0
Research Ethics in the 2.0 Era:Conceptual Gaps for Ethicists, Researchers, IRBs<br />Michael Zimmer, PhD<br />School of In...
My Perspective<br />Approaching the problem of “The Internet in Human Subjects Research” from the field of information eth...
Illuminating Cases<br />Tastes, Ties, and Time (T3) Facebook data release<br />Pete Warden’s harvesting (and proposed rele...
T3 Facebook Project<br />Harvard-based Tastes, Ties, and Time research project sought to understand social network dynamic...
T3 Data Release<br />As an NSF-funded project, the dataset was made publicly available<br />First phase released September...
“Anonymity” of the T3 Dataset<br />“All the data is cleaned so you can’t connect anyone to an identity”<br />But dataset h...
T3 Good-Faith Efforts to Protect Subject Privacy<br />Only those data that were accessible by default by each RA were coll...
1. Only those data that were accessible by default by each RA were collected<br />“We have not accessed any information no...
2. Removing/encoding of “identifying” information<br />“All identifying information was deleted or encoded immediately aft...
3. Tastes & interests will only be released after “substantial delay”<br />T3 researchers recognize the unique nature of t...
3. Tastes & interests will only be released after “substantial delay”<br />But, is 3 years really a “substantial delay”?<b...
4. “Terms and Conditions of Use” statement <br />I will use the dataset solely for statistical analysis and reporting of a...
4. “Terms and Conditions of Use” statement <br />The language within the TOS clearly acknowledges the privacy implications...
5. Reviewed & Approved by IRB<br />“Our IRB helped quite a bit as well. It is their job to insure that subjects’ rights ar...
5. Reviewed & Approved by IRB<br />For the IRB, downloading Facebook profile information seemed less invasive than actuall...
T3 Good-Faith Efforts to Protect Subject Privacy<br />Only those data that were accessible by default by each RA were coll...
Illuminating Cases<br />Tastes, Ties, and Time (T3) Facebook data release<br />Pete Warden’s harvesting (and proposed rele...
Pete Warden Facebook Dataset<br />Exploited flaw in FB’s architecture to access and harvest public profiles to 215 million...
Harvesting Public Twitter Streams<br />Is it ethical for researchers to follow and systematically capture public Twitter s...
LOC Archive of Public Tweets<br />Library of Congress will archive all public tweets<br />6 month delay, restricted access...
Illuminating Cases<br />Tastes, Ties, and Time (T3) Facebook data release<br />Pete Warden’s harvesting (and proposed rele...
My Perspective<br />Approaching the problem of “The Internet in Human Subjects Research” from the field of information eth...
Conceptual Gap: Privacy<br />Presumption that because subjects make information available on Facebook/Twitter, they don’t ...
Conceptual Gap: Anonymity vs. Identifiability<br />Presumption that stripping names & other obvious identifiers provides a...
Conceptual Gap: Consent<br />Presumption that because something is shared, the subject is consenting to it being harvested...
Conceptual Gap: Harm<br />Researchers often imply “data is already public, so what harm could happen”<br />Ignores dignity...
My Perspective<br />Approaching the problem of “The Internet in Human Subjects Research” from the field of information eth...
Now What….<br />Researchers and IRBs believe they’re doing the right thing (and usually, they are)<br />But the fluidity a...
Research Ethics in the 2.0 Era:Conceptual Gaps for Ethicists, Researchers, IRBs<br />Michael Zimmer, PhD<br />School of In...
Upcoming SlideShare
Loading in...5
×

Zimmer sachrp slides v2

1,384

Published on

On Wednesday, July 21, 2010, I will be presenting in front of the Secretary’s Advisory Committee on Human Research Protections (SACHRP), part of the Office for Human Research Protections in the United States Department of Health and Human Services (HHS). My presentation will focus on how Web 2.0 tools, environments, and experiences are creating new conceptual gaps in our understanding of privacy, anonymity/identifiability, consent, and harm.

Published in: Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,384
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
11
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Zimmer sachrp slides v2"

  1. 1. Research Ethics in the 2.0 Era:Conceptual Gaps for Ethicists, Researchers, IRBs<br />Michael Zimmer, PhD<br />School of Information Studies<br />University of Wisconsin-Milwaukee<br />zimmerm@uwm.edu<br />http://michaelzimmer.org<br />Secretary’s Advisory Committee on Human Research Protections<br />July 21, 2010<br />
  2. 2. My Perspective<br />Approaching the problem of “The Internet in Human Subjects Research” from the field of information ethics<br />Focus on how 2.0 tools, environments, and experiences are creating new conceptual gaps in our understanding of:<br />Privacy<br />Anonymity vs. Identifiability<br />Consent<br />Harm<br />
  3. 3. Illuminating Cases<br />Tastes, Ties, and Time (T3) Facebook data release<br />Pete Warden’s harvesting (and proposed release) of public Facebook profiles<br />Question of consent for using “public” Twitter streams<br />Library of Congress archiving “public” Twitter streams<br />
  4. 4. T3 Facebook Project<br />Harvard-based Tastes, Ties, and Time research project sought to understand social network dynamics of large groups of students<br />Solution: Work with Facebook & an “anonymous” university to harvest the Facebook profiles of an entire cohort of college freshmen<br />Repeat each year for their 4-year tenure<br />Co-mingle with other University data (housing, major, etc)<br />Coded for race, gender, political views, cultural tastes, etc<br />
  5. 5. T3 Data Release<br />As an NSF-funded project, the dataset was made publicly available<br />First phase released September 25, 2008<br />One year of data (n=1,640)<br />Prospective users must submit application to gain access to dataset<br />Detailed codebook available for anyone to access<br />
  6. 6. “Anonymity” of the T3 Dataset<br />“All the data is cleaned so you can’t connect anyone to an identity”<br />But dataset had unique cases (based on codebook)<br />If we could identify the source university, individuals could potentially be identified<br />Took me minimal effort to discern the source was Harvard<br />The anonymity (and privacy) of subjects in the study might be in jeopardy….<br />
  7. 7. T3 Good-Faith Efforts to Protect Subject Privacy<br />Only those data that were accessible by default by each RA were collected<br />Removing/encoding of “identifying” information<br />Tastes & interests (“cultural footprints”) will only be released after “substantial delay” <br />To download, must agree to “Terms and Conditions of Use” statement <br />Reviewed & approved by Harvard’s IRB<br />
  8. 8. 1. Only those data that were accessible by default by each RA were collected<br />“We have not accessed any information not otherwise available on Facebook”<br />False assumption that because the RA could access the profile, it was “publicly available”<br />RAs were Harvard graduate students, and thus part of the the “Harvard network” on Facebook<br />
  9. 9. 2. Removing/encoding of “identifying” information<br />“All identifying information was deleted or encoded immediately after the data were downloaded”<br />While names, birthdates, and e-mails were removed…<br />Various other potentially “identifying” information remained <br />Ethnicity, home country/state, major, etc<br />AOL/NetFlix cases taught us how nearly any data could be potentially “identifying”<br />
  10. 10. 3. Tastes & interests will only be released after “substantial delay”<br />T3 researchers recognize the unique nature of the cultural taste labels: “cultural fingerprints”<br />Individuals might be uniquely identified by what they list as a favorite book, movie, restaurant, etc.<br />Steps taken to mitigate this privacy risk:<br />In initial release, cultural taste labels assigned random numbers<br />Actual labels to be released after a “substantial delay” – 3 years later<br />
  11. 11. 3. Tastes & interests will only be released after “substantial delay”<br />But, is 3 years really a “substantial delay”?<br />Subjects’ privacy expectations don’t expire after artificially-imposed timeframe<br />Datasets like these are often used years after their initial release, so the delay is largely irrelevant<br />T3 researchers also will provide immediate access on a “case-by-case” basis<br />No details given, but seemingly contradicts any stated concern over protecting subject privacy<br />
  12. 12. 4. “Terms and Conditions of Use” statement <br />I will use the dataset solely for statistical analysis and reporting of aggregated information, and not for investigation of specific individuals….<br />I will produce no links…among the data and other datasets that could identify individuals…<br />I will not knowingly divulge any information that could be used to identify individual participants<br />I will make no use of the identity of any person or establishment discovered inadvertently.<br />
  13. 13. 4. “Terms and Conditions of Use” statement <br />The language within the TOS clearly acknowledges the privacy implications of the T3 dataset<br />Might help raise awareness among potential researchers; appease IRB<br />But “click-wrap” agreements are notoriously ineffective to affect behavior<br />Unclear how the T3 researchers specifically intend to monitor or enforce compliance<br />Already been one research paper that likely violates the TOS<br />
  14. 14. 5. Reviewed & Approved by IRB<br />“Our IRB helped quite a bit as well. It is their job to insure that subjects’ rights are respected, and we think we have accomplished this”<br />“The university in question allowed us to do this and Harvard was on board because we don’t actually talk to students, we just accessed their Facebook information”<br />
  15. 15. 5. Reviewed & Approved by IRB<br />For the IRB, downloading Facebook profile information seemed less invasive than actually talking with subjects…<br />Did IRB know unique, personal, and potentially identifiable information was present in the dataset?<br />…and consent was not needed since the profiles were “freely available”<br />But RA access to restricted profiles complicates this; did IRB contemplate this?<br />Is putting information on a social network “consenting” to its use by researchers?<br />
  16. 16. T3 Good-Faith Efforts to Protect Subject Privacy<br />Only those data that were accessible by default by each RA were collected<br />Removing/encoding of “identifying” information<br />Tastes & interests (“cultural footprints”) will only be released after “substantial delay” <br />To download, must agree to “Terms and Conditions of Use” statement <br />Reviewed & approved by Harvard’s IRB<br />Zimmer, M. (2010). “But the data is already public”: on the ethics of research in Facebook. Ethics & Information Technology<br />
  17. 17. Illuminating Cases<br />Tastes, Ties, and Time (T3) Facebook data release<br />Pete Warden’s harvesting (and proposed release) of public Facebook profiles<br />Question of consent for using “public” Twitter streams<br />Library of Congress archiving “public” Twitter streams<br />
  18. 18. Pete Warden Facebook Dataset<br />Exploited flaw in FB’s architecture to access and harvest public profiles to 215 million users (without needing to login)<br />Impressive analyses at aggregate levels<br />Planned to release entire dataset – with names, locations, etc – to academic community<br />Later destroyed data under threat of lawsuit from Facebook<br />http://michaelzimmer.org/2010/02/12/why-pete-warden-should-not-release-profile-data-on-215-million-facebook-users/<br />
  19. 19. Harvesting Public Twitter Streams<br />Is it ethical for researchers to follow and systematically capture public Twitter streams without first obtaining specific, informed consent by the subjects?<br />Are tweets publications, or utterances?<br />Are you reading a text, or recording a discussion?<br />What are users’ expectations to how their tweets are being found & used?<br />http://michaelzimmer.org/2010/02/12/is-it-ethical-to-harvest-public-twitter-accounts-without-consent/<br />
  20. 20. LOC Archive of Public Tweets<br />Library of Congress will archive all public tweets<br />6 month delay, restricted access to researchers<br />Open questions:<br />Can users opt-out from being in permanent archive?<br />Can users delete tweets from archive?<br />Will geolocational and other profile data be included?<br />What about a public tweet that is re-tweeting a private one?<br />
  21. 21. Illuminating Cases<br />Tastes, Ties, and Time (T3) Facebook data release<br />Pete Warden’s harvesting (and proposed release) of public Facebook profiles<br />Question of consent for using “public” Twitter streams<br />Library of Congress archiving “public” Twitter streams<br />
  22. 22. My Perspective<br />Approaching the problem of “The Internet in Human Subjects Research” from the field of information ethics<br />Focus on how 2.0 tools, environments, and experiences are creating new conceptual gaps in our understanding of:<br />Privacy<br />Anonymity vs. Identifiability<br />Consent<br />Harm<br />
  23. 23. Conceptual Gap: Privacy<br />Presumption that because subjects make information available on Facebook/Twitter, they don’t have an expectation of privacy<br />Ignores contextual nature of sharing<br />Ignores whether users really understand their privacy settings<br />Going forward…<br />Recognize the strict dichotomy of public/private doesn’t apply in the 2.0 world<br />Consider Helen Nissenbaum’stheory of “contextual integrity” as more fitting rubric<br />Strive to consult privacy scholars on projects & reviews<br />
  24. 24. Conceptual Gap: Anonymity vs. Identifiability<br />Presumption that stripping names & other obvious identifiers provides anonymity<br />Ignores how anythingcan potentially identifiable information and become the “missing link” to re-identify an entire dataset<br />Going forward<br />Recognize “personally identifiable information” is an imperfect concept<br />Consider EU’s protection of any data “potentially linkable” to an identity<br />“Anonymous” datasets are not achievable and provides false sense of protection<br />Paul Ohm, “Broken Promises of Privacy”<br />
  25. 25. Conceptual Gap: Consent<br />Presumption that because something is shared, the subject is consenting to it being harvested for research<br />Undervalues subject's intent<br />Ignores how research method might allow un-anticipated access to data meant to be restricted<br />Going forward<br />Must recognize that a user making something public online comes with a set of assumptions/expectations about who can access and how<br />Anything outside this needs specific consent<br />
  26. 26. Conceptual Gap: Harm<br />Researchers often imply “data is already public, so what harm could happen”<br />Ignores dignity & autonomy, let alone unanticipated consequences<br />Going forward<br />Must move beyond the concept of harm as requiring a tangible consequence<br />Protecting from harm is more than protecting from hackers, spammers, identity thieves, etc<br />Consider dignity/autonomy theories of harm<br />Must a “wrong” occur for there to be damage to the subject?<br />Do subjects deserve control over the use of their data streams?<br />
  27. 27. My Perspective<br />Approaching the problem of “The Internet in Human Subjects Research” from the field of information ethics<br />Focus on how 2.0 tools, environments, and experiences are creating new conceptual gaps in our understanding of:<br />Privacy<br />Anonymity vs. Identifiability<br />Consent<br />Harm<br />
  28. 28. Now What….<br />Researchers and IRBs believe they’re doing the right thing (and usually, they are)<br />But the fluidity and complexity of 2.0 inevitably brings forth conceptual gaps<br />Bring together researchers, IRB members, ethicists & technologists to identify and resolve these conceptual gaps<br />InternetResearchEthics.org<br />Digital Media & Learning collaboration<br />Today’s panel…<br />
  29. 29. Research Ethics in the 2.0 Era:Conceptual Gaps for Ethicists, Researchers, IRBs<br />Michael Zimmer, PhD<br />School of Information Studies<br />University of Wisconsin-Milwaukee<br />zimmerm@uwm.edu<br />http://michaelzimmer.org<br />Secretary’s Advisory Committee on Human Research Protections<br />July 21, 2010<br />
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×