I am delighted to introduce this timely and important blog from colleagues at the Bath Institute for Digital Security and Behaviour. There are many researchers using sensitive data in which research poses potential harms to participants, researcher wellbeing as well as potential misuse of findings and politically-charged challenge to results. The IDSB highlights how ethical reflection is a fundamental pillar of rigorous, responsible research—essential in areas as complex and fast‑evolving as digital security.
This piece demonstrates the leadership our researchers are showing in navigating ethical challenges around data, participants, researcher wellbeing, and the potential misuse of findings. It also underlines the University of Bath’s commitment to fostering research, and supporting researchers that not only advances knowledge, but does so with integrity, care and societal awareness. Please do follow up the links in the blog post, ethics@bath.ac.uk, and be aware that we have media and comms support available for those publishing work in highly sensitive and contentious areas, Advice for researchers experiencing harassment.
I encourage colleagues across disciplines to engage with these insights and to see ethics as an enabler of excellent research—supporting innovation while safeguarding people and communities
Best wishes,
Emma
Ethics is recognised as a vital aspect of academic research. From research funders to journal publishers, confirmation that ethics has been appropriately and formally considered is now a key requirement. Failure to do so can lead to publications being retracted, funding being withdrawn, and a broad range of potential harms. To some it might seem like a bureaucratic headache or a check-box exercise, but crucially, ethics is there to support and protect both researchers and participants. This is the case for all types of research but is particularly important in areas that deal with sensitive data or topics or where findings have the potential for misuse.
Due to the nature of the work that we do, researchers at the Bath Institute for Digital Security and Behaviour (IDSB) are well versed in considering the ethical implications of their research. From applying computational social science to explore online extremism, to developing innovative methods to collect data from personal devices, ethics has been top of the agenda across our activities for many years. As a result, we have much to offer the broader research community, from the lessons we have learnt (sometimes the hard way) along the way. These include appropriate consideration and mitigation of risks to researchers, risks to participants, and broader risks in the application of research to policy and practice.
Addressing risks to researchers
Digital security research often deals with content and communities that may be contentious or extreme, meaning that researchers can be exposed to hateful language and abusive imagery at scale. Publishing or communicating research that is undertaken in this area can also expose individuals to potential targeting from these communities, which can include doxing, threatening behaviour, and being the target of hackers. This presents substantial risks to individual wellbeing that must be appropriately considered from an ethics perspective.
We have published specific guidance on the qualitative analysis of sensitive, often harmful digital data, a summary of which can be accessed here. More broadly, our IDSB members often access resources from the VOX-Pol research network, who provide specific guidance on how to protect yourself when working in especially extreme contexts, where it is possible that malicious actors could target those involved. We have also developed our own in-house protocols and practices and would be happy to provide guidance to colleagues undertaking similarly sensitive work.
Addressing risks to participants
How we collect data, the type of data that we collect, and how participants have provided consent are all ethical, as well as methodological, questions. At the IDSB, researchers may analyse large amounts of social media or other online data covering contentious topic areas. This creates challenges around the topic of consent within secondary data collection, which has been the subject of prior discussion and previous guidance. The development of innovative data collection methods, such as using smart phone data to understand device usage over time, can also result in the collection of originally unanticipated information related to individuals' general pattern of life. This creates challenges from both an informed consent and data privacy perspective.
The way that we choose to operationalise variables may seem like a purely methodological decision. But what about when that impacts whether someone might be viewed as being on a path to extremism or not? Can the way that we label data have ethical implications? Absolutely! In all research, there can be a blurred boundary between whether an issue represents a purely methodological choice or whether it results in research that could be considered unethical. This is particularly relevant for research that can have implications for future policy and practice, which is a key part of the work that we do at IDSB.
As an example, we have published research comparing online posts from convicted right-wing extremists and non-convicted right-wing extremists. This research not only involved ethical sensitives in the access of social media posts, but extensive labelling of the data to ensure that individuals were accurately identified as convicted or not, and to ensure valid and appropriate operationalisation of variables.
More broadly, researchers at IDSB have worked with colleagues at Lancaster University in the publication of the DECIDE framework. The DECIDE framework is an interactive tool to support researchers in ethical reflections at every stage of the research process, specifically oriented towards digital research. The DECIDE framework is open access, updated regularly and includes specific case examples throughout to aid researchers in decisions as varied as consent in digital research, the public/private distinction of the data and whether publishing the research is likely to cause harm.
The potential for intentional and unintentional misuse
Even with the best intentions, findings from research can be discussed or applied in ways that were not originally anticipated. This may be intentional to support a particular agenda or outcome or unintentional due to misunderstanding or misinterpreting research findings. At the IDSB we consider how we can most effectively caution practitioners and policy makers regarding potential interpretation of findings and any limitations, as well as how we can best reduce the chance that findings will be communicated or used in ways that we did not anticipate.
For example, we published a study exploring how online interactions might be indicative of mobilisation and attendance at protests. In the study, we present a model for using digital trace data to predict attendance at protests. While the core focus of the study was to demonstrate how online interactions are fundamental to understanding peaceful, lawful, collective action, we note in the implications of the work that findings should not be applied to predicting illegal, harmful action. And further, “that our results should be used to safeguard rather than limit lawful protest mobilization, by providing first responders with information about the potential size and scope of crowd protests”.
This broader proactive reflection is a vital component of effective ethics consideration and demonstrates how researchers need to go beyond a purely reactive, tick-box approach to considering the ethics of their work. The publication and potential misuse of research is culturally embedded within the IDSB and this is an area where we continue to proactively develop policies and practices that others can learn from, regardless of the specific specialism that they work within. This continuous reflection throughout and across the research process is embedded within our published DECIDE framework and we invite other researchers to help us build and develop this agenda.
So, what next for ethics?
In today’s increasingly complex digital world, understanding the broader implications of the research that we do is vital. Whether considering potential impacts on researchers, participants, or broader members of the public, ethics should be top of mind throughout any research process. Potential misuse of research findings, including by AI systems, also presents a substantial and growing risk, meaning that a thorough consideration of ethics is particularly important for those working in more sensitive or contentious areas. Ultimately, ethics processes and approaches are there to protect everyone and to help researchers do what they do best – great research that has the potential to help society.
The IDSB takes a multi-disciplinary approach to researching digital security topics and continues to evolve its approach to ethics in response to an ever-changing digital context. We are particularly keen to share our learning and experiences in the application of ethics to the digital security space with the broader research community.
If you would like to get involved in these activities as we continue to develop our work in this area, please email IDSB@bath.ac.uk and one of the team will get back to you.
Respond
You must be logged in to post a comment.
