Abstract
With research using data available online, researcher conduct is not fully prescribed or proscribed by formal ethical codes of conduct or law because of ill-fitting "expectations signals" -- indicators of legal and ethical risk. This article describes where these ordering forces breakdown in the context of online research and suggests how to identify and respond to these grey areas by applying common legal and ethical tenets that run across evolving models. It is intended to advance the collective dialogue work-in-progress toward a path that revisits and harmonizes more appropriate ethical and legal signals for research using online data between and among researchers, oversight entities, policymakers and society.
- University of Michigan Human Research Protection Program. Research Using Publicly Available Data Sets: UM Policy. http://www.hrpp.umich.edu/initiative/datasets.html (revised May 2008).Google Scholar
- University of Washington. Human Subjects Division. Public Data Sets. https://www.washington.edu/research/hsd/topics/Public+Data+Sets.Google Scholar
- Cal. Penal Code Section 632 (California makes it a crime to record or eavesdrop on any confidential communication, including a private conversation, without the consent of all parties to the conversation).Google Scholar
- Updated Administration Proposal. http://www.whitehouse.gov/sites/default/files/omb/legislative/letters/updated-law-enforcement-tools.pdf (Executive Office of the President, proposed new laws against hacking that would arguably make it a felony to intentionally access unauthorized informationăeven if it has been posted to a public website, as well as to traffic in information like passwords, including posting a link) (visited January 15, 2014).Google Scholar
- Opinion 9/2014 on the Application of Directive 2002/58/EC to Device Fingerprinting. 14/EN, WP 224 (adopted on 25 November 2014). =http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp224_en.pdf.Google Scholar
- United States v. Aaron Swartz. 1: 11-cr-10260, 106 (D. Mass. filed Jan. 14, 2013) (accessed at: http://s3.documentcloud.org/documents/217115/20110719schwartz.pdf.Google Scholar
- S. Afroz, V. Garg, D. Mccoy, and R. Greenstadt. Honor among thieves: A common's analysis of cybercrime economies. In eCrime Researchers Summit (eCRS), 2013, pages 1--11, Sept 2013.Google Scholar
- S. Afroz, A. Islam, A. Stolerman, R. Greenstadt, and D. Mccoy. Doppelganger finder: Taking stylometry to the underground. In Security and Privacy (SP), 2014 IEEE Symposium on, pages 212--226, May 2014. Google ScholarDigital Library
- J. Bonneau and S. Preibusch. The privacy jungle: On the market for data protection in social networks. In Economics of information security and privacy, pages 121--167. Springer, 2010.Google ScholarCross Ref
- Internet Census 2012, Port scanning /0 using insecure embedded devices. http://internetcensus2012.bitbucket.org/paper.html.Google Scholar
- D. Carr. A journalist-agitator facing prison over a link, September 2013. http://www.nytimes.com/2013/09/09/business/media/a-journalist-agitator-facing-prison-over-a-link.html?pagewanted=all_r=0.Google Scholar
- Computer Fraud and Abuse Act, 18 U.S. Code Section 1030 Fraud and related activity in connection with computers. Available at: http://www.law.cornell.edu/uscode/text/18/1030.Google Scholar
- M. Crowley. No rules of cyberwar. December 2014. Quote from Keith Alexander, former NSA Director and head of U.S. Cyber Command in response to the November 2014 Sony hacking incident.Google Scholar
- Security breach notification laws. Available at: http://www.ncsl.org/research/telecommunications-andinformationtechnology/securitybreachnotification-laws.aspx.Google Scholar
- Y.-A. de Montjoye, C. A. Hidalgo, M. Verleysen, and V. D. Blondel. Unique in the crowd: The privacy bounds of human mobility. Sci. Rep., 3, 03 2013/03/25/online.Google ScholarCross Ref
- The Electronic Communications Privacy Act of 1986 (ECPA), Pub. L. 99-508, oct. 21, 1986, 100 Stat. 1848 (1986). Available at: http://www.law.cornell.edu/topn/electronic_communications privacy_act_of_1986.Google Scholar
- Data Protection Act 1998. http://www.legislation.gov.uk/ukpga/1998/29/part/IV.Google Scholar
- 17 U.S. Code Section 107 Limitations on exclusive rights: Fair use. http://www.law.cornell.edu/uscode/text/17/107.Google Scholar
- J. Ferro, L. Singh, and M. Sherr. Identifying individual vulnerability based on public data. In 2013 Eleventh Annual International Conference on Privacy, Security and Trust (PST), pages 119--126, July 2013.Google ScholarCross Ref
- Federal Trade Commission Act, Section 5, 15 U.S. Code 45 - unfair methods of competition unlawful. Accessed at: http://www.law.cornell.edu/uscode/text/15/45.Google Scholar
- S. Gorman. Networks, Security and Complexity: The Role of Public Policy in Critical Infrastructure Protection. Edward Alger Publishing, London, UK, 2005. Sean Gorman Ph.D thesis publication that documented SCADA vulnerabilities). Google ScholarDigital Library
- Health Insurance Portability and Accountability Act of 1996 (HIPAA) Breach Notification Rule, 45 CFR 164.400-414. Available at: http://www.gpo.gov/fdsys/pkg/FR201301-25/pdf/201301073.pdf.Google Scholar
- E. Kenneally and D. Dittrich. Applying Ethical Principles to Information and Communication Technology Research-A Companion to the Menlo Report. https://predict.org/Portals/Documents/Menlo-Report-Companion.pdf.Google Scholar
- E. Kenneally and D. Dittrich. The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research. https://predict.org/Portals/Documents/Menlo-Report.pdf.Google Scholar
- K. J. Lee and I.-Y. Song. Modeling and analyzing user behavior of privacy management on online social network: Research in progress. In Privacy, Security, Risk and Trust (PASSAT) and 2011 IEEE Third International Conference on Social Computing (SocialCom), 2011 IEEE Third International Conference on, pages 1344--1351, Oct 2011.Google ScholarCross Ref
- K. Levchenko, A. Pitsillidis, N. Chachra, B. Enright, M. Felegyhazi, C. Grier, T. Halvorson, C. Kanich, C. Kreibich, H. Liu, D. McCoy, N. Weaver, V. Paxson, G. Voelker, and S. Savage. Click trajectories: End-to-end analysis of the spam value chain. In Security and Privacy (SP), 2011 IEEE Symposium on, pages 431--446, May 2011. Google ScholarDigital Library
- A. Markham and E. Buchanan. Ethical decision-making and internet research recommendations from the aoir ethics working committee (version 2.0). December 2012. http://aoir.org/reports/ethics2.pdf".Google Scholar
- D. McCoy, H. Dharmdasani, C. Kreibich, G. M. Voelker, and S. Savage. Priceless: The role of payments in abuse-advertised goods. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 845--856. ACM, 2012. Google ScholarDigital Library
- M. A. McGrath. Prescriber information and privacy: The costs of innovation in the healthcare industry. 2013.Google Scholar
- N. Nikiforakis, G. Acar, and D. Saelinger. Browse at your own risk. Spectrum, IEEE, 51(8): 30--35, August 2014.Google ScholarCross Ref
- S. e. a. Nirkhi. Analysis of online messages for identity tracing in cybercrime investigation. pages 300--305, June 2012.Google Scholar
- Proposed Revisions to the Common Rule for the Protection of Human Subjects in the Behavioral and Social Sciences, 2014. http://www.nap.edu/catalog/18614/proposed-revisionstothecommon rulefortheprotectionofhumansubjectsinthebehavioralandsocialsciences.Google Scholar
- S. Peddinti, A. Korolova, E. Bursztein, and G. Sampemane. Cloak and swagger: Understanding data sensitivity through the lens of user anonymity. In Security and Privacy (SP), 2014 IEEE Symposium on, pages 493--508, May 2014. Google ScholarDigital Library
- Open source intelligence tools list. (http://www.subliminalhacking.net/2012/12/27/osint-tools-recommendations-list/ (For example, various open source online intelligence tools like Pastebin, The Harvester, Shodan, Jigsaw, NetworkX Python).Google Scholar
- A. Ramachandran, L. Singh, E. Porter, and F. Nagle. Exploring re-identification risks in public domains. In 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST), pages 35--42, July 2012. Google ScholarDigital Library
- D. Sanger, December 2014. "U.S. Said to Find North Korea Ordered Cyberattack on Sony." http://www.nytimes.com/2014/12/18/world/asia/us-linksnorthkoreatosonyhacking.html.Google Scholar
- H. Sarvari, E. Abozinadah, A. Mbaziira, and D. McCoy. Constructing and analyzing criminal networks. 2014.Google Scholar
- Scottish Health Informatics Program. http://www.scotshiptoolkit.org.uk/.Google Scholar
- L. Sweeney. Simple demographics often identify people uniquely., 2000. Carnegie Mellon University, Data Privacy Working Paper 3. http://dataprivacylab.org/projects/identifiability/paper1.pdf.Google Scholar
- O. Tene and J. Polonetsky. Big data for all: Privacy and user control in the age of analytics, 2013.Google Scholar
- W. Wineberg. www.exfiltrated.com (a website showing security data related to ICS / scada systems, smart grid devices, and medical devices).Google Scholar
- K. Zetter. AT&T hacker "Weev" sentenced to 3.5 years in prison, March 2013. http://www.wired.com/threatlevel/2013/03/att-hacker-gets-3-years/.Google Scholar
- M. Zimmer. But the data is already public? on the ethics of research in Facebook. Ethics and Information Technology, 12(4): 313--325, 2010. Google ScholarDigital Library
Index Terms
- How to throw the race to the bottom: revisiting signals for ethical and legal research using online data
Recommendations
Debate: what is personhood in the age of AI?
AbstractIn a friendly interdisciplinary debate, we interrogate from several vantage points the question of “personhood” in light of contemporary and near-future forms of social AI. David J. Gunkel approaches the matter from a philosophical and legal ...
AI and Legal Personhood: An African Perspective
AIES '22: Proceedings of the 2022 AAAI/ACM Conference on AI, Ethics, and SocietyIn recent years, artificial intelligence (AI) has posed challenges to the law - be it self-driving cars [1], auto-diagnostics [2], or DABUS, the AI inventor [3]. The law has been slow to catch up, but some solutions have been presented in global ...
The Changing Meaning of Privacy, Identity and Contemporary Feminist Philosophy
This paper draws upon contemporary feminist philosophy in order to consider the changing meaning of privacy and its relationship to identity, both online and offline. For example, privacy is now viewed by European Court of Human Rights (ECtHR) as a ...
Comments