24

Each paper should be able to provide enough evidence that its claims are correct. Nowadays, where the number of joint industry-university projects grows exponentially, many confidential documents produced by private companies become available to researchers in academia under Non Disclosure Agreements (NDA).

My question is the following: is it ethical to cite a confidential work in a scientific paper and use it to make some statements, while the rest of the scientific community cannot evaluate the accuracy of the claims in that source?

In my personal opinion, this type of reference should be prohibited, since it hinders the progress of science, but I would be glad to hear other opinions on this topic and especially how they believe that such a case should be treated.

jpro
  • 365
  • 2
  • 5
  • 3
    Then one probably should not use closed source software either when trying to publish the results? – Gerhard Apr 06 '16 at 13:18
  • 3
    @jpro I believe it is ethical to cite confidential work, but the paper should contribute enough knowledge to be usable on its own. In Computer Science conferences (my field), things like Artifact Evaluation have recently been added to increase trustworthiness of evaluation results, where the tested software need not to be open source and sometimes videos are accepted. – Yet Another Geek Apr 06 '16 at 13:28
  • 1
    @Gerhard, the way a piece of software is implemented is generally not relevant to research using it. Nor is access to the source code required to establish that software is reliable. I'm not sure I see the similarity at all. –  Apr 06 '16 at 15:17
  • 3
    @dan1111: neither is it necessary to know the chemotype of confidential compound X, which pharma company has kindly provided to an academic group in order to prove biological effect Y on a new system. But still it would seem that this needs to be published? – Gerhard Apr 06 '16 at 19:04
  • 1
    @jpro ...I think this is somewhat silly. What does your NDA say you can do with the information? Did you sign it? There's your answer. – K. Alan Bates Apr 06 '16 at 19:20
  • 1
    I think you need to bounce this off university counsel, as you may expose the university if there is an NDA in place for them. If they signed an NDA, and you're an employee, there are issues to resolve – Scott Seidman Apr 07 '16 at 00:03
  • 1
    How is ethics here the pressing question, not law? – G. Bach Apr 07 '16 at 08:09
  • 1
    @Gerhard That's a weird comparison. The comparison of software to a different paper is "can I run the software to reproduce the data". Having the source code would be akin to having access to all the raw data, including the .tex document used to produce the paper. Certainly helpful sometimes, but a much larger step than what is wanted here. – Voo Apr 07 '16 at 08:31
  • @Voo: I think, it is pretty much spot on. I guess we will have to agree to disagree. – Gerhard Apr 07 '16 at 08:34
  • @Gerhard I guess so. Out of curiosity, if the source code in your view is equivalent to the resulting paper - what in your model is equivalent to the raw data used to produce that paper? – Voo Apr 07 '16 at 08:41
  • 1
    @Voo: No, the source code would be equivalent to e.g. the chemotype of a compound showing a biological effect. There is an argument to be made, that it is of course better to know the chemical structure of said compound, for instance to predict likely side effects. The same is true for source code - of course it is better to have the code, to be able to double check whether it does something weird/wrong (and this HAS happened). But I do not think not publishing either should prohibit an otherwise perfectly fine study from being published. – Gerhard Apr 07 '16 at 18:37

6 Answers6

25

If the information you want to disclose is contained in a document that is covered under a non-disclosure agreement with the industry partner, you will need to get their written permission to disclose the content that you're referencing at the very least. If I were reviewing your article, and this reference were key, and the company had never published this document, I would be inclined to make negative comments in my review about the lack of publication of a key reference which might lead to the rejection of your article. You might have to work hard to convince your industry partner to either publish the information from the confidential document in a separate, smaller format, or to publish the confidential document in its entirety in order to get your article published.

Either way, if you rely on NDA materials, you still have to cite them. It'll be best for your publication chances if the company discloses this information itself before you try to publish. Otherwise, even submitting your work to a journal or conference will require permission from the company since submission will count as disclosure.

Bill Barth
  • 48,733
  • 6
  • 112
  • 194
  • 9
    This. Some of the other answers just remind me of why even companies working in non-controversial fields should be very reluctant to pass any commercially sensitive information to academics, unless there is long-term on-going relationship that is being actively monitored. The notion that you can sign a NDA and then follow your own whims and fancies about when and where you disclose the information (or even the existence of the information) should be beyond belief and beyond stupidity, but apparently it is neither. – alephzero Apr 06 '16 at 19:06
  • 2
    +1 for explicitly pointing out that the non disclosure agreement is about not disclosing the information covered. -1 for the suggestion that reviewers should suggest rejection of papers keeping important information confidential. I've been working with medical data where I'd put patient privacy way above the comfort of reviewers and readers. NDA does not mean the information is not accessible. It only means that access is restricted to people who signed the NDA. You (or e.g. a lawyer) may get access (under a similar NDA) in order to check the validity of the statements.... – cbeleites unhappy with SX Apr 07 '16 at 09:39
  • ... and of course, if the information is key for the paper then maybe someone of the company should be author. That way, the university authors avoid all kinds of trouble with the NDA: the company author signing that the paper can be submitted signs that the disclosed information is OK to disclose. And anyone asking particulars can be answered by the company author. If the company is not fine with them on the author list, the corresponding NDA typically has a clause that doesn't even allow you to tell there is an NDA. – cbeleites unhappy with SX Apr 07 '16 at 09:43
  • @cbeleites, patient data is protected by law in most jurisdictions, NDA material is more of a civil matter between the parties. Also, if the proof of a critical lemma is in the confidential reference, then you either need permission (copyright license) to reproduce the lemma, or you need the company to produce a citable version. In the lemma case, I'd reject the paper as a reviewer if the reference were unavailable to me. Patient names, OTOH, aren't so key. Also, adding a author doesn't guarantee that they have the authority to release that info. Some places have whole groups for checking. – Bill Barth Apr 07 '16 at 13:57
  • @BillBarth: The patient privacy example was the topic in my personal experience where I've seen most relevant information that does pose a substantial risk to the patient anonymity. (BTW the risk to anonymity goes far beyond not naming the patient.) It is just meant as an example that legitimate reasons for not making all details public can exist. IMHO the main difference between patients and companies here is that the law recognizes the patient is at a disadvantage looking after their rights - so the default is "NDA"; whereas a company is seen to be able to look after their interests by ... – cbeleites unhappy with SX Apr 08 '16 at 09:44
  • ... themselves, so the NDA has to be agreed on. However, after the NDA is there, as you say, one needs to act in agreement with it. If a reviewer/reader asks for my original data, my institute director would probably make them sign an NDA that they keep the data confidential, don't use it themselves for other purposes, don't distribute it any further, and that they'll destroy it after the review is done (like the journal says for the manuscript). This is roughly what a reviewer/reader would have needed to sign with the company NDAs I've encountered so far, and this seems reasonable to me. – cbeleites unhappy with SX Apr 08 '16 at 09:54
  • As for the company author: if someone officially acts for the company as author it is their professional responsibility to make sure the company is OK with the information disclosed. Just as I as academic author need to make sure with my director that the information disclosed is OK (and e.g. not killing the patent application that the neighbor group writes on their instrument which I used for the measurements). If the company author didn't do that, it is an internal problem of the company; but they cannot claim the paper violates the NDA because there is a specific agreement on the paper. – cbeleites unhappy with SX Apr 08 '16 at 10:21
  • @cbeleites, maybe they can't in your jurisdiction, but in my experience, NDAs are written contracts that require explicit approval for release not just implicit or tacit assent by the company through a rogue agent. I've been very close to the situation you describe (publishing with a corporate partner), and we still had to go through their release approval process before submitting our papers. Failure to run it past the lawyers was a firing offense for the industry employee. Might not get me in too much trouble, but better to follow their rules than assume that the employee had the authority. – Bill Barth Apr 08 '16 at 13:25
21

What's the alternative? To not cite the source, and fail to credit it when you've built on it? To not publish your own paper since you've built on confidential work, thereby hindering the progress of science? (Assuming your work would have furthered the progress of science, of course.)

When you cite confidential sources with enough information, other researchers can at least ask the source about the claims you have made based on it. This seems better (ethically) than any of the alternatives mentioned above.

If there's also a non-confidential source that supports your claim you can cite that, but that isn't always an option.

Community
  • 1
ff524
  • 108,934
  • 49
  • 421
  • 474
  • 9
    For me the discussion goes far beyond the question that I posed. I believe that the collaborations between universities and companies should be performed under no NDA agreements. Or, to pose it in the different way, the scientific community has to choose between the two: either work under NDA and stop publishing (since the word publication loses its meaning, because it stops being really public by containing private knowledge) or to establish collaborations without abolishing its main characteristic: making knowledge available to people. – jpro Apr 06 '16 at 09:57
  • 12
    @jpro this isn't a discussion site. See the [help/dont-ask] for details. – ff524 Apr 06 '16 at 09:58
  • 2
    That's why I added this as a comment and not as the main question. – jpro Apr 06 '16 at 11:41
  • 1
    @jpro But this isn't a discussion site. Not in questions, not in comments, not anywhere. (Except for [chat].) – David Richerby Apr 06 '16 at 21:06
  • @jpro It's not that much black and white. Naming your source and publishing only your conclusions from the confidential data is viable and still better than not researching or publishing at all. - And don't believe a company will waive their NDA requirement just because you tell them that you're not interested in their data if they don't. – JimmyB Apr 07 '16 at 11:55
  • 1
    @HannoBinder: Depends on the reputation of who is asking. I know professors who have successfully maintained a stance of "either we get your data without an NDA or you don't get to work with us" for years (with respect to Bachelor/Master theses conducted in the industry). – O. R. Mapper Apr 11 '16 at 06:22
7

I think the first step in this situation is for someone from the research project to speak to the company to see if there's a way to publish part of the data with their consent. Here's why: Mary from Acme company wants to work with Local University. Mary knows that some of the information he gives Local will be confidential, so she asks the legal department what to do. Legal doesn't know (or care) much about the project, so they send Mary a standard NDA. Without giving it any more though, Mary asks Local to sign it. However, there may be a way to publish the information in some form that would satisfy Acme, Mary, and the legal department.

For example, suppose Acme is a telecomms company, and you are studying their mobile network. Acme doesn't want the public to know where all their network equipment is, the traffic patterns on their network, or the network failures they've had. However, if you topologically transform the network diagram so that no one can tell where the real network was, and don't mention Acme in the paper, they may be fine with that.

Or maybe Acme is a hospital that shared patient records with you for research. Naturally they are concerned about patient confidentiality. But perhaps the data can be anonymised (removing names, addresses, etc.) to Acme's satisfaction.

So depending on your relationship with Mary and Acme, it may be no harm to ask if there's a way to publish. If you've done good research for Mary, she may be willing to explain the situation to her legal department and get approval for the publication.

mhwombat
  • 11,576
  • 5
  • 45
  • 58
2

You should obviously give your sources as good as you can. If I tell you something in a private conversation you use it and cite "private conversation with gnasher". If you overhear something during a conference and have no idea who the people talking were, you give exactly that as the citation. If you use information where an NDA prevents you from giving the source you cite "source of this information is under NDA".

The citation is there for two purposes: To make sure that what you do isn't plagiarism (in all of the cases above, nobody can accuse you of plagiarism because you explicitly said it wasn't your idea), and to allow people to check your sources. That's obviously made more difficult; you need to include enough information that people can check the facts).

And obviously if there is an NDA that doesn't allow you to tell the content then you can't publish the content legally. So this all applies only if the NDA prevents you from publishing the source, but not the content.

gnasher729
  • 3,554
  • 14
  • 16
  • "If you use information where an NDA prevents you from giving the source you cite 'source of this information is under NDA'." Wouldn't publishing this information be disclosing information you agreed not to disclose? –  Apr 06 '16 at 15:18
  • 4
    @dan1111 not necessarily. imagine the tobacco industry funded you to do research on the beneficial aspects of second hand smoke and write a proprietary technical report. Anyone who wants to read the technical report must sign the NDA which allows for dissemination of the report's findings but not its funding. – emory Apr 06 '16 at 16:01
2

If your work is not reproducible and reviewable I won't be able to trust it.

If it is impossible for me to recreate or review the validity of your work than I won't be able to trust your work. Also, a lack of information on your experiments in your data may prevent me from searching for ethical problems and conflicts of interest in your work or your sources work.

However, if you have independently recreated and reproduced the work that you cite then I could reproduce and review your independent experiment that I have information about and I could trust that information (but not the information that you cited.)

Molly Stewart-Gallus
  • 121
  • 3
1

This is not dissimilar from the old "personal communication" citation: it's not verifiable, but does name the source. After getting permission from the rightsholder to use the fact you want, the citation writes itself: "Business communication with XYZ Corp. (2016)"

Aaron Brick
  • 5,078
  • 1
  • 23
  • 43