Title: To deceive or not to deceive! Legal implications of phishing covert research

Authors: Rasha Salah El-Din; Lisa Sugiura

Addresses: Department of Computer Science, Deramore Lane, University of York, Heslington, York, YO10 5GH, UK ' Faculty of Health Sciences, University of Southampton, Highfield, Southampton, SO17 1BJ, UK

Abstract: Whilst studying mobile users' susceptibility to phishing attacks, we found ourselves subject to regulations concerning the use of deception in research. We argue that such regulations are misapplied in a way that hinders the progress of security research. Our argument analyses the existing framework and the ethical principles of conducting phishing research in light of these regulations. Building on this analysis and reflecting on real world experience; we present our view of good practice and suggest guidance on how to prepare legally compliant proposals to concerned ethics committees.

Keywords: phishing; research ethics; deception; IT law; information technology; security research; deception; good practice; legal compliance; ethics committees.

DOI: 10.1504/IJIPM.2013.057635

International Journal of Intellectual Property Management, 2013 Vol.6 No.4, pp.285 - 293

Available online: 12 Nov 2013 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article