Zimmer sachrp slides v2
Upcoming SlideShare
Loading in...5
×
 

Zimmer sachrp slides v2

on

  • 1,624 views

On Wednesday, July 21, 2010, I will be presenting in front of the Secretary’s Advisory Committee on Human Research Protections (SACHRP), part of the Office for Human Research Protections in the ...

On Wednesday, July 21, 2010, I will be presenting in front of the Secretary’s Advisory Committee on Human Research Protections (SACHRP), part of the Office for Human Research Protections in the United States Department of Health and Human Services (HHS). My presentation will focus on how Web 2.0 tools, environments, and experiences are creating new conceptual gaps in our understanding of privacy, anonymity/identifiability, consent, and harm.

Statistics

Views

Total Views
1,624
Views on SlideShare
1,449
Embed Views
175

Actions

Likes
1
Downloads
10
Comments
0

4 Embeds 175

http://michaelzimmer.org 84
http://www.michaelzimmer.org 70
http://internetresearchethics.org 20
http://translate.googleusercontent.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

CC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Zimmer sachrp slides v2 Zimmer sachrp slides v2 Presentation Transcript

  • Research Ethics in the 2.0 Era:Conceptual Gaps for Ethicists, Researchers, IRBs
    Michael Zimmer, PhD
    School of Information Studies
    University of Wisconsin-Milwaukee
    zimmerm@uwm.edu
    http://michaelzimmer.org
    Secretary’s Advisory Committee on Human Research Protections
    July 21, 2010
  • My Perspective
    Approaching the problem of “The Internet in Human Subjects Research” from the field of information ethics
    Focus on how 2.0 tools, environments, and experiences are creating new conceptual gaps in our understanding of:
    Privacy
    Anonymity vs. Identifiability
    Consent
    Harm
  • Illuminating Cases
    Tastes, Ties, and Time (T3) Facebook data release
    Pete Warden’s harvesting (and proposed release) of public Facebook profiles
    Question of consent for using “public” Twitter streams
    Library of Congress archiving “public” Twitter streams
  • T3 Facebook Project
    Harvard-based Tastes, Ties, and Time research project sought to understand social network dynamics of large groups of students
    Solution: Work with Facebook & an “anonymous” university to harvest the Facebook profiles of an entire cohort of college freshmen
    Repeat each year for their 4-year tenure
    Co-mingle with other University data (housing, major, etc)
    Coded for race, gender, political views, cultural tastes, etc
  • T3 Data Release
    As an NSF-funded project, the dataset was made publicly available
    First phase released September 25, 2008
    One year of data (n=1,640)
    Prospective users must submit application to gain access to dataset
    Detailed codebook available for anyone to access
  • “Anonymity” of the T3 Dataset
    “All the data is cleaned so you can’t connect anyone to an identity”
    But dataset had unique cases (based on codebook)
    If we could identify the source university, individuals could potentially be identified
    Took me minimal effort to discern the source was Harvard
    The anonymity (and privacy) of subjects in the study might be in jeopardy….
  • T3 Good-Faith Efforts to Protect Subject Privacy
    Only those data that were accessible by default by each RA were collected
    Removing/encoding of “identifying” information
    Tastes & interests (“cultural footprints”) will only be released after “substantial delay”
    To download, must agree to “Terms and Conditions of Use” statement
    Reviewed & approved by Harvard’s IRB
  • 1. Only those data that were accessible by default by each RA were collected
    “We have not accessed any information not otherwise available on Facebook”
    False assumption that because the RA could access the profile, it was “publicly available”
    RAs were Harvard graduate students, and thus part of the the “Harvard network” on Facebook
  • 2. Removing/encoding of “identifying” information
    “All identifying information was deleted or encoded immediately after the data were downloaded”
    While names, birthdates, and e-mails were removed…
    Various other potentially “identifying” information remained
    Ethnicity, home country/state, major, etc
    AOL/NetFlix cases taught us how nearly any data could be potentially “identifying”
  • 3. Tastes & interests will only be released after “substantial delay”
    T3 researchers recognize the unique nature of the cultural taste labels: “cultural fingerprints”
    Individuals might be uniquely identified by what they list as a favorite book, movie, restaurant, etc.
    Steps taken to mitigate this privacy risk:
    In initial release, cultural taste labels assigned random numbers
    Actual labels to be released after a “substantial delay” – 3 years later
  • 3. Tastes & interests will only be released after “substantial delay”
    But, is 3 years really a “substantial delay”?
    Subjects’ privacy expectations don’t expire after artificially-imposed timeframe
    Datasets like these are often used years after their initial release, so the delay is largely irrelevant
    T3 researchers also will provide immediate access on a “case-by-case” basis
    No details given, but seemingly contradicts any stated concern over protecting subject privacy
  • 4. “Terms and Conditions of Use” statement
    I will use the dataset solely for statistical analysis and reporting of aggregated information, and not for investigation of specific individuals….
    I will produce no links…among the data and other datasets that could identify individuals…
    I will not knowingly divulge any information that could be used to identify individual participants
    I will make no use of the identity of any person or establishment discovered inadvertently.
  • 4. “Terms and Conditions of Use” statement
    The language within the TOS clearly acknowledges the privacy implications of the T3 dataset
    Might help raise awareness among potential researchers; appease IRB
    But “click-wrap” agreements are notoriously ineffective to affect behavior
    Unclear how the T3 researchers specifically intend to monitor or enforce compliance
    Already been one research paper that likely violates the TOS
  • 5. Reviewed & Approved by IRB
    “Our IRB helped quite a bit as well. It is their job to insure that subjects’ rights are respected, and we think we have accomplished this”
    “The university in question allowed us to do this and Harvard was on board because we don’t actually talk to students, we just accessed their Facebook information”
  • 5. Reviewed & Approved by IRB
    For the IRB, downloading Facebook profile information seemed less invasive than actually talking with subjects…
    Did IRB know unique, personal, and potentially identifiable information was present in the dataset?
    …and consent was not needed since the profiles were “freely available”
    But RA access to restricted profiles complicates this; did IRB contemplate this?
    Is putting information on a social network “consenting” to its use by researchers?
  • T3 Good-Faith Efforts to Protect Subject Privacy
    Only those data that were accessible by default by each RA were collected
    Removing/encoding of “identifying” information
    Tastes & interests (“cultural footprints”) will only be released after “substantial delay”
    To download, must agree to “Terms and Conditions of Use” statement
    Reviewed & approved by Harvard’s IRB
    Zimmer, M. (2010). “But the data is already public”: on the ethics of research in Facebook. Ethics & Information Technology
  • Illuminating Cases
    Tastes, Ties, and Time (T3) Facebook data release
    Pete Warden’s harvesting (and proposed release) of public Facebook profiles
    Question of consent for using “public” Twitter streams
    Library of Congress archiving “public” Twitter streams
  • Pete Warden Facebook Dataset
    Exploited flaw in FB’s architecture to access and harvest public profiles to 215 million users (without needing to login)
    Impressive analyses at aggregate levels
    Planned to release entire dataset – with names, locations, etc – to academic community
    Later destroyed data under threat of lawsuit from Facebook
    http://michaelzimmer.org/2010/02/12/why-pete-warden-should-not-release-profile-data-on-215-million-facebook-users/
  • Harvesting Public Twitter Streams
    Is it ethical for researchers to follow and systematically capture public Twitter streams without first obtaining specific, informed consent by the subjects?
    Are tweets publications, or utterances?
    Are you reading a text, or recording a discussion?
    What are users’ expectations to how their tweets are being found & used?
    http://michaelzimmer.org/2010/02/12/is-it-ethical-to-harvest-public-twitter-accounts-without-consent/
  • LOC Archive of Public Tweets
    Library of Congress will archive all public tweets
    6 month delay, restricted access to researchers
    Open questions:
    Can users opt-out from being in permanent archive?
    Can users delete tweets from archive?
    Will geolocational and other profile data be included?
    What about a public tweet that is re-tweeting a private one?
  • Illuminating Cases
    Tastes, Ties, and Time (T3) Facebook data release
    Pete Warden’s harvesting (and proposed release) of public Facebook profiles
    Question of consent for using “public” Twitter streams
    Library of Congress archiving “public” Twitter streams
  • My Perspective
    Approaching the problem of “The Internet in Human Subjects Research” from the field of information ethics
    Focus on how 2.0 tools, environments, and experiences are creating new conceptual gaps in our understanding of:
    Privacy
    Anonymity vs. Identifiability
    Consent
    Harm
  • Conceptual Gap: Privacy
    Presumption that because subjects make information available on Facebook/Twitter, they don’t have an expectation of privacy
    Ignores contextual nature of sharing
    Ignores whether users really understand their privacy settings
    Going forward…
    Recognize the strict dichotomy of public/private doesn’t apply in the 2.0 world
    Consider Helen Nissenbaum’stheory of “contextual integrity” as more fitting rubric
    Strive to consult privacy scholars on projects & reviews
  • Conceptual Gap: Anonymity vs. Identifiability
    Presumption that stripping names & other obvious identifiers provides anonymity
    Ignores how anythingcan potentially identifiable information and become the “missing link” to re-identify an entire dataset
    Going forward
    Recognize “personally identifiable information” is an imperfect concept
    Consider EU’s protection of any data “potentially linkable” to an identity
    “Anonymous” datasets are not achievable and provides false sense of protection
    Paul Ohm, “Broken Promises of Privacy”
  • Conceptual Gap: Consent
    Presumption that because something is shared, the subject is consenting to it being harvested for research
    Undervalues subject's intent
    Ignores how research method might allow un-anticipated access to data meant to be restricted
    Going forward
    Must recognize that a user making something public online comes with a set of assumptions/expectations about who can access and how
    Anything outside this needs specific consent
  • Conceptual Gap: Harm
    Researchers often imply “data is already public, so what harm could happen”
    Ignores dignity & autonomy, let alone unanticipated consequences
    Going forward
    Must move beyond the concept of harm as requiring a tangible consequence
    Protecting from harm is more than protecting from hackers, spammers, identity thieves, etc
    Consider dignity/autonomy theories of harm
    Must a “wrong” occur for there to be damage to the subject?
    Do subjects deserve control over the use of their data streams?
  • My Perspective
    Approaching the problem of “The Internet in Human Subjects Research” from the field of information ethics
    Focus on how 2.0 tools, environments, and experiences are creating new conceptual gaps in our understanding of:
    Privacy
    Anonymity vs. Identifiability
    Consent
    Harm
  • Now What….
    Researchers and IRBs believe they’re doing the right thing (and usually, they are)
    But the fluidity and complexity of 2.0 inevitably brings forth conceptual gaps
    Bring together researchers, IRB members, ethicists & technologists to identify and resolve these conceptual gaps
    InternetResearchEthics.org
    Digital Media & Learning collaboration
    Today’s panel…
  • Research Ethics in the 2.0 Era:Conceptual Gaps for Ethicists, Researchers, IRBs
    Michael Zimmer, PhD
    School of Information Studies
    University of Wisconsin-Milwaukee
    zimmerm@uwm.edu
    http://michaelzimmer.org
    Secretary’s Advisory Committee on Human Research Protections
    July 21, 2010