On Wed, 2021-12-15 at 08:53 -0700, Grant Taylor via mailop wrote: > I feel like the student and the > professor / powers that be which approved this study should be clued > into the costs of the research on the rest of the world.
+1 https://dof.princeton.edu/policies-procedure/policies/research-misconduct If enough mailops, preferably representing large corporate names that donate money to Princeton (hint), are interested to co-operate and ultimately co-sign a letter to Princeton's along the following lines, I volunteer to circulate and update a draft until there is a reasonable mass of signatories / consensus; and to send it on law office letterhead to the responsible dean at: Office of the Dean of the Faculty Princeton University 9 Nassau Hall, Princeton, NJ 08544-5264 Phone: 609-258-3020 Fax: 609-258-2168 Email: d...@princeton.edu IMHO this is an important issue that transcends this individual spamming instance. The student's dandy attitude did not originate in a vacuum and while some universities such as Harvard and Stanford are at the forefront of addressing the (lack of) ethics in IT [1], it is obvious that others still need some prodding. The design does not come near to the complexity of real IT ethics questions such as who should a self driving car sacrifice in case of an inevitable collision with predictable casualties. The ethical questions raised are of the traditional kind: how does the researcher interact with the subject of their research. This researcher and his supervisors have failed completely, in a way that shines a negative light on Princeton and should not go unpunished. It is generally uncontroversial that co-opting subjects into academic research is unethical. Where persons capable of consent are the intended subject of academic research, it is accepted practice to obtain informed consent before enrolling them into the research. In this case, consent was not obtained at all and information was intentionally falsified, obfuscated, and withheld. * The opt-out is only offered after the involuntary enrollment has occured, and on a difficult to find, seemingly unrelated site [2]. * The researcher has knowingly obfuscated the identity of the sender, used false or stolen identities and bogus domains. * No meaningful information about the research was provided to the unwitting subjects before, during, or after the involuntary enrollment. * The information available when trying to investigate, from "official source" [2] as well as from the affected community [3] is incomplete at best. * Apparently the researcher has been made aware and has not done anything but further obfuscating between April [3] and December. In my view, co-opting websites and email addresses through harvesting and spamming is equivalent to co-opting persons capable of consent. Behind each and every one of the harvested email addresses there are persons and ultimately a responsible individual that had to deal with the threatening content of the emails. Based on annecdotal feedback [3], receipt of the email has caused a great deal of uncertainty, anxiety and fear in addition to the economic harm of the spam that became subject of expert investigation in an attempt to mitigate the fallout for our systems and our email recipients[4]. It has a negative effect on the operators of email systems signed below; on their user communities; and frankly also on Princeton's reputation. Has the Princeton given permission to the use of its name as part of the bogus domain names? The way this study was designed raises questions about the ethics, but also the intellectual integrity of the researcher. His reaction when made aware of the shortcomings was intellectually dishonest. We trust that your investigation in the matter will find whether his supervisors were part to this dishonesty, or whether this continued harrassment is the result of a single, rogue, element in your university. In either case, in my view those responsible deserve to be disciplined and I do not exclude the possibility of a class action if Princeton does not take satisfactory corrective and punitive actions. Apparently, Princeton's Research Integrity and Assurance (RIA) has been recently informed and has said they'll check and get back on the matter to the informer. [5] The same informer has received a reply from the researcher that points to either the researcher not being aware of RIA's involvement, or having been cleared by it [6]. The researcher's conduct goes beyond negligence. He has displayed willful blindness when expert system operators alerted him to the negative effects of his conduct and tried to engage in constructive criticism. The email's text, the fake identities, the obfuscated domains, all point to intentionally raising the fear factor in a way unsavoury spammers typically do to force answers from recipients that would normally ignore their requests. While I am myself curious about how website operators handle GDPR or CCPA requests from persons that are not resident of the legislations' jurisdiction, faking a request to elicit an answer is in my view unethical and unacceptable. I wont hesitate naming and shaming Ross Teixeira (r...@princeton.edu) and "[t]he additional members of the study team [...] Professor Jonathan Mayer at the Princeton University Center for Information Technology Policy and Professor Gunes Acar at the Radboud University Digital Security Group." [2]; nor will I hesitate threatening class action if the researchers do not (a) immediately stop the spamming pending your review; (b) palliate the anxiety generated by their mails by sending a letter of apology, approved by the mailop-community in advance, to all the email addresses that were spammed. I expect your review to be conducted swiftly and that its outcome will be made public within 30 days of receipt of this letter. [1] < https://www.nytimes.com/2018/02/12/business/computer-science-ethics-courses.html > [2] <https://measurement.cs.princeton.edu/privacystudy/> [3] < https://joewein.net/blog/2021/04/21/questions-about-gdpr-data-access-process-spam-from-virginia/ > [4] <https://www.mail-archive.com/mailop@mailop.org/msg14638.html> [5] <https://www.mail-archive.com/mailop@mailop.org/msg14650.html> [6] <https://www.mail-archive.com/mailop@mailop.org/msg14656.html> -- Yuval Levy, JD, MBA, CFA Ontario-licensed lawyer _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
