Kinsey Institute app debacle highlights privacy hazards around new research method
- With HathiTrust ruling, universities' 'fair use' winning streak
- Lessons learned from the case of the lawsuit over a C+ (essay)
- Appeals court returns retaliation case to lower court
- Federal privacy law should be deemed unconstitutional (essay)
- Publishers and Google end seven-year lawsuit with mysterious agreement
A recent hiccup at Indiana University over the release, and subsequent reeling-back-in, of a mobile app designed to collect data on sexual activity might strike some as prudish caution.
The university’s brisk command to the Kinsey Institute, the research center founded in 1947 by human sexuality researcher Alfred Kinsey, to pull the Kinsey Reporter App just hours after it was unveiled did come from a hesitancy to wade into a controversial new frontier of academic research. But this time the issue is not cultural, but technological.
The Kinsey Reporter App is an example of a new method of data collection that relies on subjects reporting their sexual activities to researchers via applications on their mobile phones. The prevalence of mobile devices in the general population, especially in countries and regions that historically have been difficult to study, is an exciting development for researchers. App-based data collection can mean larger samples and less legwork. But it can also mean larger risks and less-reliable data.
“These are complex communication media, and there are lots of players and lots of places in the middle where people can attack and try to extract information,” says Filippo Menczer, a professor of computer science and informatics at Indiana.
Menczer is the one who developed the Kinsey Reporter App. The institute approached him because the informatics professor has developed data-collecting apps for his own research. He knows where the mines are buried.
Traditional methods of protecting the personal data of research subjects always pose a risk, but preventing exposure in the digital era is particularly challenging, says Menczer. In 2006, AOL released the Web search logs of hundreds of thousands of users to academic researchers, cloaking users’ identities by replacing their user profile with a random number. But observers quickly figured out that the logs contained enough information to deduce the identities of some users. The debacle led the firing of the head of AOL’s research institute, the resignation of the company’s chief technology officer, and a class action lawsuit.
So Menczer does not blame Indiana’s general counsel for phoning the president, Michael McRobbie, the morning the Kinsey app was released and suggesting they postpone its release until the university’s legal team could give it a thorough vetting.
“Indiana University has been amazingly supportive of sex research,” he says. “I have no doubt that this is a real and well-founded concern that they don’t want there to be liability risks.”
Still, the informatics professor says the app is built with utmost regard to user privacy. From a pure research standpoint, he was cautious to a fault.
Unlike many popular commercial applications, such as Google and Facebook, the Kinsey app does not store any identifying data about its users other than broad geographical data (nothing more specific than a city or town) that the user has to submit voluntarily. There are no unique numbers that correspond to individual users. And the university’s servers do not log IP addresses for the phones that send them data. That means the Kinsey researchers will have no way of telling whether 10 distinct “reports” came from one person or ten different people. “This is a loss of information on our side,” says Menczer. “But, in return for that, we have true anonymity.”
Menczer and his colleagues built in other tools designed to safeguard privacy at the expense of potentially useful data. It only stores approximate time stamps for each report, not precise ones. It does not give users a free-response option, which users could conceivably use to identify themselves or, more problematically, another person. For example, if a person accused another person, by name, of a sexually based crime, that could have legal ramifications for the researchers, says Menczer. An Indiana spokesman cited liability in the event of a reported rape as a particular concern of the university’s lawyers.
The Kinsey app also uses something called “public key” encryption. That means if a third party, such as a service provider, intercepts data sent from a subscriber’s mobile device as it’s being sent to the Kinsey Institute, “they still can’t tell what it says,” says Menczer.
The downside of being so careful is that the app is unlikely to generate, on its own, data that is reliable or descriptive enough to support firm conclusions. But the Kinsey Institute hopes that it might shed enough light on sexual activity in different regions to provide a basis for more rigorous, conventional research.
“The data we’re collecting is not necessarily research data the way we usually think of research,” says Jennifer Bass, a spokeswoman for the institute. “It’s exploratory data.”
It is possible to make sense of the reports, even if researchers don’t know how many distinct users are sending them, says Menczer. For example, one could compare the frequency of different kinds of report in different cities against the population density in those cities and formulate a reasonable (if not scientific) hypothesis about the relative sexual proclivities of those cities. “There are still lots and lots of different things you can do without having to tie [each] report to an individual,” he says.
Except, of course, tie a particular person to a particular sexual event.
The Kinsey Institute says it got the reporting app approved by the Institutional Review Board and evaluated by an outside legal firm. Nevertheless, the university’s administration is delaying its release until it can review the app itself.
“The university administration and general counsel's office isn't working under the presumption that the Kinsey app is insecure,” wrote Mark Land, a spokesman for the university, in an e-mail. “The general counsel and president simply think a thorough review of potential exposure to the university should there be an issue with app is warranted before we move forward. It's a step that should have been taken before we made the announcement, but wasn't.”
As an explanation for the administration’s intervention, the sexual nature of the research might be a red herring. But the inherently sensitive nature of the research done at the Kinsey Institute does bring the issues emerging around app-based data collection into sharper relief.
“Sex research is a delicate topic, and it’s always been a delicate topic,” says Bass, the Kinsey spokeswoman. “People’s sexual lives are very private, and you can understand why that could be a concern by the administration and by us.”
For the latest technology news and opinion from Inside Higher Ed, follow @IHEtech on Twitter.