• Interviewing/observing subjects in chat rooms, virtual
worlds, online games
• Collecting/merging data from online
profiles, feeds, newsgroups, blogs, archives, activity
logs
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 4
5. New technologies & conceptual gaps
• Emergence of new technologies often lead to
conceptual gaps in how we think about ethical
problems, and how we address them
• Computer technology transforms “many of our human
activities and social institutions,” and will “leave us with
policy and conceptual vacuums about how to use
computer technology”
• “Often, either no policies for conduct in these
situations exist or existing policies seem inadequate.
• Jim Moor, “What is Computer Ethics?”
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 5
6. Conceptual gaps and 2.0 research
• Growing use of 2.0 tools, platforms &
environments in research creating new
conceptual gaps in our understanding of:
• Privacy
• Anonymity vs. Identifiability
• Consent
• Harm & Human subjects
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 6
7. Illuminating Cases
1. Research on Tor network
2. Archiving of public Twitter streams
3. Harvesting Facebook profile information
4. Capturing teen email & text messaging traffic
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 7
8. Research on Tor Network
• Computer science researchers increasingly interested
in network traffic on the Tor anonymity network
• What kind of traffic is on this network?
• What kind of users?
• How secure is it?
• Or, just capture Tor data as convenience sample
• But users of Tor are intentionally seeking additional
privacy and anonymity
• Research often not even vetted by IRBs
Soghoain, C. (2011) “Enforced Community Standards For
Research on Users of the Tor Anonymity Network”
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 8
9. Archiving Twitter Streams
• Is it ethical for researchers to follow and
systematically capture public Twitter streams
without first obtaining specific, informed consent
by the subjects?
• Are tweets publications (texts), or utterances?
• What are users’ expectations to how their tweets are
being found & used?
• What if a user later changes her privacy settings, or
deletes tweets, etc
http://michaelzimmer.org/2010/02/12/is-it-ethical-to-harvest-
public-twitter-accounts-without-consent/
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 9
10. LOC Archiving of Tweets
• Library of Congress will archive all public tweets
• 6 month delay, restricted access to researchers only
• Open questions:
• Can users opt-out from being in permanent archive?
• Can users delete tweets from archive?
• Will geolocational and other profile data be included?
• What about a public tweet that is re-tweeting a private
one?
• Did users ever expect their tweets to become
permanent part of LOC’s archives?
http://michaelzimmer.org/2010/04/14/open-questions-about-library-of-congress-archiving-twitter-streams/
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 10
11. Pete Warden Facebook Dataset
• Exploited flaw in Facebook’s architecture to
access and harvest publicly-viewable profile
information of 215 million users
http://petewarden.typepad.com/searchbrowser/2010/02/how-to-split-up-the-us.html
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 11
12. Pete Warden Facebook Dataset
• Planned to release entire dataset – with all
personal information intact – to academic
community
• Would it be acceptable to use this dataset for research?
• Users knew (?) data was public, but did they expect it to
be harvested by bots, aggregated, and made available
as raw data?
• Under threat of lawsuit from Facebook, Warden
destroyed the data
http://michaelzimmer.org/2010/02/12/why-pete-warden-should-not-
release-profile-data-on-215-million-facebook-users/
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 12
13. T3 Facebook Project
• Harvard-based Tastes, Ties, and Time (T3)
research project sought to understand social
network dynamics of large groups of students
• Worked with Facebook & an “anonymous”
university to harvest the Facebook profiles of an
entire cohort of college freshmen
• Repeated each year for their 4-year tenure
• NSF mandated release of data, first wave in Sept
2008
Zimmer, M. 2010. “But the data is already public”: On the ethics
of research in Facebook. Ethics & Information Technology.
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 13
14. “Anonymity” of the T3 Dataset
“All the data is cleaned so you can’t connect
anyone to an identity”
• But dataset had unique cases (based on codebook)
• If we could identify the source university, individuals
could potentially be identified
• Took me minimal effort to discern the source was Harvard
• The anonymity (and privacy) of subjects in the study
might be in jeopardy….
Zimmer, M. 2010. “But the data is already public”: On the ethics
of research in Facebook. Ethics & Information Technology.
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 14
15. Good-Faith Efforts to Protect Subject
Privacy
1. Only those data that were accessible by
default by each RA were collected
2. Removing/encoding of “identifying”
information
3. Tastes & interests (“cultural footprints”) will
only be released after “substantial delay”
4. To download, must agree to “Terms and
Conditions of Use” statement
5. Reviewed & approved by Harvard’s IRB
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 15
16. T3 Facebook Project
Chronicle of Higher Education
July 10, 2011
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 16
17. The Blackberry Project
• Ongoing longitudinal study at UT-Dallas
examining teen behavior and sociability
• Recruited 281 third and fourth graders in 2003
• Gave them free Blackberries and unlimited plans
in 2009 as they entered high school
• Content of all text messages, e-mail messages,
and instant messages was saved to a secure
server owned by the researchers
• Consent is renewed, but concerns over undue
influence, parental respect for youth privacy, etc
Underwood, M., et al. 2012. “The BlackBerry project: Capturing the
content of adolescents' text messaging.” Developmental Psychology.
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 17
18. Illuminating Cases
1. Research on Tor network
2. Archiving of public Twitter streams
3. Harvesting Facebook profile information
4. Capturing teen email & text messaging traffic
• Plus increased use of Mechanical Turk, cloud storage
and sharing platforms, Facebook and mobile apps,
and a host of tools our students just discovered this
morning…
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 18
19. Conceptual gaps and 2.0 research
• Growing use of 2.0 tools, platforms &
environments in research creating new
conceptual gaps in our understanding of:
• Privacy
• Anonymity vs. Identifiability
• Consent
• Harm & Human subjects
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 19
20. Conceptual Gap: Privacy
• Presumption that because subjects make information
available on a blog, Facebook, or Twitter, they don’t
have an expectation of privacy
• Researchers/IRBs might assume everything is always public, and
was meant to be
• Assumes no harm could come to subjects if data is already
“public”
• New ethical problems…
• Ignores contextual nature of sharing
• Fails to recognize the strict dichotomy of public/private doesn’t
apply in the 2.0 world
• Need to track if ToS/architecture have changed, or if users even
understand what is available to researchers
Nissenbaum, H. 2011. “Privacy in Context: Technology,
Policy, and the Integrity of Social Life”
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 20
21. Conceptual Gap: Anonymity vs.
Identifiability
• Presumption that stripping names & other
obvious identifiers provides sufficient anonymity
• Assumes only PII allows re-identification
• New ethical problems…
• Ignores how anything can potentially identifiable
information and become the “missing link” to re-
identify an entire dataset
• “Anonymous” datasets are not achievable and provides
false sense of protection
• But how can we share data safely?
Ohm, P. “Broken promises of privacy: Responding to the
surprising failure of anonymization.” UCLA Law Review
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 21
22. Conceptual Gap: Consent
• Presumption that because something is shared or
available without a password, the subject is
consenting to it being harvested for research
• Assumes no harm can come from use of data already
shared with friends or other contextually-bound circles
• New ethical problems…
• Must recognize that a user making something public
online comes with a set of assumptions/expectations
about who can access and how
• Does anything outside this need specific consent?
• Must recognize how research methods might allow un-
anticipated access to “restricted” data
• Do parents fully understand how their kids use?
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 22
23. Conceptual Gap: Harm
• Presumption that “harm” means risk of physical or
tangible impact on subject
• Researchers often imply “data is already public, so what
harm could possibly happen”
• New ethical problems
• Must move beyond the concept of harm as requiring a
tangible consequence
• Protecting from harm is more than protecting from hackers,
spammers, identity thieves, etc
• Consider dignity/autonomy theories of harm
• Must a “wrong” occur for there to be damage to the subject?
• Do subjects deserve control over the use of their data streams?
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 23
24. Conceptual Gap: Human Subjects
• Researchers (esp. CompSci) often interact only
with datasets, objects, or avatars, thus feel a
conceptual distance from an actual human
• Often don’t consider what they do as “human subject”
research
• New ethical problems
• Must bridge this (artificial) distance between
researcher and the actual human subject
• Also consider other stakeholders within the complex
arrangement of information intermediaries
Carpenter, K & Dittrich, D. “Bridging the Distance: Removing the Technology Buffer and
Seeking Consistent Ethical Analysis in Computer Security Research”
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 24
25. Conceptual gaps and 2.0 research
• Growing use of 2.0 tools, platforms &
environments in research creating new
conceptual gaps in our understanding of:
• Privacy
• Anonymity vs. Identifiability
• Consent
• Harm & Human subjects
• How can we start to fill these gaps and address
the new ethical problems?
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 25
26. Conceptual Gaps Policy Vacuums
• Researchers & IRBs are (almost always) trying to do
the right thing when faced with research projects
relying on 2.0 tools and spaces
• But the fluidity and complexity of 2.0 tools and
environments creates significant conceptual gaps
• Leaving researchers & IRBs with considerable policy
vacuums
• How should researchers deal with using Internet tools in
their projects?
• How should IRBs review them?
• And how can we still ensure research still gets
done…
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 26
27. Removing the gaps, filling the vacuums
• Scholarship
• Buchanan & Ess studying how IRBs deal with Internet research
• Exploring new dimensions of Internet research ethics by
Markham; Soghoian; Carpenter & Dittrich; and others (cited
within)
• Zimmer planning 5-year project to study 2.0 research
environment, where researchers & IRBs obtain guidance
• Resources
• “Internet Research Ethics Digital Library, Resource Center and
Commons” www.InternetResearchEthics.org
• “Ethical decision-making and Internet research:
Recommendations from the AoIR Ethics Working Committee”
• Buchanan & Zimmer, “Internet Research Ethics” Stanford
Encyclopedia of Philosophy
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 27
28. Removing the gaps, filling the vacuums
• Education & outreach
• Growing focus at PRIM&R and related IRB educational
events
• Engage disciplinary conferences (ACM, ICA, SOUPS, etc)
• Improve RCR and related training modules (CITI)
• Policy guidance
• Advising SACHRP on “The Internet in Human Subjects
Research”
• Call for public comment on “The Menlo Report: Ethical
Principles Guiding Information and Communication
Technology Research”
• Possibility of new guidance on the horizon…
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 28
29. Conceptual Gaps Policy Vacuums
• Researchers & IRBs are (almost always) trying to do
the right thing when faced with research projects
relying on 2.0 tools and spaces
• But the fluidity and complexity of 2.0 tools and
environments creates significant conceptual gaps
• Leaving researchers & IRBs with considerable policy
vacuums
• How should researchers deal with using Internet tools in
their projects?
• How should IRBs review them?
• And how can we still ensure research still gets
done…
10/5/12 University of Pittsburgh Institutional Review Board Educational Series 29
30. Research Ethics in the 2.0 Era:
NEW CHALLENGES FOR RESEARCHERS
AND IRBS
Michael Zimmer, PhD
Assistant Professor, School of Information Studies
Director, Center for Information Policy Research
University of Wisconsin-Milwaukee
zimmerm@uwm.edu
www.michaelzimmer.org