I don't know too much about this, but I think TOR can work with other applications than web browsers. I think you can ssh via TOR if you know what you're doing. In any case, another thing you can do is use ssh tunneling to protect the identity of your participants. But I wonder if this is overkill. With the limited information about what, exactly, the situation is, it's hard to give concrete advice. If the elite group is associated with some government or ISP or something, then it might be reasonable to suspect that the agency might be spying on its own people. In such a case, not only is transmission a problem (which TOR or SSH or some technology could theoretically solve), but also storage. Even encrypted text messages will not be safe if the person's computer logs the text messages and the organization has access to the filesystem. However, if spying is not an issue, then confidentiality preservation is the main thing to worry about. Anyway, here is an off-the-cuff solution that can be investigated further to see if it really provides the security I think it does (or other list-members can respond and point out my ignorance). I'm assuming that the communication has to be remote (not f2f)? Recruitment: This is a hard question to address without more context. However, solutions can include: 1) creating a false identity and placing ads in trade publications. You'll have to vet the respondents somehow, to make sure they are who they claim to be. 2) using your identity to talk to people you trust in the group, and then use snowball sampling to find others that you can trust. This, of course, will bias your sample, but if it is the only way to get any kind of data, the bias might be justified--you just have to keep it in mind when you analyze your data. Biasing and identity control: For ethical reasons, your student may want to have the identities of the participants be double-blind, i.e., her identity is masked from them, and their identity is masked from her. Otherwise, it creates a power-imbalance that could lead to a failure in trust were her role in this ever exposed. This would have the benefit of concealing identities to preserve the reputations of everybody involved. To do this, you would need someone who is not otherwise associated with either the study or the group being studied to manage the identities and keep them in confidence. Alternatively, your student could decide to reveal her identity to the participants, and simply promise to keep responses confidential, thus putting her trust in her participants. Of course, identity concealment cannot be guaranteed if there is a chance of legal or brute force confiscation of the data. In my own work, I either don't collect data that can be used in a court of law to incriminate a participant (to the best of my ability to determine this), or I am prepared to destroy the data if the law comes knocking and to pay the legal consequences of my actions (e.g., go to jail, live on the lam, whatever they might be). Of course, with electronic data, you want to be thorough, so have access to the server is a must, as is owning powerful enough magnets so that the disks are truly wiped clean if necessary. Conducting the interview, etc.: If spying is an issue: Create a linux/unix server that has ssh capabilities. In the linux/unix environment, include an installation of a command-line text messaging program (I'm thinking about Zephyr here, but I'm sure there are many others that are more suited for this task). To communicate with the participants, create a user account for them. Unless you are worried about wiretaps, provide them the username and temporary password over the phone (or in person). Have them ssh into the server *from*home*or*an*internet*cafe*, and then conduct the interview, etc, via the chat program. If you want them to fill out a survey, provide them with a special directory where the survey is stored, have them edit the survey with a text editor to fill it out, save it, and then retrieve their survey from the directory. Since you are the administrator, this should be no problem. The only issue, of course, is making it clear to your participants that you *will* be accessing any files they create on the server, logging the chats they have with you, etc. I think this will solve the problem of transmission interception except for a determined spy (in which case, who the heck are you interviewing!?!) who will take the time to crack the encryption. And the data problem will be solved because the person will be chatting and saving files on the server, not on their personal machine. The only risk is from a key-stroke-logger, but if they use their home machine, then unless the spying is very intrusive, it is unlikely that such software has been installed. Of course, the act of ssh-ing into a system run by a university is odd enough that it will raise red flags in any concerted spying effort, but that will only happen if home traffic/internet cafe traffic is monitored. Otherwise, don't post things publicly on the internet, and just keep the results confidential, and be sure that anything you report publicly cannot be traced via context or other identifying information back to particular respondents. I hope this helps, Ingbert On Sat, Jun 7, 2008 at 1:53 AM, Han-Teng Liao (OII) <han-teng.liao@oii.ox.ac.uk> wrote:
To Bruno, TOR could be useful but it is only for web surfing. If you are in China, using TOR may not be sufficient. ---
To Mark and all,
Internet protocol is open architecture. Security and encryption is an add-on. I personally believe it is better configuration. If we have "underground Internet" built in the architecture, I guess agencies such as CIA will have a bigger power in this area. (Exactly the future Professor Jonathan Zittrain tries to avoid in his book "The Future of Internet") Then it should be part of the Internet Infrastructure literacy education, something as simple as "Emails are postcards", "chat rooms are by default open", "msn will turn your chat record to Beijing if ...." etc. If one need protection, just download and use the encrypted chat softwares (preferably those with PGP standard)
Some softwares could be found: http://www.infoanarchy.org/en/Encrypted_Chat_Clients ---
To all,
Do we need to compile a corresponding resources to the AoIR Ethics Guide? http://www.aoir.org/?q=taxonomy/term/73 Guidelines need the right tools and experience to avoid unintended harms. ---
-- *Liao <http://zhongwen.com/cgi-bin/zipux2.cgi?b5=%E5%BB%96>,Han <http://zhongwen.com/cgi-bin/zipux2.cgi?b5=%E6%BC%A2>-Teng <http://zhongwen.com/cgi-bin/zipux2.cgi?b5=%E9%A8%B0>* DPhil student at the OII <http://people.oii.ox.ac.uk/hanteng/about/>(web) needs you <http://people.oii.ox.ac.uk/hanteng/>(blog) _______________________________________________ The Air-L@listserv.aoir.org mailing list is provided by the Association of Internet Researchers http://aoir.org Subscribe, change options or unsubscribe at: http://listserv.aoir.org/listinfo.cgi/air-l-aoir.org
Join the Association of Internet Researchers: http://www.aoir.org/
-- ========================================== Ingbert Floyd PhD Student Graduate School of Library and Information Science University of Illinois at Urbana Champaign http://ingbert.org/ || skype: spacesoon Check out the unofficial GSLIS Wiki: http://www.gslis.org/ "Dream in a pragmatic way." -Aldous Huxley