Except that, now that they are listed in Spamhaus, those emails won’t be delivered to the recipients—unless they are sent from a Princeton.Edu domain.
___________________________ L. Mark Stone Sent from my iPhone > On Dec 19, 2021, at 3:02 PM, yuv via mailop <mailop@mailop.org> wrote: > > On Sun, 2021-12-19 at 09:51 -0600, Larry M. Smith via mailop wrote: > > There has been another update, and appears to be well worth a read. > > Indeed it is. I have complimented Jonathan for his leadership. His > note is what counts. > > I had used some of my snowy/rainy/slushy weekend to research US law. > Obligatory disclaimer: I am not licensed to practise US law, this is > unfamiliar territory, the following is for information purpose only, is > possibly wrong, I am not the lawyer of any reader of this information, > do not rely on this information. > > With the disclaimer out of the way, I have found out the legal ground > on which the IRBs make the determination if the research is human- > subject research or not. The rest (thinking of the consequences on the > humans or not) follows from that determination. > > Subpart A of 45 CFR Part 46. To my horror I found §46.102 (e)(1) > extends protections to humans only when the information extracted is > about them. The moment researchers are not extracting data about the > human itself, the IRB does not even have to consider the effect that > the research will have on any human. My understanding of the law as > written is that it white-washes a researcher who coerce information > about a third party from a human! > > The flow chart is at [1]. > > No-one considered that the mechanisms of the law exercised an abnormal, > in my view intolerable amount of pressure on the human recipients of > the emails, in addition to their scammy/spammy character. Even if > unintentional, the end-effect was morally wrong, a lack of respect for > persons as envisioned by the Belmont Report [2]. > > > To me, this was a dead-end. The research was in my view morally wrong, > but legally right and I had no leverage other than appealing to the > researchers' morality because the law is flawed. And the IRB has > simply done its job as expected by the law, so again, no leverage > whatsoever. Leveraging the spam issue and putting the kids in the same > class as the phishers and other scammers that infest the internet would > have been heavy-handed and probably also inconclusive, putting them on > the defensive and achiving nothing more than the shields of the anti- > abuse tools were not already achieving. > > Dilemma: how to advance on the issue? Sure, there is that ethical > middle ground, the Belmont Report [3], but it required goodwill on the > other side. Jonathan has shown goodwill. > > This is no longer on-topic for nitty gritty email system operators, so > I will stop annoying mailop with this. > > I want to thank everyone who has contributed little bits of evidence to > the case, whether it is point out to anti-spam resources clearly > showing that the emails were spam; or describing their experience. You > have all helped the researchers understand that what they did was > morally wrong. > > [1] < > https://www.hhs.gov/ohrp/regulations-and-policy/decision-charts-2018/index.html#c1 > > > > [2] < > https://www.hhs.gov/ohrp/regulations-and-policy/belmont-report/read-the-belmont-report/index.html#xrespect > > > > [3] < > https://www.hhs.gov/ohrp/regulations-and-policy/belmont-report/index.html > > > > -- > Yuval Levy, JD, MBA, CFA > Ontario-licensed lawyer > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
