Do researchers need to follow TOS?
The ACM SIGCHI Research Ethics Committee volunteers its services to help program chairs and journal editors. If reviewers raise ethical concerns about a paper, the committee will review the ethics of the situation, and provide a recommendation with rationale. The chair/editor is free to follow the recommendation or not. One of the goals is to separate review of the substance of the paper from possible ethical issues, where possible.
Since we began offering this service in 2016, by far the most common issue sent to us concerns papers that did not follow a website’s Terms of Service (TOS). Do researchers need to abide by TOS? The issues are surprisingly complicated.
It’s debatable whether following TOS is a legal requirement. In the United States, failure to follow TOS may violate the Computer Fraud and Abuse Act (CFAA), with surprisingly serious penalties. Case law in the US on whether violating TOS is actually illegal is unclear, with cases such as Facebook v. Power Ventures and HiQ v. LinkedIn suggesting it may be legal in many circumstances. However, both of these cases led to costly and drawn-out litigation. Tragically, the suicide of internet pioneer Aaron Swartz was directly linked to stress from his prosecution under the CFAA, in part for violating TOS of a journal site. Researchers Christian Sandvig and Karrie Karahalios are currently mounting a legal challenge to the CFAA on behalf of the research community. The bottom line is, if you chose to not abide by TOS, you are taking a risk.
Note however that legal and ethical may not be the same thing. And in fact you can make a compelling argument that violating TOS is not only ethically possible, but might even be ethically required in some circumstances. The issue is far reaching: if we abide by overly restrictive TOS, are we giving up the ability to reflect on systems that increasingly shaping society? If we only work with permission of Large Corporation, can we ever be critical of Large Corporation? If the products and services of Large Corporation are having a profound impact, what is the obligation of the research community to understand that impact?
The revised ACM Code of Conduct provides explicit guidance to help us with this dilemma. New draft text (under review as part of the Code 2018 project) says, “Computing professionals must obey … rules unless there is a compelling ethical justification to do otherwise. Rules that are judged unethical should be challenged. A rule may be unethical when it has an inadequate moral basis, it is superseded by another rule, or it causes recognizable harm that could be mitigated through its violation. A computing professional who decides to violate a rule because it is unethical, or for any other reason, must accept responsibility for that action and for its consequences.”
There are indeed times when society has a need to understand that supersedes following a legal policy written by a corporation that may primarily be trying to protect its own interests. However, this leaves us with two thorny problems. First, the rules often also protect users of the sites. Further, members of the site participate with an understanding that others will respect those rules. Who gets to decide when there is a compelling greater good that justifies such a violation? We believe there is a role for ethical review by a neutral party to help provide this guidance. A neutral third party needs to examine the situation and make a judgment. In some cases, existing ethical review bodies like IRBs in the US or review committees at corporations may play that role. However, there is a growing problem with such bodies refusing to provide guidance, saying it is beyond their purview.
To help fill this gap, our committee is willing to volunteer our time to provide feedback on planned research that may violate TOS. We encourage individuals who desire such input to request it during the planning stage of research.
In responding to requests to look at papers that violate Terms of Service, the Research Ethics Committee gives priority to the needs of users: Did the work violate the privacy of users? What is the likelihood that harm to users will result, and what is the severity of the risk? We leave the question of possible legal consequences for researchers up to the individuals who chose to undertake this work.
In addition to considering possible harm to users, researchers who choose to break TOS must carefully consider potential consequences for themselves and their collaborators. If we break the law, we need to accept the legal consequences. This is a time-honored practice in civil disobedience movements. This is a difficult decision for individuals, but even more fraught for people working in a group with supervisors and supervisees, like faculty and students. The challenging question then is: Can the person in a position of less power really comfortably say no? What steps does the authority figure need to take to make sure subordinates are freely consenting to a risky endeavor? The person in position of greatest authority should strive to take responsibility for the actions of the group.
This issue is one for which there is currently not a clear ethical norm within our research community, but we hope that this post provided some guidance about what factors to take into account when making decisions about potential TOS violations in the course of research.
The SIGCHI ethics committee (list of members) can be reached at chi-research-ethics@acm.org. You can also participate in conversation in our Facebook group or follow us on Twitter.
