Google Flu Trends & EPIC

The Electronic Privacy Information Center (EPIC) recently published a document voicing its concerns over Google's use of search queries for its new Flu Trends project. CNET has a good summary of the story.

Government Data Mining, Secrecy, & Privacy

Is the government conducting too much data mining without oversight and transparency? That's what a recent panel thinks (CNET)....

UK & Privacy By Design

(Thanks to Lorrie Cranor for the pointer)

The UK's Information Commissioner's Office has published an interesting report on Privacy By Design.

Prescription Writing Records Ruled Confidential in NH

Article at CNN:
"A federal appeals court has upheld the constitutionality of New Hampshire's first-in-the-nation law making doctors' prescription writing habits confidential."

A New Text Scrubber

Researchers at the Regenstrief Institute in Indiana have developed a new rules-based clinical text scrubber for HL7-coded documents.

Article: Protecting patient privacy the new fashioned way

Paper: A software tool for removing patient identifying information from clinical documents

GAO on HHS Health IT

A new GAO report is calling on the HHS to define privacy mechanisms for emerge health information technologies.

Exposing Yourself via 23&me

(Thanks to John Paulett for the pointer)
Though it may be the obligatory publicity stunt, it's no less interesting that Sergei Brin has revealed his genetic predispositions via 23andme (NY Times story).

UK Monitoring + Storing Travel Records

Do you know where you've been every day for the past 5 years? No? Well, maybe you can ask the government, that is, if you live in the UK. Apparently, the UK has plans to record and stockpile license plate pictures from a bevy of roadside cameras around the country (and this cameras will be geocoded to location). They expect to capture 50 million pictures a day, which will be stored for five years (or more).

Is IP Traceback Coming?

Declan McCullagh reports that the U.N. is considering technical standards for "IP Traceback", which in the process of enabling traceability, will permit the uncovering of of the source of Internet communications. The goal would be to provide law enforcement agencies with the ability to determine the source(s) of crimes perpetrated over the Internet, such as denial of service attacks. Yet, at the same time, it would make it much easier to rescind anonymity protection mechanisms. Now, I'm not saying that the Chinese government would use it for suppression, but they are the ones that brought the proposal before the U.N...

The Estonian Genome Project (Public vs. Private)

The following paper is an interesting read on the issues in public versus private funding in Estonia's biobanking / genome project. It doesn't address the privacy issues, per se, but it's worth reading to learn about how such large scale projects have (and still are) unfolded and where the funding is coming from.

Rainer Kattel and Margit Suurna. The Rise and Fall of the Estonian Genome Project. Studies in Ethics, Law, and Technology. 2008; 2(2): article 4.

Aggregated Genotype Data and "Privacy"

There's been much news lately regarding a paper recently published in PLoS genetics:

N. Homer, et al. Resolving individuals contributing trace amounts of DNA to highly complex mixtures using high-density genotyping microarrays. PLoS Genetics. 2008; 4(8): e1000167 doi:10.1371/journal.pgen.1000167.

Basically, this work shows the following. Imagine a biomedical research study publishes the summary statistics for many snippets of DNA broken down by case and control populations (e.g., When DNA region X has value equal to "A", there is a positive association with a particular disease 80% of the time). Now, someone manages to get hold of a known individual's DNA sequence. Then, the latter person can determine (based on the summary statistics) if the individual is in the case population, control population, or neither population with high certainty.

The response to this paper has been quite swift. The NIH in the US and the Welcomme Trust in the UK, have pulled aggegrated genome wide association study data from their public websites. (See Zerhouni and Nabel letter in to Science Magazine)

I guess the first question that we need to ask is, how often is it the case that someone will have the ability to perform high density genotyping without having access to clinical information?

Follow-up on Transit Hacking Story

Here's a great editorial from the Boston Globe on what the MIT students "should" have done (invokes the 1st amendment).

Mass. Considering Medical Records Breech Notification

The bill, "An Act to Promote Cost Containment Transparency and Efficiency in the Delivery of Quality Health Care", passed in the Massachusetts state senate and has moved onto the house. It dictates certain data privacy and security policy for electronic medical records, including provision of medical record access audit trails and notification of unauthorized disclosures.

Suppression of Hacking?

MIT students discovered security flaws (e.g., reverse engineering of magnetic strips, RFID hacking, and tampering with fare cards) in Boston's automated subway system, but a US district court judge has ordered that they can not present their findings at the Defcon conference.

Congress + Privacy + Internet?

The NY Times speculates on Congress's recent steps towards taking on data privacy issues in the Internet...

Personally, while Congress may hold fact finding sessions about the risks to privacy in the online world, I think they'll have many challenges to passing any legislation that is geared towards protecting privacy per se. Regulation of the Internet is a tricky thing and attempts to limit information accessibility would reek of free speech violations...

Insurance Risk from Prescription Records?

Interesting developments on the health insurance scoring of individuals based on their prescription records... (story)

Couple of News Items

(From John Paulett)

Several hot developments:

Source code released to the cold boot encryption crack.


Also, discussion of the recent DNS cache poisoning attack.

Google Health + Blue Cross

Google Health has partnered with Blue Cross Blue Shield to provide select Massachusets residents with control over their medical records.

ComputerWorld Article

Behavioral Econonomics of Privacy

NY Times briefing on an interesting study on why humans say they care about privacy, but then drop little pieces of sensitive information all over the place.

Personal Health Record Adoption & Privacy

American Medical News story on how personal health record vendors are bypassing the individual consumers and marketing straight to businesses. There's not much on the privacy issues here, but there's an insinuation that a lack of privacy and security protections have limited the adoption of such systems.

Popular Mechanics on Surveillance and Accountability

This is a interesting short read on how to make surveillance more acceptable in society. Basically, the author argues that the reason why people fear surveillance is that they don't know how the collected information is being used. It suggests that people would be more accepting of surveillance if they could watch the watchers. Conceptually, this is very similar to David Brin's ideas that he set forth in his book, The Transparent Society. Personally, I find such an argument a little hard to swallow. Simply because I know what you are doing doesn't mean that I should agree with, or allow, it to continue.