be captured and used. With respect to research participants’ privacy, these guidelines cover issues such as informed consent, purposefulness, confidentiality, further use of the video, misrepresentation, and fairness. Many of MacKay’s suggestions overlap with IRB requirements and constitute a commonly-accepted baseline practice for the protection of participants’ privacy.
In the past few years, however, researchers have voiced concerns from the application of IRB requirements to social, behavioral, and economic research . In the HCI community, researchers face similar challenges. For example, in a study investigating privacy preferences of a ubicomp application, Iachello et al. encountered problems related to consent requirements set by the IRB. In that case, it was essential that the survey procedure be as minimally invasive as possible. However, the information notice required by the IRB disrupted the experience even further than the disruption caused by filling out the survey . Iachello et al. noted that more concise consent notices would be helpful, though changing standard wording requires extensive collaboration with IRB officials.
Further ethical issues are raised by Hudson et al. , who report on a study of privacy in web-based chat rooms. Hudson and Bruckman note that obtaining informed consent from research participants may skew the observations by destroying the very expectations of privacy that are the object of study.
Another ethical issue relates to studies involving participant deception. One remarkable study was conducted by Jagatic et al. at Indiana University to study the behavior of victims of “phishing” schemes. In this IRB-approved study, the researchers harvested freely available data of users of a departmental email system by crawling social network web sites; this allowed the researchers to construct a network of acquaintances for each user. They then sent to these users emails, apparently originating from friends and acquaintances, and asking to input departmental authentication data on a specially set-up web page —a sophisticated phishing scheme. Their results showed remarkable rates of successful deception. Participants were informed of the deception immediately after the study ended and were given the option to withdraw from the study per IRB requirements; a small percentage of participants did withdraw. However, some participants complained vehemently to the researchers because they felt an invasion of privacy and believed that their email accounts had been “hacked.”
3.2.6 Conclusions on Methodology
In summary, methodological issues in HCI research relate to privacy in multiple ways. One salient question is whether surveys, focus groups, and interviews should be structured to present both benefits and losses to participants. Clearly, a balanced presentation could elicit very different responses than a partial description. A second ethical question relates to whether uninformed attitudes and preferences should drive design, or whether researchers should only consider actual behavior. These questions are but instances of similar issues identified in user-centered design over the past two decades, but are raised time and again in the context of privacy [76, 272].
Stated preferences vs. actual behavior is another important methodological issue. As Acquisti and Großklags point out, individual decision making is not always rational, full
end-user-privacy-in-human-computer-interaction-v57.docPage 29 of 85