Note to readers

This is a blog that I'm required to keep that's full of unedited, near stream-of-consciousness reactions to similarly required and related readings in a graduate course in N.C. State University's Communication, Rhetoric, and Digital Media program. The way these posts are written help me interrogate and understand what's going on in our readings. I'm identifying what's troublesome so that I can give it more thought, but the posts aren't written in a style that's productive for audiences outside of our class to read. That's by design. I start with contestation, then spend heavens only knows how long researching, recutting, and reevaluating so that I can try and see what potentially productive readings I can extract from these source for use in my own work's contributions back to the field. Comments encouraged, but please, you'll likely need a thick skin if your work is quoted here.

Monday, October 27, 2008

IRBs and the [unjustifiable] limits of academic freedom?

From Clay Spinuzzi's blog:

Alas, no. Because any self-respecting institutional research board would balk at raw qualitative data being stored on a machine or server that is not owned and properly secured by the university. My IRB, for instance, specifies that data must be password-protected and stored on a hard drive that is encrypted at rest.

Let's first admit that I'm taking this quote out of context. Spinuzzi is considering using a "clouded system" (my quote) for aggregating qualitative data -- essentially storing data in a space like Google Docs. We had some discussion about this sort of ethical issue when we thought about putting grades in a Google Doc spreadsheet. Can you really ensure its protection? As I pointed out with Google's inability to protect anonymous blogs on Blogger, the answer is clearly no, both in theory and practice.

Though I wrote the blog post too quickly, without editing carefully enough (which is to say I've a misprint in the part he quotes *sigh*), B.r.e.n.d.a.n. R.i.l.e.y. (for whom Google Alerts provided the digital version of burning ears; I'm fudging his name here so he won't feel compelled to check this out until I'm done editing this time!) commented on my earlier blog on intellectual ownership. He and Laurie Taylor wrote the article I linked to earlier that does a very good job explaining open source from an academic context.

Here's an overly liberal quote from his blog.

This attitude does depend, as ruffin seems to acknowledge, on an idea that one must give up one’s claims on “intellectual property,” at least to some degree. He writes:

Others can still use your content to teach for pay. Your dean could still throw fifteen sections of the class on the books using your open content without asking, and now he could do it even if your university doesn’t claim to own the materials by virtue of some esoteric server ownership pact with the devil.

Yep, they can! (Only in Higher Ed would we find this scandalous at all. If you work in any other industry and produce something as part of your work, the company is expected to take that thing and do stuff with it. The folks who came up with the Nike swoosh got paid for doing so, but they don’t maintain rights over it. My cousin who works in biomedical engineering certainly doesn’t expect to keep her research or control it. Only teachers argue that their teaching materials are anything other than “work for hire.”)

I could see feeling a little chagrined if someone started making bucketloads of money from them, but ultimately my teaching materials are another form of my scholarship–they’re what I’m contributing back to the commons. And our culture is so wedded to the idea that we own our ideas that the idea of losing control of those ideas makes us revolt.

My contention with B.r.e.n.d.a.n. and now the powers that be as I've selectively quoted them from Spinuzzi's blog comes from the quote, "stored on a machine or server that is not owned and properly secured by the university". Why is that -- university ownership -- an issue? Why should IRBs force us to keep our information within the university? Whose research is it?

Look, my issue here is the corporate university, right? There's not much I'm trying to hide. I'm actually all for Open Source and giving away scholarship. I think that's the daggum point, after all. What I'd hoped to point out in that earlier blog was that Open Sourcing something doesn't provide some idealistically pure level of protection, and that we should be awfully careful that we understand how Open works before adopting it ourselves. Even though we make an end run around copyright, your academic labor can still be exploited in ways that make Corporation U proud.

What I dislike is the way the university continues to place itself between scholarship and the public paying for it. I'm not working in "any other industry". I've worked in a few of those, and I'd prefer to work in a protected space outside of that system, a space that performs as a check and balance on the system that'd rather own my work and run it through a profit maximization machine than share it unconditionally. Working at the government, the amount of pork redistribution -- and the degree that such redistribution of public funds to the private sector was used as a register of success -- drove me crazy in a similar fashion. Strangely enough, working at a mid-sized corporation was the most honest work environment I've yet seen. At least they admitted they were just trying to make [every] buck, bless their hearts.

That the university might be using the discourse of ethics to position themselves between the scholar and his patrons (the public, thank you very much, at least at NC State and, I believe, Spinuzzi's UT Austin) bothers me like you wouldn't believe. Blackbaud? For them (a corp), this would be a smart move, an understandable move, a justifiable move.

Only in Corporate U would ethics economics coming before scholarship not be found scandalous at all. Isn't it strange that the only sites that seem safe from this sort of influence, the ones in the humanities most ready to give to the public without serious compulsion, are the ones funded by private endowments or, surprisingly, Microsoft once the possibility for long-term profit is gone?


digital_sextant said...

Excellent points all! I'm interested if you see a distinction between public and private universities with regard to how open they should be, or between externally funded research--such as by a corporation--and internally funded research?

With regard to the university server issue, it occurs to me that one such policy might be a way to protect the University from lawsuits regarding privacy concerns or externally funded data. Rather than deciding, on a case-by-case basis, which studies do not concern privacy issues and which ones do, they just have a standard policy that ALL data must be on university servers.

I'm gonna quote you again, if you don't mind. Just let me know when you're ready. :D

digital_sextant said...

Oop! I guess I did see the typo.

If you'd like me to remove it, let me know and I'll happily do so.

Clay Spinuzzi said...

"What I dislike is the way the university continues to place itself between scholarship and the public paying for it."

The university does do that - but not in this case. When you're talking about storing research data (or grades) online, the main concern is liability. Two examples:

1) My raw research data has the names and identifiers of my participants and their institutions (usually workplaces). As part of my agreement to study these participants and institutions, I promise to keep the data secure. Sometimes I sign a non-disclosure agreement. So storing the data online, where I can't guarantee their security, would be an act of bad faith. One that would leave me open to a lawsuit.

I understand these dangers, but a lot of folks don't. I've seen cases in which people publish works-in-progress under obscure URLs and trust that "security through obscurity" works.

The university's role is to (a) provide an environment and set of procedures that guarantee genuine security so that the data are safe, and (b) provide legal protection so that if you use their protocols and the data are breached, the university gets sued and you don't. The university has deeper pockets.

2) A few years ago I worked with a colleague who stored individual grade sheets on a web server in the department. He used security-through-obscurity, providing students with links to just their grade sheets. The students quickly figured out his naming scheme and raised hell -- justifiably, because he had essentially put information that should be confidential into the public stream. I think he avoided getting sued.

Bottom line, yes, the university does often try to position itself between scholar and public. (UT takes a 50% overhead fee off of every grant we write, for instance.) But sometimes that is to lend expertise in security, and sometimes it's to legally protect academics. Usually it's both.

Hope that helps -- C.l.a.y.

ruffin said...

Ha, yes, Brendan got a kick out of the limited obfuscation as well. I threatened to rot13 next time and send all links through a proxy.

Yes, your examples 1.) & 2.) show serious and regrettable misunderstandings of technology/networking. I argue in a [less than complete] seminar paper that bloggers often confuse anonymity with privacy. You're blogging folks, not writing a manuscript/paper-based diary in Jodie Foster's panic room where your closest friends often come over to visit. (But more on that later.) As I remarked in the post, not even self-described non-evil Google can get privacy right. Storing data that must remain private in a "cloud" is bad news, no matter who is hosting it. That includes our universities.

Here's my real point of contention, which I glossed over in the post and appreciate the chance to clear up: At NCSU at least (and I assumed Austin), once something goes onto university servers, they own the data. If you want to publish, you have to clear copyright with them, etc. This is A Bad Thing for Idealistic Scholarship.

The university, in the system your comment, taken out of context, brought to my mind, is not simply someone granting protection or insurance for your data, but using the potential to provide those services to own your work. They are mandating [again, in this out of context, but very easy to believe situation] that you use their services not out of the goodness of their hearts or, better yet, in the interest of promoting scholarship, but in the interests of securing copyright. How often is the discourse of security used to secure prole compliance? This seems, to me, to be a place where such a bait and switch could be happening.

All you really need to access the university's deep pockets is... the university's promise you can access their deep pockets. Extend the same logic to accessing their [legal] protection (without images of Gandolfini?) as well. Let's say I have an offline computer at home, I don't know, in a panic room like Jodie Foster's. Why can't this be deemed safely secured by the university? I wonder how many university presidents use online banking. Those who don't will understand this argument against their university datahouses, and those who do have to accept there are potentially places other than the university where one can store pretty important data. (Warning: The last statement so egregiously simplifies logic as to be more sieve than secure itself. Dare I say its use was solely rhetorical?)

In brief, I want to register a complaint that data centers/repositories must be "owned and properly secured by the university" without exception, namely because in today's Corporate U, such a policy means all of your work with digitized data is belong to us... ur... is owned by the university as well.

If UT Austin has a different arrangement, consider me impressed.

Clay Spinuzzi said...

Ah, I see where you are going. I don't think that UT would have a problem with storing research data on a computer whose hard drive is password-protected and encrypted at rest. I do this (the server data is a backup) and although my laptop is owned by the university, they don't stipulate that it must be. So I think a "panic room" setup would be perfectly fine -- as long as the computer was not a server with easy access from the outside. Storing data on a third party's servers would be right out. Similarly, my original field notes and tapes only have to be stored in a "locked cabinet," not specifically on university property. The university would be displeased if my "secure area" turned out to be somewhere that roommates could easily access.

UT has also not indicated that it owns my data. I haven't had to clear publication or copyright with the university at any point. If I did, I wouldn't store data on university servers.

Hope that helps -- CS