Participant information sheet
Researcher
My name is Roderic Broadhurst, a professor in the Research School of Social Sciences (RSSS) in the College of Arts and Social Sciences (CASS) at the Australian National University (ANU). I am an experienced criminological researcher who leads the ANU Cybercrime Observatory and has published widely on cybercrime, crime victims, violence and recidivism. I have held several ARC and overseas grants on a variety of topics including cybercrime and has been consultant to the UNODC and Australian and overseas police agencies.
Study title
WiFi Usage and Cybercrime Risks in University Student Communities
General outline of the study:
Description and Methodology: This research study has two main aims:
- to determine the coverage and usage of WiFi across the ANU campus; and
- to determine the cybercrime risks of staff and students at the ANU.
WiFi coverage and usage across the ANU campus has been a continuing issue at ANU. As far as we are aware, this issue has not been studied from a social science perspective. In particular, how WiFi usage differs and the cybercrime risks/awareness across different areas of campus.
As a participant, we will be collecting the URL links that you visit on the ANU WiFi access points. These URL links and the WiFi access points allow us to estimate the distribution of Web usage and determine current cybercrime risks (e.g. access to known scam Web sites). We will also conduct active social engineering experiments (in the context of cybercrime) to determine the vulnerable groups (e.g. (fake) scams designed to elicit personal information – that is steal details of your identity).
Participants: The target participant group is new and first year ANU students, but other ANU students are also encouraged to participate. We look to gauge the WiFi usage of incoming students and their susceptibility to cybercrime. To participate, please visit our Web site (TBA) to sign up to our study.
Use of Data and Feedback: Your Web browsing data (we collect only your URL data not the page visited or the content) and information collected by our social engineering techniques will be used to directly improve cyber-security at the ANU by determining the vulnerable demographics, providing recommendations to cyber-security practices, developing cyber safety awareness, and improving cyber-security research. We will provide updates to our research through our Web site (TBA), the ANU Cybercrime Observatory Web site, and through your ANU email address (required for sign up).
Participant involvement:
Voluntary Participation & Withdrawal: Your participation in this study is voluntary and you may withdraw from this research study at any time without any penalty. When you withdraw, we will ask explicitly if we can continue to store and use your data. We will remove your data if we do not have your permission or in the absence of an explicit permission.
What does participation in the research request of you? Your participation in this research requires access to your URL browsing data on the ANU WiFi network. You will also be exposed to social engineering directives that attempt to expose your personal information. These directives will be revealed when you become a victim. You will then be notified that you have fallen for a (fake) scam and we will provide you with cyber safely materials to avoid becoming a victim to (future) true scams. You will also be asked to complete questionnaires or survey throughout your participation.
Location and Duration: The research study, its investigators, and data collection are all located and conducted on the ANU campus. The research study period is from 1 May 2015 to 1 May 2016. The data collection period is from 20 July 2015 to 21 November 2015. You will be notified of additional data collection periods.
Incentives: No incentives to participate are offered. However, we will offer a deceptive advantage (a fake) that is common in cases of a real malware/cybercrime events.
Risks: The main risk factor is the disclosure of your personal information to true cyber-criminals. This risk is not increased by your participation in this study. When you sign up, we will ask you to remain vigilant and be careful of cybercrimes. We will also notify you if we find that you accessed known malicious URLs that you may not be aware of doing.
Implications of Participation: Your participation will allow us to estimate the state of WiFi usage, the landscape of Web sites accessed across the ANU campus, and the level of cybercrime risks/awareness at the ANU. We will use the results in our study to provide recommendations to improve WiFi coverage and access on the ANU campus, and to improve cyber-security and cyber-safety at the ANU. Direct benefits to you may be increased awareness and vigilance to social engineering methods (and other cybercrimes) that are intended to defraud or steal your personal information with malicious intent.
Confidentiality:
Confidentiality: Your data is stored on a RAID-1 array of disks that is encrypted using AES-256 key encryption (one of the current most secure encryption methods). This study will only store information you have provided to us and the Web sites that you have visited (no information about the content, interactions, or cookies are tracked or included). No identifiable data will be published. We will NOT share your collected information with anyone except the investigators listed in the Ethics Protocol. Our Web site (TBA) details the specific data we are collecting, and other information relating to this research study.
Data storage:
Where: Your Web browsing data (stored on our Web server) is physically located in the Beryl Rawson building. The server is physically locked to a wall mount, behind a locked door with only the investigators having physical key access, in a secured area that requires ANU ID card access (separate from building access).
How long: Your data will be collected between 15 July 2015 and 21 November 2015. Your information will be kept for 5 years after any publications arising from the research study.
Destruction of Data: At the end of the storage procedure, your data stored on disk will be erased securely, then the physical disk will be physically destroyed and disposed in a secure manner.
Queries and concerns:
Contact Details for More Information: Contact me by email: roderic.broadhurst@anu.edu.au to raise queries or concerns about the study. Please include “Queries about WiFi usage study (protocol number: 2015/038)” in your subject line so I can prioritise a response. I can be contacted by phone on 6125 4665.
Ethics committee clearance
The ethical aspects of this research have been approved by the ANU Human Research Ethics Committee. If you have any concerns or complaints about how this research has been conducted, please contact:
Ethics Manager
The ANU Human Research Ethics Committee
The Australian National University
Telephone: +61 2 6125 3427
Email: Human.Ethics.Officer@anu.edu.au
Ethics protocol number: "2015/038".
Title: "WiFi Usage and Cybercrime Risks in University Student Communities".
Primary investigator: "Roderic Broadhurst" (ANU ID: u4661385)
Co-investigator: "Khoi-Nguyen Tran" (ANU ID: u4315673)
Contact
Thank you for your participation this research. If you have any further questions, please do not hesitate to contact me or other investigators at our contacts page.
Kind regards,
Roderic Broadhurst (Primary Investigator)
Professor
Room 2.12
Research School of Social Sciences
Beryl Rawson Building (#13)
The Australian National University
Acton, Canberra, ACT 2601, Australia
roderic.broadhurst@anu.edu.au