Ethical and privacy-preserving internet-mediated research
Dr. Mainack Mondal Dr. Guillermo Suarez-Tangil
IIT Kharagpur, India IMDEA Networks/KCL
Tutorial: Tracking the Trackers
WebSci’21, virtual venue
Internet-mediated research
“Research conducted through the medium of the Internet”
-- Clifford et al., 2010
Encompasses almost all of research in web science community
Tracking as internet-mediated research
Web tracking
“Web tracking is the practice by which operators of websites collect, store and share information about visitors’ activities”
Outline
Ethics of human subjects research:
Belmont report
The Belmont Report
Basic ethical principles
Basic ethical principles / Respect for persons
Basic ethical principles / Beneficence
Basic ethical principles / Justice
Basic ethical principles / Respect for law
What is privacy in human subjects research
Privacy: definitions
Privacy: definitions
Westin: Privacy as control (1967)
--- Alan Westin
Four states of Westin’s theory
Westin’s theory: Exercise
Solitude? Intimacy? Anonymity? Reserve?
Westin’s theory exercise revisited
Outline
Ensuring ethics of internet-mediated research
Internet-mediated research
Internet-mediated research
“Minimal risk means that the probability and magnitude of harm or discomfort anticipated in the research is not greater in and of itself than those encountered during daily life or during the performance of routine physical and psychological examinations or tests”
Large scale “Passive Measurements”
IRB: Institutional review board
Many organizations have an ethics review process (sometimes called an Institutional Review Board, IRB). In some cases, research work may clearly have no human subjects, and formal institutional review may not be required. (However, a sentence in the paper stating this evaluation is still required.) In many cases, IRB involvement is appropriate. IRB approval of research is an important factor (and should be mentioned), but the program committee will independently evaluate the ethical soundness of the work just as they evaluate its technical soundness.
-- SIGCOMM 2021 CFP
Censorship Measurements: The case of Encore
(*) S. Burnett and N. Feamster, “Encore: Lightweight measurement of web censorship with cross-origin requests,” ACM SIGCOMM Computer Communication Review, vol. 45, no. 4, pp. 653–667, 2015.
Historically, there was a strong disagreement as of whether this project needs IRB.
What do you think? https://pollev.com/gtangil (we get back to this in the backup slides / Q&A)
How to do ethical internet-mediated research?
(*) https://davisjam.medium.com/ethical-conduct-in-cybersecurity-research-86d13b6b6eed
Ensuring privacy of internet-mediated research
Westin’s theory exercise revisited
Privacy violation, because the user was not informed clearly if data is collected and how the data will be used
How to get Informed consent?
Consent form with privacy policies
Bad privacy policies: Facebook example
For reference: #words in Magna Carta = 4594
Good practice: Short + structured privacy policy
Summary: what to do for privacy-preserving ethical internet-mediated research?
References
[1] Dittrich, D. and Kenneally, E. The Menlo report: Ethical Principles Guiding Information and Communication Technology Research, U.S. Department of Homeland Security, Aug. 2012
[2] Craig Partridge, Mark Allman. Addressing Ethical Considerations in Network Measurement Papers. ACM SIGCOMM Workshop on Ethics in Networked Systems Research, August 2015.
[3]Mark Allman. Traffic Monitoring Considered Reasonable, IEEE Symposium on Security and Privacy Cyber-security Research Ethics Dialog and Strategy Workshop (CREDS), May 2013.
[4] Belmont Report. Ethical Principles and Guidelines for the Protection of Human Subjects of Research. https://www.hhs.gov/ohrp/regulations-and-policy/belmont-report/index.html
[5] Van Der Ham, Jeroen. "Ethics and Internet measurements." 2017 IEEE Security and Privacy Workshops (SPW). IEEE, 2017.
[6] Jones, Ben, et al. "Ethical concerns for censorship measurement." Proceedings of the 2015 ACM SIGCOMM Workshop on Ethics in Networked Systems Research. 2015.
[7] A. Narayanan and B. Zevenbergen, “No encore for encore? Ethical questions for web-based censorship measurement,” SSRN Electronic Journal. [Online]. Available: http://dx.doi.org/10.2139/ssrn.2665148
Ethical and privacy-preserving internet-mediated research
Dr. Mainack Mondal Dr. Guillermo Suarez-Tangil
IIT Kharagpur, India IMDEA Networks/KCL
Tutorial: Tracking the Trackers
WebSci’21, virtual venue
Questions, comments or thoughts?
Censorship Measurements: The case of Encore (cont)
Censorship Measurements: The case of Encore (cont)
IMPORTANT DISAGREEMENT