6. March 2025 | Press releases:

Responsible research A systematic approach to strengthening ethical standards in information technology

  • With increasing digital networking, researchers have access to more personal data than ever before.
  • When people are involved in research projects, their privacy, personal rights and safety must be paramount.
  • Clear and verifiable standards are needed to minimise ethical risks.
  • A new framework should create transparency and ensure uniform compliance with ethical principles in research.

Smartphones, network-enabled computers and the Internet of Things (IoT) can generate large amounts of data of interest to researchers. This data contains personal information. The use of this data is strictly bound by ethical principles, but there are no standardised rules to monitor compliance.

Doubts about compliance with ethical standards can lead to surprises, not only during the peer review process, a quality assurance procedure for scientific publications. There have been cases where research projects were initially approved, for example by an academic ethics committee, and successfully went through the publication process. However, when the resulting publication came to light, it was considered unethical by those involved and some in the scientific community. As a result, the paper was retracted.

To avoid such hurdles, more and more conferences and funding agencies in the field of information technology are requiring that projects be reviewed for ethical compliance before publication.

A team of scientists led by Alexandra Dirksen at Technische Universität Braunschweig has proposed a way to do this: a framework to ensure that research data is collected in an ethically correct, transparent and consistent way, and before the data is collected.

Previously inconsistent working methods and national differences

The task of reviewing ethical principles is the responsibility of specialised university institutions, such as Research Ethics Boards (REB) or Institutional Review Boards (IRB). However, the working methods and enforcement powers of such institutions vary widely. Depending on the country and institution, they range from strictly regulated, mandatory approval by national authorities (e.g. in Sweden) to voluntary, non-binding guidelines issued by individual institutions or professional associations (e.g. the German Informatics Society, individual conferences, or the largest global professional associations ACM and IEEE). The same applies to their expertise and available resources.

Depending on the institution, financial resources or their research discipline, researchers may not have access to such committees. For departments that typically work with human subjects, universities often have a central ethical review body (e.g. medicine or psychology). In fields such as computer science or engineering, the ethical risks and social implications of research and the technologies developed are often unclear, and the protection of human subjects is not a priority. We see both this lack of clarity and the absence of ethical reflection in technical curricula as the main reasons why there are hardly any institutionalised structures dealing with the ethical challenges of technology.

Risky: self-assessment of ethical issues

In these cases, researchers have to assess the ethical implications of their work themselves. This approach carries the risk of being excluded from conferences and funding projects, as these require an official ethical review of their projects.

“Ethical reviews of research are often inadequate and sometimes even arbitrary.”

Alexandra Dirksen, information security researcher at TU Braunschweig: “We argue that due to this heterogeneity, ethical review procedures for research are often insufficient and sometimes even arbitrary. In our paper, we present a federated approach to address the systematic weaknesses of these procedures in the field of information technology.”

„Don’t Patch the Researcher, Patch the Game”

The paper ‘Don’t Patch the Researcher, Patch the Game’ is the result of close interdisciplinary work and combines aspects of information security, scientific ethics and sociology. The authors propose a framework (Federated Ethics Boards) in which ethics committees from different institutions are networked. The individual boards within the framework correspond to a local ethics committee or an ethics commission. When ethical questions or concerns arise during the design phase of a research project, or when formal approval is required, researchers submit their project proposal to the central institution of the Federated Ethics Boards.

Raising standards, reducing bias

Within the framework, their submission is randomly allocated to a panel, taking into account certain characteristics such as technical specialisation, domain knowledge, reliability, etc. This approach can raise the standard of review and minimise potential bias.

This panel helps researchers to design their project in an ethically correct way. Finally, the project description is formally certified, which can be used as evidence when submitting research results or obtaining research funding.

Early identification of ethical problems

In contrast to existing approaches in information technology, which are often based on retrospective reviews (ex-post), the authors advocate a transparent process that takes effect before any research experiments are carried out (ex-ante). This would allow ethical issues to be addressed at an early stage in the research process, thereby minimising potential harm to human subjects.

A single procedure makes it easier to navigate the process and allows for equal and fair participation of all researchers. The framework would link ethics committees from different institutions and to some extent document their decisions in a publicly accessible database. This should not only improve the quality of ethical assessments and make them more transparent, but also promote the exchange of knowledge and best practices. The systematic approach will increase confidence in research, reduce delays caused by second-guessing and promote responsible scientific conduct.

Alexandra Dirksen: “Our goal is to create a Community-wide structure that not only minimises risks, but also empowers the research community to work together to further develop ethical standards for new technologies.”