So, one piece of the code4lib journal saga has reached its end: the article in question has been retracted at author request. According to a letter I received from the president of the university where the article author works, this happened to bring an end to the ethics investigation I requested with no one admitting any fault. Which, fine. I think the retraction cures the major harms, and I was never in this out of any onus against the author.

This should not be the end for the journal, however, which continues its silence on what, if anything, it plans to do to keep unethical research from appearing in its pixels. The best time to have done something would have been a long time ago; the second-best time is now.

How do I feel? Sad and tired, mostly. Mildly vindicated, yes, I’ll cop to that. But as Machaut wrote, ma fin est ma commencement: there’s a lot more work to do about all this, and I seem to have elected myself to the position of Something-Doer In Chief.

I’m seeing the light at the end of the tunnel for data collection on the evaluate-VAL-data-practices piece; I need to find one review piece in print to check its citations (not a problem; the iSchool library has print of the issue I need) and finish going through Library Assessment Conference proceedings and the entire run of EBLIP for eligible studies before the analysis can start.

One thing I noticed while I was piling up material, though, is that VAL is not the only locus of library-privacy-ethics despair in the current LIS research environment. That’s not surprising, I suppose, but it sure is dispiriting. There’s plenty of dubious use being made of proxy-server logs, since we’re on the topic—both the journal and the author can be forgiven for thinking this was okay, since it’s been done and published before. I’ve not seen much on circulation records beyond circulation counts, which is interesting; it implies that some academic-library researchers understand that identified circ records are off-limits, but haven’t managed to make the logical leap that any identified record of reading needs to be kept private and confidential, including proxy-server logs.

(Also, the ALA Code of Ethics uses boolean AND, not boolean OR, between “privacy” and “confidentiality.” Patrons are entitled to both, including from nosy-parker library researchers. “We’re keeping it confidential!” is not adequate under the Code as I read it. Besides, a lot of VAL work doesn’t even do that much.)

The larger problem is that both ethical guidance and ethics-related processes around the use of library patron data are sparse, gappy, and outdated. This lets nosy-parker researchers ethicswash, compliance-hunt, and IRB-dodge their way into data uses and abuses that are not ethical and shouldn’t be allowed. I tried like heck (as de facto project manager) to get this point made clearly in this DLF explainer, but four years later, I have to admit that one sank like a stone and has not achieved my aim. (I can’t speak for the other contributors on that, of course, only for myself.)

So I’m going to try again, louder and clearer this time, naming names, calling out dubious practices directly (with nods to Briney and Asher/Robershaw among others), and demanding change. I’d originally thought of this as the lit review for the VAL research piece, but it just kept growing and complexifying in my head and my article notes, so I’m now thinking it’s too big and diffuse for that.

And after that, and after the VAL piece? I think it may be time to start making a whole whackton of retraction and institutional research-integrity investigation requests. Let me tell you, that’s not how I imagined my mid-career research and praxis agenda going, but I don’t know how else to get this unethical data abuse—and unethical data abuse is exactly what it is—to stop.