ACN - 101321555 Australasian Human Research Ethics Consultancy Services Pty Ltd (AHRECS)
Generic filters
Exact text matches only
Search into
Filter by Categories
Research integrity
Filter by Categories
Human Research Ethics

Resource Library

Research Ethics MonthlyAbout Us

ResourcesRespect for persons

Australasian Human Research Ethics Consultancy Services Pty Ltd (AHRECS)

Data retention scheme is being abused exactly as critics predicted | Crikey (Bernard Keane | February 2020)0

Posted by Admin in on April 30, 2020

A review of the Abbott government’s data retention scheme has shown it is being widely abused by scores of bodies around the country.

A review of the mass surveillance scheme established by the Abbott government six years ago has revealed how it is being widely abused in ways voters were assured would never happen.

Not human research ethics per se, but the privacy, consent and ‘respect for persons’ issues in Australia were serious enough we felt the item important enough to include in the Resource Library, especially in the context of the COVID-19 app.

The government’s data retention regime, which compels communications providers to retain personal information on service use by customers for two years, is currently the subject of a statutory review by the Parliamentary Joint Committee on Intelligence and Security.

When the Abbott government introduced the scheme in 2014, it assured Australians that the unprecedented level of surveillance of their communications metadata — which can be used to construct a detailed portrait of an individual’s life beyond that provided by any content they may use — would be subject to strict controls.

Its use would be limited to serious offences and a small number of security agencies — just 22 across the state and federal governments.

Those commitments have turned out to be false.


Read the rest of this discussion piece
Login required

(US) Sexual misconduct legal battle raises questions about microbe researcher’s work – Science (Gretchen Vogel | February 2020)0

Posted by Admin in on April 22, 2020

A researcher famed for his work on the microbiomes of hunter-gatherers has been accused by several women of sexual assault, according to U.S. court documents. Jeff Leach, a resident of Terlingua, Texas, co-founded a major open-source, crowdfunded project on the microbiome and is the co-author of multiple papers on gut microbes, including one in Science. In the publicity resulting from the allegations, other questions have emerged about Leach’s academic qualifications and his behavior in the field.

The sexual assault accusations came to light as a result of a defamation suit Leach filed in September 2019. In July 2019, Katy Schwartz, who worked at the Terlingua tourist lodge that Leach runs, filed a police report alleging that he had sexually assaulted her. Schwartz did not press charges, but asserts in court documents that she wanted her experience documented because she feared Leach could be a danger to others.

In the wake of the lawsuit against Schwartz, three other local women filed affidavits. One alleged that Leach had assaulted her, putting his hand up her shorts “without any warning.” A second alleged that he raped her in a “violent assault” for which “there was no consent.” A third affidavit alleged that Leach sexually assaulted a woman, became violent during an argument, and threatened her with litigation.

Read the rest of this discussion piece

(US) Female scientists allege discrimination, neglect of research on women at NIH’s child health institute – Science (Meredith Wadman | April 2020)0

Posted by Admin in on April 17, 2020

In November 2014, nine senior female scientists at the National Institute of Child Health and Human Development (NICHD) requested a meeting with their director. Their concern: that the careers of women at the institute’s Division of Intramural Research (DIR) were being stymied by its powerful scientific director, Constantine Stratakis. They complained that the number of tenured and tenure-track female scientists in the then–$177 million division was at a historic low, and they said women were starkly lacking among its leaders. They wanted more women recruited and better retention of female talent.

After the meeting, then-NICHD Director Alan Guttmacher wrote in an email forwarded to the women: “There is wide agreement that we have a serious problem.” He added that he looked forward to “action … which actually makes a difference.”

But today, fewer female scientists run labs in DIR than in 2014, when one in four lab leaders was a woman. In 2011, the year Stratakis became permanent scientific director, 27% of DIR labs were run by women, compared with 23% today. At leading children’s research hospitals canvassed by Science, comparable percentages range from 30% to 47% (see table).

Read the rest of this discussion piece

1.2 Billion Records Found Exposed Online in a Single Server – Wired (Lily Hay Newman | November 2019)0

Posted by Admin in on April 7, 2020

Here’s the next jumbo data leak, complete with Facebook, Twitter, and LinkedIn profiles.

FOR WELL OVER a decade, identity thieves, phishers, and other online scammers have created a black market of stolen and aggregated consumer data that they used to break into people’s accounts, steal their money, or impersonate them. In October, dark web researcher Vinny Troia found one such trove sitting exposed and easily accessible on an unsecured server, comprising 4 terabytes of personal information—about 1.2 billion records in all.

Does your institution have a policy/guidance document on hacked or scraped data?  If not it should.  While the data may be existing and online somewhere, it’s “fruit of a poison tree” in that it was obtained without consent, probably in contravention of a platform’s policies and there is a good chance at least one law has been broken.  At the very least an HREC would need to consider whether a waiver of the consent requirement can be approved.  It would appear to be a very serious source of risk exposure for an institution and a member of the institution’s executive should sign off on the project.

While the collection is impressive for its sheer volume, the data doesn’t include sensitive information like passwords, credit card numbers, or Social Security numbers. It does, though, contain profiles of hundreds of millions of people that include home and cell phone numbers, associated social media profiles like Facebook, Twitter, LinkedIn, and Github, work histories seemingly scraped from LinkedIn, almost 50 million unique phone numbers, and 622 million unique email addresses.

“It’s bad that someone had this whole thing wide open,” Troia says. “This is the first time I’ve seen all these social media profiles collected and merged with user profile information into a single database on this scale. From the perspective of an attacker, if the goal is to impersonate people or hijack their accounts, you have names, phone numbers, and associated account URLs. That’s a lot of information in one place to get you started.”

“What stands out about this incident is the sheer volume of data that’s been collected.”

Troia found the server while looking for exposures with fellow security researcher Bob Diachenko on the web scanning services BinaryEdge and Shodan. The IP address for the server simply traced to Google Cloud Services, so Troia doesn’t know who amassed the data stored there. He also has no way of knowing if anyone else found and downloaded the data before he did, but notes that the server was easy to find and access. WIRED checked six people’s personal email addresses against the data set; four were there and returned accurate profiles. Troia reported the exposure to contacts at the Federal Bureau of Investigation. Within a few hours, he says, someone pulled the server and the exposed data offline. The FBI declined to comment for this story.


Read the rest of this discussion piece