[Air-L] Feedback requested: The Ethics of Social Honeypots

Dave Dittrich dittrich at apl.washington.edu
Tue Jan 1 10:09:00 PST 2013


Hi all,

For those who did not attended our panel on "Other Ethics" at
AoIR in Manchester, my contribution was to mention a
DHS-supported effort to develop principles and applications
for ethical evaluation of ICT research and how it can help
in studying computer crime in ICT settings. If you are not
familiar with the Menlo Report and want to learn more, see:

Michael Bailey, David Dittrich, Erin Kenneally, and Douglas Maughan. The
Menlo Report. Security & Privacy, IEEE, 10(2):71–75, March/April 2012.
http://staff.washington.edu/dittrich/papers/menlo_report/menlo_report.pdf

Two of my Menlo colleagues and I recently taught a didactic
course at the PRIM&R IRB conference in San Diego. The course
primarily described the Menlo Report process, but concluded with
a mock IRB committee review of a fictional proposed research project
in which researchers develop countermeasures to malicious botnets
in social network platforms like Facebook using a combination of
deception to build a social network of over 1 million users and
to then use "good bots" that infiltrate the "bad bots".

I would be very interested in hearing any feedback from researchers
on this list who study social networks and have had experience with
their own IRBs as to whether this paper is helpful and in what ways,
or how it could be modified to be more helpful. You can find the
paper here:

David Dittrich. The Ethics of Social Honeypots. Available at SSRN:
http://ssrn.com/abstract=2184997, 2012.

P.S. Stuart Schecter already pointed out to me that Facebook
provides a back-end service to researchers that would obviate
the need to use deception in order to get the same information
necessary to detect malicious botnets. I was not aware of it and
possibly many others are not as well. Regardless, the discussion
of how to address the issues of deception in ICT research studies
is still important to consider.

-- 
Dave Dittrich
dittrich at apl.washington.edu
http://staff.washington.edu/dittrich

PGP key:     http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint: 097B 4DCB BF16 E1D8 A06C  7512 A751 C80A D15E E079



-- 
Dave Dittrich
dittrich at apl.washington.edu
http://staff.washington.edu/dittrich

PGP key:     http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint: 097B 4DCB BF16 E1D8 A06C  7512 A751 C80A D15E E079



More information about the Air-L mailing list