alt Hacker NewsI've also had to deal with the IRB a lot as a professor. The retroactive application is extremely weird (although maybe better than nothing?).
This seems like one of those situations that would usually require regular review to err on the side of caution if nothing else. It's worth pointing out there are exceptions though:
https://grants.nih.gov/sites/default/files/exempt-human-subj...
Generally those exceptions fall into "publicly observable behavior", which I guess I could see this falling into?
It's ethically unjustified how the whole thing actually happened but I guess I can see an IRB coming to an exemption decision. I would probably disagree with that decision but I could see how it would happen.
In some weird legalistic sense I can also see an IRB exempting it because the study already happened and they couldn't do anything about it. It's such a weird thing to do and IRBs do weird things sometimes.
>I've also had to deal with the IRB a lot as a professor. The retroactive application is extremely weird (although maybe better than nothing?).
I mean I feel like the IRB is mostly dealing with medical stuff. "I want to electrocute these students every week to see if it cures asthma". "No that's too much.. every other week at most". "Great I'll charge up the electrodes"
So if a security researcher rolls in after the fact and says "umm yea so this has to do with nerd stuff, computers and kernels, no humans, and I just want it all to be super secure and nobody gets hacked, sound good" "ok sure we don't care if no people are involved and don't really understand that nerd stuff, but hackers bad and you're fighting hackers"