ACN - 101321555 Australasian Human Research Ethics Consultancy Services Pty Ltd (AHRECS)
Search
Generic filters
Exact text matches only
Search into
Filter by Categories
Research integrity
Filter by Categories
Human Research Ethics

Resource Library

Research Ethics MonthlyAbout Us

ResourcesConsent

Australasian Human Research Ethics Consultancy Services Pty Ltd (AHRECS)

Data retention scheme is being abused exactly as critics predicted | Crikey (Bernard Keane | February 2020)0

Posted by Admin in on April 30, 2020
 

A review of the Abbott government’s data retention scheme has shown it is being widely abused by scores of bodies around the country.

A review of the mass surveillance scheme established by the Abbott government six years ago has revealed how it is being widely abused in ways voters were assured would never happen.

Not human research ethics per se, but the privacy, consent and ‘respect for persons’ issues in Australia were serious enough we felt the item important enough to include in the Resource Library, especially in the context of the COVID-19 app.

The government’s data retention regime, which compels communications providers to retain personal information on service use by customers for two years, is currently the subject of a statutory review by the Parliamentary Joint Committee on Intelligence and Security.
.

When the Abbott government introduced the scheme in 2014, it assured Australians that the unprecedented level of surveillance of their communications metadata — which can be used to construct a detailed portrait of an individual’s life beyond that provided by any content they may use — would be subject to strict controls.
.

Its use would be limited to serious offences and a small number of security agencies — just 22 across the state and federal governments.
.

Those commitments have turned out to be false.
.

.

Read the rest of this discussion piece
Login required

Reconsidering Dynamic Consent in Biobanking: Ethical and Political Consequences of Transforming Research Participants Into ICT Users (Papers: Alexandra Soulier | June 2019)0

Posted by Admin in on April 13, 2020
 

Abstract:
Biobanks are not new. However, the scope of their application is growing, especially in genomics. Biobanks are also currently being reorganized to enable more genomic samples to be made available for different types of studies. Some future uses of the biobanks cannot be anticipated.

Soulier, A. (2019) Reconsidering Dynamic Consent in Biobanking: Ethical and Political Consequences of Transforming Research Participants Into ICT Users. IEEE Technology and Society Magazine, 38(2) 62-70, June 2019.
https://ieeexplore.ieee.org/document/8733941

1.2 Billion Records Found Exposed Online in a Single Server – Wired (Lily Hay Newman | November 2019)0

Posted by Admin in on April 7, 2020
 

Here’s the next jumbo data leak, complete with Facebook, Twitter, and LinkedIn profiles.

FOR WELL OVER a decade, identity thieves, phishers, and other online scammers have created a black market of stolen and aggregated consumer data that they used to break into people’s accounts, steal their money, or impersonate them. In October, dark web researcher Vinny Troia found one such trove sitting exposed and easily accessible on an unsecured server, comprising 4 terabytes of personal information—about 1.2 billion records in all.

Does your institution have a policy/guidance document on hacked or scraped data?  If not it should.  While the data may be existing and online somewhere, it’s “fruit of a poison tree” in that it was obtained without consent, probably in contravention of a platform’s policies and there is a good chance at least one law has been broken.  At the very least an HREC would need to consider whether a waiver of the consent requirement can be approved.  It would appear to be a very serious source of risk exposure for an institution and a member of the institution’s executive should sign off on the project.

While the collection is impressive for its sheer volume, the data doesn’t include sensitive information like passwords, credit card numbers, or Social Security numbers. It does, though, contain profiles of hundreds of millions of people that include home and cell phone numbers, associated social media profiles like Facebook, Twitter, LinkedIn, and Github, work histories seemingly scraped from LinkedIn, almost 50 million unique phone numbers, and 622 million unique email addresses.
.

“It’s bad that someone had this whole thing wide open,” Troia says. “This is the first time I’ve seen all these social media profiles collected and merged with user profile information into a single database on this scale. From the perspective of an attacker, if the goal is to impersonate people or hijack their accounts, you have names, phone numbers, and associated account URLs. That’s a lot of information in one place to get you started.”
.

“What stands out about this incident is the sheer volume of data that’s been collected.”
TROY HUNT, HAVEIBEENPWNED
.

Troia found the server while looking for exposures with fellow security researcher Bob Diachenko on the web scanning services BinaryEdge and Shodan. The IP address for the server simply traced to Google Cloud Services, so Troia doesn’t know who amassed the data stored there. He also has no way of knowing if anyone else found and downloaded the data before he did, but notes that the server was easy to find and access. WIRED checked six people’s personal email addresses against the data set; four were there and returned accurate profiles. Troia reported the exposure to contacts at the Federal Bureau of Investigation. Within a few hours, he says, someone pulled the server and the exposed data offline. The FBI declined to comment for this story.

.

Read the rest of this discussion piece

Friday afternoon’s funny – Consent: Location, location, location0

Posted by Admin in on April 3, 2020
 

Cartoon by Don Mayne www.researchcartoons.com
Full-size image for printing (right mouse click and save file)

Like location is an important consideration (some might say a primary consideration) in real estate, it is fundamental to the ethical design of consent processes.

0