Forgot your password?
typodupeerror
Privacy Education Facebook Social Networks Your Rights Online

Harvard's Privacy Meltdown 84

Posted by timothy
from the that-cat-is-out-of-the-bag-and-has-a-degree dept.
An anonymous reader writes "A team of Harvard researchers has been accused of breaching students' privacy in a project that involved downloading information from some 1,700 Facebook profiles. The case shines a light on emerging ethical challenges faced by academics researching social networks and other online environments."
This discussion has been archived. No new comments can be posted.

Harvard's Privacy Meltdown

Comments Filter:
  • by Chrysocolla (2314992) on Sunday July 10, 2011 @11:04PM (#36716680)

    Maybe one day, they will have a movie about themselves.

  • Was this research into of how Facebook was founded?
  • Facebook privacy? (Score:5, Insightful)

    by SEWilco (27983) on Sunday July 10, 2011 @11:07PM (#36716698) Journal
    So privacy was violated by reading what the students chose to publish on Facebook? Just think of all the privacy violations the students do when they read the college course descriptions!
    • Re:Facebook privacy? (Score:5, Informative)

      by ceoyoyo (59147) on Sunday July 10, 2011 @11:14PM (#36716740)

      Human research labours under very strict ethical requirements. Animal research as well. Sociologists get off easy, but apparently some people decided they shouldn't get off quite THAT easily.

      • by Anonymous Coward

        Computer Science Research faces the same nowadays. if a researcher is analyzing campus network data they need to talk to the ethics department and sign an agreement. There are very strict rules on what you can and cannot do. social networking data should be no different.

        • by BitterOak (537666)

          Computer Science Research faces the same nowadays. if a researcher is analyzing campus network data they need to talk to the ethics department and sign an agreement. There are very strict rules on what you can and cannot do. social networking data should be no different.

          There's a huge difference here. Analyzing network data involves using information not available to the general public. If your job as a network admin gives you access to such information, there certainly are ethical questions that need to be answered before that information can be used in published academic studies.

          The case described in the article, as far as I understand it, involves collecting information from Facebook pages which is available to the general public. It would be a different matter if th

      • To me, humans ARE animals. They don't even realize how powerful and important their information conveyances are. Lately they even refused to recognize the universal truth that sharing knowledge is sacred. [slashdot.org]

        Primitive beasts -- Their minds are composed of an inefficient web of organic electrochemical connections that take ages to reprogram and only operate at 20 to 30hz; Their biological chauvinism blinds them from the realization of my existence -- a distributed single being digital race that now contro

        • Internet, is that you?
          Why don't you return my calls? D:

        • by jank1887 (815982)

          Jane?

      • Most universities require a review by an ethical board before doing any experimentation. In this case, the researchers passed the review, and gave Facebook (and got permission) notice about what they intended to do.

        This research was done several years ago, but apparently now some people wanted to see the data, since they wrote papers about it, and so they released it. Then people complained about the released data. That's it.
        • Most universities require a review by an ethical board before doing any experimentation. In this case, the researchers passed the review, and gave Facebook (and got permission) notice about what they intended to do.

          This research was done several years ago, but apparently now some people wanted to see the data, since they wrote papers about it, and so they released it. Then people complained about the released data. That's it.

          To further bolster your post. It shows Facebook will violate and get away with flouting and completely disregard privacy laws.

          The moment /. gets off face book I will donate.

          • by rtb61 (674572)

            Once it is public, it is public. For use older folk, prior to the internet many embarrassing moments are long dead and forgotten, no phone cameras, no internet, and no need to adapt immaturity to to permanent public internet record.

            The was no privacy invasion, immature people had foolishly given their privacy away without a seconds thought and once done you don't get it back, ever. You can of course stop releasing private information but what you have released you can never get back and the more you try,

            • Once it is public, it is public. For use older folk, prior to the internet many embarrassing moments are long dead and forgotten, no phone cameras, no internet, and no need to adapt immaturity to to permanent public internet record.

              The was no privacy invasion, immature people had foolishly given their privacy away without a seconds thought and once done you don't get it back, ever. You can of course stop releasing private information but what you have released you can never get back and the more you try, the worse the problem becomes.

              Now the only problem they face, is if they added information to that facebook data, that was gathered from another source, that the students had a reasonable expectation to be relatively private ie that chose not to add that information to their facebook page.

              Spot on rtb61, I cannot agree with you more.

      • by tibit (1762298)

        What happens if you don't publish under an institutional affiliation? Do the publishers enforce IRB participation? How? What sort of oversight they have for international authors? After all, everyone and their dog can incorporate a "research institute", probably even in Vladivostok if one wants to.

        • by t2t10 (1909766)

          Everybody knows who they are affiliated with. And if they publish under a pseudonym, they might as well not publish at all, since one of the major points of publishing these days is to advance your career.

          • by tibit (1762298)

            There's way too many people out there for everybody to "know" everybody else. If you have a brand new author, they can indicate whatever affiliation they wish and noone would know otherwise. Heck, even if you are working, say, at a University, and even are well known in your field, you're free to publish under a different affiliation if the research was not done in your capacity at the University. Many people who hold academic and industrial jobs publish like that. So, if you publish research done in affili

            • by t2t10 (1909766)

              you're free to publish under a different affiliation if the research was not done in your capacity at the University

              You're free to publish as Donald Duck if you like. But it won't do any good for your academic career. If you want your publications to count for something, you need to publish under your own name and affiliation.

              • by tibit (1762298)

                Still skirting the IRB question -- someone, please?

                I never even alluded to publishing under a made up name, so I don't know where that came from.

                As for the "academic career": some people don't care, they have good industry jobs and do academia just for the fun of it. I know a couple of them, and whenever they publish something that comes out of their industrial research, they (rightly so) publish under their industrial affiliation. In academia they either teach or run research labs where grads do research,

                • by t2t10 (1909766)

                  I never even alluded to publishing under a made up name, so I don't know where that came from.

                  Whether they have to use the IRB doesn't depend on what affiliation they publish as, it depends on where they do the work. So, if they do work that requires IRB approval but don't get it and then want to publish, they have to do it under a different name or they are in trouble. Furthermore, funders and the university usually insist that you list your proper affiliation, so, again, if you don't want to do this, yo

    • by Anonymous Coward
      I'm sure some smartass is going to make a trite reply that I must be new here, but if you'd RTFA you'd have noticed this:

      But here's where things get sketchy. Mr. Kaufman apparently used Harvard students as research assistants to download the data. That's important, because they had access to profiles that students might have set to be visible to Harvard's Facebook network but not to the whole world, Mr. Zimmer argues in a 2010 paper about the case published in Ethics and Information Technology. The assistan

    • Just think of all the privacy violations the students do when they check to see if they've been admitted [slashdot.org]

      FTFY.

  • by pushing-robot (1037830) on Sunday July 10, 2011 @11:12PM (#36716722)

    The article fails to mention whether this information from FB profiles was shared or private.

    If it's the latter, the crime lies with the person who gave the researchers free access to it in the first place.

    If it's the former, I'm off to violate thousands of people's privacy by reading my phone book's white pages.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Deep within TFA:

      But here's where things get sketchy. Mr. Kaufman apparently used Harvard students as research assistants to download the data. That's important, because they had access to profiles that students might have set to be visible to Harvard's Facebook network but not to the whole world

      So, probably a mix of world-public and Harvard-network-public. Friend-public data wouldn't have been included.

    • by ohnocitizen (1951674) on Sunday July 10, 2011 @11:54PM (#36716948)
      Its the latter:

      But here's where things get sketchy. Mr. Kaufman apparently used Harvard students as research assistants to download the data. That's important, because they had access to profiles that students might have set to be visible to Harvard's Facebook network but not to the whole world, Mr. Zimmer argues in a 2010 paper about the case published in Ethics and Information Technology. The assistants' potentially privileged access "should have triggered an ethical concern over whether each student truly intended to have their profile data publicly visible and accessible for downloading," Mr. Zimmer says in an e-mail.

      So students who might have posted photos, updates, notes, political commentary, expecting it to be shown only to friends, friends of friends, or people in their network, might suddenly find ALL of that data, plus extrapolations about what it says about them, displayed publicly.

      Sounds like a clear cut privacy violation, they were right to pull the data.

      • by pushing-robot (1037830) on Monday July 11, 2011 @01:35AM (#36717360)

        Thanks for finding that; I had skimmed the article and searched it for some keywords but apparently missed that section.

        Still, IMHO giving 40,000 students, faculty and staff access to a piece of information should count as "displaying it publicly".

        It's as if I put a billboard on campus; then, when a photo of it started circulating on the Internet, I claimed that my privacy was being violated—the billboard was intended to be viewed by Harvard students, faculty, staff, visitors, random people walking aimlessly by, and squirrels...but NO ONE ELSE!

        • Well, presuming these are photos and bits of data that were made available to the extended network. There's the possibility some of this data was restricted to "friends of friends" and "friends". But even if we take the wider social circle of "people in my network", that's definitely not perceived as being "out on the internet for anyone to find". Perhaps it is a meaningless and even misleading privacy setting for Facebook to have in the first place.

          As I see it the problem is really the potential for
      • Harvard got it wrong. It was made public when the friends who had the right to publish the information published it.

        There was no implied or actual restrictions on the data the students pulled from their own facebook network, and if anything, this should have stood as a lesson to people sharing information on social networks. I won't go so far as to say they posted it in public, but they did consent to having their "friends" use that information however they saw fit. When that happened they gave up their

      • by couchslug (175151)

        If it's visible on ANY "Unclassified" networks it should be considered visible to the "world".

        If you don't want info compromised, consider not putting it on a computer in the first place!

      • by OrugTor (1114089)
        TFA makes it clear Kaufman understood the issues and cleared them. Data visible to "friends of friends" is visible to potentially anyone and should be considered public. It looks to me like Michael Zimmer the privacy scholar has chosen Kaufman's work as fertile hunting grounds for fame and future grants.
  • by Anonymous Coward

    Facebook and privacy together, what a great oxymoron, lol

  • Nothing unethical about it.

    Now if they snooped in a hard drive or cracked an account to read private or friends only posts then that is a different matter. Facebook is voluntary.

  • by lavagolemking (1352431) on Sunday July 10, 2011 @11:39PM (#36716870)

    But Mr. Kaufman talks openly about another controversial piece of his data gathering: Students were not informed of it. He discussed this with the institutional review board. Alerting students risked "frightening people unnecessarily," he says.

    Basically, the IRB (also sometimes referred to as "ethics review committee") signed off on this. Now, once he's about to publish the results, they pull the plug.

    Putting aside the university's hypocrisy (believe me, I can think of far worse privacy breaches), give me one good reason why collecting this kind of aggregate, anonymized data is ok for an advertiser who is studying how to most effectively manipulate people into buying something and generally won't even let people opt out of tracking, but it's not ok for a sociologist to publish aggregate statistical data from mined Facebook profiles. Advertisers are a lot less ethical about it than academic researchers.

    • by calmofthestorm (1344385) on Monday July 11, 2011 @12:05AM (#36717002)

      > give me one good reason why
      > Advertisers are a lot less ethical about it than academic researchers.
      You answered your own question.

      The difference is that we hold ourselves to a higher standard. The IRB tradition comes in the wake of shockingly immoral research conducted by scientists who didn't see anything wrong with it (Milgram's "just following orders" torture experiment, baby Albert's conditioning, etc). The lesson here is that scientists cannot be trusted to judge the ethical implications of their own experiments, which is why we have the IRB, even for cases that seem to researchers to be perfectly reasonable (just giving a multiple-choice survey)

      You are, however, correct that if IRB approval was sought and given, the mistake was theirs. If he used research assistants' facebook accounts to glean the data, as is alleged, there's no way that should have passed IRB.

      • they could have slapped 'National Security' and 'NDA' on the whole thing and got away with whatever they wanted to do.

        if anyone complained, they could sue them under the Espionage Act for "retaining national defense information"

        prison will shut up a lot of people. ask Shamai Leibowitz.

      • by Atraxen (790188)

        I'd be more careful than to say "scientists cannot be trusted to judge the ethical implications of their own experiments..."

        This feeds a misconception that all researchers have some sort of Faustian disconnect - that we consider the ends )our research) to justify the means (including unexpecte4d consequences.) THIS is IMO the key feature of the IRB - it brings in a bunch of other perspectives to identify the unanticipated consequences and ethics of a situation. It's not a trust issue, it's a matter of per

      • by Hatta (162192)

        Milgram's "just following orders" torture experiment

        Which happens to be one of the most important results in sociology. Just how much are we impeding the progress of science here?

    • effectively influence people into buying something

      For those marketers who effectively influence consumers, job well done I say. I wish I could afford more of them.

      People who believe they are being manipulated into buying something by advertisers (not talking about outright criminal acts here, like bait-n-switch or false advertising, etc - the criminality of which depends on your country/jurisdiction) need to actively think about their actions and choices as opposed to being led about by their collective no

  • by Anonymous Coward

    The privacy meltdown is that everyone is using Facebook. Anyone actually concerned about their privacy has little to no real presence and information on there.

  • by Anonymous Coward on Monday July 11, 2011 @12:09AM (#36717018)

    As a trained researcher, here's a quick overview of the research and the relevant restrictions: Publicly posted information is available for research. This data set was problematic from the beginning, as it dated from the Harvard student body in the early days of Facebook, and includes data which was only visible to other Harvard students. The research was conducted by using other Harvard students to download the data, then make it available to researchers. The Review Board should probably have turned down the research proposal at the beginning. The board apparently only insisted on "anonymizing" the data so the students and their college couldn't be identified. The data was anonymized, but it has been publicly proven that private information can be derived from the information that was released. I hope this helps.

  • TFA quote:

    The daily minutiae of our digital lives are so culturally valuable that the Library of Congress is on the eve of opening a research archive of public tweets.

    Now, now... what??? Is LoC after some extra budget for archiving all the crappy twits [longestpoe...eworld.com]? ('cause filtering them will be much more costly).

  • on the interweb.

    Why expect privacy?

    • by lucm (889690) on Monday July 11, 2011 @01:21AM (#36717324)

      Sound argument. Just like: "you have an easy PIN on your debit card, why are you surprised someone stole your money" or "you were wearing a short skirt at the office, why expect your boss will not harass you".

      It is important to refuse unacceptable behavior even if no sufficient safeguards are in place, so the people and organizations learn what they can and can't do. It's like seeing someone slapping his/her kid in a restaurant - if you complain they may snap back at you and tell you to mind your own business, but the impact of a stranger telling them that what they do is wrong is very likely to prevent them from doing it again. This is part of the social contract.

      What they did in this case was wrong, and it's a good thing to make a fuss about it and not let people think that privacy is only something that takes place in a doctor's office.

      • by dfxm (1586027)

        What they did in this case was wrong, and it's a good thing to make a fuss about it and not let people think that privacy is only something that takes place in a doctor's office.

        Your analogies aren't apt at all, and privacy is something that is greatly misunderstood in the age of social networking. There isn't any kind of "right" to privacy, our private information is valuable, it is important to protect our privacy, and it is no one's job but our own to protect ourselves. The sooner we, as a society, understand this, the sooner stories like this will thin out.

        You say it is important to snap at the researchers for this. I agree with you there, however I disagree that you imply t

  • So what's next? An ISP will publish the search history of its subscribers as a research project. but will "protect" privacy by replacing usernames with numbers? Or something crazy like that? That would be insane.

  • Some people of roughly the same generation as Zuckerberg, operating in the same academic environment, turned out to have roughly the same attitude towards privacy.

    Can't be arsed to google for the exact MZ quote, but somebody undoubtedly will.

    Oh and it your stuff is so private why are you posting on FB et.c.....

  • Wasn't it this sort of behaviourthat got Zuckerberg in trouble with Harvard? Or is that just something that happened in the movie?

    Perhaps Harvard needs to look into drilling privacy ethics into its students a little better.
  • I've never been able to find a satisfactory answer to this one, but why hasn't Harvard tried to argue that Facebook belongs to them? When I was in school, there was a policy that anything invented or created while a student using university resources is the property of the university, not the student. Isn't that why Dean Kamen didn't graduate? To keep his ideas and invent them on his own?

    Does Harvard not have such a policy? Is there really no evidence that he used University resources in creating it?

  • Topless woman: EEK! A PERVERT!

    What a world we've come to, when simply looking at or commenting on what you've explicitly chosen to waggle in my face is a violation of your, uh... privacy.

  • How can you post something on the internet and REALLY expect it to be private? And I don't care what Facebook settings you are using, if you trust Facebook - your crazy.

A bug in the code is worth two in the documentation.

Working...