My contribution to the discussion will focus on how Web 2.0 tools, environments, and experiences are creating new conceptual gaps in our understanding of privacy, anonymity/identifiability, consent, and harm. My presentation is titled “Research Ethics in the 2.0 Era:Conceptual Gaps for Ethicists, Researchers, IRBs”, and relies heavily on my critique of the Tastes, Ties, and Time research project and subsequent data release (news coming soon about publication of this critique).

The slides are available below (updated with new version).

Related posts: (automatically generated)

1. NSF Grant: Internet Research and Ethics 2.0
2. Draft Paper: “But the Data is Already Public”: On the Ethics of Research in Facebook
3. Revisiting Research Ethics in the Facebook Era: Challenges in Emerging CSCW Research
4. SDP2007 Presentation: The Quest for the Perfect Search Engine
5. Sony Provides Complete Everquest 2 Server Logs to Researchers

Complementing this new research area of mine, I had the privilege of participating in the first of a pair of one-day workshops intended to discuss challenges related to human subjects approval processes for to Internet-based research on children and learning. The workshop was organized by Alex Halavais, and Jason Schultz, as part of the larger MacArthur Foundation-funded project on Digital Media and Learning, and I was joined by these preeminent scholars and experts: Tom Boellstorff, Heather Horst, Montana Miller, Dan Perkel, Ivor Pritchard, and Laura Stark.

Details of that first meeting have been posted here, and summarized below:

We found that while there might be some fairly intractable issues, as there are for any established institution, some of the difficulties that IRBs and investigators encountered were a result of reinventing the wheel locally, and a general lack of transparency in the process of approving human subjects research. The elements required to make good decisions on planned research tend to be obscure and unevenly distributed across IRBs. From shared vocabularies between IRBs and investigators, to knowledge of social computing contexts, to a clear understanding of the regulations and empirical evidence of risk, many of the elements that delay the approval of protocols and frustrate researchers and IRBs could be addressed if the information necessary was more widely accessible and easily discoverable.

Rather than encouraging the creation of national or other centralized IRBs, more awareness and transparency would allow local solutions to be shared widely. Essentially, this is a problem of networked learning: how is it that investigators, IRB members, and administrators can come quickly to terms with the best practices in DML research?

We are meeting again in August to continue this conversation. If you have suggestions, or your own stories to tell, feel free to drop me a line or comment at the DML Central blog.

Related posts: (automatically generated)

1. NSF Grant: Internet Research and Ethics 2.0

According to Warden, he exploited a flaw in Facebook’s architecture to access public profiles without needing to be signed in to a Facebook account, effectively avoiding being bound by Facebook’s Terms of Service preventing such automated harvesting of data. As a result, he amassed a database of names, fan pages, and lists of friends for 215 million public Facebook accounts.

Warden has already done some impressive analysis of this data at an aggregate level, and I know researchers would love to get their hands on it. And like the “Tastes, Ties, and Time” Facebook project, Warden wants to release the dataset to the academic community.

But also like the “Tastes, Ties, and Time” project, Warden would be wrong to do so.

First, similar to our discussion of the ethics of collecting public Twitter streams, just because these Facebook users made their profiles publicly available does not mean they are fair game for scraping for research purposes. Yes, I have limited profile information viewable to the public, and I’ve authorized Facebook to make that information available for search engines to crawl. But the purpose of this public availability is to help people — humans, not bots — find me. The presumption is that my public profile data will only be found and viewed if someone actually searches for “Michael Zimmer” on Facebook or a search engine. In reality, my profile is only “public” if a human being takes specific and conscious action to find me.

Warden’s actions, however, violate this implicit understanding for making profiles publicly searchable. Rather than trying to find me, Warden is systematically sought everyone, letting a script to the work of seeking and harvesting my data. There is no genuine desire to find me, to friend me, and so on. He’s just collecting data. His reasons might be honest and beneficial, but that’s not what’s at issue here. The point is whether the 215 million Facebook users who now have some of their information in Warden’s database contemplated such harvesting and aggregating when they built their profile and configured their privacy settings. They almost certainly didn’t, which brings into doubt whether this data has been collected with proper consent.

Second, Warden’s release of this dataset — even with the best of intentions — poses a serious privacy threat to the subjects in the dataset, their friends, and perhaps unknown others. Warden claims to be sensitive to the privacy of the subjects in the database, and in response he has removed the identifying URL’s's that are unique to each profile, but the dataset retains the subjects’ names (really!), locations, Fan page lists and partial Friends lists (I’m not sure what is meant by a “partial” list of friends).

So, obviously, individuals can be easily identified within the dataset. But that’s not the greatest threat with the release of this data. What is most dangerous is its potential use to help re-identify other datasets, ones that might contain much more sensitive or potentially damaging data. Recall the research that showed how trivial it was to re-identify the presumed “anonymized” Netflix database, or the ease in identifying individuals within social networks. These ease of re-identifying these datasets came from having ready access to other large sets of data where the subjects where already known. By overlaying social graphs and other intricate data-comparison methods, the “anonymous” datasets were quickly re-identified. (See Paul Ohm’s “Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization” for excellent coverage of these cases and discussion of consequences for law & policy).

Warden’s rich dataset of 210 million Facebook users, complete with their names, locations, and social graphs, is just the ammunition needed to fuel a new wave of re-identification of presumed anonymous datasets. It is impossible to predict who might use Warden’s dataset and to what ends, but this threat is real.

It turns out that Facebook has asked Warden to delay releasing this data to the academic community (I’m curious as to what kind of pressure — if any — they exerted to keep him from releasing this week as originally planned). We will need to keep a close eye to see if the data is actually released, in what form, and if any steps will be taken to control and track its usage.

UPDATE: Under a threat of a lawsuit from Facebook, Warden has destroyed the dataset.

Related posts: (automatically generated)

1. Draft Paper: “But the Data is Already Public”: On the Ethics of Research in Facebook
2. Ask.com To Allow Users to Control Data Retention
3. 41% of Facebook Users Share Personal Information with a Frog
4. 77% of Google users don’t know it records personal data
5. What Happens to Your Facebook Data When You Leave? (Updated)

I argued, however, that we cannot be so quick to presume the expectations of potential research subjects. Yes, setting one’s Twitter stream to public does mean that anyone can search for you, follow you, and view your activity. However, there is a reasonable expectation that one’s tweet stream will be “practically obscure” within the thousands (if not millions) of tweets similarly publicly viewable. Yes, the subject has consented to making her tweets visible to those who take the time and energy to seek her out, those who have a genuine interest to connect and view her activity through this social network.

But she did not automatically consent, I argue, to having her tweet stream systematically followed, harvested, archived, and mined by researchers (no matter the positive intent of such research). That is not what is expected when making a Twitter account public, and it is my opinion that researchers should seek consent prior to capturing and using this data.

A healthy debate on this issue followed, and continued in a separate thread on Facebook, which included the following varied positions & responses (edited and condensed):

1. “…if the account holder tweets to the general public, then it’d seem like there’s no expectation of privacy so no consent would be necessary.”
2. (me) “But isn’t my expectation that even though my tweets are public, they’re often lost in a sea of hundreds of tweets among my followers, and I never anticipated someone would archive, mine, and perform research on them?”
3. “If you’re comfortable with your anonymity being guaranteed only by virtue of your public tweets being hidden in plain sight among millions of others, then you’d have to realize that some determined person could follow just yours, archive them, and analyze them. I like my privacy, but I don’t worry about walking around a city or campus even though …”
4. “…depends on how data are being presented – e.g. in aggregate vs specific “quotes” that could easily be traced.”
5. “Many IRBs would say yes [consent is needed], or at least would require you to get a waiver–publicizing the extremes to which IRBs go…”
6. “…IRB application is required. You could request that Informed consent be waived with the argument that you are only analyzing tweets broadcast publicly, and that you de-identify your data to eliminate potential risk to the individual”
7. “I would say if it is for research and you are dealing only with publicly available documents, then no, you need no consent. you can run that by the irb and get a waiver, but in the end, you are dealing with publicly available documents… not people, subjects. If you are dealing with subjects and not documents, then you will need irb clearance.”
8. “Tweets are publications. I think it’s absurd to even consider IRB review for anything dealing with things people have published”
9. “The questions are: 1) Are you conducting research that is intended to be published; 2) Does your research involved human participants; 3) For these human participants, will you gather data through intervention or interaction with the individual; and/or will you gather identifiable private information about them. (45 CFR 46.102(f))
   If these 3 conditions are met, your research must be reviewed by IRB. They will work with you and determine whether or not informed consent is required. In your case, if you are NOT interacting with the individual publishing the tweets, and the tweets are broadcast and searchable as public records (that is, you don’t need access to their account to view tweets posted to a limited audience), then it won’t fall under the definition of research with human subjects.”
10. “If i download all of Michael’s published papers, blog posts, twitter posts and each one he publishes thereafter… are they the same? or different? I’d argue the same, just for different audiences.”
11. (me) “What if tomorrow, I decide to take my Tweet stream private. And I delete my blog posts. Does my affirmative action to purge my documents from the “live” web mean that you (researcher) need to treat that previously archived material differently?”
12. “If the individual changes their intent regarding release of data, then by IRB standards what might previously have been considered publicly available information, then becomes private information, and your collection would likely require BOTH IRB review AND informed consent, b/c the user now has an expectation that their information is protected.”
13. “Once tweeted, a birdsong is gone forever. No deleting or taking back what’s been broadcast to the world. If someone seeks privacy, they should seek another method of communication. If from the beginning, there was some kind of inherent expectation that tweets were private messages, then the situation might be different. But the whole idea of tweeting is to voluntarily publish or broadcast. It’s different from, say, e-mailing or IMing.”

What we see here are numerous, intelligent researchers not in complete agreement about wither consent is necessary, about whether one’s tweets are “publications” not needing IRB review, or whether Twitter-based research is dealing with “human subjects” that does require strict scrutiny. There’s also some question about how to deal with the fact that users might make information private after an initial release, something our current forms of communication allow more than in the past.

What do you think? If readers have had experience with related research ethics issues, and how their IRB dealt with is, please email me or leave a comment.

Aside: Interestingly, Adam Fish, who I’ve friended on Facebook, saw that discussion and wanted to repost the thread on his blog. Respectful of the delicate nature of re-posting other conversations and moving them from the controlled environs of Facebook to a public blog, he contacted me to ask permission. He didn’t, apparently, contact each of the commenters to ask for their permission. I felt it necessary to get consent from everyone in that thread before authorizing its re-posting. When I asked each of them, all agreed (with some edits), and some took the position that the Facebook conversation was de facto public, even though technically only a certain set of users (friends of the participants) could in reality see the thread.

[image from TPorter2006]

Related posts: (automatically generated)

1. How Your Private Tweets Might Be Included in the Library of Congress Public Archive
2. Public Comments on RFID Passports are…Public
3. WSJ: When Public Records Are Too Public
4. iTunes Now Asks for Consent Before Collecting Data
5. Flaw in Twitter’s Privacy Settings

This is my first time at CSCW, and looking at the set of papers for this workshop, it should be an excellent experience. I’ve submitted a brief analysis of the “Tastes, Ties, and Time” Facebook dataset release (my larger paper is going through its final edits for publication). You can download the short analysis here: Subject Privacy and the Release of the “Tastes, Ties, and Time” Dataset.

The organizers also asked me to provide some brief comments on the ethical issues related to archiving and releasing research data. I’ve created a few slides with some provocations that will hopefully spark some discussion on these matters. You can view these slides here:
Zimmer CSCW 2010

Related posts: (automatically generated)

1. Draft Paper: “But the Data is Already Public”: On the Ethics of Research in Facebook
2. NSF Grant: Internet Research and Ethics 2.0
3. More On the “Anonymity” of the Facebook Dataset – It’s Harvard College (Updated)
4. On the “Anonymity” of the Facebook Dataset (Updated)
5. On Facebook, People Own and Control Their Information (Except When Facebook Does)

The conference program is fantastic, featuring keynote addresses by Siva Vaidhyanathan, Wendy Hui Kyong Chun, and Megan Boler. I’ll be presenting an updated version of my paper, “But the Data is Already Public”: On the Ethics of Research in Facebook, based on my critique of the “Tastes, Ties, and Time” Facebook data release.

I’ll also be participating in a pre-conference workshop on Critical Issues and Perspectives in Internet Research Methods and Ethics, where the focus will be on raising awareness of and sensitivity by researchers around critical methodological and ethical issues working particularly in online or Internet-mediated realms.

There already is a great tweet stream at #ir10, so please follow us if you can’t make it.

UPDATE: By most measures, the conference was a great success. As an organizer, I was only able to sit in on a handful of sessions (including my own), but others have blogged about here and here.

There are quite a few images up on Flickr, and I’ve created a Wordle from all the individual paper titles. Matt Allen blogged the AoIR general meeting, where the locations of the next two conferences were announced: Gothenburg, Sweden (2010) & Seattle, Washington (2011). See you there!

Related posts: (automatically generated)

1. Announcing IR.10 Internet:Critical (Milwaukee – 2009)
2. CFP: IR.10 Internet: Critical (Milwaukee – 2009)
3. US high-speed Internet is…slow
4. Registration Open – and a Student Grant Opportunity – for Internet Research 11.0
5. Critical Perspectives on Social Software and Web 2.0

I’m thrilled to be among the senior personnel on this grant, and look forward to the collaboration and results.

[Note: The Internet Research Ethics Digital Library, Resource Center, and Commons website is now live]

Here is the summary of the research project:

Internet Research and Ethics 2.0:
The Internet Research Ethics Digital Library, Interactive Resource Center, and Online Ethics Advisory Board

The working knowledge, professional and disciplinary norms and practices, and body of Internet Research ethics literature, is scattered across disciplines and locales, often contributing to uncertainty in ethical and methodological decision making among researchers and ethics boards which review research in academic institutions. This occasionally prevents research from being pursued and unnecessarily lengthens the time and effort that such bodies as Institutional Review Boards put into internet-research based protocols, as Buchanan and Ess have discovered in their current NSF funded research on IRBs and IRE protocol review. This uncertainty also contributes to a growing confusion and frustration among researchers, who see an ethical rigidity imposed from extant ethical review models, as more research is conducted across an array of technological and global boundaries.

This project brings the IRE literature together into a comprehensive database and couples it with it an interactive resource center, thus, centralizing and simplifying the task of developing standards, best practices, and guidelines around IRE. It also develops an Online Ethics Advisory Board, which will provide professional advice and guidance for researchers, ethics boards, and any research participants. The project is an exemplar of a new concept, “research ethics 2.0,” borrowing from web 2.0 to describe the emerging interactivity, user-developed content and resources, and technologies such as social networking and hyper-blogging that are stretching traditional notions of subject-object, creator-created, owner-consumer, and ultimately, researcher-researched. This emergent model of research ethics has the potential to transform the types of research itself that is conducted across universities and beyond.

The intellectual merit of this project lies in its cross-disciplinary breadth and depth that will benefit a range of scholarship in understanding “research ethics 2.0,” or, “transformative research ethics,” its focus on the ever-increasing literature concerned with Internet research ethics and the various discourses in play across disciplines around such relevant issues such as privacy, consent, ownership; and, its transformative nature, contribute to the model of a traditional ethics board with an online advisory board that is highly versed in Internet research ethics problems and scenarios.

The broader impacts resulting from the proposed activity stem from the intellectual merits: The project will push the boundaries of traditional research ethics issues, allowing transformative models for managing Internet research. It provides sound resources, a solidified research base, and expert advice as more researchers and more IRBs/ethics boards struggle with the complexities of Internet research ethics. The greatest overall significance lies in the broad impact the project will have for Internet researchers from all disciplines and on the foundations of their research ethics systems and information ethics in general, and on the nature of research itself in an ever-connected, online environment.

Related posts: (automatically generated)

1. Revisiting Research Ethics in the Facebook Era: Challenges in Emerging CSCW Research
2. Draft Paper: “But the Data is Already Public”: On the Ethics of Research in Facebook
3. IR.10 Internet: Critical (or, why the blog has been slow lately)
4. CFP: The Ethics of Information Organization
5. The Role of Information Ethics in Education

Recall that last fall, a group of researchers affiliated with the Berkman Center for Internet & Society at Harvard University released a dataset of Facebook profile information from an entire cohort (the class of 2009) of college students from “an anonymous, northeastern American university.” While the researchers took good faith steps to preserve the anonymity of the source of the data (and, presumably, the privacy of the subjects), I quickly narrowed it down to 7 possible universities, and then with only a little more effort, identified the source (with some confidence) as Harvard College. All this without ever even downloading or looking at the actual data.

The researchers have since pulled the data out of circulation, and plan to make it available again this month, presumably with some of the anonymity and privacy concerns addressed.

The draft paper I am presenting, “But the Data is Already Public”: On the Ethics of Research in Facebook, retells the circumstances around the T3 project and my partial re-identification of the dataset. It also describes some of the good faith efforts made by the T3 researchers to try to ensure the anonymity of the data, but exposes the limitations and errors in their procedures. Finally, it highlights the broader challenges for engaging in research on/in social networking sites that this case brings to light. These include:

• the nature of consent in online research
• identifying and respecting expectations of privacy on social network sites
• developing sufficient strategies for data anonymization prior to the public release of potentially personally-identifiable data
• measuring the relative expertise of institutional review boards when confronted with innovative research projects based on data gleaned from social media

Future versions of the paper will attempt to provide some guidelines in this regard. In the meantime, I welcome any comments on this draft. E-mail me if you would like to receive a copy.

The PDF of my CEPE presentation is here.

Related posts: (automatically generated)

1. Revisiting Research Ethics in the Facebook Era: Challenges in Emerging CSCW Research
2. NSF Grant: Internet Research and Ethics 2.0
3. Paper: The Value Implications of the “Google Paradigm” for Organizing, Distributing and Accessing Information
4. More On the “Anonymity” of the Facebook Dataset – It’s Harvard College (Updated)
5. What Happens to Your Facebook Data When You Leave? (Updated)

With the cooperation of Sony, a collaborative group of academic researchers at a number of institutions have obtained the complete server logs from the company’s Everquest 2 MMORPG. …Dmitri Williams introduced the project and described how researchers have been approaching various game developers over the years. He paraphrased the conversation with Sony as:

“What do you collect?”
“Well, everything—what do you want?”
“Can we have it all?”
“Sure.”

The end result is a log that includes four years of data for over 400,000 players that took part in the game…

Sony states that the logs were “scrubbed of all PII (Personally Identifiable Information) prior to being provided to the researchers.” Presuming Sony has sufficiently anonymized the data (a troubled presumption, for sure), I still wonder  how such a data release might affect the community of users in this social sphere. Does the fact that information about one’s activities is being shared and mined change the contextual norms of information flow in an MMORPG?

No related posts.

As mentioned the other day, a group of researchers from the Berkman Center for Internet & Society at Harvard University released a dataset of Facebook profile information from an entire cohort (the class of 2009) of college students from “an anonymous, northeastern American university.”

(I’ve been engaging with Jason Kaufman, the PI for this research, on a variety of privacy and research ethics issues in this post and the comments section – please check it out.)

Well, I’m pretty sure this “anonymous, northeastern American university” is Harvard College. And I didn’t even have to download the dataset to figure it out. Here’s how.

As I noted here, the press release and the public codebook for the dataset provided many clues to where the data came from: we know it is a northeastern US university, it is private, co-ed, and whose class of 2009 initially had 1640 students in it. A quick search for schools reveals there are only 7 private, co-ed colleges in New England states (CT, ME, MA, NH, R , VT) with total undergraduate populations between 5000 and 7500 students (a likely range if there were 1640 in the 2006 freshman class): Tufts University, Suffolk University, Yale University, University of Hartford, Quinnipiac University, Brown University, and Harvard College.

Next, the codebook mentioned utilizing research assistants (RAs) to access and download the subjects’ Facebook profile information. Specifically, the researchers noted that “that both undergraduate and graduate student RAs were employed for downloading data, and that each type of RA may have had a different level of default access based on individual students’ privacy settings.” (See my note regarding how this complicates the argument that “the subjects’ Facebook profiles were already public, so there is no privacy concerns” towards the bottom of this post.) This leads one to believe that the RAs were from the same university as the subjects themselves, since the only relevant privacy setting for a Facebook profile would be whether users in one’s own “network” (a university, for example) can see the profile, vs. only one’s friends). It further stands to reason (for simplicity and efficiency) that the RAs employed by the researchers for this task would be from the researchers’ own univeristy, Harvard.

Then, the fact that the researchers’ institutional “Committee on the Use of Human Subjects” allowed this research without requiring explicit consent by the subjects lends me to believe thta the subjects must be affiliated with that institution. I find it unlikely an IRB would have allowed this data collection and release to be performed in such a way on students from an institution that they didn’t feel they had some kind of domain over.

Finally, and perhaps most convincingly, only Harvard College offers the specific variety of the subjects’ majors that are listed in the codebook. While nearly all univerersities offer the common majors of “History”, “Chemistry” or “Economics”, one only needs to search for the more uniquely phrased majors to discover a shared home institution. As far as I could tell, only Harvard College (of the 7 northeast private universities we’ve already narrowed it down to) offers majors with unique titles such as these:

• Near Eastern Languages and Civilizations
• Studies of Women, Gender and Sexuality
• Environmental Science and Public Policy
• Organismic and Evolutionary Biology
• Sanskrit and Indian Studies

For these reasons, I’m confident this Facebook dataset represents the class of 2009 from Harvard College. I could be wrong, but I don’t think so.

Now, a couple of comments:

One, I didn’t even look at (and haven’t even downloaded) the actual dataset in order to make this discovery. I simply read the press release and public codebook, performed a few Google searches, and did some thinking of my own. I’m not a hacker, I’m not a statistician. This wasn’t hard, and there’s something wrong if the source of an “anonymous” dataset can be de-anonymized (at the institutional level) so easily.

Two, I hesitated whether to even post this revelation, as it certainly contributes to the chances that individual subject’s identities could be exposed, further eroding their privacy. There is no easy calculus to determine what to do in such a case, but I decided to post the results of my investigation as a clarion call to others who might want to release similar datasets. We must take care to ensure, to the best of our abilities, the privacy of our subjects.

Three, what could the researchers have done to prevent my discovery? Besides not giving away so many demographic clues as to the university, they should have coded the specific names of the majors into more generic identifiers. Even without the other “northeast, private university” clues, having the specific majors alone would have been sufficient to (eventually) figure out the identity of the school.

Methinks we really need to keep working on a new set of Internet research ethics and methodologies.

During his talk, two more tidbits of information are provided that help me feel confident that the dataset is indeed of the class of 2009 from Harvard College.

First, Kaufman makes a throwaway remark (at about minute 35:10) that the dataset is from a “very idiosyncratic campus…a very elite college”. While that alone doesn’t give it away, it does help rule out some of the 7 colleges on my list above that simply aren’t considered “very elite” (sorry, Quinnipiac).

Second, and more telling, Kaufman notes (at about minute 32:52) that “midway through the freshman year, students have to pick between 1 and 7 best friends” that they will essentially live with for the rest of their undergraduate career. This accurately (if not precisely) describes how undergraduate housing works at Harvard. As described here, all freshman who complete the fall term enter in to a lottery, where they can designate a “blocking group” of between 2 and 8 students with whom they would like be housed in close proximity.

So, again, the lesson learned here is how disparate pieces of seemingly benign information can be pieced together to make an otherwise presumed anonymous piece of data identifiable. I did it here by quickly analyzing the codebook, reading a press release, and watching a video presentation. The New York Times did it with the AOL search data release, and I’m sure someone will do it with this Facebook dataset.

Related posts: (automatically generated)

1. On the “Anonymity” of the Facebook Dataset (Updated)
2. What Happens to Your Facebook Data When You Leave? (Updated)
3. Facebook *Really* Wants You to Use Beacon (Updated)
4. Draft Paper: “But the Data is Already Public”: On the Ethics of Research in Facebook
5. How to Adjust your Facebook Privacy Settings