On Sun, 2021-12-19 at 09:51 -0600, Larry M. Smith via mailop wrote: > There has been another update, and appears to be well worth a read.
Indeed it is. I have complimented Jonathan for his leadership. His note is what counts. I had used some of my snowy/rainy/slushy weekend to research US law. Obligatory disclaimer: I am not licensed to practise US law, this is unfamiliar territory, the following is for information purpose only, is possibly wrong, I am not the lawyer of any reader of this information, do not rely on this information. With the disclaimer out of the way, I have found out the legal ground on which the IRBs make the determination if the research is human- subject research or not. The rest (thinking of the consequences on the humans or not) follows from that determination. Subpart A of 45 CFR Part 46. To my horror I found ยง46.102 (e)(1) extends protections to humans only when the information extracted is about them. The moment researchers are not extracting data about the human itself, the IRB does not even have to consider the effect that the research will have on any human. My understanding of the law as written is that it white-washes a researcher who coerce information about a third party from a human! The flow chart is at [1]. No-one considered that the mechanisms of the law exercised an abnormal, in my view intolerable amount of pressure on the human recipients of the emails, in addition to their scammy/spammy character. Even if unintentional, the end-effect was morally wrong, a lack of respect for persons as envisioned by the Belmont Report [2]. To me, this was a dead-end. The research was in my view morally wrong, but legally right and I had no leverage other than appealing to the researchers' morality because the law is flawed. And the IRB has simply done its job as expected by the law, so again, no leverage whatsoever. Leveraging the spam issue and putting the kids in the same class as the phishers and other scammers that infest the internet would have been heavy-handed and probably also inconclusive, putting them on the defensive and achiving nothing more than the shields of the anti- abuse tools were not already achieving. Dilemma: how to advance on the issue? Sure, there is that ethical middle ground, the Belmont Report [3], but it required goodwill on the other side. Jonathan has shown goodwill. This is no longer on-topic for nitty gritty email system operators, so I will stop annoying mailop with this. I want to thank everyone who has contributed little bits of evidence to the case, whether it is point out to anti-spam resources clearly showing that the emails were spam; or describing their experience. You have all helped the researchers understand that what they did was morally wrong. [1] < https://www.hhs.gov/ohrp/regulations-and-policy/decision-charts-2018/index.html#c1 > [2] < https://www.hhs.gov/ohrp/regulations-and-policy/belmont-report/read-the-belmont-report/index.html#xrespect > [3] < https://www.hhs.gov/ohrp/regulations-and-policy/belmont-report/index.html > -- Yuval Levy, JD, MBA, CFA Ontario-licensed lawyer _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop