Departmental Ethics Review

2019-05-01

by David Jones

I decided I should try and become a departmental ethics reviewer.

It turns out that there isn't really any application process, you just ask.

Nonetheless when I was asked to write a few sentences, it turned into a longer Personal Statement.

I'm recording it here in my blog because although written in a hurry it summarises some of my reflections over the past few years.

I am a software engineer in the Research Software Engineering group at The University of Sheffield. My expertise as I see it relating to ethics review is:

an understanding of large scale computation on large scale data;
an understanding of encryption technologies for data at rest and in flight;
practical experience of both demonstrating de-anonymisation in large datasets and defending against de-anonymisation attacks in large datasets;
practical experience at handling potentially sensitive personal data in the context of a small web-based platform provider;
many years' experience in the commercial sector of handling commercially sensitive data and the associated paperwork;
some understanding in the particulars of the terms of service for common web platforms (like AWS, github, Twitter), and in general the kinds of things that platform providers try to enable and limit in their terms of service, and how those might impact data processing undertaken both on- and off-platform;
a hobbyist understanding of GDPR, Investigatory Powers Act, and similar leglislation.

My personal and professional interests are varied:

Areas where potential participants are uninformed, only partially informed, or have limited agency to act once informed. Examples would be the National Student Survey which is voluntary, but everyone in the chain is encouraged to meet particular targets; or, large genomic studies where participants will not have the necessary scientific training to be fully aware of what it possible with the data that has been collected.

Areas where the long-term storage of data may may lead to adversarial secondary re-uses of data far beyond the scope of the original collection. An example is that Staff Survey data may be exfiltrated by a rogue actor or simply demanded by Home Office personnel who have been freed from the shackles of democratic oversight; this exfiltrated data may then be used to identify minority or ethnic groups according to the whims of the rogue actors.

I am also concerned about problems where uneven data landscapes privilege or harm certain groups more than others. This can be either through data availability, data processing, or researcher focus. An example would be how in genomic studies data from minority ethnic groups may be discarded in early processing steps as being an outlier, leading to advances in medical research being mostly applicable to people of white european ancestry. Another example might be that people with accessibility needs or caring responsibilities might not have the time to take on additional work-related responsibilities such as ethical review, resulting in the pool of ethical reviewers being diluted in diversity and enriched with people of privilege.