Five More Organizations Join Lawsuit Against NSA Surveillance

To view the full article, please visit: Five More Organizations Join Lawsuit Against NSA Surveillance

“The five entities joining the First Unitarian Church of Los Angeles v. NSA lawsuit before the U.S. District Court for the Northern District of California are: Acorn Active Media, the Charity and Security Network, the National Lawyers Guild, Patient Privacy Rights and The Shalom Center. They join an already diverse coalition of groups representing interests including gun rights, environmentalism, drug-policy reform, human rights, open-source technology, media reform and religious freedom.”

The FBI’s New Wiretapping Plan Is Great News for Criminals

To view the full article, please visit: The FBI’s New Wiretapping Plan Is Great News for Criminals

US technology is designed for ‘exceptions’ and ‘outliers’, i.e., ‘worst-case’ scenarios like terrorists and unconscious patients.

Bruce Schneier concludes  his May 29th  essay:

“Finally there’s a general principle at work that’s worth explicitly stating. All tools can be used by the good guys and the bad guys. Cars have enormous societal value, even though bank robbers can use them as getaway cars. Cash is no different. Both good guys and bad guys send e-mails, use Skype, and eat at all-night restaurants. But because society consists overwhelmingly of good guys, the good uses of these dual-use technologies greatly outweigh the bad uses. Strong Internet security makes us all safer, even though it helps the bad guys as well. And it makes no sense to harm all of us in an attempt to harm a small subset of us.”

Fear-driven technology harms Democracy and health:

  • Example #1: FBI

Bruce Schneier’s essay (below) tells how US-created security flaws help the wrong people (criminals and terrorists) and harm the rest of us (law-abiding citizens).

  • Giving the government access (via back doors, brute force decryption, etc) to everyone’s data to find terrorists is the ‘worst-case’ scenario used to justify destroying strong data security protections.
  • But law-abiding people, businesses, and government really NEED strong data security protections to function everyday online.
  • Criminals and terrorists can exploit the security flaws created to catch them to steal information and harm governments, individuals, and corporations; but ordinary citizens and businesses can’t build or afford security technology to protect their own data.
  • WORST CONSEQUENCES: people will not trust technology and governments, and cyber-wars can destroy people, governments, and corporations.

 

  • Example #2: US health technology systems

The US eliminated data privacy in health technology systems, helping the wrong people (government and corporations) and harming patients.

  • Government and corporations control the use of the nation’s health data. Medical emergencies are the ‘worst-case’ scenario used to justify this technology: if you are unconscious in an emergency room (a one-in-a-million), you can’t give consent to share your data.
  • But the 299,999, 700 million US patients who are awake expect to control use of personal health data in order to trust doctors and technology.
  • Government and industry control use of the nation’s data for various purposes without the knowledge of the public, there is no ‘chain of custody’ for health data and no data map to track uses. Some hidden uses may be beneficial and some may harm patients.  Patients can’t buy or use privacy technology to protect health data.
  • WORST CONSEQUENCES: 40-50 million people/year avoid or delay treatment, or hide information to protect the privacy of health information, risking their lives and health.  Technology causes tens of millions of people who need treatment to suffer bad health outcomes.

 

In a Democracy, judges should approve spying on suspected criminals or terrorists. In a Democracy patients should be asked for consent to use personal health data. Advance directives or break-the-glass technology can permit access to health data when patients are unconscious.

 

In a Democracy, shouldn’t technology support ‘best-case’ scenarios , i.e., citizens’ freedoms and human and civil rights to privacy and health?

Privacy groups ask FTC to stop Facebook policy changes

“Half a dozen privacy groups have asked the Federal Trade Commission to stop Facebook from enacting changes to two of its governing documents… In addition to EPIC, CDD and Consumer Watchdog, representatives from Patient Privacy Rights, U.S. Public Interest Research Group and the Privacy Rights Clearinghouse also signed the letter.”

To view the full article, please visit: Privacy groups ask FTC to stop Facebook policy changes

Surgery photo leads to privacy lawsuit against Torrance Memorial

“A doctor put stickers on a patient who was under anesthesia, and a photo was taken. The lawsuit underscores how, despite hospitals’ rules, the pervasiveness of cellphones raises concerns about privacy.”

Quotes from Dr. Peel:

“‘The idea that people are using their cellphone or even have one in the operating room is crazy,’ said Dr. Deborah Peel, founder of Patient Privacy Rights, a nonprofit advocacy group in Austin, Texas. ‘It’s a massive security risk and incredibly insensitive to patients.’”

“In similar cases elsewhere, Peel said, hospital personnel often lose their jobs. In 2010, for instance, four employees at St. Mary Medical Center in Long Beach were terminated because they used cellphones to photograph a dead emergency-room patient and shared the photos with others, according to state records.”

To view the full article, please visit: http://www.latimes.com/business/la-fi-hospital-patient-privacy-20130905,0,7915045.story

Health apps run into privacy snags

“The next time you use your smartphone to inquire about migraine symptoms or to check out how many calories were in that cheeseburger, there is a chance that information could be passed on to insurance and pharmaceuticals companies.

The top-20 health and wellness apps, including MapMyFitness, WebMD Health and iPeriod, are transmitting information to up to 70 third-party companies, according to Evidon, a web analytics and privacy firm”

If you are a subscriber to ft.com, you can view the full article at: Health apps run into privacy snags

People Are Changing Their Internet Habits Now That They Know The NSA Is Watching

NSA leaks causing public to mistrust the entire  internet, not just cell phone providers. Quotes:

  • consumer concern about online privacy actually jumped from 48% to 57% between June and July
  • The %  of consumers who adjusted their browser settings and opted out of mobile tracking — jumped 12% and 7% respectively between the first quarter report and July.
  • > 60% of Internet users also reported they do not feel they have control over their personal information online, and 48% said they didn’t know how that information was being used

The lack of personal control over data online will also affect cloud service providers:

  • Cloud-computing industry experts have already estimated that because of the NSA’s surveillance of cloud providers–along with the government’s civil-liberties-trolling methods to get them to comply–more companies will move overseas.
  • ITIF has estimated that this will result in a loss of up to $35 billion for U.S. cloud providers over the next three years, while Forrester analyst James Staten puts the figure at $180 billion.

How will the public react when they find that US health data holders—-such as physicians, hospitals, labs, pharmacies, health data exchanges, insurers, mobile apps, etc, etc— use and sell sensitive personal health data?

To view the full article, please visit:

http://www.fastcoexist.com/3015860/people-are-changing-their-internet-habits-now-that-they-know-the-nsa-is-watching

Health data breaches usually aren’t accidents anymore

While the healthcare industry has made advancements in how they protect our most personal information, those trying to steal our electronic health records have become even more savvy as to how to access them.

Key Quotes from the Article:

“One of the biggest changes during the past decade is the data being targeted. Ten years ago, it was personal identifiable information. Now, said Rick Kam, president and co-founder of ID Experts in Portland, Ore., personal health information is being targeted, mainly because of the value it holds and the relative ease thieves have getting their hands on it.”

“94% of health care organizations have had at least one breach in the previous two years.Because data can now reside in multiple locations, including unsecured smartphones, laptops and tablets, and can be transported to an infinite number of locations, thieves, whether they be outside hackers, device stealers or people who try to use staff to share sensitive information, have more areas to target.”

States Review Rules After Patients Identified via Health Records

To view the full article, please visit States Review Rules After Patients Identified via Health Records.

Key Quotes from the Article:

  • -”Some U.S. states are reviewing their policies around the collection and sale of health information to ensure that some patients can’t be identified in publicly available databases of hospital records.”
  • -Bloomberg News, working with Harvard University professor Latanya Sweeney, reported on June 4 that some patients of Washington hospitals could be identified by name and have their conditions and procedures exposed when a database sold by the state for $50 is combined with news articles and other public information.
  • -The state probes are focused on whether privacy standards for health information should be tightened as data-mining technologies get more sophisticated and U.S. President Barack Obama’s health-care overhaul drives rapid growth in the amount of patient data being generated and shared.
  • -Sweeney’s goal of identifying patients is to show that threats to privacy exist in datasets that are widely distributed and fall outside HIPAA’s regulations.

Hackers Sell Health Insurance Credentials, Bank Accounts, SSNs and Counterfeit Documents, for over $1,000 Per Dossier

The value of personal health information is very high inside and outside of the US healthcare system. At the same time, the US healthcare industry as a whole does a terrible job of protecting health data security. Most health data holders (hospitals and insurers) put health data security protection dead last on the list for tech upgrades.
Besides the lack of effective, comprehensive data security protections, thousands of low-level employees can snoop in millions of people’s health records in every US hospital using electronic records.

The public expects that only their doctors and staff who are part of their treatment team can access their sensitive health records, but that’s wrong. Any staff members of a hospital or employees of a health IT company who are your neighbors, relatives, or stalkers/abusers can easily snoop in your records.
In Austin, TX the two major city hospital chains each allow thousands of doctors and nurses access to millions of patient records.
All this will get much worse when every state requires our health data to be “exchanged” with thousands more strangers. The new state health information exchanges (HIEs) will make data theft, sale,  and exposure exponentially worse.
Tell every law maker you know: all HIEs should be REQUIRED by law to ask you to agree or OPT-IN before your health data can be shared or disclosed.

Today:

  • -many states do not allow you to ‘opt-out’ of HIE data sharing
  • -most states do not allow you to prevent even very sensitive health data (like psychiatric records) from being exchanged

There is no way to trust electronic health systems or HIEs unless our rights to control who can see and use our electronic health data are restored.

My Routine – Mark Rothstein, Law Professor

To view the full article, please visit My Routine – Mark Rothstein, Law Professor.

This is a very interesting article about Mark Rothstein’s opinion of current governmental actions involving privacy law. Rothstein asserts, “We live in an age in which consent should not be mistaken for choice. We click through consent on software without even reading it. Even if we technically consented, I doubt very much whether the average person would say, ‘Oh sure, it’s OK for my phone company to accumulate all this data about me.’”

In the interview, Rothstein also comments on the views of Louis D. Brandeis, saying “He felt that the government set the tone for society. If the government doesn’t value privacy and invades people’s privacy, then everybody will do that. He also thought it was very important that government activities be subject to review by the political process and the people.”