CRA-I Blog

The CRA-I Blog frequently shares news, timely information about the computing research industry community, and items of interest to the general community. Subscribe to blog emails here to stay connected.

CCC and CRA-I Respond to NTIA Request for Comment on Ethical Guidelines for Research Using Pervasive Data

The following is by Haley Griffin and reposted from the Computing Community Consortium (CCC) blog. 

Last week, CRA-Industry, in collaboration with Computing Community Consortium (CCC), submitted a Response to the National Telecommunications and Information Administration (NTIA), Department of Commerce’s Request for Comments: Ethical Guidelines for Research Using Pervasive Data. The response was written by Nazanin Andalibi (University of Michigan), David Danks (University of California, San Diego), Haley Griffin (Computing Research Association), Mary Lou Maher (Computing Research Association), Jessica McClearn (Google), Chinasa T. Okolo (The Brookings Institution), Manish Parashar (University of Utah), Jessica Pater (Parkview Health), Katie Siek (Indiana University), Tammy Toscos (Parkview Health), Helen V. Wright (Computing Research Association), and Pamela Wisniewski (Vanderbilt University). 

The National Telecommunications and Information Administration (NTIA) was seeking, “public input on the potential writing of ethical guidelines for the use of ‘pervasive data’ in research. Such guidelines, if warranted, would detail how researchers can work with pervasive data while meeting ethical expectations of research and protecting individuals’ privacy and other rights.” Below are some of the main points from CCC & CRA-I’s response.

(1) Benefits to the proposed guidelines:

  • Accountability and a standard of research to support researchers and enhance public trust.
  • A consistent approach to research ethics across different institutions, including but not limited to, universities, technology companies, and industries (e.g. healthcare, education, transportation).
  • Methods justification and improvement for researchers who work with sensitive, pervasive data.
  • Protection for researchers who study controversial topics by providing ethical foundations for their work.
  • Protection for the participants whose data is being analyzed and strengthen the protections under Common Rule (many IRBs deem some pervasive data studies as “non-human subject research,” which does not ensure the same level of ethical review as research deemed human subjects research).
  • Clarity for companies who could use the guidelines to standardize their research processes, codify best practices, make their work more equitable (by ensuring all stakeholders are considered), and likely improve the efficacy of their research as well.

(2) Drawbacks to the proposed guidelines:

  • The guidelines would need to stay robust to shifts in data practices, governance, other adjacent recognized guidelines (e.g. IRB), etc. They recommend a regular review of the guidelines to ensure alignment with current policies and needs.
  • There is no enforcement mechanism to ensure good faith adoption among researchers. The communities and people that should be protected and treated ethically may still face significant risks.
  • Researchers using pervasive data may not be aware of the guidelines. Awareness could be increased through integration with IRB CITI or NSF RCR training and by obtaining buy-in from organizations that publish research (e.g., ACM, IEEE, National Academies) or fund research (e.g., NSF, NIH, The Knight Foundation).
  • Researchers may be aware of guidelines but misuse them to justify unethical data practices (they might also design research studies to fall outside the boundaries of such guidelines–similar to researchers trying to avoid IRB review).
  • Guidelines may restrict flexibility and innovation of ethical research that falls outside the existing guidelines.
  • Data and researchers can both be outside of the U.S., and national guidelines need to consider international contexts. 

(3) The NTIA definition of pervasive data could be improved by,

  • using “digital services” or “networked services” rather than “online” since “online” can be interpreted as “on the internet”, which is too narrow in scope, and
  • including the following data: in the definition: health data, biometric data, sensor data (e.g., tracking body movements, sensed behavior of humans), non-publicly available data, personally identifiable information (PII), data of marginalized or at-risk communities (i.e., people at risk for poor health and social well being), and inferred data (i.e., algorithmic inferences of one’s identity, activities, emotion or affect, likeness, etc.).

(4) Existing barriers to accessing pervasive data:

  • Pervasive data collected and stored in technology companies is generally inaccessible to researchers outside of those companies. The predominant challenge is the misalignment between companies’ priorities (profit, legal liability) and researchers’ priorities (creating new knowledge). 
  • Costs for data access can be prohibitively expensive (which disproportionately impacts resource-constrained researchers).

Even once data is obtained, the authors expressed that there are hardships to actually use the data to conduct research (e.g. assessing the quality of data, determining who can provide consent/permission to use the data, etc.). They concluded that if researchers are to have access to pervasive data, we would need a large-scale shift in thinking about how that data is made available, what protections are available to companies, what standards researchers should be held to, and how to evaluate the quality of the data. 

(5) Data held by online services that would be most valuable to the public interest if researchers were able to access it is data that:

  • Aligns with societal priorities (e.g., democracy, healthcare, housing, children, poverty). This could allow researchers and companies to develop technologies and policies towards the greater good – e.g., helping those most in need. 
  • Helps us understand how technology is shaping our social lives (e.g., social media). This is important for understanding and tackling societal challenges, like disinformation, harassment, and mental health. 
  • Is collected, analyzed, and used (by various actors) about people, without their informed consent or even awareness. This is important for protecting people’s privacy and enabling them to make informed decisions about their digital behaviors, identities, and likeness.  

(6) Guidance for researchers working with pervasive data considering consent and autonomy. Researchers should clarify if a user allowing access to their data is,

  • Legally required (e.g. age before purchasing alcohol to be delivered) or is motivated by the company’s desire for data,
  • Required in order to use the service/obtain the information the user is attempting to access, and 
  • Going to potentially be sold/accessed to a data broker and/or researchers and/or other actors (e.g., government, law enforcement).

They also presented the principle of “do no harm” as an alternative model to traditional consent that can provide protection for data subjects in cases where autonomy is limited or consent is given in circumstances where it is required for the individual to have access to required or desired resources. 

(7) In order to take future technological advances into account, the guidelines should do the following:

  • Be reviewed every 6 -12 months (could consider establishing a working group that is responsible for this process) because as technology evolves, so should these guidelines. 
  • Rely on the principle of precedence – learn from past decisions to inform future ones (which may be different technology but similar ethical considerations).
  • Require researchers to certify a “do no harm” statement that acknowledges that the capabilities of technology will evolve, but they should never use the data in a way that could negatively impact or be used against the person who supplied it (even if they consented for it to be used for future research needs). It could include a section on what a researcher can and cannot do with pervasive data, and shift the responsibility for unforeseen negative consequences onto the researcher rather than the data subject.
  • Account for the perspectives and expectations of data subjects, with attention to the unique contexts and identities implicated in data collection, analysis, etc. (e.g. if the degree of perceived sensitivity of data type A is high for group B, then perhaps said data should not be collected from group B to begin with).
  • Update the understanding of what situations require what kind of privacy protection, accounting for what data types are sensitive to data subjects (e.g. data about affect/emotions that is increasingly relevant in pervasive data collection/inferences/use, and are considered to be “sensitive” by data subjects (Andalibi & Buss, 2020).
  • Consider how federal, state, and international data privacy regulations align and conflict and communicate these limitations to researchers so they can consider how to apply them to their respective projects.

Read the full CCC & CRA-I RFC Response here.

Growing Number of Industry and Government Lab Members Join CRA to Drive Innovation and Partnerships

By Matt Hazenbush, Director of Communications, and Helen Wright, Manager, CRA-I

The Computing Research Association (CRA) continues to expand its membership as organizations from industry and government labs engage to shape the future of computing research. Recent additions, including J.P. Morgan AI Research, along with renewals from long-standing members such as Google, Microsoft, and IBM Research, reflect CRA’s role as a central hub for innovation and collaboration.

Central to these efforts is the CRA-Industry (CRA-I) Committee, a standing committee established to connect industry partners with academic and government constituents. CRA-I provides a platform for open discussions, impactful collaborations, and the development of best practices that drive progress in computing research and benefit society.

“CRA is an incredible forum where academia, industry, and government come together to tackle some of the biggest challenges in computing research,” said Fatma Özcan, Co-Chair of CRA-I and Principal Software Engineer, Systems Research, Google. “By fostering open collaboration and discussion, CRA-I helps us shape research priorities, share best practices, and build diverse talent pipelines that drive innovation and make a real impact.”

From tech giants to financial institutions and national labs, industry is seeing the value of CRA membership—learn more about the benefits to industry and government lab members and connect with us about joining our community.

Key Benefits of CRA Membership for Industry and Government Labs

CRA provides a range of benefits for industry and government lab members, including opportunities to build connections, influence research priorities and academic computing programs, and access valuable resources:

Academia-Industry Partnerships

CRA helps members forge meaningful connections with academic institutions through events like workshops, roundtables, and whitepapers, providing access to a network of top university contacts. CRA also offers guidance on all stages of partnerships, from initial collaborations to established, mature relationships, and is developing a “maturity curve” framework to help members navigate different stages of partnership development.

Shaping Computing Policy and Research Directions

CRA’s presence in Washington, D.C., supports industry members in navigating federal funding and policy. CRA Government Affairs offers timely policy insights, and events like the Leadership in Science Policy Institute (LiSPI) and Congressional Visit Days equip members to advocate effectively within science policy. Through initiatives like the CRA Quadrennial Papers, members help guide federal investment, with CRA Government Affairs providing insights and connections to the policy-making process.

Growing and Diversifying Talent Pipelines

CRA members gain access to talent-development initiatives like the CRA-WP Grad Cohorts and UR2PhD Program, which support a diverse, skilled talent pool. CRA members also influence the talent pipeline and the training they receive in academic computing programs through efforts like CRA’s Practitioner-to-Professor Survey, which ensures academic curricula align with industry needs.

Industry-to-Industry Networking and Best Practices

CRA offers a space for industry members to connect, share insights, and foster cross-industry partnerships. Members benefit from access to best-practice documents on topics like interdisciplinary research and DEI initiatives, providing actionable frameworks to implement within their organizations.

“CRA-I provides a unique space for industry members to connect, collaborate, and share best practices,” said Divesh Srivastava, CRA-I Co-Chair and Head of Database Research at AT&T. “The diversity of expertise among members sparks fresh ideas and innovative approaches that help us address challenges and develop strategies that no single organization could achieve alone.”

Research and Development Resources

CRA provides essential resources for R&D, from cybersecurity initiatives to “Research in a Box”—a toolkit for companies seeking to launch research without extensive infrastructure. These resources streamline R&D processes and encourage collaboration across industry and academia.

“CRA-I’s focus on providing actionable resources and fostering collaboration is transformative for companies looking to enhance their research capabilities,” said Ben Zorn, CRA-I Past Chair and Partner Researcher at Microsoft Research. “By connecting industry leaders with academic and government partners, CRA helps bridge gaps and accelerates innovation in ways that benefit the entire computing ecosystem.”

A Growing Community Committed to Innovation

As CRA continues to grow and welcome new industry and government lab members, it remains dedicated to fostering impactful partnerships, advancing computing research, and addressing the most pressing challenges facing industry today. With a wide range of benefits, from networking and collaboration opportunities to policy insights and workforce development, CRA membership offers organizations the resources and connections they need to make a difference.

Join the growing list of industry leaders who are already realizing these benefits.

Exploring Trust, Technology, and AI in Healthcare Data Sharing: Insights from the CRA-I Workshop

Workshop participants watching a panel. CRA-Industry (CRA-I) recently hosted a Sharing Healthcare Data workshop in October in Washington, DC. Over 35 healthcare professionals, academics, industry leaders, and government representatives convened to explore the intersection of healthcare data sharing, trust-building, and the evolving role of AI in patient care. The discussions highlighted crucial themes of inclusivity, patient-centered innovation, and the vital need for diverse perspectives to shape the future of healthcare data. The full agenda is available here. This workshop is spun off of the very successful CRA-I Sharing Healthcare Data Roundtable in December 2023.

The workshop was honored to feature keynote speakers Deborah Estrin from Cornell Tech and Tom Kalil from Renaissance Philanthropy. Estrin presented on Patient-Generated Data Sharing: Advancing Hybrid, Longitudinal Patient Care with Digital Biomarkers and Therapeutics (DBx, DTx), emphasizing the potential of patient-generated data in shaping comprehensive care. Kalil focused on the need for concrete, actionable steps in policy, urging the identification of specific data needs and detailed, agency-specific recommendations for policymakers. 

A key theme that emerged throughout the workshop was trust in healthcare data sharing, particularly for underserved communities. While technology can improve access, culturally competent, human-centered approaches remain essential for building lasting trust. Some challenges in this field that were brought up include regulatory, legal, and consent barriers, as well as the need for clear AI policies in healthcare.

The workshop emphasized that transforming healthcare data sharing, while achievable, requires thoughtful approaches. By expanding stakeholder involvement, refining data-sharing policies, and supporting ongoing innovation, we can create a healthcare ecosystem that respects patient autonomy and serves the needs of all. Moving forward, our efforts should aim to build frameworks that not only advance healthcare technology but also ensure it is used responsibly, fairly, and in a way that fosters trust across all communities. Please keep an eye out for the workshop report, which will be posted here, in the next few months.