[Air-L] privacy and protection

Ingbert Floyd ifloyd2 at gmail.com
Sat Jun 7 12:50:30 PDT 2008


I don't know too much about this, but I think TOR can work with other
applications than web browsers. I think you can ssh via TOR if  you
know what you're doing.

In any case, another thing you can do is use ssh tunneling to protect
the identity of your participants. But I wonder if this is overkill.
With the limited information about what, exactly, the situation is,
it's hard to give concrete advice. If the elite group is associated
with some government or ISP or something, then it might be reasonable
to suspect that the agency might be spying on its own people. In such
a case, not only is transmission a problem (which TOR or SSH or some
technology could theoretically solve), but also storage. Even
encrypted text messages will not be safe if the person's computer logs
the text messages and the organization has access to the filesystem.

However, if spying is not an issue, then confidentiality preservation
is the main thing to worry about. Anyway, here is an off-the-cuff
solution that can be investigated further to see if it really provides
the security I think it does (or other list-members can respond and
point out my ignorance). I'm assuming that the communication has to be
remote (not f2f)?

Recruitment:

This is a hard question to address without more context. However,
solutions can include:
1) creating a false identity and placing ads in trade publications.
You'll have to vet the respondents somehow, to make sure they are who
they claim to be.
2) using your identity to talk to people you trust in the group, and
then use snowball sampling to find others that you can trust. This, of
course, will bias your sample, but if it is the only way to get any
kind of data, the bias might be justified--you just have to keep it in
mind when you analyze your data.

Biasing and identity control:

For ethical reasons, your student may want to have the identities of
the participants be double-blind, i.e., her identity is masked from
them, and their identity is masked from her. Otherwise, it creates a
power-imbalance that could lead to a failure in trust were her role in
this ever exposed. This would have the benefit of concealing
identities to preserve the reputations of everybody involved. To do
this,  you would need someone who is not otherwise associated with
either the study or the group being studied to manage the identities
and keep them in confidence.

Alternatively, your student could decide to reveal her identity to the
participants, and simply promise to keep responses confidential, thus
putting her trust in her participants.

Of course, identity concealment cannot be guaranteed if there is a
chance of legal or brute force confiscation of the data. In my own
work, I either don't collect data that can be used in a court of law
to incriminate a participant (to the best of my ability to determine
this), or I am prepared to destroy the data if the law comes knocking
and to pay the legal consequences of my actions (e.g., go to jail,
live on the lam, whatever they might be). Of course, with electronic
data, you want to be thorough, so have access to the server is a must,
as is owning powerful enough magnets so that the disks are truly wiped
clean if necessary.

Conducting the interview, etc.:

If spying is an issue: Create a linux/unix server that has ssh
capabilities. In the linux/unix environment, include an installation
of a command-line text messaging program (I'm thinking about Zephyr
here, but I'm sure there are many others that are more suited for this
task). To communicate with the participants, create a user account for
them. Unless you are worried about wiretaps, provide them the username
and temporary password over the phone (or in person). Have them ssh
into the server *from*home*or*an*internet*cafe*, and then conduct the
interview, etc, via the chat program. If you want them to fill out a
survey, provide them with a special directory where the survey is
stored, have them edit the survey with a text editor to fill it out,
save it, and then retrieve their survey from the directory. Since you
are the administrator, this should be no problem. The only issue, of
course, is making it clear to your participants that you *will* be
accessing any files they create on the server, logging the chats they
have with you, etc. I think this will solve the problem of
transmission interception except for a determined spy (in which case,
who the heck are you interviewing!?!) who will take the time to crack
the encryption. And the data problem will be solved because the person
will be chatting and saving files on the server, not on their personal
machine. The only risk is from a key-stroke-logger, but if they use
their home machine, then unless the spying is very intrusive, it is
unlikely that such software has been installed. Of course, the act of
ssh-ing into a system run by a university is odd enough that it will
raise red flags in any concerted spying effort, but that will only
happen if home traffic/internet cafe traffic is monitored.

Otherwise, don't post things publicly on the internet, and just keep
the results confidential, and be sure that anything you report
publicly cannot be traced via context or other identifying information
back to particular respondents.

I hope this helps,

Ingbert

On Sat, Jun 7, 2008 at 1:53 AM, Han-Teng Liao (OII)
<han-teng.liao at oii.ox.ac.uk> wrote:
> To Bruno,
> TOR could be useful but it is only for web surfing.  If you are in
> China, using TOR may not be sufficient.
> ---
>
> To Mark and all,
>
> Internet protocol is open architecture.  Security and encryption is an
> add-on.  I personally believe it is better configuration.  If we have
> "underground Internet" built in the architecture, I guess agencies such
> as CIA will have a bigger power in this area.  (Exactly the future
> Professor Jonathan Zittrain tries to avoid in his book "The Future of
> Internet")
> Then it should be part of the Internet Infrastructure literacy
> education, something as simple as "Emails are postcards", "chat rooms
> are by default open", "msn will turn your chat record to Beijing if
> ...." etc.  If one need protection, just download and use the encrypted
> chat softwares (preferably those with PGP standard)
>
> Some softwares could be found:
> http://www.infoanarchy.org/en/Encrypted_Chat_Clients
> ---
>
> To all,
>
> Do we need to compile a corresponding resources to the AoIR Ethics Guide?
>  http://www.aoir.org/?q=taxonomy/term/73
> Guidelines need the right tools and experience to avoid unintended harms.
> ---
>
>
> --
> *Liao <http://zhongwen.com/cgi-bin/zipux2.cgi?b5=%E5%BB%96>,Han
> <http://zhongwen.com/cgi-bin/zipux2.cgi?b5=%E6%BC%A2>-Teng
> <http://zhongwen.com/cgi-bin/zipux2.cgi?b5=%E9%A8%B0>*
> DPhil student at the OII <http://people.oii.ox.ac.uk/hanteng/about/>(web)
> needs you <http://people.oii.ox.ac.uk/hanteng/>(blog)
> _______________________________________________
> The Air-L at listserv.aoir.org mailing list
> is provided by the Association of Internet Researchers http://aoir.org
> Subscribe, change options or unsubscribe at:
> http://listserv.aoir.org/listinfo.cgi/air-l-aoir.org
>
> Join the Association of Internet Researchers:
> http://www.aoir.org/
>



-- 
==========================================
Ingbert Floyd
PhD Student
Graduate School of Library and Information Science
University of Illinois at Urbana Champaign
http://ingbert.org/ || skype: spacesoon

Check out the unofficial GSLIS Wiki:
http://www.gslis.org/

"Dream in a pragmatic way."
-Aldous Huxley



More information about the Air-L mailing list