The Blackberry Project (formerly known as the Friendship Project) is an ongoing longitudinal study examining teen behavior and sociability, which first recruited its subjects in 2003 (starting with 281 third and fourth graders from 13 Dallas public schools) and relied on yearly laboratory and home observation and surveys for data collection. Then, in 2009, the subjects (now entering 8th grade) were provided with BlackBerry devices with unlimited text and data plans paid for by the investigators. The devices were configured so that the content of all text messages, e-mail messages, and instant messages was saved to a secure server to be mined by the researchers — over 500,000 messages a month are being archived. Preliminary analyses have been published in Developmental Psychology.

The result? Hill puts it best in her headline and opening thoughts:

A Texas University’s Mind-Boggling Database Of Teens’ Daily Text Messages, Emails, and IMs Over Four Years

For the past four years, the University of Texas-Dallas developmental psychology professor has essentially wire-tapped 175 Texas teens,  capturing every text message, email, photo, and IM sent on Blackberries that she provided to them, creating a rich database that now contains millions of funny, explicit, sexual, and inane messages for academic study. Half a million new messages pour into the database every month. This summer, she’s adding Facebook content to the mix as well. The teens sacrificed their privacy for science… and a free smartphone, data plan and unlimited text messaging.

Dr. Underwood’s study has been approved by UT-Dallas’s Institutional Review Board, and she’s also received a Certificate of Confidentiality from the NIH, which are only granted after considerable scrutiny. Each participant is given a unique identification number so that all information that is collected is, according to the project website, “de-personalized”. The research data is stored securely with the help of Ceryx and Global Relay, data security providers who typically work together to store and archive electronic communication data for financial institutions. The archive is password protected and can only be accessed by a small group of selected researchers.

In short, this large-scale and long-term project has undergone considerable review, and appears to be taking privacy and security quite seriously. That said, there remain certain ethical concerns about the research worth discussing.

(Note: my discussion is based on what I can glean from available reports and documents about the study; I’m trying to gather additional information through various channels.)

Consent

Since the Blackberry Project (and its predecessor) focus on studying the activity of minors, gaining informed consent is of particular importance. Participants and parents were required to sign detailed consent forms annual that clearly stated that all electronic communication were be recorded and monitored. (While the consent forms for the earlier Friendship Project are available online, I haven’t been able to locate the consent documents for the Blackberry Project. I’ll request them from Dr. Underwood.) It appears this consent process was repeated annually, which is particularly important as subjects grow and develop, and the content of their text and email messages might change over time (for example, 10th graders might start texting about dangerous or legal activity, which might not have been contemplated when original consent was provided years earlier).

Parental consent for minor subjects is standard procedure. However, I wonder how well a parent actually understands the extent to which adolescents make use of mobile texting, and whether a parent really is equipped to represent (and waive) the privacy interests of their adolescent kids if they fail to recognize both the scale and types of information contained within those text messages. Is parental consent really sufficient when we’re dealing with teenager’s use of social media and personal technology? This is something I’ll need to think about more….

Further, any consent granted only involves the participants themselves and their outgoing messages. But those sending messages to the participants have not consented to having their messages stored and subjected to analysis. Underwood recognizes this problem, but argues it away:

Pioneering researchers studying online communication have argued that electronic communication can be observed without permission in some contexts because the information need not be uniquely identifiable, unless individuals have chosen to make their online user name their actual name (see Subrahmanyam et al., 2006; Whitlock, Powers, & Eckenrode, 2006). In our study, although we did have access to participants’ phone contacts and could see how they labeled individuals there, these were rarely uniquely identifiable, because most adolescents chose to label contacts with first names only or with nicknames.

However, I find this argument a bit thin. Just because some “pioneering researchers” claim it is acceptable to study online messages observed without permission “in some contexts” doesn’t make it necessarily ethical here. Hopefully the IRB pressed hard on this issue.

Undue Influence

Consent is only valid if it doesn’t involve coercion or undue influence. While paying research subjects is commonplace and generally acceptable, the fact that subjects in the Blackberry Project received a free smartphone with fully paid data and texting plans (and a generous 300 minute voice plan) might quality as undue influence. The Office of Human Research Protections defines undue influence when researchers offer an “excessive or inappropriate reward or other overture in order to obtain compliance.” OHRP also notes that “The level of remuneration should not be so high as to cause a prospective subject to accept risks that he or she would not accept in the absence of the remuneration.”

This is where the free Blackberries and service plans might be problematic. Since 11% of the participating families had incomes under $25,000, and 29% under $50,000, the allure of a free, “highly attractive” smartphone, complete with a free and unlimited data plan, might have persuaded some lower-income families to participate who otherwise might have considered the project too risky. If you’re on a tight budget, and your kids keep pestering you for a smartphone, the Blackberry Project might have been a lifesaver, regardless of the risks.

Determining undue influence is a grey area, and, again, I hope that UT-Dallas’s IRB considered this matter with vigor.

Privacy and Anonymity

Underwood has taken great lengths to protect subject privacy, including the use of secure, off-campus data storage platforms and replacing account names with ID numbers within the archive. Yet, considerable privacy concerns remain. There are plenty of cases where simply replacing names with ID numbers fails to provide sufficient anonymity, and the content of the messages themselves might reveal various personal details of the participants and their friends. The researchers indicate they use the participants address books to help “replace phone numbers with whatever the participants used to label their contacts” when compiling transcripts. While some of these labels might be un-identifiable, others might effectively “out” particular people within the dataset.

The Forbes article also notes:

Underwood has gotten calls from investigators around the country who would love access to her database, but she says she doesn’t want to hand over the data unless she can de-identify it or anonymize it. I’m imagining many a privacy scholar shaking his or her head in dismay given how difficult true anonymization is.

Indeed. I’m curious to know what steps toward deidentification or anonymization Underwood intends before sharing the data.

The Forbes piece presses Underwood further about the issue of privacy:

When I asked Underwood if any of the kids (or their parents) had ever expressed concern about the privacy of their communications, and the discomfort they might feel about every single thing they send being archived indefinitely for study, she said it had been a “non-issue.”

“We haven’t really directly asked about it. We don’t do anything to draw attention to our monitoring,” says Underwood. She prefers that teenagers act naturally. Asking them too strongly about how they feel about their privacy might negatively affect the “observing them in the wild” aspect of her study.

This troubles me. Here, a researcher collecting millions of personal messages sent between teens admits to not wanting to directly address privacy with the subjects because it might negatively affect the study. If you bring up the privacy concern, Underwood seems to say, it will just cause them to self-censor. Of course, if her hypothesis is true, that validates the privacy concern itself — the participants might actually care about their privacy, once reminded about it. (Note to researchers: if you find yourself wanting to minimize disclosure of privacy concerns, then you have significant privacy concerns that need to be addressed.)

In sum, the Blackberry Project appears to have been managed properly through the IRB rules and regulations. These open issues speak more to the nature of this kind of research generally, versus about this project specifically. I’m very curious as to how the researchers and the IRB discussed and deliberated these issues, and will provide any updates if I’m able to gain access to more details.

On the opening morning of the conference, I will join John Palfrey and Lydia Shrier for a plenary panel on “Would Margaret Mead Have Blogged? How Social Media has Changed Research”. My slides for that presentation are provided below. I will also be leading a workshop on “Research, the Cloud, and the IRB”, and giving a presentation to the U.S. Department of Energy Human Subjects Working Group.

Internet research ethics is well represented at this year’s AER conference, with a strong track focusing on “Research Involving the Internet & Social Networking”. Among these presentations and workshops are several led by Elizabeth Buchanan. Buchanan will be co-facilitating a pre-conference workshop entitled “What a Tangled Web We Weave: Ethical, Regulatory, and technical Aspects of Internet Research”. She is also participating in the following workshops:  “Research, the Internet, and the IRB: Ethical and Regulatory Issues,” “Research, Social Media and the IRB,” and “Ethical Implications of Pre and Post Enrollment uses of Social Media in Clinical Trials”.

It is a well-written article, quite balanced, and features myself, the T3 principle researcher Jason Kaufman, and fellow Internet research experts Alex Halavais, Fred Stutzman, and Elizabeth Buchanan (I am friends with the latter three, for disclosure). The Chronicle also tracked down a Harvard student presumably within the dataset.

For those looking, my initial blog posts (from 2008) regarding the T3 dataset are here and here, and my full treatment of the dataset release was published here:

• Zimmer, M. (2010). “‘But the data is already public’: on the ethics of research in Facebook,” Ethics & Information Technology, 12(4), 313-325

I don’t want to rehash the entire article or episode, but would like to provide a few annotations:

The article does a nice job pointing out the dual challenges of “Researchers [who] must navigate the shifting privacy standards of social networks and their users”, as well as the “the committees set up to protect research subjects—institutional review boards, or IRB’s—[who] lack experience with Web-based research.”

These are critical revelations that we cannot take lightly. There is much work to be done to ensure researchers of all disciplines and levels recognize and respond to the complexities of engaging in this kind of research online, and that IRBs are sufficiently trained to recognize issues related to Internet research ethics.

To these ends, the Association of Internet Researchers (AoIR) has published an ethics guide (now undergoing revisions) as “as at least a starting point for their inquiries and reflection”, and we’ve held various workshops on the subject. Elizabeth Buchanan and Charles Ess have spearheaded important research on the IRBs’ awareness of Internet-related concerns, and have launched the Internet Research Ethics Digital Library, Resource Center and Commons website as a valuable resource.

And, specific to the article’s mention that I have “pointed to the Harvard case in urging the federal government to do more to educate IRB’s about Web research”, I was privileged to present before the Secretary’s Advisory Committee on Human Research Protections (SACHRP), part of the Office for Human Research Protections in the United States Department of Health and Human Services (HHS). Joined by Elizabeth Buchanan, Montana Miller, and John Palfrey (of Harvard’s Berkman Center, by the way), we discussed emerging ethical issues with Internet-based research and urged the committee to take steps to ensure IRBs and researchers were suitably trained to recognize and address these important ethical issues.

In the context of this entire debate (and some of the original comments left on my blog posts), this passage from the article is quite telling:

But Mr. Kaufman talks openly about another controversial piece of his data gathering: Students were not informed of it. He discussed this with the institutional review board. Alerting students risked “frightening people unnecessarily,” he says.

“We all agreed that it was not necessary, either legally or ethically,” Mr. Kaufman says.

Frankly, I’m troubled by this statement. I will leave it to legal experts to determine if the research violated the consent requirements of the Federal Regulations for the Protection of Human Subjects (45 CFR 46), but from an ethical standpoint, I argue the researchers did have an obligation to respect the intentions of those students who might have restricted their Facebook profiles to only be visible to members of the Harvard community. The researcher’s own codebook acknowledged that the assistants used to access the profile data might have had preferential access to a profile, and that “a given student’s information should not be considered objectively ‘public’ or ‘private’”. This realization should have triggered an ethical concern over whether each students truly intended to have their profile data publicly visible and accessible for downloading.

This is the crux of the issue, and my earlier attempts to learn if and how this apparent waiver of the consent requirement was deliberated by Harvard’s IRB were unsuccessful. Perhaps now we can gain a bit more understanding of why it was deemed that consent wasn’t necessary (and I hope it was a more nuanced decision than simply avoiding “frightening people unnecessarily”).

I agree with the article’s conclusion that the “biggest victim” in this episode is academic scholarship.

The uniqueness of this dataset is of obvious value for sociologists and Internet researchers, and it wasn’t my goal to shut down this research project. It is unfortunate the researchers haven’t been able to find a suitable means of re-releasing the data, but just like the AOL search data release forced us to rethink methods of anonymization before again releasing large datasets of transaction logs, I’m hopeful that this episode can prompt meaningful consideration and debate of our understandings of privacy, anonymity/identifiability, consent, and harm when it comes to Internet-based research.

Finally, I wanted to provide a brief response to the implicit accusation made in the article that I’m a part of some kind of “academic paparazzi”.

I’m not even sure what this means. Perhaps someone thinks I spend my time trolling through other people’s research hoping to find a place where they slip up so I can have a “gotcha” moment? Hardly. I had never written on research ethics until I came across this particular case. I saw a passing mention of the data release on another scholar’s blog, and the ensuing discussion there about how the presumed anonymity of the dataset should be questioned due to its unique data variables. So I started to explore, and my discoveries followed. I’m not out to get anyone, but rather have taken quite a number of proactive steps to help researchers (both the T3 team and more broadly) address these complexities.

The complexities of research ethics and methodology in today’s Internet-based environment is complex, and I’m just starting to scratch the surface. But I don’t take this lightly; I’m a scholar, not a paparazzo.

As I conclude in my full article:

The purpose of this critical analysis of the T3 project is not to place blame or single out these researchers for condemnation, but to use it as a case study to help expose the emerging challenges of engaging in research within online social network settings. …The T3 research project might very well be ushering in ‘‘a new way of doing social science’’, but it is our responsibility scholars to ensure our research methods and processes remain rooted in long- standing ethical practices. Concerns over consent, privacy and anonymity do not disappear simply because subjects participate in online social networks; rather, they become even more important.

I hope that’s the takeaway from all this.

The research paper indicates that the Facebook data was provided to the researchers “in anonymized form by Adam D’Angelo of Facebook.” (D’Angelo was then Facebook’s CTO, and left Facebook in 2008.) Curious as to what precisely was included in the data release, and what steps towards anonymization were taken, I downloaded the data (200 MB zip file) on the morning of February 11.

The data files are separated by institution, and in total include, by my estimation, about 1.2 million user accounts. The content of each institution’s file is described as containing the following:

Each of the school .mat files has an A matrix (sparse) and a “local_info” variable, one row per node: ID, a student/faculty status flag, gender, major, second major/minor (if applicable), dorm/house, year, and high school.

Thus, the datasets include limited demographic information that was posted by users on their individual Facebook pages. The identity of users’ dorm and high schools were obscured by numerical identifiers, but to my surprise, the dataset included each user’s unique Facebook ID number. As a result, while user names and extended profile information were kept out of the data release, a simple query against Facebook’s databases would yield considerable identifiable information for each record. In short, the suggestion that the data has been “anonymized” is seriously flawed.

The consequences of this ease of re-identifying the dataset are numerous.

First, while only limited profile information is within the dataset, there is no indication that any consideration was given to users’ particular privacy settings. Based on the article, all user accounts from each of the 100 networks were provided to the researchers, and as long as the user provided the data to Facebook, it was turned over to the researchers. [Clarification: when I say "all user accounts" we provided, I do not mean full profile information was given to the researchers, just the particular data fields as described above]

Yet, in 2005, users had the ability to restrict access and visibility of their Facebook profile, their demographic data, and their lists of friends (much of this control was taken away in 2009). So, a user might have restricted access to certain information to only people within her network or just her friends, and Facebook’s own privacy policy at the time promised that: “No personal information that you submit to Facebook will be available to any user of the Web Site who does not belong to at least one of the groups specified by you in your privacy settings.” This data release, and the ease by which users could be identified and linked to their data, potentially negates actions taken by users to control access to the data within the files, and seemingly contradicts Facebook’s own privacy policy.

Second, even though the specific data exposure within the dataset is limited, the fact that users can be identified and linked to their in-network social map fosters additional threats to privacy. Previous research (here and here, for example) has shown how “anonymous” datasets can be largely re-identified when there is access to other large sets of data where the subjects are already known. The “Facebook 100″ data, with the Facebook IDs intact to guide identification of users, might be useful in similar efforts.

To recap, the suggestion that the “Facebook 100″ data has been “anonymized” is seriously flawed, and its release might be putting the information of 1.2 million Facebook users at risk.

Interestingly, a few hours after the initial release of the “Facebook 100″ dataset, the researchers Mason Porter announced they were pulling the data due to an unspecified “bug”. Later that evening, the data was again made available with a message indicating that the data files were now fixed.

Again, I was curious, so I downloaded and examined the new dataset. The only change I could see was that now the Facebook ID was removed entirely from the data files, and the order of the records in each file was randomized.

Thus, the “bug” must’ve been that the data was easily re-identifiable, and the “fix” was to take additional steps to anonymize the records. Somone joked on the announcement email list that the “bug” must have something to do with Facebook attorneys, but the Porter’s message re-releasing the data jokes that no lawyers were involved, and that they “really were fixing the data files!”

To me, however, the language used in these explanations was disingenuous. The data, as far as I could tell, had no bugs that prevented its usefulness for social network analysis. No, the problem with the data was that it contained each user’s unique Facebook ID, thus allowing easy identification. The researchers Porter should have been open and honest about why the data was pulled and what they did to correct the situation.

That said, there are still a number of open questions regarding this particular dataset:

To Facebook:

• What kind of internal processes, if any, did D’Angelo follow when releasing the data to these researchers? Was he authorized to do so?
• Was this kind of large data release routine? How many other similar releases have taken place?
• Does Facebook consider releasing this information, with Facebook IDs, in compliance with the privacy policy in effect in 2005? If so, how?

To the research team:

• Was the data received by Facebook already obscured with numerical identifiers replacing student majors, minors, and high schools, or did you add those?
  • UPDATE: I have received word from one of the researchers, Mason Porter, that the data sent to them by Facebook was indeed already obscured with numerical identifiers in the place of actual student major, minor, and high school information.
• Did your IRB review the data used for the research, and approve the subsequent data release?
• Was there any “bug” in the data, or was the attempt to gain greater anonymization of the data the sole reason to pull it from public access?

Obtaining answers to these questions can help us better understand the uniqueness of this situation, and to put better processes and protections in place to prevent similar data releases that falsely believe data is sufficiently anonymized and respecting of users’ privacy expectations.

I hope Facebook and the researchers are willing to engage in a discussion, and I’ll report back on any communication, as allowed.

UPDATE (Feb 15, 6:00pm): I have been in contact with one of the researchers, Mason Porter, who confirmed that the data sent to them by Facebook was indeed already obscured with numerical identifiers in the place of actual student major, minor, and high school information. I’ve inserted this reply into the question above. I have also made a few minor changes to the main text, clarifying that the email messages reporting the “bug” in the data came from Mason alone, and should not be attributed to the entire research team.

UPDATE 2 (Feb 15, 6:10pm): The link to the full, revised dataset (http://people.maths.ox.ac.uk/~porterm/data/facebook100.zip) is no longer active.

UDPATE 3 (Feb 16, 9am): Added a clarification that when I say “all user accounts” were provided to the researchers, I do not mean full profile information was given, just the particular data fields as described above.

UDPATE 4 (Feb 16, 11am): Mason Porter, one of the authors, has posted an explanatory note on his blog indicating that he’s been in contact with the Facebook Data Team, and per their request, “I have taken down the data, and I will be working with them to eventually post a version of the data set with which both they and I are happy.”

This year, I participated in three main events: a pre-conference workshop on “Ethics and Internet Research Commons:  Building a sustainable future”, a session on “Networking and Social Sites” where I presented a paper on “The Laws of Social Networking, or, How Facebook Feigns Privacy”, and a panel discussion titled “On the Philosophy of Facebook“. Details below…

:::

Ethics and Internet Research Commons:  Building a sustainable future

This pre-conference was organized primarily by Elizabeth Buchanan, and featured brief talks by Charles Ess, Alex Halavais, Annette Markham, Malin Svenningson, and myself. We presented case studies that revealed key ethical challenges and identified important components of ethical decision making for Internet researchers, including:

• How does cultural specificity define research ethics and regulation?
• What constitutes a public text online and in what ways can and should they be used in research?
• Why do we consider firewalls and passwords to be the “gold standard” for determining if something was meant to be kept public or private?
• How do researchers work towards the imperative of sharing data while adhering to human subjects regulations?
• What ethical guidelines should be applied to trace data?
• How do researchers handle “closeness” in ethnography in ethical ways?
• What oscillations take place when a researcher is first known as a member of a group and then as a researcher?
• How is “empirical imperialism” affecting research ethics?
• What are the virtues of deception?

An excellent summary of the entire day is over at the Internet Research Ethics project website, which includes links to my slides.

:::

The Laws of Social Networking, or, How Facebook Feigns Privacy

I participated on an excellent session titled “Networking and Social Sites”, which also featured Robert Bodle and Christian Thorsten Callisen.

Bodle’s presentation, “Opening the social media ecosystem: the tenuous nature of interoperability, crossposting, and sharing among dominant social media sites, services and devices”, explored the values, characteristics, and conditions of interoperability between Facebook and its third party developer ecosystem. He found that while Facebook’s APIs provide new ways to share and participate, they also provide Facebook a new means to achieve market dominance, as well as undermine privacy, data security, contextual integrity, user autonomy and freedom.

Callisen’s talk, “The Old Face of ‘New’ Social Networks: The Republic of Letters”, was a historical contextualization of the so-called digital revolution within the longer history of “the virtual”. He showed how the Republic of Letters was essentially a networked virtual community for the reciprocal sharing of information, complete with its own techniques for simulating co-presence, protocols for information transfer and interaction, and varying levels of transparency and encryption.

My presentation, “The Laws of Social Networking, or, How Facebook Feigns Privacy”, was an expanded thought piece inspired by this blog post, where I suggest three natural laws that thwart attempts to provide users of social networking sites sufficient means to control their information flows:

• The first law is somewhat obvious: Social networking sites are incentivized to promote the open and unfettered flow of mountains of personal information.
• The second law, perhaps more of a corollary, follows naturally from this: Providing users robust and easy-to-use tools to control their personal information flows is counter to this profit maximization motive.
• Thus, the third law: Provide users privacy controls only when you must, and position them as both a great a sacrifice, as well as something users probably shouldn’t bother with; make privacy hard.

To support this argument, I discuss various public comments by Facebook’s management team, and show how the laws become encoded within the design of Facebook’s architecture and recent privacy “upgrades”. I concluded that the existence of the laws of social networking create — and perpetuate — a great power imbalance where users lack robust privacy controls, leaving them with limited ability to manage their personal information flows.

The rough text of my remarks can be downloaded here, and my slides are available here.

As an aside: I found it amusing that the most tweeted comment from my talk was a completely off-the-cuff remark criticizing Facebook’s claim that users have control over their information simply due to the existence of privacy controls. I noted that all the controls to fly  a 747 are in the cockpit too, but that doesn’t mean anyone can fly a 747.

:::

On the Philosophy of Facebook

Recognizing that Facebook’s Mark Zuckerberg has built his social networking empire on the belief that “information wants to be shared“, a particular philosophy of information that directly impacts the values built into the design of Facebook, ranging from its user interface, privacy policies, terms of service, and method of governance, I organized a panel to explore the philosophy of Facebook and its broader implications for norms of privacy, identity, governance, sociability, and online life generally.

I was lucky to welcome the following speakers to IR.11 to discuss this important topic:

• Kate Raynes-Goldie, Curtin University of Technology, Australia
• Anthony Hoffmann, UW-Milwaukee, USA
• Korinna Patelis, Cyprus University of Technology, Cyprus
• Trebor Scholz, New School University, USA
• Dylan Wittkower, Coastal Carolina University, USA

Unfortunately, we only had 1 hour (!!) for the panel discussion, but it was a very good 60 minutes; one of the few times I’ve heard Marx, Hegel, Kant, Rawls, Deleuze and Guattari, etc discussed at length at AoIR. We concluded that perhaps an entire pre-conference on the topic is in order for IR.12 (in Seattle in 2011).

My contribution to the discussion will focus on how Web 2.0 tools, environments, and experiences are creating new conceptual gaps in our understanding of privacy, anonymity/identifiability, consent, and harm. My presentation is titled “Research Ethics in the 2.0 Era:Conceptual Gaps for Ethicists, Researchers, IRBs”, and relies heavily on my critique of the Tastes, Ties, and Time research project and subsequent data release (news coming soon about publication of this critique).

The slides are available below (updated with new version).

Complementing this new research area of mine, I had the privilege of participating in the first of a pair of one-day workshops intended to discuss challenges related to human subjects approval processes for to Internet-based research on children and learning. The workshop was organized by Alex Halavais, and Jason Schultz, as part of the larger MacArthur Foundation-funded project on Digital Media and Learning, and I was joined by these preeminent scholars and experts: Tom Boellstorff, Heather Horst, Montana Miller, Dan Perkel, Ivor Pritchard, and Laura Stark.

Details of that first meeting have been posted here, and summarized below:

We found that while there might be some fairly intractable issues, as there are for any established institution, some of the difficulties that IRBs and investigators encountered were a result of reinventing the wheel locally, and a general lack of transparency in the process of approving human subjects research. The elements required to make good decisions on planned research tend to be obscure and unevenly distributed across IRBs. From shared vocabularies between IRBs and investigators, to knowledge of social computing contexts, to a clear understanding of the regulations and empirical evidence of risk, many of the elements that delay the approval of protocols and frustrate researchers and IRBs could be addressed if the information necessary was more widely accessible and easily discoverable.

Rather than encouraging the creation of national or other centralized IRBs, more awareness and transparency would allow local solutions to be shared widely. Essentially, this is a problem of networked learning: how is it that investigators, IRB members, and administrators can come quickly to terms with the best practices in DML research?

We are meeting again in August to continue this conversation. If you have suggestions, or your own stories to tell, feel free to drop me a line or comment at the DML Central blog.

According to Warden, he exploited a flaw in Facebook’s architecture to access public profiles without needing to be signed in to a Facebook account, effectively avoiding being bound by Facebook’s Terms of Service preventing such automated harvesting of data. As a result, he amassed a database of names, fan pages, and lists of friends for 215 million public Facebook accounts.

Warden has already done some impressive analysis of this data at an aggregate level, and I know researchers would love to get their hands on it. And like the “Tastes, Ties, and Time” Facebook project, Warden wants to release the dataset to the academic community.

But also like the “Tastes, Ties, and Time” project, Warden would be wrong to do so.

First, similar to our discussion of the ethics of collecting public Twitter streams, just because these Facebook users made their profiles publicly available does not mean they are fair game for scraping for research purposes. Yes, I have limited profile information viewable to the public, and I’ve authorized Facebook to make that information available for search engines to crawl. But the purpose of this public availability is to help people — humans, not bots — find me. The presumption is that my public profile data will only be found and viewed if someone actually searches for “Michael Zimmer” on Facebook or a search engine. In reality, my profile is only “public” if a human being takes specific and conscious action to find me.

Warden’s actions, however, violate this implicit understanding for making profiles publicly searchable. Rather than trying to find me, Warden is systematically sought everyone, letting a script to the work of seeking and harvesting my data. There is no genuine desire to find me, to friend me, and so on. He’s just collecting data. His reasons might be honest and beneficial, but that’s not what’s at issue here. The point is whether the 215 million Facebook users who now have some of their information in Warden’s database contemplated such harvesting and aggregating when they built their profile and configured their privacy settings. They almost certainly didn’t, which brings into doubt whether this data has been collected with proper consent.

Second, Warden’s release of this dataset — even with the best of intentions — poses a serious privacy threat to the subjects in the dataset, their friends, and perhaps unknown others. Warden claims to be sensitive to the privacy of the subjects in the database, and in response he has removed the identifying URL’s's that are unique to each profile, but the dataset retains the subjects’ names (really!), locations, Fan page lists and partial Friends lists (I’m not sure what is meant by a “partial” list of friends).

So, obviously, individuals can be easily identified within the dataset. But that’s not the greatest threat with the release of this data. What is most dangerous is its potential use to help re-identify other datasets, ones that might contain much more sensitive or potentially damaging data. Recall the research that showed how trivial it was to re-identify the presumed “anonymized” Netflix database, or the ease in identifying individuals within social networks. These ease of re-identifying these datasets came from having ready access to other large sets of data where the subjects where already known. By overlaying social graphs and other intricate data-comparison methods, the “anonymous” datasets were quickly re-identified. (See Paul Ohm’s “Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization” for excellent coverage of these cases and discussion of consequences for law & policy).

Warden’s rich dataset of 210 million Facebook users, complete with their names, locations, and social graphs, is just the ammunition needed to fuel a new wave of re-identification of presumed anonymous datasets. It is impossible to predict who might use Warden’s dataset and to what ends, but this threat is real.

It turns out that Facebook has asked Warden to delay releasing this data to the academic community (I’m curious as to what kind of pressure — if any — they exerted to keep him from releasing this week as originally planned). We will need to keep a close eye to see if the data is actually released, in what form, and if any steps will be taken to control and track its usage.

UPDATE: Under a threat of a lawsuit from Facebook, Warden has destroyed the dataset.

I argued, however, that we cannot be so quick to presume the expectations of potential research subjects. Yes, setting one’s Twitter stream to public does mean that anyone can search for you, follow you, and view your activity. However, there is a reasonable expectation that one’s tweet stream will be “practically obscure” within the thousands (if not millions) of tweets similarly publicly viewable. Yes, the subject has consented to making her tweets visible to those who take the time and energy to seek her out, those who have a genuine interest to connect and view her activity through this social network.

But she did not automatically consent, I argue, to having her tweet stream systematically followed, harvested, archived, and mined by researchers (no matter the positive intent of such research). That is not what is expected when making a Twitter account public, and it is my opinion that researchers should seek consent prior to capturing and using this data.

A healthy debate on this issue followed, and continued in a separate thread on Facebook, which included the following varied positions & responses (edited and condensed):

1. “…if the account holder tweets to the general public, then it’d seem like there’s no expectation of privacy so no consent would be necessary.”
2. (me) “But isn’t my expectation that even though my tweets are public, they’re often lost in a sea of hundreds of tweets among my followers, and I never anticipated someone would archive, mine, and perform research on them?”
3. “If you’re comfortable with your anonymity being guaranteed only by virtue of your public tweets being hidden in plain sight among millions of others, then you’d have to realize that some determined person could follow just yours, archive them, and analyze them. I like my privacy, but I don’t worry about walking around a city or campus even though …”
4. “…depends on how data are being presented – e.g. in aggregate vs specific “quotes” that could easily be traced.”
5. “Many IRBs would say yes [consent is needed], or at least would require you to get a waiver–publicizing the extremes to which IRBs go…”
6. “…IRB application is required. You could request that Informed consent be waived with the argument that you are only analyzing tweets broadcast publicly, and that you de-identify your data to eliminate potential risk to the individual”
7. “I would say if it is for research and you are dealing only with publicly available documents, then no, you need no consent. you can run that by the irb and get a waiver, but in the end, you are dealing with publicly available documents… not people, subjects. If you are dealing with subjects and not documents, then you will need irb clearance.”
8. “Tweets are publications. I think it’s absurd to even consider IRB review for anything dealing with things people have published”
9. “The questions are: 1) Are you conducting research that is intended to be published; 2) Does your research involved human participants; 3) For these human participants, will you gather data through intervention or interaction with the individual; and/or will you gather identifiable private information about them. (45 CFR 46.102(f))
   If these 3 conditions are met, your research must be reviewed by IRB. They will work with you and determine whether or not informed consent is required. In your case, if you are NOT interacting with the individual publishing the tweets, and the tweets are broadcast and searchable as public records (that is, you don’t need access to their account to view tweets posted to a limited audience), then it won’t fall under the definition of research with human subjects.”
10. “If i download all of Michael’s published papers, blog posts, twitter posts and each one he publishes thereafter… are they the same? or different? I’d argue the same, just for different audiences.”
11. (me) “What if tomorrow, I decide to take my Tweet stream private. And I delete my blog posts. Does my affirmative action to purge my documents from the “live” web mean that you (researcher) need to treat that previously archived material differently?”
12. “If the individual changes their intent regarding release of data, then by IRB standards what might previously have been considered publicly available information, then becomes private information, and your collection would likely require BOTH IRB review AND informed consent, b/c the user now has an expectation that their information is protected.”
13. “Once tweeted, a birdsong is gone forever. No deleting or taking back what’s been broadcast to the world. If someone seeks privacy, they should seek another method of communication. If from the beginning, there was some kind of inherent expectation that tweets were private messages, then the situation might be different. But the whole idea of tweeting is to voluntarily publish or broadcast. It’s different from, say, e-mailing or IMing.”

What we see here are numerous, intelligent researchers not in complete agreement about wither consent is necessary, about whether one’s tweets are “publications” not needing IRB review, or whether Twitter-based research is dealing with “human subjects” that does require strict scrutiny. There’s also some question about how to deal with the fact that users might make information private after an initial release, something our current forms of communication allow more than in the past.

What do you think? If readers have had experience with related research ethics issues, and how their IRB dealt with is, please email me or leave a comment.

Aside: Interestingly, Adam Fish, who I’ve friended on Facebook, saw that discussion and wanted to repost the thread on his blog. Respectful of the delicate nature of re-posting other conversations and moving them from the controlled environs of Facebook to a public blog, he contacted me to ask permission. He didn’t, apparently, contact each of the commenters to ask for their permission. I felt it necessary to get consent from everyone in that thread before authorizing its re-posting. When I asked each of them, all agreed (with some edits), and some took the position that the Facebook conversation was de facto public, even though technically only a certain set of users (friends of the participants) could in reality see the thread.

[image from TPorter2006]

This is my first time at CSCW, and looking at the set of papers for this workshop, it should be an excellent experience. I’ve submitted a brief analysis of the “Tastes, Ties, and Time” Facebook dataset release (my larger paper is going through its final edits for publication). You can download the short analysis here: Subject Privacy and the Release of the “Tastes, Ties, and Time” Dataset.

The organizers also asked me to provide some brief comments on the ethical issues related to archiving and releasing research data. I’ve created a few slides with some provocations that will hopefully spark some discussion on these matters. You can view these slides here:
Zimmer CSCW 2010