Privacy policy
Revisions
- 1 May 2015 - Release of privacy policy
1. Introduction
The "WiFi Usage and Cybercrime Risks in University Student Communities" research study is referred to simply as the "research study" or "study". This study is conducted at the Research School of Social Sciences (RSSS) at the Australian National University (ANU). "We" or "us" refer to the study's investigators. Your "data" refers to the Web URLs that you have visited and your private and personal information that we attempt to elicit in our social engineering experiments.
The information listed here and about this study has undergone an ethical review by the Human Ethics Review Committee at ANU. By accepting our Privacy Policy through a digital consent process, you consent to our collection, storage, use of your personal information as described in this Privacy Policy.
The research study starts on 1 May 2015 to 1 May 2016. Your data is collected between 20 July 2015 and 21 November 2015. Your data will be kept for 5 years after any publications arising from the research study.
Please note that this Privacy Policy only covers data collected using our server. We are not responsible for your interaction and sharing of data with Web sites not affiliated with this research.
If you have questions regarding this Privacy Policy, please contact us using the details in the left navigation or in Section 8 ("Contact us").
2. Data we collect
We collect four types of data:
| Type | Attributes | Reason | Collection method |
|---|---|---|---|
| Metadata | ANU ID, first name, last name, poster code, consent acknowledgement, sign up date, withdrawal date, removal of collected data, removal of survey data. | Data about research participation. This data is used to track participants and their consent. We verify you by sending a confirmation of participation link to your ANU email address. Please contact us to remove this data. | Explicit request from this study's Web site (TBA) (see the home page). |
| Browsing data | Visited URL, WiFi access point. | Only the full URL name is tracked (e.g. http://www.google.com.). No data about the Web page, interaction, cookies, nor other types of browsing data are tracked. This data is used to estimate the Web usage across the ANU campus, such as the most visited Web sites and their distribution across campus. This data is also matched against lists of known malicious Web sites to determine the cybercrime risks. | Collected from WiFi access points around campus, and/or from the ANU Internet servers. |
| Personal data | (To be confirmed.) First name, last name, age, home address, bank account details, demographic details, employment details, etc. | This data is collected from our social engineering experiments. We attempt to elicit these personal details (which are also collected by the ANU) to determine susceptibility of participants to cybercrimes. We will seek special permission from the ANU to verify this data. This data is used to determine cybercrime awareness and risks. | (Fake) Malicious Web sites or emails that mimic those used in social engineering methods. |
| Survey data | (To be confirmed.) Age group, WiFi usage details, etc. | This data asks for details about your WiFi usage and habits, feedback on the research study, cybercrime awareness, and other information to be confirmed. This data will allow us to collect demographic information, and estimate and compare the differences between perception and reality of WiFi usage and cybercrime awareness. | Online surveys will be released on this Web site. |
We understand that you may have provided us with false information as you may have suspected bad intentions. We ask that you provide true responses to our surveys, which may include identifying the false information you have supplied. We will only this information to gather statistics on cyber safety awareness. No identifying data will be used in our analyses and publications.
3. Sharing of information
We will NOT share your collected information with anyone except the researchers listed on the contact page. We will notify you if we add another member to this research study. Upon completion of our research study, we may delegate the responsibility of storage and maintenance of collected information to another person. We will provide full details of him/her and how the information will be stored. The ANU Cybercrime Observatory will still have responsibility of the collected information, so please contact us (Section 8) if you have any concerns.
4. How you can access/remove your information
The browsing, personal, and survey data detailed in Section 2 can be removed by submitting a withdrawal form from the home page. To remove your metadata, please send a request to the investigators of this research study on the contact page, with a clear title such as "Requesting access to my information" or "Requesting deletion of my information". We will do our best to promptly reply to your request.
5. Security of your information
We store your elicited information, and your Web browsing data through our Web server. The server is physically located in the Beryl Rawson building. It is physically locked to a wall mount, behind a locked door with only the investigators having physical key access, in a secured area that requires ANU ID card access (separate from building access). Your data is stored on a RAID-1 array of disks that is encrypted using AES-256 key encryption.
We only store the information you have provided to us and only track the Web sites that you have visited (no information about the content, interactions, nor cookies are tracked). We have implemented precautions against security breaches to our server, but we cannot guarantee complete security against unauthorised access, hacking, information loss, or physical/communication breaches, as a result of malicious activities, natural disasters, or other security threats.
6. Changes to our privacy policy
We will notify you of changes to our Privacy Policy by placing a notice on our research study home page and this page. We encourage you to periodically check these pages for updates.
7. Your ANU privacy rights
Please refer to the ANU Copyright and Privacy page for further information.
8. Contact us
Please contact the researchers in this study from the Contact Researchers link if you have questions, comments, or concerns about our Privacy Policy and/or practices. Please consider contacting the investigators first, then the supervisors. Please clearly state in your subject line: "Privacy Policy", for a faster response.
If you are not satisfied with our response, please contact the ANU Office of Research Integrity and provide the following information:
Ethics protocol number: "2015/038".
Title: "WiFi Usage and Cybercrime Risks in University Student Communities".
Primary investigator: "Roderic Broadhurst" (ANU ID: u4661385)
Co-investigator: "Khoi-Nguyen Tran" (ANU ID: u4315673)
Roderic Broadhurst
Professor
Room 2.12
Research School of Social Sciences
Beryl Rawson Building (#13)
The Australian National University
Acton, Canberra, ACT 2601, Australia
