Presentation Author, 2006

Research Ethics in the 2.0 Era:Conceptual Gaps for Ethicists, Researchers, IRBs

Michael Zimmer, PhDSchool of Information Studies

University of Wisconsin-Milwaukeezimmerm@uwm.edu

http://michaelzimmer.org

Secretary’s Advisory Committee on Human Research Protections

July 21, 2010

My Perspective

• Approaching the problem of “The Internet in Human Subjects Research” from the field of information ethics

• Focus on how 2.0 tools, environments, and experiences are creating new conceptual gaps in our understanding of:– Privacy– Anonymity vs. Identifiability– Consent– Harm

Illuminating Cases

1. Tastes, Ties, and Time (T3) Facebook data release

2. Pete Warden’s harvesting (and proposed release) of public Facebook profiles

3. Question of consent for using “public” Twitter streams

4. Library of Congress archiving “public” Twitter streams

T3 Facebook Project

• Harvard-based Tastes, Ties, and Time (T3) research project sought to understand social network dynamics of large groups of students

• Solution: Work with Facebook & an “anonymous” university to harvest the Facebook profiles of an entire cohort of college freshmen– Repeat each year for their 4-year tenure– Co-mingle with other University data

(housing, major, etc)– Coded for race, gender, political views,

cultural tastes, etc

T3 Data Release

• As an NSF-funded project, the dataset was made publicly available– First phase released September 25, 2008– One year of data (n=1,640)– Prospective users must submit application

to gain access to dataset– Detailed codebook available for anyone to

access

“Anonymity” of the T3 Dataset

• But dataset had unique cases (based on codebook)

• If we could identify the source university, individuals could potentially be identified– Took me minimal effort to discern the

source was Harvard

• The anonymity (and privacy) of subjects in the study might be in jeopardy….

“All the data is cleaned so you can’t connect anyone to an identity”

T3 Good-Faith Efforts to Protect Subject Privacy

1. Only those data that were accessible by default by each RA were collected

2. Removing/encoding of “identifying” information

3. Tastes & interests (“cultural footprints”) will only be released after “substantial delay”

4. To download, must agree to “Terms and Conditions of Use” statement

5. Reviewed & approved by Harvard’s IRB

Zimmer, M. (2010). “But the data is already public”: on the ethics of research in Facebook. Ethics & Information Technology

1. Only those data that were accessible by default by each RA were collected

• False assumption that because the RA could access the profile, it was “publicly available”

• RAs were Harvard graduate students, and thus part of the the “Harvard network” on Facebook

“We have not accessed any information not otherwise available on Facebook”

2. Removing/encoding of “identifying” information

• While names, birthdates, and e-mails were removed…

• Various other potentially “identifying” information remained – Ethnicity, home country/state, major, etc

• AOL/NetFlix cases taught us how nearly any data could be potentially “identifying”

“All identifying information was deleted or encoded immediately after the data were downloaded”

3. Tastes & interests will only be released after “substantial delay”

• Individuals might be uniquely identified by what they list as a favorite book, movie, restaurant, etc.

• Steps taken to mitigate this privacy risk:– In initial release, cultural taste labels

assigned random numbers– Actual labels to be released after a

“substantial delay” – 3 years later

T3 researchers recognize the unique nature of the cultural taste labels: “cultural fingerprints”

3. Tastes & interests will only be released after “substantial delay”

• But, is 3 years really a “substantial delay”?– Subjects’ privacy expectations don’t expire

after artificially-imposed timeframe– Datasets like these are often used years

after their initial release, so the delay is largely irrelevant

• T3 researchers also will provide immediate access on a “case-by-case” basis– No details given, but seemingly contradicts

any stated concern over protecting subject privacy

4. “Terms and Conditions of Use” statement

3. I will use the dataset solely for statistical analysis and reporting of aggregated information, and not for investigation of specific individuals….

4. I will produce no links…among the data and other datasets that could identify individuals…

6. I will not knowingly divulge any information that could be used to identify individual participants

7. I will make no use of the identity of any person or establishment discovered inadvertently.

4. “Terms and Conditions of Use” statement

• The language within the TOS clearly acknowledges the privacy implications of the T3 dataset– Might help raise awareness among

potential researchers; appease IRB

• But “click-wrap” agreements are notoriously ineffective to affect behavior

• Unclear how the T3 researchers specifically intend to monitor or enforce compliance– Already been one research paper that

might violate the TOS

5. Reviewed & Approved by IRB

“Our IRB helped quite a bit as well. It is their job to insure that subjects’ rights are

respected, and we think we have accomplished this”

“The university in question allowed us to do this and Harvard was on board because we

don’t actually talk to students, we just accessed their Facebook information”

5. Reviewed & Approved by IRB

• For the IRB, downloading Facebook profile information seemed less invasive than actually talking with subjects…– Did IRB know unique, personal, and

potentially identifiable information was present in the dataset?

• …and consent was not needed since the profiles were “freely available”– But RA access to restricted profiles

complicates this; did IRB contemplate this?– Is putting information on a social network

“consenting” to its use by researchers?

T3 Good-Faith Efforts to Protect Subject Privacy

1. Only those data that were accessible by default by each RA were collected

2. Removing/encoding of “identifying” information

3. Tastes & interests (“cultural footprints”) will only be released after “substantial delay”

4. To download, must agree to “Terms and Conditions of Use” statement

5. Reviewed & approved by Harvard’s IRB

Zimmer, M. (2010). “But the data is already public”: on the ethics of research in Facebook. Ethics & Information Technology

Illuminating Cases

1. Tastes, Ties, and Time (T3) Facebook data release

2. Pete Warden’s harvesting (and proposed release) of public Facebook profiles

3. Question of consent for using “public” Twitter streams

4. Library of Congress archiving “public” Twitter streams

Pete Warden Facebook Dataset

• Exploited flaw in FB’s architecture to access and harvest public profiles to 215 million users (without needing to login)

• Planned to release entire dataset – with all personal information intact – to academic community– Would it be acceptable to use this dataset?– Users made data public, but did they expect

it to be harvested by bots, aggregated, and made available as raw data?

http://michaelzimmer.org/2010/02/12/why-pete-warden-should-not-release-profile-data-on-215-million-facebook-users/

Harvesting Public Twitter Streams

• Is it ethical for researchers to follow and systematically capture public Twitter streams without first obtaining specific, informed consent by the subjects?– Are tweets publications, or utterances?– Are you reading a text, or recording a

discussion?– What are users’ expectations to how their

tweets are being found & used?– What if user later changes their

preferences, or deletes tweets, etc

http://michaelzimmer.org/2010/02/12/is-it-ethical-to-harvest-public-twitter-accounts-without-consent/

LOC Archive of Public Tweets

• Library of Congress will archive all public tweets– 6 month delay, restricted access to

researchers

• Open questions:– Can users opt-out from being in permanent

archive?– Can users delete tweets from archive?– Will geolocational and other profile data be

included?– What about a public tweet that is re-

tweeting a private one?

Illuminating Cases

1. Tastes, Ties, and Time (T3) Facebook data release

2. Pete Warden’s harvesting (and proposed release) of public Facebook profiles

3. Question of consent for using “public” Twitter streams

4. Library of Congress archiving “public” Twitter streams

Conceptual Gaps

• Focus on how 2.0 tools, environments, and experiences are creating new conceptual gaps in our understanding of:– Privacy– Anonymity vs. Identifiability– Consent– Harm

• Conceptual gaps lead to policy vacuums that need to be addressed…

Conceptual Gap: Privacy

• Presumption that because subjects make information available on Facebook/Twitter, they don’t have an expectation of privacy– Ignores contextual nature of sharing– Ignores whether users really understand

their privacy settings

• Going forward…– Recognize the strict dichotomy of

public/private doesn’t apply in the 2.0 world– Consider Helen Nissenbaum’s theory of

“contextual integrity” as more fitting rubric– Strive to consult privacy scholars on

projects & reviews

Conceptual Gap: Anonymity vs. Identifiability

• Presumption that stripping names & other obvious identifiers provides anonymity– Ignores how anything can potentially

identifiable information and become the “missing link” to re-identify an entire dataset

• Going forward– Recognize “personally identifiable

information” is an imperfect concept• Consider EU’s protection of any data

“potentially linkable” to an identity– “Anonymous” datasets are not achievable

and provides false sense of protection• Paul Ohm, “Broken Promises of Privacy”

Conceptual Gap: Consent

• Presumption that because something is shared, the subject is consenting to it being harvested for research– Undervalues subject's intent– Ignores how research method might allow

un-anticipated access to “restricted” data

• Going forward– Must recognize that a user making

something public online comes with a set of assumptions/expectations about who can access and how

– Does anything outside this need specific consent?

Conceptual Gap: Harm

• Researchers often imply “data is already public, so what harm could happen”– Ignores dignity & autonomy, let alone

unanticipated consequences

• Going forward– Must move beyond the concept of harm as

requiring a tangible consequence• Protecting from harm is more than protecting

from hackers, spammers, identity thieves, etc– Consider dignity/autonomy theories of harm

• Must a “wrong” occur for there to be damage to the subject?

• Do subjects deserve control over the use of their data streams?

Conceptual Gaps ==> Policy Vacuums

• Researchers & IRBs are trying to do the right thing when faced with Internet research projects (and usually, they do)

• But the fluidity and complexity of Web 2.0 creates significant conceptual gaps

• Leaving IRBs with policy vacuums– Are IRBs able to sufficiently fill these gaps

and scrutinize innovative internet research with respect to these new complexities?

How to address the policy vacuums?• Specialized training

– SACHRP should require IRBs (or designated members) to participate in certified workshops on Internet research ethics

• Best practices & guidelines– SACHRP should provide general best

practices & guidelines (or link to existing ones) to help IRBs when confronted with Internet research

• Other collaborations– InternetResearchEthics.org– Digital Media & Learning collaboration

Presentation Author, 2006

Research Ethics in the 2.0 Era:Conceptual Gaps for Ethicists, Researchers, IRBs

Michael Zimmer, PhDSchool of Information Studies

University of Wisconsin-Milwaukeezimmerm@uwm.edu

http://michaelzimmer.org

Secretary’s Advisory Committee on Human Research Protections

July 21, 2010