Developing An Ethics Policy for Research that Uses ICT

Andy Bissett


Most institutions that carry out research, whether involving human subjects or not, are formulating ethical policies to cover their research if they have not already done so. Indeed, apart from encouraging and advertising good ethical ‘health’, many major research funding organisations (the Wellcome Trust, the European Community under Framework 6, to name two) will no longer make funds available to institutions (such as universities and research institutes) that do not have a publicly promulgated research ethics policy.

No doubt this is partly due to a series of distressing scandals in the UK during the last decade, often involving unethical medical research, that has severely shaken public assumptions about the nature of scientific research. Probably a wish to avoid litigation has also fuelled the growth of research ethics policies. Nonetheless, computer ethicists will welcome this important sea-change, albeit recognising that a policy in itself is only a necessary starting point. Following on from the inception of a policy there must be debate, elaboration, and means put in place to promote and ‘operationalise’ the policy.

Scientific disciplines such as biotechnology, pharmaceuticals, psychology and medicine, along with many social scientific fields of inquiry, have long since promoted their own scrupulous guidelines for ethical research. The ‘Helsinki Principles’ (WMA, 2004) have provided a sound basis for most if not all of these endeavours since their initial appearance in 1964. A valuable contribution to the development and promotion of ethical research appears in the King’s College (University of London) report on research ethics committees (Tinker & Coomber, 2004). Equally, most responsible organisations whether publicly funded or in the private sector have guidelines that promote the proper use of their information and communication technology (ICT) resources. However, there remains a gap in ethical policy in the circumstances of research that utilises ITC, or in which ITC is itself the subject. It is believed that the development of such a policy is a task that many organisations have yet to undertake, and therefore that this paper will be of distinct interest – and it is hoped use – to the participants of ETHICOMP and their sponsoring organisations.

The professional codes of conduct of both the British Computer Society (UK) and the Association for Computing Machinery (USA) urge consideration of the human consequences of computer systems, supporting, therefore, the ‘Helsinki principles’ of beneficence and non-malfeasance in research. Computer technology can provide a valuable vehicle for research in many fields and is also a rich area for research in its own right. However, as with any science or technology, care should be taken with the unintended possibility for negative consequences alongside the desire of the researcher to ‘do good’ and to ‘not cause harm’. Two major areas create distinct problems when researching with ICT. Firstly the ‘distancing’ effect of technologies such as the Internet enforce the ‘subject-object’ division and may encourage unethical behaviour, such as identity concealment; the Association of Internet Researchers has initiated important policy here (AoIR, 2002). Secondly, research into ICT as a subject itself may generate hazards, as in the self-inflicted attack by NATO anti-virus experimenters (Nathan, 2000).

This paper describes how a research ethics policy for research involving ICT was developed at the author’s own institution, starting from a background of the Helsinki Principles and other germane (usually legal) policies. The resulting policy (SHU, 2004) is outlined in the paper for further discussion, but is not held up as ‘the final word’ or a definitive document. The practical aim is to provoke an enriching debate, a kind of ‘action research’, in this relatively immature area.

The policy was adopted in December 2004 after a gestation of (appropriately) some nine months during which it was reviewed and critiqued. It contains thirteen sections, although each of these is highly modular and addresses a specific research topic; the aim was to achieve a ‘lightweight touch’ rather than a large, proscriptive handbook that nobody would want to read, much less use! Along with brief guidelines on obvious issues such as privacy, IPR, research utilising on-line surveys, research employing ‘external’ (to the institution) computer systems, and the computer processing of experimental results, some more exotic areas such as virtual reality and identity hiding were also addressed.

Problematical areas in the policy include experiments with computer viruses, the discovery of loopholes in computer security, and studies of cyberterrorism. Some of these proved controversial in the reviewing process before final adoption, and it may be expected that they will be subject to change, or at least interpretation, in the light of experience. This is normal and healthy for any organization concerned about its ethical practices, and wide and open discussion is vital. Presentation at ETHICOMP would be a key part of this discussion.

The questions that arise for research using ICT are not always obvious, and this paper has two very practical purposes; firstly, to air and encourage discussion of tricky areas, and secondly, to assist other interested parties and institutions to define their own policies for research that uses ICT. A set of guidelines or a policy such as this is, by its nature, an ongoing work, subject to critique and revision, and it is hoped that a lively and fruitful discussion will be initiated, both during and following the conference.


AoIR (2002) Association of Internet Researchers: Ethical Decision-Making and Internet Research. Available at:

SHU (2004) Guidelines on Ethical Aspects of Research using Information and Communication Technology, Enterprise Centre, Sheffield Hallam University.

Nathan, A. (2000) Nato creates computer virus that reveals its secrets, Guardian, 18th June.

Tinker, A. and Coomber, V. (2004) University Research Ethics Committees: their role, remit and conduct, Kings College London. Available at:

WMA (2004) The World Medical Association Declaration of Helsinki: ethical principles for medical research involving human subjects. Available at: