new media, new ethics - ica 2012

New Media, New Ethics:How Social Media-based Research Demands New Attention to Research Ethics

Michael Zimmer, PhDAssistant Professor, School of Information Studies

Director, Center for Information Policy ResearchUniversity of Wisconsin-Milwaukee

[email protected]

Outline

What is Social Media (Internet) research?

What ethical concerns arise in social media research? Selected cases

Conceptual gaps in our ethical frameworks

Closing the gaps for researchers & IRBs

What does Social Media Research look like?

Using Social Media tools to engage in (traditional) research Online survey & data-collection tools Subject recruitment via email, social media Storing, processing, sharing data in the cloud

Using Social Media as the site for your research Interviewing/observing subjects in chat rooms,

virtual worlds, online games Collecting/merging data from online profiles,

feeds, newsgroups, blogs, archives, activity logs

Conceptual Gaps & Policy Vacuums

Computer technology transforms “many of our human activities and social institutions,” and will “leave us with policy and conceptual vacuums about how to use computer technology”

“Often, either no policies for conduct in these situations exist or existing policies seem inadequate. A central task of Computer Ethics is to determine what we should do in such cases, that is, formulate policies to guide our actions.”

Jim Moor, “What is Computer Ethics?”

Ethical Concerns

The growing use of social media tools, platforms & environments illuminate particular ethical concerns for researchers: Privacy Anonymity vs. Identifiability Consent Harm & Human subjects

Illuminating Cases

1. Research on Tor network

2. Archiving of public Twitter streams

3. Harvesting Facebook profile information

4. Capturing teen email & text messaging traffic

Research on Tor Network

Computer science researchers increasingly interested in network traffic on the Tor anonymity network What kind of traffic is on this network? What kind of users? How secure is it? Or, just capture Tor data as convenience sample

But users of Tor are intentionally seeking additional privacy and anonymity Research often not even vetted by IRBs

Soghoain, C. (2011) “Enforced Community Standards For Research on Users of the Tor Anonymity Network”

Archiving Twitter Streams

Is it ethical for researchers to follow and systematically capture public Twitter streams without first obtaining specific, informed consent by the subjects? Are tweets publications (texts), or utterances? What are users’ expectations to how their

tweets are being found & used? What if a user later changes her privacy

settings, or deletes tweets, etc

http://michaelzimmer.org/2010/02/12/is-it-ethical-to-harvest-public-twitter-accounts-without-consent/

LOC Archiving of Tweets

Library of Congress will archive all public tweets 6 month delay, restricted access to researchers only

Open questions: Can users opt-out from being in permanent archive? Can users delete tweets from archive? Will geolocational and other profile data be

included? What about a public tweet that is re-tweeting a

private one? Did users ever expect their tweets to become

permanent part of LOC’s archives?http://michaelzimmer.org/2010/04/14/open-questions-about-library-of-congress-archiving-twitter-streams/

Pete Warden Facebook Dataset

Exploited flaw in Facebook’s architecture to access and harvest publicly-viewable profile information of 215 million users

http://petewarden.typepad.com/searchbrowser/2010/02/how-to-split-up-the-us.html

Pete Warden Facebook Dataset

Planned to release entire dataset – with all personal information intact – to academic community Would it be acceptable to use this dataset? Users knew (?) data was public, but did they

expect it to be harvested by bots, aggregated, and made available as raw data?

Under threat of lawsuit from Facebook, Warden destroyed the data

http://michaelzimmer.org/2010/02/12/why-pete-warden-should-not-release-profile-data-on-215-million-facebook-users/

T3 Facebook Project

Harvard-based Tastes, Ties, and Time (T3) research project sought to understand social network dynamics of large groups of students

Worked with Facebook & an “anonymous” university to harvest the Facebook profiles of an entire cohort of college freshmen Repeated each year for their 4-year tenure

NSF mandated release of data, first wave in Sept 2008

Zimmer, M. 2010. “But the data is already public”: On the ethics of research in Facebook. Ethics & Information Technology.

“Anonymity” of the T3 Dataset

But dataset had unique cases (based on codebook)

If we could identify the source university, individuals could potentially be identified Took me minimal effort to discern the source was

Harvard

The anonymity (and privacy) of subjects in the study might be in jeopardy….

“All the data is cleaned so you can’t connect anyone to an identity”


Good-Faith Efforts to Protect Subject Privacy

1. Only those data that were accessible by default by each RA were collected

2. Removing/encoding of “identifying” information

3. Tastes & interests (“cultural footprints”) will only be released after “substantial delay”

4. To download, must agree to “Terms and Conditions of Use” statement

5. Reviewed & approved by Harvard’s IRB


T3 Facebook Project

Chronicle of Higher EducationJuly 10, 2011

The Blackberry Project

Ongoing longitudinal study examining teen behavior and sociability Recruited 281 third and fourth graders in 2003

Gave them free Blackberries and unlimited plans in 2009

Content of all text messages, e-mail messages, and instant messages was saved to a secure server owned by the researchers

Consent is renewed, but concerns over undue influence, parental respect for youth privacy, etc

Illuminating Cases

1. Research on Tor network

2. Archiving of public Twitter streams

3. Harvesting Facebook profile information

4. Capturing teen email & text messaging traffic

Ethical Concerns Conceptual Gaps


And present us new conceptual gaps on how to apply existing research ethics policies

Conceptual Gap: Privacy

Presumption that because subjects make information available on a blog, Facebook, or Twitter, they don’t have an expectation of privacy Researchers/IRBs might assume everything is always public,

and was meant to be Assumes no harm could come to subjects if data is already

“public”

New ethical problems… Ignores contextual nature of sharing Fails to recognize the strict dichotomy of public/private

doesn’t apply in the 2.0 world Need to track if ToS/architecture have changed, or if users

even understand what is available to researchersNissenbaum, H. 2011. “Privacy in Context: Technology, Policy, and the Integrity of Social Life”

Conceptual Gap: Anonymity vs. Identifiability

Presumption that stripping names & other obvious identifiers provides sufficient anonymity Assumes only PII allows re-identification

New ethical problems… Ignores how anything can potentially identifiable

information and become the “missing link” to re-identify an entire dataset

“Anonymous” datasets are not achievable and provides false sense of protection But how can we share data safely?

Ohm, P. “Broken promises of privacy: Responding to the surprising failure of anonymization.” UCLA Law Review

Conceptual Gap: Consent

Presumption that because something is shared or available without a password, the subject is consenting to it being harvested for research Assumes no harm can come from use of data already

shared with friends or other contextually-bound circles

New ethical problems… Must recognize that a user making something public online

comes with a set of assumptions/expectations about who can access and how Does anything outside this need specific consent?

Must recognize how research methods might allow un-anticipated access to “restricted” data

Conceptual Gap: Harm

Presumption that “harm” means risk of physical or tangible impact on subject Researchers often imply “data is already public, so what

harm could possibly happen”

New ethical problems Must move beyond the concept of harm as requiring a

tangible consequence Protecting from harm is more than protecting from hackers,

spammers, identity thieves, etc Consider dignity/autonomy theories of harm

Must a “wrong” occur for there to be damage to the subject? Do subjects deserve control over the use of their data

streams?

Conceptual Gap: Human Subjects

Researchers (esp. CompSci) often interact only with datasets, objects, or avatars, thus feel a conceptual distance from an actual human Often don’t consider what they do as “human

subject” research

New ethical problems Must bridge this (artificial) distance between

researcher and the actual human subject Also consider other stakeholders within the

complex arrangement of information intermediariesCarpenter, K & Dittrich, D. “Bridging the Distance: Removing the Technology Buffer and Seeking Consistent Ethical Analysis in Computer Security Research”

Ethical Concerns Conceptual Gaps


And present us new conceptual gaps on how to apply existing research ethics policies

Conceptual Gaps Policy Vacuums

Researchers & IRBs are trying to do the right thing when faced with research projects relying on Internet tools and spaces

But the fluidity and complexity of Internet tools and environments creates significant conceptual gaps

Leaving researchers & IRBs with considerable policy vacuums How should researchers deal with using Internet tools in

their projects? How should IRBs review them?

And how can we still ensure research still gets done…

Removing the gaps, filling the vacuums

Scholarship Buchanan & Ess studying how IRBs deal with Internet

research Exploring new dimensions of Internet research ethics by

Markham; Soghoian; Carpenter & Dittrich; and others (cited within)

Resources “Internet Research Ethics Digital Library, Resource

Center and Commons” www.InternetResearchEthics.org “Ethical decision-making and Internet research:

Recommendations from the AoIR Ethics Working Committee”

Removing the gaps, filling the vacuums

Education & outreach Growing focus at PRIM&R and related events Engage disciplinary conferences (ACM, ICA,

SOUPS, etc)

Policy guidance Advising SACHRP on “The Internet in Human

Subjects Research”Require Internet Research Ethics training for

all IRBs? For researchers?

New Media, New Ethics:How Social Media-based Research Demands New Attention to Research Ethics

Michael Zimmer, PhDAssistant Professor, School of Information Studies

Director, Center for Information Policy ResearchUniversity of Wisconsin-Milwaukee

[email protected]