All, A researcher has asked an interesting question:
I am in the process of embarking on my own internet-based study that assesses internet child pornography related behaviors. I have run into several challenges with regard to the anonymity of data, as such data may be particularly interesting to law enforcement. I am writing to call on your expertise in working to resolve this issue. Given that you assessed illegal activities, how did you prevent against the possibility of law enforcement seizing data and connecting it to individuals via IP addresses
My reply:
If I read your note correctly, you are most concerned about IP matches against a source computer. The simplest way to defeat this would be to identify multiple proxy servers that 'wash' this information away.
In essence, you encourage participants to utilize one of the many free servers that have been established on the internet. You can also make arrangements with your own University to have the IP logs scrubbed on a regular basis (or even turned off). Frankly, you can set up almost any computer to act a server with these logs set to 'off'. You cannot block the ip logs on intervening 'hops' in the data stream, but using a proxy server for entry, and your own server that doesn't keep originating IPs complicates any tracing of the source computer.
Wikipedia has an entry on proxy servers that is written in English: http://en.wikipedia.org/wiki/Proxy_server
There is also a website that appears to rank proxy servers: http://www.topfreeproxy.com/
There is also a program, administered through NIH that allows a researcher to obtain a government document declaring the project of such interest to public health that none of the collected information can be used by law enforcement, regardless of how much they would like to obtain it. Dr. Duncan is more aware of this particular procedure than I am and could best answer any questions should you seek this classification.
You can also arrange to have the survey hosted on a web site in the EU, which has a better history of enforcing privacy laws over the past decade. Additionally, identifying proxy servers overseas, may add a further layer of security.
Lastly, you can obtain a security certificate and arrange for the data transmission to be secure using 128 bit encryption. That way the data stream is as secure as possible. The technical personnel at your University can help create a secure webpage for you.
There may be other security holes in your protocol I'm not aware of, but I can think of some procedures that will work in your favor:
1) Lots of studies on the internet. The fact it is so large makes it harder to stumble across your site. 2) Block search engine access so you don't show up in Goggle/Yahoo, etc. They use bots (autonomous programs) that search and check for permission to search a page. 3) Don't link from other pages. Create a stand alone survey where you have to type in a unique address to get the page.
Now, what other suggestions can be made as I am certain this will occur again in my own research and others? JW -- ====================================================================== John B. White, Ph.D. | john.white@wku.edu Dept. of Public Health - WKU | Office: 270.745.5867 College Heights Blvd. | Fax: 270.745.4437 Bowling Green, KY 42101-3576 | http://www.wku.edu/~john.white ======================================================================