Special Series on Internet Research Challenges: ‘Virtual’ human subjects need just as much privacy as conventional subjects
Virtual’ human subjects need just as much privacy as conventional subjects
|
(This month IRB Advisor presents the first in a series on Internet research and the unique challenge it poses to IRBs when they seek optimal privacy and ethical protection for their human subjects. In this issue, we explore some of the ways Internet research can harm human subject privacy and how to anticipate and prevent such problems, as well as a short story on questions to ask Internet researchers. The February issue of IRB Advisor will feature a story about how to handle privacy and other issues that may arise during subject recruitment that involves Internet communication and research. We also will include a task force report summary on the ethical and legal aspects of cyberspace human subjects research.)
As researchers increasingly use the Internet to contact subjects, investigate public forums, and conduct surveys, IRB administrators need to learn more about how new information technology (IT) can provide greater confidentiality challenges, as well as benefits.
Internet research is growing more common because the technology makes it an easy and convenient way to conduct research, says Michael Gallo, PhD, an associate professor at the Florida Institute of Technology in Melbourne. "In an era of budget crunches, it’s a lot easier to acquire a sample of subjects and conduct research in a virtual environment than in a physical environment," Gallo says.
It’s also easy for researchers to become cavalier about their use of the Internet as a research tool, so it’s important for IRBs to be aware of the privacy and other risks that are inherent in that form of human subject study. "Many IRB members are not aware of the power of the technology in terms of violating people’s privacy," Gallo says. "They are not aware that every time, regardless of what machine you’re using, there is a link that can be established to that machine and there’s an audit trail in electronic logs that someone is providing."
While privacy and confidentiality has become crucial in all research, this is especially true with Internet research, says Mary Barnhart, CIM, an IRB coordinator at the Oakwood Healthcare System in Dearborn, MI. Internet communication and cyberspace research are complex issues that raise questions involving informed consent, autonomy, and fairness, Barnhart says. (See "For your consideration: Internet research issues" in this issue.)
Other Internet issues that IRBs need to consider include:
- monitoring on-line chat rooms for observational studies;
- conducting Internet surveys; protecting e-mail addresses, pseudonyms, and other identifiers;
- identifying the ages of subjects when they are contacted on-line.
Some organizations are addressing the issue through guidelines that pertain to Internet research, says Amy Bruckman, PhD, an assistant professor in the college of computing at Georgia Institute of Technology in Atlanta. Bruckman participated in the 1999 Washington, DC-based American Association for the Advancement of Science (AAAS) workshop also located in Washington, DC, which produced a paper, "Ethical and Legal Aspects of Human Subjects Research on the Internet."
Bruckman also is involved with a working group developed by the American Psychological Association in Washington, DC, and a task force of the Association of Internet Researchers, both of which have plans to develop guidelines on conducting Internet research. "The rules developed for traditional media do not clearly translate into this new medium," Bruckman says. "There are a million situations where it’s unclear whether or not it’s OK to do this activity."
For example, there is the issue of data mining in which billions of data are available and stored, says Gallo, who also was involved with the AAAS workshop. "People have no idea that some of their responses are stored in these data warehouses," Gallo adds.
Another concern involves spamming, which is when someone obtains email addresses of various individuals without seeking their permission, says Mick Couper, PhD, senior associate research scientist at the Institute for Social Research at the University of Michigan in Ann Arbor.
One of the most common concerns IRBs might encounter has to do with how to make Internet survey research anonymous, says Andrew Cockburn, PhD, director of Institutional Research Compli-ance/Biological Safety at West Virginia University in Morgantown.
Here are a few suggestions and strategies that IRBs may follow to begin dealing with the issue of Internet research and confidentiality:
• Seek advice from IT department/consultants.
When possible, IRBs should include members of a virtual community that is being studied in their review process, Barnhart suggests. Also, the IRB members should be familiar with Internet research methods, Barnhart adds.
IRBs often lack technical experts among members, so it’s a good idea for the board to meet with IT staff or consultants to discuss concerns about Internet research, Gallo says. These experts can advise members of the potential pitfalls and compromises to research data that can occur through technology, he adds. "I’m a big fan of collaboration, and if IRBs and [IT] systems people have at least one meeting a year, they can discuss what new technology has to offer and what can be done to ensure confidentiality," Gallo explains.
When meeting with IT experts, IRB members could ask:
- What are some of the ways that confidentiality can be breached when an investigator conducts Internet research?
- What are some of the ways that confidentiality is better protected during Internet research?
- How can we ensure our data will not be compromised in any manner?
- What technology, hardware, or software do you have in place to mitigate problems we foresee happening?
- What funds do you have available to get the technology we need?
- Who is going to get the technology and how will we pay for it?
What about chat?
• Discuss ethical considerations of Internet chat room research.
Chat room observations for research purposes is a contentious issue that may never be fully resolved. "You can walk into a chat room and record what is going on," Bruckman says. "Do you need to notify people as to what you are doing, and can you interact with people while you’re doing it?" Finding subjects is a sensitive issue among Internet researchers and IRBs, and IRB members may need to collect specific details from researchers about their recruitment process before deciding on a research proposal, the experts suggest.
Under the usual human subjects rules, observation in a public place is permissible as long as subjects are not identifiable and the place is public, Bruckman notes. "Therefore, because it’s public, people have no reasonable expectation of privacy; I can sit in a student cafeteria and count how many people drink sodas," she explains. "But is a chat room a public place or an ephemeral communications medium, and do people have reasonable expectation that it’s not archived without their consent?"
But suppose an investigator desires to observe and record a chat room devoted to discussions of being infected with HIV. These participants might be alarmed to discover their conversations are being monitored and archived. To ban all chat room observation without first obtaining consent might be too restrictive because some chat room observation might be as simple as counting the number of people who enter the chat room discussion, Bruckman adds. "Ultimately, IRBs will have to decide cases of chat room research on a case-by-case basis," she says.
• Make certain facility computer systems have firewalls and other protections.
"Any time you’re dealing with the Internet, it’s not anonymous," Cockburn says. "But there are ways of getting around this problem." Suppose a researcher is conducting Internet surveys in which participants send email messages back to the researcher’s computer, which is routed through a computing center. Normally, the e-mail address would be available to both the researcher and anyone who has access to the computing center’s data. However, there is technology available that would strip the e-mail address off the message as soon as it arrives, and then the software simply would route the response to the researcher, Cockburn says.
"This provides a great deal of protection, but it doesn’t mean that someone couldn’t intercept the message before it got to the computer center," Cockburn notes. However, it does ensure the researcher will not receive the e-mail addresses and that no one else at the facility will handle the information, Cockburn adds.
Researchers and others collecting data on a computer about human subjects need to make certain it is protected from viruses and unintended access, Gallo says. "If you keep all data on an electronic form that is attached to a machine, and you’re on a broadband projection and don’t have a personal firewall and your machine is compromised, all that data becomes available," Gallo explains. Typically, IT departments in universities and large institutions have backup access to data that are collected on a web server, so firewall protection will need to be set up there as well, Gallo says.
Then there are some protections that cannot be assured to participants who use the Internet to submit or collect data because everyone connected to the Internet is connected through an Internet service provider, and some providers do not have tight, secure systems, Gallo says. For example, there occasionally are breaches in security where a web-based retail store has its credit data stolen by an outside Internet hacker.
Since these sorts of risks are minimal, but still possible, IRBs might want to require Internet researchers to use informed consents that discuss the research institution’s firewall protection, but that also mention possible breaches of security that are outside the control of the researcher. "The onus is on the researcher to understand what those issues are and how they should be applied in any study," Gallo says.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.