opinion

Free Access

Should researchers use data from security breaches?

Author:
David M. Douglas

Brisbane, Australia

Brisbane, Australia
View Profile

Authors Info & Claims

Communications of the ACM Volume 62 Issue 12December 2019pp 22–24https://doi.org/10.1145/3368091

Published:21 November 2019Publication History

Communications of the ACM

Abstract

Evaluating the arguments for and against using digital data derived from security breaches.

References

ACM Code of Ethics and Professional Conduct. Association for Computing Machinery. ACM, New York, NY, USA; 2018; https://www.acm.org/code-of-ethics.Google Scholar
Douglas, D.M. Should Internet researchers use ill-gotten information? Science and Engineering Ethics 24, 4 (Aug. 2018), 1221--1240 Google ScholarCross Ref
Metcalf, J. Big data analytics and revision of the common rule. Commun. ACM 59, 7 (July 2016), 31--33 Google ScholarDigital Library
Metcalf, J. and Crawford, K. Where are human subjects in big data research? The emerging ethics divide. Big Data and Society 3, 1 (June 1, 2016) Google ScholarCross Ref
Poor, N. and Davidson, R. Case study: The ethics of using hacked data: Patreon's data hack and academic data standards. Council for Big Data, Ethics, and Society (Apr. 6, 2016); http://bit.ly/2NnkscM.Google Scholar
Rosenbaum, A.S. The use of Nazi medical experimentation data: Memorial or betrayal? International Journal of Applied Philosophy 4, 4 (Apr. 1989), 59--67.Google ScholarCross Ref
Thomas, D.R. et al. Ethical issues in research using datasets of illicit origin. In Proceedings of the 2017 Internet Measurement Conference, 445--462. IMC '17. ACM, New York, NY, USA Google ScholarDigital Library
U.S. Department of Health and Human Services. 45 CFR 46. (July 19, 2018); http://bit.ly/2NianOq.Google Scholar
World Medical Association. Declaration of Helsinki---Ethical Principles for Medical Research Involving Human Subjects. (Oct. 19, 2013); http://bit.ly/2lJFEQw.Google Scholar

Index Terms

Should researchers use data from security breaches?
1. Social and professional topics
  1. Professional topics
    1. Computing profession
      1. Codes of ethics

Recommendations

Market Price Effects of Data Security Breaches

This study examines the impact of reported breaches in computer security using event study analysis. We use the event-study methodology to measure the magnitude of the effect of data security breach events on the behavior of stock markets. Our data come ...
Read More
Information security breaches and IT security investments: Impacts on competitors
Abstract
In current business climate, a firm’s information systems security is no longer independent from the industry’s broader security environment. A question arises, then, whether stock market values reflect the interdependence of security ...
Read More
Digging Deeper into Data Breaches: An Exploratory Data Analysis of Hacking Breaches Over Time
Abstract
Data breaches represent a permanent threat to all types of organizations. Although the types of breaches are different, the impacts are always the same. This paper focuses on analyzing over 9000 data breaches made public since 2005 that led to the ...
Read More

Reviews

Reviewer: Amos O Olagunju

The use of data derived from publicly exposed and security loophole databases will continue to be a controversial subject of debate for legal scholars and information technology (IT) computing ethics specialists. Should computing research practitioners be more concerned about data originating from security infringements to lessen litigation against businesses Without a doubt, this article compellingly argues in favor of new kinds of computing practices to balance the theory between practice and ethics. Douglas clearly echoes the need for computing researchers to become more cognizant of the authenticity of data obtained from third parties, including whistleblowers and political advocates. But how should computing researchers, devoid of training in politics, become proficient in identifying whistleblowers and biased (politically motivated) data The author stunningly asserts that "computing researchers are not usually concerned with using data obtained by inflicting physical or psychological harm on human subjects." Is this claim true at many research centers and academic research institutions worldwide If so, what are research funding agencies such as the National Science Foundation (NSF) and the National Institutes of Health (NIH) doing to help eliminate this claimed defect What are our academic research centers and institutions teaching students in computer ethics courses, to help resolve this crucial issue Douglas provides legal evidence, alerting computing researchers to forgo the use of illegal data in all scientific research. Clearly, computing researchers ought to be careful in handling and using potentially compromised data in scientific research. The author certainly alludes to the need to assess the risks of using data breaches, to help minimize the actual unforeseen security disasters. Statisticians must implement more reliable algorithms that will allow computing researchers to examine security risks based on reliable and unreliable qualitative and nonquantitative data.

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
Communications of the ACM Volume 62, Issue 12
December 2019
78 pages
ISSN:0001-0782
EISSN:1557-7317
DOI:10.1145/3372896
Editor:
Andrew A. Chien
Association for Computing Machinery, New York, NY
Issue’s Table of Contents
Copyright © 2019 Owner/Author
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 21 November 2019
Check for updates
Qualifiers
- opinion
- Popular
- Un-reviewed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 1
  Total Citations
  View Citations
- 2,604
  Total Downloads
- Downloads (Last 12 months)128
- Downloads (Last 6 weeks)40
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

Should researchers use data from security breaches?

Communications of the ACM

Abstract

References

Cited By

Index Terms

Recommendations

Market Price Effects of Data Security Breaches

Information security breaches and IT security investments: Impacts on competitors

Digging Deeper into Data Breaches: An Exploratory Data Analysis of Hacking Breaches Over Time

Reviews

Access critical reviews of Computing literature here