Search All of the Math Forum:
Views expressed in these public forums are not endorsed by
Drexel University or The Math Forum.
|
|
|
|
Secure storage and use of e-mail addresses
Posted:
Nov 17, 2004 6:19 AM
|
|
Here are some initial ideas about how we might handle the storing and
use of e-mail addresses for VMT participants, and potentially other
Math Forum services
1. Why do we want to do this?
a. In the case of VMT we want to be able to remind VMT participants
who have registered for a particular event via e-mail (or Instant
messenger?) so we need to store their e-mail addresses in a way that
is secure and approved by IRB
b. Also for VMT research we might want to conduct participant
interviews and evaluate their experience with the service and so it
will be necessary to contact them in a secure way.
c. In other services such as Ask Dr. Math, Math Doctors contact the
students through a set of PERL scripts that deliver their messages to
the students e-mail addresses and in the process make students e-mail
addresses visible to Math Doctors.
2. How could this be achieved?
In general de-coupling e-mail addresses and usernames (internally
selected or chosen by the user) and storing the e-mail addresses
encrypted in a separate repository should solve the "storage" problem.
When a message needs to be sent to a particular username a private key
(e.g. RC4 key) would need to be provided by an authorized person (e.g.
via and SSL form) so that the e-mail address could be decrypted and
the message sent.
However, annonymous two-way conversation of the type needed for
evaluative research or for the interactive dialogues required in the
Dr. Math service would require a "bridging" service that will act as
middleware hiding and translating usernames into e-mail addresses.
3. IRB approval
I suggest that we submit to IRB the following update to the methods
and procedures:
Student Teams (online)
The student teams onine will be established by people who respond to
the online materials distributed by the MathForum. The students will
register to participate in individual or ongoing events by filling out
a short survey about their grade, gender, level of mathematical
knowledge, and other demographical and attitudinal information. No
personal identification will be collected with the exception of a
valid electronic contact address (e-mail, IM nickname, etc.).
Students will be asked to pick an anonymous user name, distinct to
their given name, which will be used for all communication during
their participation in the project. At no point will it be necessary
for students to give their actual name or the names of their families
or the identity of their schools.
The electronic contact address (e-mail address, instant messenger
nickname, etc.)
will be collected to facilitate the process of reminding students of
the events and conduct evaluative surveys of their perceptions towards
the service provided. However, this electronic contact address will
be stored encrypted using industry standard mechanisms (e.g. RSAÂs RC4
encryption algorithm) in a repository independent of their demographic
data. All communication with the participating students will be
conducted through a system that hides the studentÂs e-mail address and
uses the user selected name to address the student. Responses from
students will handle in the same way so that their originating e-mail
address will be protected when replying to messages. Only authorized
PIs will hava a copy of the encryption key used to decode e-mail
addresses. In compliance with the Children Online Protection Act
(COPA) students under 13 years of age will not be allowed to
participate unless there is explicit parental or teacher consent .
Students participation will continue to be tracked in the system
anonymously by the user name selected by the students.
=======
Suggestions and feedback welcome!
|
|
|
|
