This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Unit 5 of Research Methodology
The ethical foundations every security and ML researcher is accountable to — from the Belmont Report's three principles and India's DPDP Act 2023 to FFP research misconduct, the Section 3(k) limit on patenting algorithms, and Google Project Zero's 90+30 responsible disclosure window — culminating in a full ethics audit of the five-chapter research journey.
Learning outcomes
Why research ethics rules exist, the Tuskegee study that made them necessary, the three Belmont principles — Respect for Persons, Beneficence, and Justice — and how each translates into a security or machine learning research context.
The four elements of informed consent, when an Institutional Ethics Committee review is required, how the DPDP Act 2023 adds data-minimisation and purpose-limitation requirements to any student project that touches personal data, and the CERT-In six-hour mandatory incident reporting obligation.
The three categories of research misconduct — fabrication, falsification, and plagiarism — illustrated with security-specific examples including a classifier retested under better conditions and reported as if it was always right, and the UGC 2018 four-level similarity penalty table for theses.
What copyright, a patent, and a trade secret each protect in India, why a published research paper and the algorithm it describes are protected differently, what Section 3(k) of the Patents Act 1970 means for algorithm patents, the RSA patent as a concrete illustration of the patent bargain, and what the MIT, GPL, and Apache 2.0 licences each actually require of a researcher who reuses open-source code.
The dual-use tension in security research, the coordinated disclosure lifecycle including Google Project Zero's 90+30 model, how bug bounty programmes formalise the disclosure channel for student researchers, why the NSA's decision to stockpile EternalBlue is an ethics failure under Project Zero's standard, and why documenting datasets and models with datasheets and model cards is itself an ethics obligation.
How the ethics obligations introduced in this chapter map onto each of the five research stages covered across the book — problem definition, literature review, data collection, write-up, and publication — so that ethics is understood as a continuous obligation rather than a final checklist.
The licences that govern how software and research outputs can be used, shared, and built upon — from open-source software licences (MIT, GPL, Apache) to open-access publishing models (gold, green, diamond) and the preprint ecosystem.
Concrete historical cases where ML and data science research produced harmful outcomes — algorithmic bias in criminal justice, discriminatory facial recognition, data harvesting without consent, and chatbots weaponised at scale — and the ethical lessons each case established.