Abstract
This paper describes how the ethical problems raised by scientific data obtained through harmful and immoral conduct (which, following Stan Godlovitch, is called ill-gotten information) may also emerge in cases where data is collected from the Internet. It describes the major arguments for and against using ill-gotten information in research, and shows how they may be applied to research that either collects information about the Internet itself or which uses data from questionable or unknown sources on the Internet. Three examples (the Internet Census 2012, the PharmaLeaks study, and research into keylogger dropzones) demonstrate how researchers address the ethical issues raised by the sources of data that they use and how the existing arguments concerning the use of ill-gotten information apply to Internet research. The problems faced by researchers who collect or use data from the Internet are shown to be the same problems faced by researchers in other fields who may obtain or use ill-gotten information.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
I thank an anonymous reviewer for emphasizing this point. However, Poor and Davidson (2016) note that the ethics statement of the Association of Internet Researchers (AoIR) did not directly address their problem.
Godlovich (1997) makes this analogy explicit.
In contrast to the honouring the victims argument, Mostow (1993) compellingly argues that deliberately refusing to use ill-gotten information is itself an important memorial that recognises the suffering of those harmed by it.
I thank Brandt van der Gaast for this point.
This is particularly true for information found on the so-called ‘Deep Web’ that is not indexed and accessible by search engines.
Anonymising data is also generally a condition for permissible secondary information use (El Eman and Arbuckle 2013).
The creator claims that the botnet was named ‘Carna’ after a Roman goddess, as there is “somewhat of a tradition to name bots after Roman or Greek divinities” (Carna Botnet n.d.).
There is a remote possibility that the software could cause a device to crash, which might lead to harm if anyone is dependent on it. There is no evidence that this occurred.
Besides sending spam email, botnets are also used to perform Distributed Denial of Service (DDoS) attacks on websites.
References
AusCERT. (2013). Carna Botnet scanning of all IPv4 addresses. AusCERT Web Log, March 25, 2013. https://www.auscert.org.au/render.html?it=17258. Accessed February 6, 2017.
Beecher, H. K. (1966). Ethics and clinical research. The New England Journal of Medicine, 274(24), 1354–1360.
Berger, R. L. (1990). Nazi science—The Dachau hypothermia experiments. The New England Journal of Medicine, 322(20), 1435–1440.
Bok, S. (1989). Secrets: On the ethics of concealment and revelation. New York: Vintage Books.
Carna Botnet. (n.d.). Internet Census 2012: Port scanning/0 using insecure embedded devices. http://internetcensus2012.bitbucket.org/paper.html. Accessed February 6, 2017.
Dittrich, D., Carpenter, K., & Karir, M. (2015). The Internet Census 2012 dataset: An ethical examination. IEEE Technology and Society Magazine, 34(2), 40–46.
Dittrich, D., & Kenneally, E. (2012). The Menlo Report: Ethical principles guiding information and communication technology research. U.S. Department of Homeland Security. http://www.caida.org/publications/papers/2012/menlo_report_actual_formatted/menlo_report_actual_formatted.pdf. Accessed May 29, 2017.
El Eman, K., & Arbuckle, L. (2013). Anonymizing health data. Sebastopol, CA: O’Reilly.
Godlovitch, S. (1997). Forbidding nasty knowledge: On the use of Ill-gotten information. Journal of Applied Philosophy, 14(1), 1–17.
Holz, T., Engelberth, M., & Freiling, F. (2009). Learning more about the underground economy: A case-study of keyloggers and dropzones. In M. Backes & P. Ning (Eds.), Computer Security—ESORICS 2009 (pp. 1–18). Berlin: Springer.
Krebs, B. (2014). Spam nation. Naperville, IL: Sourcebooks.
Krebs, B. (2015). Pharma wars. Krebs on Security. http://krebsonsecurity.com/category/pharma-wars/. Accessed February 6, 2017.
Krenc, T., Hohlfeld, O., & Feldmann, A. (2014). An Internet Census taken by an illegal botnet: A qualitative assessment of published measurements. SIGCOMM Computer Communication Review, 44(3), 103–111.
Maan, D., Santanna, J. J., Sperotto, A., & de Boer, P.-T. (2014). Towards validation of the Internet Census 2012. In Y. Kermarrec (Ed.), Advances in communication networking (pp. 85–96). Berlin: Springer.
Malécot, E. L., & Inoue, D. (2014). The Carna Botnet through the lens of a network telescope. In J. L. Danger, M. Debbabi, J.-Y. Marion, J. Garcia-Alfaro, & N. Z. Heywood (Eds.), Foundations and practice of security (pp. 426–441). Berlin: Springer.
Markham, A., & Buchanan, E. (2012). Ethical decision-making and internet research: Recommendations from the AoIR Ethics Working Committee (Version 2.0). Association of Internet Researchers. http://www.aoir.org/reports/ethics2.pdf. Accessed May 17, 2017.
Martin, R. M. (1986). Using Nazi scientific data. Dialogue: Canadian Philosophical Review/Revue Canadienne de Philosophie, 25(3), 403–411.
McCoy, D., Pitsillidis, A., Grant, J., Weaver, N., Kreibich, C., Krebs, B., Voelker, G., Savage, S., & Levchenko, K. (2012). PharmaLeaks: Understanding the business of online pharmaceutical affiliate programs (pp. 1–16). https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/mccoy. Accessed February 6, 2017.
Metcalf, J., & Crawford, K. (2016). Where are human subjects in Big Data research? The emerging ethics divide. Big Data & Society, 3(1), 1–14.
Moe, K. (1984). Should the Nazi research data be cited? Hastings Center Report, 14(6), 5–7.
Mostow, P. (1993). ‘Like building on top of Auschwitz’: On the symbolic meaning of using data from the Nazi experiments, and on non-use as a form of memorial. Journal of Law and Religion, 10(2), 403–431.
Nie, J.-B. (2006). The United States cover-up of Japanese wartime medical atrocities: Complicity committed in the national interest and two proposals for contemporary action. The American Journal of Bioethics, 6(3), W21–W33.
Partridge, C., & Allman, M. (2016). Ethical considerations in network measurement papers. Communications of the ACM, 59(10), 58–64.
Poor, N., & Davidson, R. (2016). Case study: The ethics of using hacked data: Patreon’s data hack and academic data standards. Council for Big Data, Ethics, and Society. http://bdes.datasociety.net/council-output/case-study-the-ethics-of-using-hacked-data-patreons-data-hack-and-academic-data-standards/. Accessed February 6, 2017.
Quinn, C. (2000). Taking seriously victims of unethical experiments: Susan Brison’s conception of the self and its relevance to bioethics. Journal of Social Philosophy, 31(3), 316–325.
Resnik, D. B. (1998). The ethics of science: An introduction. London: Routledge.
Rosenbaum, A. S. (1989). The use of Nazi medical experimentation data: Memorial or betrayal? International Journal of Applied Philosophy, 4(4), 59–67.
Schafer, A. (1986). On using Nazi data: The case against. Dialogue Canadian Philosophical Review/Revue Canadienne de Philosophie, 25(3), 413–419.
Schneier, B. (2015). Data and Goliath: The hidden battles to collect your data and control your world. New York: W. W. Norton & Company.
Shamoo, A. E., & Resnik, D. B. (2015). Responsible conduct of research (3rd ed.). Oxford: Oxford University Press.
Sieber, J. E., & Tolich, M. B. (2013). Planning ethically responsible research (2nd ed.). Los Angeles: Sage Publications.
Snoke, T. (2013). Working with the Internet Census 2012. CERT/CC Blog. http://www.cert.org/blogs/certcc/post.cfm?EntryID=183. Accessed February 6, 2017.
Townsend, L., & Wallace, C. (2016). Social media research: A guide to ethics. http://www.dotrural.ac.uk/socialmediaresearchethics.pdf. Accessed May 29, 2017.
US Department of Health & Human Services. (2009). 45 CFR 46 Subpart A—Basic HHS policy for protection of human research subjects. HHS.gov. http://www.hhs.gov/ohrp/regulations-and-policy/regulations/45-cfr-46/index.html. Accessed February 6, 2017.
Zevenbergen, B. et al. (2016). Networked systems ethics. http://www.networkedsystemsethics.net/. Accessed February 6, 2017.
Zimmer, M. (2010). ‘But the data is already public’: On the ethics of research in Facebook. Ethics and Information Technology, 12(4), 313–325.
Acknowledgements
I thank my colleagues at the University of Twente for their helpful comments on a previous version of this paper. I also thank Aimee van Wynsberghe for first directing me towards the Internet Census 2012 as an ethical problem, and the two anonymous reviewers and the editor of Science and Engineering Ethics for their helpful comments and suggestions.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Douglas, D.M. Should Internet Researchers Use Ill-Gotten Information?. Sci Eng Ethics 24, 1221–1240 (2018). https://doi.org/10.1007/s11948-017-9935-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11948-017-9935-x