re IRBs vs. secure technologies
Mark Johns -- Thanks for sharing that information regarding common IRB practices concerning text explaining how INSECURE web-based research can be. I'm still wondering, however, how commonplace it is to use secure technologies to protect web-based research inputs. Whatever an IRB is requiring in terms of text, description of the use of such technologies could also be included in introductions to surveys and other instruments, would certainly be more reassuring to participants, would actually provide greater protections for confidentiality than is otherwise the case, and may even begin to reassure IRBs that it is not such a to-be-feared research environment in the long run. Anyone out there with experience using secure technologies for web-based research purposes, or know how they have been used and how widely? Thanks again -- Sandra Braman
I've been involved in over a hundred Web-based surveys in the past several years... some on the commercial side of research (ie. market research), but most of my experience has been with academic researchers and Universities. Early on (1996 - 2001) we did not use encryption (SSL) technologies. Mostly because it usually required a special browser, or a large "plug-in" download for respondents. However, as Mark points out, most of the content of the surveys were not of concern either. More recently, since 2001, every survey we do use SSL technology. The great majority of browsers have it, so that is no longer an issue. AND, in many cases, other laws (more than just IRBs) are requiring it. Many of the studies I am involved in include health or healthcare topics... and some are even meant to do a quasi-diagnosis (ie. mental health) of respondents conditions. These topics are now covered by a federal law called "HIPPA - Health Insurance Portability and Accountability Act of 1996". There are similar regulations in other topic areas as well.
result, we turn away fewer respondents. It is odd though that people are concerned about sending a survey via the Internet, when it would take very specialized equipment to intercept the data and make sense out of it,
not very much specialized equipment required at all - off the shelf hardware and software will do perfectly well.
respondents information, the potential for a problem is much larger. I can't pretend to talk about this area, as it truly requires somone who really knows about network security, and that is not I. But certainly, any researcher conducting Web-based research must have something in place to protect their "back end" databases from attack or theft.
the ideal scenario for a database server to hold 'sensitive' survey (or other) results: * the database is the only service running on the machine * no other ports are open or services are running, period ["perhaps" SSH is a reasonable thing to allow, for maintenance purposes, but that carries its own risks as well..] * the database server is on an isolated network segment [and hopefully the web server as well] * the database has an adequate set of firewall rules and a security-hardened kernel installed [this, obviously, implies that the database server not be a windows machine...] * clients connecting to the database server are forced to use SSL-enabled versions of the DB client protocols * client connections to the database are restricted to only those machines which the survey implementors are running their survey on - probably just their web server. this is probably unreasonably paranoid, but it would almost certainly pass any 'rules' that HIPPA or other compliance would impose upon you. [there aren't a whole lot of ways left to make such a machine more secure- unfortunately, the requirement regimes that legislators like to impose tend to PREVENT you from actually implementing something 'correctly'...] --elijah
Dear AIR'ers - Anyone out there have a good reference/website re: the history of social infomatics. Would be much appreciated, onlist is fine. Thanks, Denise ===== Denise N. Rall, PhD student, School of Env. Science, Southern Cross Uni, Marker for Protected/Natural Area Management, BIO00244 Lismore, NSW, 2480 Australia Phone +61-2-6624-8627 Fax +61-2-6624-8637 Office (Thursdays) (02) 6620 3577 Mob 0438 233 344 http://www.scu.edu.au/schools/rsm/staff/pages/drall/index.html __________________________________ Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. http://taxes.yahoo.com/filing.html
You can find some things collected at http://www.social-informatics.org/ Regards, Gasper On Wed, 2004-03-24 at 00:09, Denise N. Rall wrote:
Dear AIR'ers -
Anyone out there have a good reference/website re: the history of social infomatics.
Would be much appreciated, onlist is fine.
Thanks, Denise
===== Denise N. Rall, PhD student, School of Env. Science, Southern Cross Uni, Marker for Protected/Natural Area Management, BIO00244 Lismore, NSW, 2480 Australia Phone +61-2-6624-8627 Fax +61-2-6624-8637 Office (Thursdays) (02) 6620 3577 Mob 0438 233 344 http://www.scu.edu.au/schools/rsm/staff/pages/drall/index.html
__________________________________ Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. http://taxes.yahoo.com/filing.html
_______________________________________________ Air-l mailing list Air-l@aoir.org http://www.aoir.org/mailman/listinfo/air-l
BIG THANKS to all who sent me info (while wondering why I hadn't just googled the topic myself) . . . and I still can't get over that Rob Kling is gone as I was having drinks with him in the Milwuakee Art Museum 2 years ago and he was brilliant! I was actually looking for a textbook that discussed social infomatics as a possibility within a range of fields: In other words, the history of social infomatics discussed alongside the history of other computing fields, such as HCI, CSCW, AI, etc. I have a lot of 'management information systems' textbooks but they are quite slanted to the business application side of things. The textbook I do have is just a bit dated: Maule, R. W. (1998). Information theory and research: An introduction to the disciplines and methodologies of information studies and organizational informatics. San Francisco, Information Associates Press. But thanks heaps for all the responses and I will scout through the websites looking for textbook type stuff. Cheers, Denise ===== Denise N. Rall, PhD student, School of Env. Science, Southern Cross Uni, Marker for Protected/Natural Area Management, BIO00244 Lismore, NSW, 2480 Australia Phone +61-2-6624-8627 Fax +61-2-6624-8637 Office (Thursdays) (02) 6620 3577 Mob 0438 233 344 http://www.scu.edu.au/schools/rsm/staff/pages/drall/index.html __________________________________ Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. http://taxes.yahoo.com/filing.html
participants (5)
-
Denise N. Rall -
elijah wright -
Gasper Koren -
Sandra Braman -
Scott.Crawford@msiresearch.com