Rejecting Billions, SnapChat Expects a Better Offer

To view the full article, please visit: Rejecting Billions, SnapChat Expects a Better Offer

SnapChat made front page of NYTimes this morning valued at BILLIONS by WallStreet! This is huge news: the very first privacy app worth billions! If people/industry value control over pictures IMAGINE how many millions of people would want privacy apps to control health data!

Between Paranoia and Naivete

This op-ed was written by the political editor of the German paper ‘Die Zeit’. He summarizes the historical/cultural perspectives of Germany and the US regarding data protection and rights to control personal information in electronic systems.

He recommends both nation’s approaches should be on the table for discussion to decide “best practices” for data protection.

But he makes some key assertions I disagree with.

He states:

1) A future dictatorship’s use of Facebook would be “the least of your problems”.

  • But actually Facebook spying is very valuable to dictatorships because it reveals contacts and thoughts.

2) Citizens of “liberal societies” are not “experiencing a change in values” and “no longer feel uncomfortable sharing personal even private information”.

  • There is no change in values. Research shows people care just as much as they always have about privacy: ie control over what personal information they share with whom.  People care most about controlling who sees sensitive personal health data—but in the US we have no control.
  • The problem is that privacy/personal control over pii was not built into electronic systems.

3) Re: the Internet as an “emergent system” which “functions so well because it works equally for everybody” and “might cease to offer the greatest benefit for the greatest number”.

  • The Internet has already brought an “advantage to a minority–the rulers”.  He fails to recognize that the Internet is controlled and who controls it now.
  • Lawrence Lessig’s classic book “Code” explains that software and hardware, ie ‘code’ regulates the Internet and determines who controls it.  We must legislate/regulate technology in order to build a cyberspace that supports fundamental democratic rights and values.
  • The NSA/Verizon revelations are proof that a minority in fact control/rule the Internet to the detriment of all; and to the detriment of freedom and our human and civil rights to be “let alone”.

To view the full article, please visit: http://www.nytimes.com/2013/08/29/opinion/between-paranoia-and-naivete.html?_r=0#!

Re: Your Online Attention, Bought in an Instant

Natasha Singer unearths more about the instantaneous selling of intimately detailed profiles about Americans in her article in The New York Times: Your Online Attention, Bought in an Instant

Best case: We get more ‘targeted’ ads. We supposedly want personalized ads so badly that we willingly give up deeply intimate portraits about who we are to the hidden data mining industry forever. Really? When did we ever have ANY meaningful choice about who collects and sells our most intimate personal information? See Duhigg’s NYTimes story.

Worst case: Hidden, technology enabled discrimination prevents us from getting jobs and destroys our reputations before anyone will meet with us. Companies like Rubicon literally know more about us than our partners, our mothers or fathers, our best friends, our children or our psychoanalysts. This information is used to harm us—-read Prof Sweeney’s paper on how ads like “YOUR NAME, arrested?” pop up next to the names of African-Americans but NOT next to Anglo-sounding names. What happens when future employers see ads like that when searching for information about you online? Read her paper here.

HELP FIX THIS PRIVACY DISASTER
HELP BUILD a map that tracks all hidden users and sellers of our sensitive health information.
DONATE to the Harvard/Patient Privacy Rights’ research project at: https://org2.democracyinaction.org/o/6402/donate_page/donate-to-thedatamap

European citizens have far stronger protections for their sensitive health and personal data than US citizens.
Learn why and learn about solutions to strengthen US data protections. Register for free to attend the 3rd International Summit on the Future of Health Privacy June 5-6 in DC: www.healthprivacysummit.org

Re: Web Privacy Becomes a Business Imperative

New York Times article Web Privacy Becomes a Business Imperative by Somini Sengupta discusses web privacy affecting businesses’ bottom line. As Mozilla’s Chief Privacy Officer says in the article:

“They’re asking for a different level of privacy on your service,” he said, “You have to listen to that. It’s critical to your business.”

Finally. More Internet companies are realizing the truth behind what PPR has said all along: products and services that don’t offer real privacy and security don’t fly with consumers. While some still may debate the exact meaning of “privacy,” what we consistently see is that consumers want to have control over what happens with their data. It’s about time we start listening to what the public wants and honor everyone’s right to be let alone as they see fit.

When a Palm Reader Knows More Than Your Life Line

See the full article at When a Palm Reader Knows More than Your Life Line.

Great story by Natasha Singer!  Langone Medical Center in NY is trying to quickly solve a problem, but it’s NOT the problem of identity theft or medical ID theft (where someone impersonates you to use your health insurance to obtain treatment).   As pointed out in the story, biometrics don’t protect against medical identity theft, because anyone can impersonate you using a fake ID and submit their palm prints and photo to Langone.

The problem Langone solved is how to reliably link every patient’s health records together, so the hospital staff can easily find them.  Instead, patients should control and link their records, and selectively share the relevant parts with physicians and staff on a ‘need-to-know’ basis.

The Langone health technology system (like the majority of US hospitals) prevents patient control of access to sensitive personal health information.  Instead it enables all physicians, nurses, and even admissions clerks to use palm prints and photos to pull up all your records, including sensitive data about sexual problems, marital therapy, STDs, addiction, etc.  Joseph Atick correctly pointed out that Langone could instead use biometrics to put patients in control of personal records by allowing access ONLY when the patient is present and scans his/her palm.

Langone uses biometrics the same way social security numbers are used: to collect and link together all financial and personal information about individuals.  We desperately need entirely different, trustworthy health IT systems that ensure individuals control their digital health identities and sensitive health data, not institutions.

Electronic health systems could work much like the way we control our finances online: we decide who gets paid, when, and how much, not banks or merchants. We can set up automatic payments and/or decide about transferring money on a case-by-case basis.

The US could have a trustworthy patient-controlled health IT system in 5 years. It will require:

  • -building patient and physician portals (so we can connect with doctors and health professionals)
  • -robust patient-controlled identity systems
  • -the ability to download copies of personal health data into health record banks that do not sell or transfer our data without informed consent
  • -strong new laws to restore our strong, longstanding rights to control health information in electronic systems

HIPAA and current technology empower government and institutions to control the nation’s health records. It’s high time to fix that.

Do Not Track? Advertisers Say ‘Don’t Tread on Us’

See the full article written by Natasha Singer in the NY Times at Do Not Track? Advertisers Say ‘Don’t Tread on Us’

Americans are all victims of a massive hidden “surveillance economy” that collects and sells every bit of online information about us (and health information is the most valuable of all). This story is about the battle between the US data mining industry and the consumers, patients, and corporations that oppose secret data mining.

“Brendon Lynch, Microsoft’s chief privacy officer, said a recent company study of computer users in the United States and Europe concluded that 75 percent wanted Microsoft to turn on the Do Not Track mechanism. “Consumers want and expect strong privacy protection to be built into Microsoft products and services.”

“The Association of National Advertisers recently attacked Microsoft because Microsoft’s new browser will automatically tell hidden data collectors ‘Do Not Track’ users online.  “Microsoft’s action is wrong. The entire media ecosystem has condemned this action,” the letter said.”

It’s not surprising to see this attack by the data mining industry on Microsoft. There will be many more attacks as the public realizes the harms that are caused by unfettered corporate and government collection of personal information.  Today’s surveillance economy is based on monetizing personal data, selling intimate minute-by-minute profiles of our minds and bodies.

When the Privacy Button is Already Pressed

See the full article in the New York Times at: When the Privacy Button is Already Pressed

There is no “DO NOT TRACK” button in HIPAA. What happens when the public finds out they have no button to control the use and sale of intimate information about their minds and bodies?

This story shows the public is waking up to privacy:

*        11% of Mozilla users have turned ‘Do Not Track’ on.

*        18% of those with Firefox on Android phone use ‘Do Not Track’.
From sexual preferences, to records of child abuse, to DNA, to prescription records—–HIPAA and electronic systems eliminate our control over personal health information. Others decide when to use, disclose, or sell it. There is no “chain of custody” for personal health data. We can’t find out who collects and uses our health data. We can’t read a ‘data map’ and see where our health data flows. There is no health data map. See ABC World News story about the sale of health data: http://abcnews.go.com/Health/medical-records-private-abc-news-investigation/story?id=17228986&singlePage=true#.UFKTXVHUF-Y

The first step to fix any problem is to KNOW about it. Then we have to demand that law makers fix this disaster. Health information should not be used to make hidden decisions about our jobs, reputations, or credit.

Health technology can provide enormous benefits—but systems have to be re-designed so we control who sees and uses our health records. The best way to prevent harm is keep health data out of the hands of hidden users. Anyone who wants to use our health records should have to ask.

Consumers Say No to Mobile Apps That Grab Too Much Data

To view the full article, please visit the New York TimesConsumers Say No to Mobile Apps That Grab Too Much Data

Imagine the reactions smart phone users will have when they discover the vast, hidden industry that collects, uses, and sells personal health data—-from prescription records to DNA to diagnoses.

A recent Pew Research Center study found smartphone users are taking action to protect their privacy:

·50% “decided not to install applications on their mobile phones because they demanded too much personal information”

·Nearly a third uninstalled an application after learning that it was collecting personal information “they didn’t wish to share.”

·And one in five turned off location tracking “because they were concerned that other individuals or companies could access that information.”

What will happen when smartphone users want to protect the privacy of their health information and try to turn off:

·the hundreds or thousands of hidden disclosures and uses of their sensitive health records by hospitals’ and doctors’ health IT systems

·the daily sale of their prescription records by pharmacies and lab test results by clinical laboratories

·the disclosure of personal health information via state “health information exchanges” and the Nationwide Health Information Network

If Americans can figure out and ACT to prevent cell phone apps from grabbing their contacts and location information—what will they do when they find out that electronic health systems collect use, and sell mountains of detailed, intimate information about their minds and bodies—and they can’t turn these “apps” off?

People CAN choose to live without Angry Birds (or whatever app they decide against) but they really CAN’T choose to go without healthcare – at least not without possibly serious health repercussions.  People can choose what personal info to share online (to some degree), but really can’t choose what health info is shared.

Health technology systems that eliminate patient control over who can see and use sensitive health data are causing the nation’s greatest hidden privacy disaster. It can only be fixed when the public finds out.

Shoppers, Meet Your Scorekeeper

See the article in the NY Times at: Secret E-Scores Chart Consumers’ Buying Power

Let’s call this business what it really is: data theft, not scorekeeping. This great story by Natasha Singer is in the vein of the WSJ series: “What They Know”. There is no way to know if our e-scores, derived from 50,000+ pieces of personal information, are used only for shopping.

  • There is no proof that eBureau does what the CEO says. Unless eBureau reveals all the buyers of the scores or lets us see all the personal data they collect/steal about us there is no way to know if the scores are used to discriminate against us in key life opportunities.

Natasha Singer writes clearly about the business model of hidden data theft and hidden data mining that is used by so many Internet-based corporations.  She profiles Gordy Meyer, CEO of eBureau, who claims his company makes entirely legal use of millions of online and other personal, electronic clues.  He imagines we freely, consciously give personal data away to corporations like his to create instant, extremely detailed, deeply intimate real-life profiles of every one of us (which he sells at 3 to 75 cents/per profile).

When we simply LOOK or CLICK AROUND a website, we are not in any meaningful way giving consent to hidden data-thieving corporations to collect or use personal information. We are victims of unfair and deceptive trade practices and data theft.

The public simply has no concept that extremely detailed digital profiles are being collected used to discriminate against them:

  • Ebureau then adds several thousand details–like age, occupation, property value, length of residence, and retail history–from its data bases to each customer profile. From those raw data points, the system extrapolates up to 50,000 additional variables per person.”

What are the “several thousand details” eBureau adds?  Could they be details like your searches for information on treatment of melanoma? or STDS?  How do we know what the details are?  eBureau will not tell us.

The story closes with a quote from Frank Pasquale:

  • “I’m troubled by the idea that some people will essentially be seeing ads for subprime loans, vocational schools and payday loans,” Professor Pasquale says, “while others might be seeing ads for regular banks and colleges, and not know why.”

One of the worst parts of this story is that eBureau’s CEO makes assertions that cannot be verified:

  • there is no way to know what data is collected or what eBureau does with it
  • there is no way to know if eBureau “meets regulatory requirements” or “has put firewalls in place to separate data bases containing federally regulated data, , like credit or debt information used for purposes like risk management, from databases about consumers used to generate scores for marketing purposes.” because there is no outside auditing.

My bet is that a HUGE part of what is collected is information about our minds and bodies. We already know that personal health information is the most valuable digital information about each of us. Will purchasers of eBureau’s scores offer a credit card to anyone with cancer or Depression? Will we be able to qualify for loans to send our kids to college if we have genetic risks for breast cancer or heart disease?

Debt Collector Is Faulted for Tough Tactics in Hospitals

See full story in the New York Times: Debt Collector Is Faulted for Tough Tactics in Hospitals

“Hospital patients waiting in an emergency room or convalescing after surgery are being confronted by an unexpected visitor: a debt collector at bedside.

This and other aggressive tactics by one of the nation’s largest collectors of medical debts, Accretive Health, were revealed on Tuesday by the Minnesota attorney general, raising concerns that such practices have become common at hospitals across the country…

To patients, the debt collectors may look indistinguishable from hospital employees, may demand they pay outstanding bills and may discourage them from seeking emergency care at all, even using scripts like those in collection boiler rooms, according to the documents and employees interviewed by The New York Times.

In some cases, the company’s workers had access to health information while persuading patients to pay overdue bills, possibly in violation of federal privacy laws, the documents indicate.”