USACM Comments on the Menlo Report

By David Bruggeman
March 2, 2012

On Monday USACM submitted comments to the Department of Homeland Security (DHS) on the Menlo Report, which was issued in September 2011. The goal of the report was to extend ethical guidelines for research involving human subjects to computer and information security research. It based its framework on the Belmont Report for 1979, which developed similar guidelines for biomedical and behavioral sciences.

While this effort is a good start, as USACM noted in its comments, “developing directly usable guidance for researchers requires both broader and deeper
consideration of these issues” than can be found in the Menlo Report. We recommend that the DHS:

  • Collect and analyze data on current practices before taking action.
  • Evaluate the advantages and disadvantages of a variety of research ethics board models, including national and regional review bodies as well as IRBs.
  • Systematically consider related work and guidance from around the globe.
  • Include specialists in research ethics as part of the process.
  • The work DHS is doing is important, but is not on its own. As reflected in our comments from last September, the Department of Health and Human Services is working out revisions on its own human subjects research regulations, and DHS would benefit from exploring that effort and using it to inform its own work.

    We think the Menlo Report is necessary, research in computing and information technology needs to live up to its responsibilities concerning the human subjects affected by that research. USACM is willing and able to assist in furthering the work needed to do so.