NHMRC Public Consultations

Skip Navigation and go to Content
Visit NHMRC website

Ethical Issues in research into alcohol and other drugs submission

ID: 
15
Personal Details
First Name: 
Nilva
Last Name: 
Egana
C. Additional Information
Please add further information: 
Informatician
Specific Questions
Those making a submission are encouraged to comment on the need for an ethical guidance framework, on whether the values and principles in the National Statement are adequate to address the ethical issues in AOD research, on whether the specific issues identified in this paper are sufficiently distinctive of AOD research to merit specific consideration in the proposed ethical guidance framework, and on whether there are additional issues that should be specifically considered in that framework.
Section Six - 6.4: 

In order for AOD researchers to relay sufficient information and obtain informed consent from potential participants, the researchers need to understand the technological related weaknesses in conducting online research.  This submission relates specifically to the use of Short Message Service (SMS).

 As Croft et al (2005) state ‘Short Message Service (SMS) is a hugely popular and easily adopted communications technology for mobile devices. Yet due to a lack of understanding in its insecure implementation, it is generally trusted by people. Users conduct business, disclose passwords and receive sensitive notification reports from systems using this communication technology’ 1

 Basic characteristics of SMS include:

  • Usually has a max of 160 alphanumeric characters;
  • Is a store & forward service;
  • Is not sent directly from sender to recipient;
  • Always sent via a Message Center;
  • Each mobile network provider may have several Message Centers to manage the SMS;
  • SMSs are by default sent in clear text ( ie- not encrypted); and
  • A text message originates from a computer or mobile phone.

19 Dec 11-As requested, diagram was emailed to ethics@nhmrc.gov.au as I was not able to submit it online.

Diagram 1 illustrates how SMS works

1.       The text goes to the Mobile Switching Center to be routed and stored in the Message Center.

2.       The cellular system searches for the mobile phone (the red dotted line) and alerts the mobile telephone that the message is coming.

3.       The mobile phone tunes to the control channel (the blue ray) where the message will be sent.

4.       The cellular system attempts to send the message ( the green line).

5.       As the text message is being sent, the cellular system waits for acknowledgement messages to confirm accurate delivery.

6.       If the transmission is successful the message may be removed from the Message Center. May, being the operative word as it is dependent on the service provider’s (Vodafone, Telstra etc) security policies.

7.       If the mobile phone is switched off or out of range the text message will remain in the Message Center. Storage times vary.

 The AOD researcher needs to understand that the message center and the control channel may be the weakest links in ensuring participant confidentiality when using SMS. In Australia, under the Telecommunications (Interception and Access) Act 1979 it is illegal for someone other than government agencies with a warrant to access information in transit or in storage, such as a text message that remains in the Message Center. However, the following should be noted:

 1.       although it is illegal for someone, without a warrant, to access a text message that is in transit or in storage- it is still possible for unauthorised access if the text message is unencrypted.

 2.       telecommunication legislation in other countries will vary and may not have provisions to protect access to text messages whilst in transit or storage. Australian AOD researchers collaborating with international researchers need to be mindful of this when obtaining consent from potential participants.

 3.       the potential for data leakage, whether accidental or purposeful, needs consideration.

  A robust and secure system for texting could be based on four principles used for online transactions:

  • Confidentiality- this ensures that only the person the message is directed to can open it. 
  • Authentication - knowing who sent the message.
  • Integrity- knowing that the message content has not been altered in any way in transit (sending and receiving)
  • Non-repudiation- the sender cannot at some later stage dispute they created and sent the message and the receiver cannot deny having received it.

 A good example of this but not related to AOD research is the Medicare Public Key Infrastructure (PKI) program http://www.medicareaustralia.gov.au/provider/vendors/pki/index.jsp

 It may not be practical to implement PKI technology when conducting AOD research. However, it would be well within the scope of obtaining informed consent to explain to the potential participant the risks involved and any contingency plans that the researcher has in place if text messages were to be accessed legally or illegally.

 

Reference

1.Croft NJ, Olivier MS (2005). Using an approximated one-time pad to secure short messaging service (SMS). pp. 71-76.

 

Page reviewed: 26 October, 2012