No subject

Thu Mar 17 18:44:32 PDT 2022

the Web are using SSL technologies in most or all of their surveys.

But the way I see it... is that things like use of SSL truly do their magic
in how they manage the "perception" of confidentiality/security.  While the
actual risk of data disclosure may diminish some when SSL is used, the
original risk (without SSL) was so low to begin with that it is really
silly that we worry about such things.  But respondents (and IRBs) like to
see it, so we provide that level of protection, and as a result, we turn
away fewer respondents.  It is odd though that people are concerned about
sending a survey via the Internet, when it would take very specialized
equipment to intercept the data and make sense out of it, however, people
are more than happy to place their social security number in an envelope
and mail it out to an office that they have never seen, and have the letter
handled by probably dozens of people on its way there.  If you look at the
means of most identify theft today, it is not via computer... it is via the
US Mail.  It is ALL about perception.

This all relates to communications between the respondents browsers and the
servers we maintain.  Basically, data in transit during the survey taking
process.  A much more important issue is how technologies are being used to
protect the databases that reside on researchers systems.  This is where
risk increases.  A snippet of data from a single survey can't give you
much... but if someone stumbles across an entire database containing
respondents information, the potential for a problem is much larger.  I
can't pretend to talk about this area, as it truly requires somone who
really knows about network security, and that is not I.  But certainly, any
researcher conducting Web-based research must have something in place to
protect their "back end" databases from attack or theft.


Scott Crawford
Research Director, MSIResearch
scott.crawford at
734/542-7796 (office)
734/542-7620 (fax)

             Sandra Braman                                                 
             <sbraman at                                             
             m>                                                         To 
             Sent by:                  air-l at                      
             air-l-admin at aoir.                                          cc 
                                       [Air-l] re IRBs vs. secure          
             03/22/2004 12:07          technologies                        
             Please respond to                                             
              air-l at                                               

Mark Johns -- Thanks for sharing that information
regarding common IRB practices concerning text
explaining how INSECURE web-based research
can be.  I'm still wondering, however, how
commonplace it is to use secure technologies
to protect web-based research inputs.  Whatever
an IRB is requiring in terms of text, description of
the use of such technologies could also be included
in introductions to surveys and other instruments,
would certainly be more reassuring to participants,
would actually provide greater protections for
confidentiality than is otherwise the case, and
may even begin to reassure IRBs that it is not
such a to-be-feared research environment in the
long run.  Anyone out there with experience using
secure technologies for web-based research
purposes, or know how they have been used
and how widely?

Thanks again --

Sandra Braman

Air-l mailing list
Air-l at

More information about the Air-L mailing list