This paper explores the growing concerns with computer science research, and in particular, computer security research and its relationship with the committees that review human subjects research. It offers cases that review boards are likely to confront, and provides a context for appropriate consideration of such research, as issues of bots, clouds, and worms enter the discourse of human subjects review.
AlbrechtV. (2009). Avatars and other cyber-folk: Are they human subjects? CUNY Institutional Research Board Annual Conference, New York.
2.
AldrigeJ.MedinaJ., & RalphsR. (2009). The problem of proliferation: Guidelines for improving the security of qualitative data in a digital age. Research Ethics Review, 6(1), 3–9.
Association for Computing Machinery. (1998). The 1998 ACM Computing Classification System. Retrieved from http://www.acm.org/about/class/1998.
5.
AycockJ.BuchananE.DexterS., & DittrichD. (2011). Human subjects, agents, or bots: Current issues in ethics and computer security research. In Proceedings from 2nd workshop on ethics in computer security research, St. Lucia, February 28-March 4, 2011. Lecture Notes in Computer Science. New York: Springer.
AycockJ. & SullinsJ. (2010). Ethical proactive threat research. In Proceedings from Workshop on Ethics in Computer Security Research (LNCS 6054) (pp. 231–239). New York: Springer.
BrothersK. & ClaytonE. W. (2010). “Human non-subjects research”: Privacy and compliance. The American Journal of Bioethics, 10(9), 15–17.
10.
BuchananE. (2010). Internet research ethics: Past, present, future. In EssC. and ConsalvoM. (Eds.), The Handbook of Internet Studies (pp. 82–108). Oxford: Blackwell.
11.
BuchananE. (forthcoming). E-research and e-planning: Emerging considerations for transformative research. International Journal of E-Planning Research1(1).
12.
BuchananE. & EssC. (2009). Internet research ethics and the institutional review board: Current practices and issues. ACM SIGCAS Computers and Society, 39(3), 43–49.
13.
BuchananE.GallantD.OdwaznyL. & MillerM. (2011). Internet research ethics. PRIM&R Annual Conference Presentation. San Diego, CA.
14.
BuchananE. & HvizdakE. (2009). Online survey tools: Ethical and methodological concerns of human research ethics committees. Journal of Empirical Research on Human Research Ethics, 4(2), 37–48.
15.
Canadian Institutes of Health Research (CIHR), Natural Sciences and Engineering Research Council of Canada, Social Sciences and Humanities Research Council of Canada. (1998). Tri-Council policy statement: Ethical conduct for research involving humans. Retrieved from http://pre.ethics.gc.ca/eng/archives/tcps-eptc/Default.
16.
Canadian Institutes of Health Research (CIHR), Natural Sciences and Engineering Research Council of Canada, and Social Sciences and Humanities Research Council of Canada. (2010). Tri-Council policy statement: Ethical conduct for research involving humans. Retrieved from http://pre.ethics.gc.ca/eng/policy-politique/initiatives/tcps2-eptc2/Default/.
17.
ChowR.GolleP.JakobssonM.ShiE.StaddonJ.MasuokaR., & MolinaJ. (2009). Controlling data in the cloud: Outsourcing computation without outsourcing control. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security (pp. 85–90). New York: Association for Computing Machinery.
18.
DenningP.CornerD.GriesD.MulderM.TuckerA.TurnerA., & YoungP. (1989). Computing as a discipline. Communications of the Association for Computing Machinery, 32(1), 9–23.
19.
DiasK. (2003). The ana sanctuary: Women's pro-anorexia narratives in cyberspace. Journal of International Women's Studies, 4(2), 31–45.
20.
DittrichD.BaileyM., & DietrichS. (2009). Have we crossed the line? The growing ethical debate in modern computer security research (Stevens CS Technical Report 2009-1). Hoboken, NJ: Stevens Institute of Technology. Retrieved from http://staff.washington.edu/dittrich/papers/dbd2009tr1/.
21.
DittrichD.BaileyM., & DietrichS. (2011). Building an active computer security ethics community. IEEE Security and Privacy, 9(3), 1–9.
European Commission, Directorate of General Justice. (2010). European Union Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Retrieved from http://ec.europa.eu/justice_home/fsj/privacy/law/index_en.htm.
24.
European Commission, Directorate of General Justice. (2010). European Union Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC. Retrieved from http://ec.europa.eu/justice_home/fsj/privacy/law/index_en.htm.
25.
FinnP. & JakobssonM. (2007). Designing ethical phishing experiments. IEEE Technology and Society Magazine, 26(1), 46–58.
26.
FloridiL. (2004). On the morality of artificial agents. Minds and Machines, 14(3), 349–379.
27.
FloridiL. (2010). Information: A very short introduction. New York: Oxford University Press.
GarfinkelS. (2008). IRBs and security research: Myths, facts and mission creep. In UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security. Berkeley, CA: USENIX Association.
30.
GotterbarnD.MillerK., & RogersonS. (1999). Software engineering code of ethics is approved. Communications of the Association for Computing Machinery, 42(10), 102–107.
31.
HallT. & FlynnV. (2001). Ethical issues in software engineering research: A survey of current practice. Empirical Software Engineering: An International Journal, 6(4), 305–317.
JaegerP. T.LinJ., & GrimesJ. M. (2008). Cloud computing and information policy: Computing in a policy cloud?Journal of Information Technology & Politics, 5(3), 269–283.
34.
JakobssonM.FinnP., & JohnsonN. (2008). Why and how to perform fraud experiments. IEEE Security & Privacy, 6(2), 66–68.
KenneallyE.BaileyM., & MaughanD. (2010). A framework for understanding and applying ethical principles in network and security research. In SionR.CurtmolaR.DietrichS.KiayiasA.MiretJ. M.SakoK., & SebéF. (Eds.), Financial Cryptography and Data Security (pp. 240–246). New York: Springer.
37.
KriegerN.ChenJ.WatermanP.RehkopfD., & SubramanianS. V. (2005). Painting a truer picture of U.S. socioeconomic and racial/ethnic health inequalities: The Public Health Disparities Geocoding Project. American Journal of Public Health, 95(2), 312–323.
38.
LethbridgeT. C. (2001). Mixing software engineering research and development: What needs ethical review and does not?Empirical Software Engineering: An International Journal, 6(4), 319–321.
39.
LungJ.ArandaJ.EasterbrookS., & WilsonG. (2008). On the difficulty of replicating human subjects studies in software engineering. In Proceedings of the 30th International Conference on Software Engineering (ICSE'08), Leipzig, Germany, May 10–18, 2008. New York: Association for Computing Machinery. Retrieved from http://www.cs.toronto.edu/∼sme/papers/2008/Lung-ICSE2008.pdf.
40.
MaesP. (1995). Artificial life meets entertainment: Life like autonomous agents. Communications of the Association for Computing Machinery, 38(11), 108–114.
41.
MarkhamA. & BuchananE. (forthcoming). The distance principle and Internet research ethics “subjects.”International Journal of Internet Research Ethics.
42.
Moløkken-ØstvoldK. (2005). Ethical concerns when increasing realism in controlled experiments with industrial participants. In Proceedings of the 38th Annual Hawaii International Conference on System Sciences, 2005 (pp. 1–10). New Brunswick, NJ: IEEE Publications.
43.
MyersA. (2010). Fieldwork in the age of digital reproduction: A review of the potentials and limitations of Google Earth for archaeologists. SAA Archaeological Record, 10(4), 7–11.
44.
National Institute of Standards and Technology. (2010). NIST cloud computing program. Retrieved from http://www.nist.gov/itl/cloud/.
45.
PearsonS. (2009). Taking account of privacy when designing cloud computing services. Cloud '09: Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing (pp. 44–52). New Brunswick, NJ: IEEE Publications.
46.
RossL.LoupA.NelsonR.BotkinJ.KostR.SmithG., & GehlertS. (2010). Human subjects protections in community-engaged research: A research ethics framework. Journal of Empirical Research on Human Research Ethics, 5(1), 5–17.
47.
ShoreN.DrewE.BrazauskasR., & SeiferS. D. (2011). Relationships between community-based processes for research ethics review and institution-based IRBs: A national study. Journal of Empirical Research on Human Research Ethics, 6(2), 13–21.
48.
SingerJ. & VinsonN. (2001). Why and how research ethics matters to you. Yes, you!Empirical Software Engineering: An International Journal, 6(4), 287–290.
49.
SmithR. M. (2003). Web counter in the new Swen/Gibe.F worm. Message posted to BugTraq mailing list, September 18.
50.
SweeneyL. (2003). Navigating computer science research through waves of privacy concerns: Discussions among computer scientists at Carnegie Mellon University. In Tech Report, CMU CS 03-165, CMU-ISRI-03-102. Pittsburgh: Carnegie Mellon University.
51.
TavaniH. (2011). Ethics and technology: Controversies, questions, and strategies in ethical computing. Boston: John Wiley.
52.
WrightD. R. (2006). Research ethics and computer science: An unconsummated marriage. SIGDOC '06: Proceedings of the 24th Annual ACM International Conference on Design of Communication. New York: Association for Computing Machinery. Retrieved from www4.ncsu.edu/∼drwrigh3/docs/pubs/sigdoc06a.pdf.
