Re: [93attendees] Network experiment during the meeting

Dave Crocker <dhc@dcrocker.net> Tue, 14 July 2015 13:51 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: 93attendees@ietfa.amsl.com
Delivered-To: 93attendees@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F6621ACD3A for <93attendees@ietfa.amsl.com>; Tue, 14 Jul 2015 06:51:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.5
X-Spam-Level:
X-Spam-Status: No, score=-1.5 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id afe1HbwGHHtR for <93attendees@ietfa.amsl.com>; Tue, 14 Jul 2015 06:51:15 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E1FD1ACD32 for <93attendees@ietf.org>; Tue, 14 Jul 2015 06:51:15 -0700 (PDT)
Received: from [192.168.1.87] (76-218-10-206.lightspeed.sntcca.sbcglobal.net [76.218.10.206]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id t6EDp9Yh032283 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 14 Jul 2015 06:51:12 -0700
Message-ID: <55A513C9.4030601@dcrocker.net>
Date: Tue, 14 Jul 2015 06:51:05 -0700
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Rolf Winter <rolf.winter@hs-augsburg.de>
References: <55A41BEB.3090102@hs-augsburg.de> <55A41FD7.5030906@dcrocker.net> <55A4B86B.3000907@hs-augsburg.de>
In-Reply-To: <55A4B86B.3000907@hs-augsburg.de>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Tue, 14 Jul 2015 06:51:12 -0700 (PDT)
Archived-At: <http://mailarchive.ietf.org/arch/msg/93attendees/oABLAz-frhGX4n2ZKWXQtG_W-As>
Cc: 93attendees@ietf.org
Subject: Re: [93attendees] Network experiment during the meeting
X-BeenThere: 93attendees@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: "Mailing list of IETF 93 attendees that have opted in on this list. " <93attendees.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/93attendees>, <mailto:93attendees-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/93attendees/>
List-Post: <mailto:93attendees@ietf.org>
List-Help: <mailto:93attendees-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/93attendees>, <mailto:93attendees-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jul 2015 13:51:17 -0000

On 7/14/2015 12:21 AM, Rolf Winter wrote:
> I am not sure I fully understand your question. You surely have noted
> that hs-augsburg.de != augsburg.edu so I assume you refer to the more
> general question of experimenting with human subjects. In my mind
> typically things like clinical tests fall under this. We will look
> solely at broadcasts (and multicast for that matter) sent out by
> devices. In essence data that devices send out to all other devices on a
> subnet. Clearly any IETF participant can conduct this experiment... well
> anybody on the IETF wireless can. We do not actively attempt to trigger
> broadcast/multicast communication, we merely listen to what the devices
> send out to _everyone_. But I am not sure I have answered your question.
> If not, could you be more specific?


Rolf,

The augsberg.edu reference was prefaced with "for example". It was not
meant as the specific set of rules at issue, but merely an example.
People often have no experience with modern rules on human subjects
research so I wanted to point to a representative set.

You are doing an experiment.  It involves human subjects, since humans
are generating the traffic you will be monitoring.  You are not
obtaining their explicit permission.

I do not know the usual parameters for including or excluding human
activity as qualifying for 'human subjects research' handling
procedures.  I also do not know the formal rules in terms of privacy
when capturing human-generated traffic.  But both of these lines of
concern are real and often challenging, with rules that vary across
institutions and laws that vary across countries.

I do know that being good folk and having good intentions do not
suffice, when privacy and/or human subjects research are involved.
There are professional standards and often there are legal strictures.

So I thought I should raise the issue both to ensure that you and IETF
management are aware of the topic, and to see whether anyone else in the
community cares about it.

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net