research-article

How to throw the race to the bottom: revisiting signals for ethical and legal research using online data

Author:
Erin Kenneally

University of California San Diego, San Diego, CA

University of California San Diego, San Diego, CA
View Profile

Authors Info & Claims

ACM SIGCAS Computers and Society Volume 45 Issue 1February 2015pp 4–10https://doi.org/10.1145/2738210.2738211

Published:19 February 2015Publication History

ACM SIGCAS Computers and Society

Abstract

With research using data available online, researcher conduct is not fully prescribed or proscribed by formal ethical codes of conduct or law because of ill-fitting "expectations signals" -- indicators of legal and ethical risk. This article describes where these ordering forces breakdown in the context of online research and suggests how to identify and respond to these grey areas by applying common legal and ethical tenets that run across evolving models. It is intended to advance the collective dialogue work-in-progress toward a path that revisits and harmonizes more appropriate ethical and legal signals for research using online data between and among researchers, oversight entities, policymakers and society.

References

University of Michigan Human Research Protection Program. Research Using Publicly Available Data Sets: UM Policy. http://www.hrpp.umich.edu/initiative/datasets.html (revised May 2008).Google Scholar
University of Washington. Human Subjects Division. Public Data Sets. https://www.washington.edu/research/hsd/topics/Public+Data+Sets.Google Scholar
Cal. Penal Code Section 632 (California makes it a crime to record or eavesdrop on any confidential communication, including a private conversation, without the consent of all parties to the conversation).Google Scholar
Updated Administration Proposal. http://www.whitehouse.gov/sites/default/files/omb/legislative/letters/updated-law-enforcement-tools.pdf (Executive Office of the President, proposed new laws against hacking that would arguably make it a felony to intentionally access unauthorized informationăeven if it has been posted to a public website, as well as to traffic in information like passwords, including posting a link) (visited January 15, 2014).Google Scholar
Opinion 9/2014 on the Application of Directive 2002/58/EC to Device Fingerprinting. 14/EN, WP 224 (adopted on 25 November 2014). =http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp224_en.pdf.Google Scholar
United States v. Aaron Swartz. 1: 11-cr-10260, 106 (D. Mass. filed Jan. 14, 2013) (accessed at: http://s3.documentcloud.org/documents/217115/20110719schwartz.pdf.Google Scholar
S. Afroz, V. Garg, D. Mccoy, and R. Greenstadt. Honor among thieves: A common's analysis of cybercrime economies. In eCrime Researchers Summit (eCRS), 2013, pages 1--11, Sept 2013.Google Scholar
S. Afroz, A. Islam, A. Stolerman, R. Greenstadt, and D. Mccoy. Doppelganger finder: Taking stylometry to the underground. In Security and Privacy (SP), 2014 IEEE Symposium on, pages 212--226, May 2014. Google ScholarDigital Library
J. Bonneau and S. Preibusch. The privacy jungle: On the market for data protection in social networks. In Economics of information security and privacy, pages 121--167. Springer, 2010.Google ScholarCross Ref
Internet Census 2012, Port scanning /0 using insecure embedded devices. http://internetcensus2012.bitbucket.org/paper.html.Google Scholar
D. Carr. A journalist-agitator facing prison over a link, September 2013. http://www.nytimes.com/2013/09/09/business/media/a-journalist-agitator-facing-prison-over-a-link.html?pagewanted=all_r=0.Google Scholar
Computer Fraud and Abuse Act, 18 U.S. Code Section 1030 Fraud and related activity in connection with computers. Available at: http://www.law.cornell.edu/uscode/text/18/1030.Google Scholar
M. Crowley. No rules of cyberwar. December 2014. Quote from Keith Alexander, former NSA Director and head of U.S. Cyber Command in response to the November 2014 Sony hacking incident.Google Scholar
Security breach notification laws. Available at: http://www.ncsl.org/research/telecommunications-andinformationtechnology/securitybreachnotification-laws.aspx.Google Scholar
Y.-A. de Montjoye, C. A. Hidalgo, M. Verleysen, and V. D. Blondel. Unique in the crowd: The privacy bounds of human mobility. Sci. Rep., 3, 03 2013/03/25/online.Google ScholarCross Ref
The Electronic Communications Privacy Act of 1986 (ECPA), Pub. L. 99-508, oct. 21, 1986, 100 Stat. 1848 (1986). Available at: http://www.law.cornell.edu/topn/electronic_communications privacy_act_of_1986.Google Scholar
Data Protection Act 1998. http://www.legislation.gov.uk/ukpga/1998/29/part/IV.Google Scholar
17 U.S. Code Section 107 Limitations on exclusive rights: Fair use. http://www.law.cornell.edu/uscode/text/17/107.Google Scholar
J. Ferro, L. Singh, and M. Sherr. Identifying individual vulnerability based on public data. In 2013 Eleventh Annual International Conference on Privacy, Security and Trust (PST), pages 119--126, July 2013.Google ScholarCross Ref
Federal Trade Commission Act, Section 5, 15 U.S. Code 45 - unfair methods of competition unlawful. Accessed at: http://www.law.cornell.edu/uscode/text/15/45.Google Scholar
S. Gorman. Networks, Security and Complexity: The Role of Public Policy in Critical Infrastructure Protection. Edward Alger Publishing, London, UK, 2005. Sean Gorman Ph.D thesis publication that documented SCADA vulnerabilities). Google ScholarDigital Library
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Breach Notification Rule, 45 CFR 164.400-414. Available at: http://www.gpo.gov/fdsys/pkg/FR201301-25/pdf/201301073.pdf.Google Scholar
E. Kenneally and D. Dittrich. Applying Ethical Principles to Information and Communication Technology Research-A Companion to the Menlo Report. https://predict.org/Portals/Documents/Menlo-Report-Companion.pdf.Google Scholar
E. Kenneally and D. Dittrich. The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research. https://predict.org/Portals/Documents/Menlo-Report.pdf.Google Scholar
K. J. Lee and I.-Y. Song. Modeling and analyzing user behavior of privacy management on online social network: Research in progress. In Privacy, Security, Risk and Trust (PASSAT) and 2011 IEEE Third International Conference on Social Computing (SocialCom), 2011 IEEE Third International Conference on, pages 1344--1351, Oct 2011.Google ScholarCross Ref
K. Levchenko, A. Pitsillidis, N. Chachra, B. Enright, M. Felegyhazi, C. Grier, T. Halvorson, C. Kanich, C. Kreibich, H. Liu, D. McCoy, N. Weaver, V. Paxson, G. Voelker, and S. Savage. Click trajectories: End-to-end analysis of the spam value chain. In Security and Privacy (SP), 2011 IEEE Symposium on, pages 431--446, May 2011. Google ScholarDigital Library
A. Markham and E. Buchanan. Ethical decision-making and internet research recommendations from the aoir ethics working committee (version 2.0). December 2012. http://aoir.org/reports/ethics2.pdf".Google Scholar
D. McCoy, H. Dharmdasani, C. Kreibich, G. M. Voelker, and S. Savage. Priceless: The role of payments in abuse-advertised goods. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 845--856. ACM, 2012. Google ScholarDigital Library
M. A. McGrath. Prescriber information and privacy: The costs of innovation in the healthcare industry. 2013.Google Scholar
N. Nikiforakis, G. Acar, and D. Saelinger. Browse at your own risk. Spectrum, IEEE, 51(8): 30--35, August 2014.Google ScholarCross Ref
S. e. a. Nirkhi. Analysis of online messages for identity tracing in cybercrime investigation. pages 300--305, June 2012.Google Scholar
Proposed Revisions to the Common Rule for the Protection of Human Subjects in the Behavioral and Social Sciences, 2014. http://www.nap.edu/catalog/18614/proposed-revisionstothecommon rulefortheprotectionofhumansubjectsinthebehavioralandsocialsciences.Google Scholar
S. Peddinti, A. Korolova, E. Bursztein, and G. Sampemane. Cloak and swagger: Understanding data sensitivity through the lens of user anonymity. In Security and Privacy (SP), 2014 IEEE Symposium on, pages 493--508, May 2014. Google ScholarDigital Library
Open source intelligence tools list. (http://www.subliminalhacking.net/2012/12/27/osint-tools-recommendations-list/ (For example, various open source online intelligence tools like Pastebin, The Harvester, Shodan, Jigsaw, NetworkX Python).Google Scholar
A. Ramachandran, L. Singh, E. Porter, and F. Nagle. Exploring re-identification risks in public domains. In 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST), pages 35--42, July 2012. Google ScholarDigital Library
D. Sanger, December 2014. "U.S. Said to Find North Korea Ordered Cyberattack on Sony." http://www.nytimes.com/2014/12/18/world/asia/us-linksnorthkoreatosonyhacking.html.Google Scholar
H. Sarvari, E. Abozinadah, A. Mbaziira, and D. McCoy. Constructing and analyzing criminal networks. 2014.Google Scholar
Scottish Health Informatics Program. http://www.scotshiptoolkit.org.uk/.Google Scholar
L. Sweeney. Simple demographics often identify people uniquely., 2000. Carnegie Mellon University, Data Privacy Working Paper 3. http://dataprivacylab.org/projects/identifiability/paper1.pdf.Google Scholar
O. Tene and J. Polonetsky. Big data for all: Privacy and user control in the age of analytics, 2013.Google Scholar
W. Wineberg. www.exfiltrated.com (a website showing security data related to ICS / scada systems, smart grid devices, and medical devices).Google Scholar
K. Zetter. AT&T hacker "Weev" sentenced to 3.5 years in prison, March 2013. http://www.wired.com/threatlevel/2013/03/att-hacker-gets-3-years/.Google Scholar
M. Zimmer. But the data is already public? on the ethics of research in Facebook. Ethics and Information Technology, 12(4): 313--325, 2010. Google ScholarDigital Library

Index Terms

How to throw the race to the bottom: revisiting signals for ethical and legal research using online data
1. Security and privacy
  1. Human and societal aspects of security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Privacy policies
  2. Professional topics
    1. Computing profession
      1. Codes of ethics

Recommendations

Debate: what is personhood in the age of AI?
Abstract
In a friendly interdisciplinary debate, we interrogate from several vantage points the question of “personhood” in light of contemporary and near-future forms of social AI. David J. Gunkel approaches the matter from a philosophical and legal ...
Read More
AI and Legal Personhood: An African Perspective
AIES '22: Proceedings of the 2022 AAAI/ACM Conference on AI, Ethics, and Society

In recent years, artificial intelligence (AI) has posed challenges to the law - be it self-driving cars [1], auto-diagnostics [2], or DABUS, the AI inventor [3]. The law has been slow to catch up, but some solutions have been presented in global ...
Read More
The Changing Meaning of Privacy, Identity and Contemporary Feminist Philosophy

This paper draws upon contemporary feminist philosophy in order to consider the changing meaning of privacy and its relationship to identity, both online and offline. For example, privacy is now viewed by European Court of Human Rights (ECtHR) as a ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM SIGCAS Computers and Society Volume 45, Issue 1
February 2015
39 pages
ISSN:0095-2737
DOI:10.1145/2738210
Editors:
Vaibhav Garg,
Dee Weikle
Issue’s Table of Contents
Copyright © 2015 Author
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 19 February 2015
Check for updates
Author Tags
law
security research ethics
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 1
  Total Citations
  View Citations
- 246
  Total Downloads
- Downloads (Last 12 months)10
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

How to throw the race to the bottom: revisiting signals for ethical and legal research using online data

ACM SIGCAS Computers and Society

Abstract

References

Cited By

Index Terms

Recommendations

Debate: what is personhood in the age of AI?

AI and Legal Personhood: An African Perspective

The Changing Meaning of Privacy, Identity and Contemporary Feminist Philosophy

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

How to throw the race to the bottom: revisiting signals for ethical and legal research using online data

ACM SIGCAS Computers and Society

Abstract

References

Cited By

Index Terms

Recommendations

Debate: what is personhood in the age of AI?

AI and Legal Personhood: An African Perspective

The Changing Meaning of Privacy, Identity and Contemporary Feminist Philosophy

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media