Ethics of Using Hacked Data & Guidelines for Networked Systems Ethics

Ethics_of_hacked_data_use
Two items about research ethics today to balance out the many policy issues that we’ve been featuring on this blog recently.

The first items is an interesting case study by Nathaniel Poor and Roei Davidson about the ethics of using hacked data that feature on the Council for Big Data, Ethics, and Society blog.

The second items, is a recently published set of guidelines for Networked Systems Ethics that was published online by Ben Zevenbergen with input from host of people who participated at various ethics workshops organized by Ben.

Case Study: The Ethics of Using Hacked Data: Patreon’s Data Hack and Academic Data Standards

In this case study Nathaniel and Roei address a somewhat different type of consent related ethics issue than what we usually focus on at CaSMa. The relevance of exploring how to deal with data that was made public through hacking is of course quite obvious when one considers the high level of popular attention and political impact of the Panama Papers, and before them the Snowden leaks. Compared to those cases, the case study discussed in the paper is much more mundane, but as therefore more applicable to situations most of us might face. In the Nathaniel and Roei case hackers had broken into the system of Parteon, the crowdfunding site that Nathaniel and Roei happened to be doing research on, and posted a full data dump of the Patreon site online.

This is how they describe their initial reaction:”This was such a gift! Except, initially, we disagreed about whether it was appropriate to use it. The method the data was gathered under was not legal under US law, and included information meant be private. Nevertheless, some of the data, before the hack, was already public, and this was the data we were interested in. One of us felt that the data was now public, like a newspaper archive, and we could safely use it. The other pointed out that there were multiple ethical criteria that using the data would not meet.”

The rest of the paper discusses various cases from the literature regarding the use of hacked or leaked data by scientist or journalists. leading them to list  several arguments for and against the use of such data:

Arguments in Favor of Use
1. Data is public, like a newspaper.
2. We hope to serve the public good via our work.
3. This is the data we want, but we can’t get it via other methods.

Arguments Against Use
1. Researchers have a limited capability to distinguish between public and private information within the hacked data.
2. May see private data when cleaning the data.
3. Perhaps legitimizing criminal activity.
4. Violating users’ expectation of privacy.
5. Using people’s data without consent.
6. We want this data, but we don’t need it. Other data can be ethically collected and used.

Based on these arguments Nathaniel and Roei ultimately decided against using the data copied and released by the Patreon hackers.

Anyone interested in, or facing, the issue of deciding if it would be ethical to use data that was made available by hacking is strongly encouraged to read the original article linked below.

Case Study: The Ethics of Using Hacked Data: Patreon’s Data Hack and Academic Data Standards

Networked System Ethics

The Networked System Ethics guidelines “aim to underpin a meaningful cross-disciplinary conversation between gatekeepers of ethics standards and researchers about the ethical and social impact of technical Internet research projects.” At this hart of this is “the iterative reflexivity methodology [that] guides stakeholders to identify and minimize risks and other burdens, which must be mitigated to the largest extent possible by adjusting the design of the project before data collection takes place. The aim is thus to improve the ethical considerations of individual projects, but also to streamline the proceedings of ethical discussions in Internet research generally.”

In many respects, these guidelines can be viewed as providing not only guidance for evaluating the ethics of individual research projects but as a guide to evaluating larger research proposal with an eye towards Responsible Research and Innovation (RRI).

Despite the fact that “[t]he primary audience for these guidelines are technical researchers (e.g. computer science, network engineering, as well as social science) and gatekeepers of ethics standards at institutions, academic journals, conferences, and funding agencies.”  It would be beneficial if “these guidelines [do get used] beyond academic research in civil society, product development, or otherwise”, including politicians involved in the design and evaluation of complex legislature such as the Investigatory Powers Bill.

This guideline was “edited by Ben Zevenbergen at the Oxford Internet Institute as part of an Open Technology Fund Fellowship, with the help, input, support, and guidance of many, many amazing people.”

Go on, leave us a reply!