Archive for the 'Privacy' Category

There is an expiration date on medical privacy

January 23rd, 2008

There are a lot of debates about privacy, and about the balance between privacy and research (or possibly privacy and anything else of utility that can be derived from the private information).

Of all the areas of privacy, one of those where people object the most to violations of their privacy is in health and medical information. You’d be very hard-pressed to find anyone willing to disclose diseases, health problems, and medical examination reports.

And when disclosure of private information occur, people get the most annoyed, or concerned, when it comes to children. It may involve a lot of over-sensitivity, but it’s still the case.

Well, now there’s a new service, for any interested researcher, or any interested Internet user with some free time and a little curiosity. A website that allows to browse a comprehensive set of complete and full, uncensored, medical records from a large hospital for children.

You can search and browse by the real full names of the children[1]. You can get the full diagnoses, what diseases the doctors found when examining these children. For some of the children you can get the full case notes of the doctors who checked the sick children. You can see what were the treatments and medication given to each of these children, and whether they helped.

And you can even get the full, and real, physical home address of the patients. The people who digitized the information on the site actually invested quite a lot to make sure that the addresses are correct and, for example, none of the street names would be misspelled.

Sounds lovely, does it?

So why isn’t there a huge outcry over it? A major violation of privacy and data protection laws. Not to mention children. And it didn’t even hit the news. Why?

Because the details are from 1852 to 1914. Meaning that youngest patients would potentially be 94 years old now. Certainly in no condition to care, or complain, if they’re even alive. Just some interesting past cases for research.

I’m sure their children won’t mind at all that mom’s chronic illnesses are online for everyone to see. Mom is dead, so there’s no point in keeping her secrets, right?

Welcome to Small and Special, the site showing you all the gritty details from the Great Ormond Street Hospital for Children, in Britain.

A unique database lies at the heart of the Small and Special website. It is based on the information contained in the In-Patient Admission Registers from Great Ormond Street Hospital for the period 1852 to 1914, which have survived intact. The Registers have been carefully transcribed and indexed to allow flexible and accurate searching of this important resource. Users can search for children by name (first and last names), age, sex, and address. Other searchable fields include date of admission and discharge, admitting doctor, outcome of treatment and subsequent referrals (if any).

The database is supplemented by a collection of scanned images from 14 volumes of patient case notes of the founding physician, Dr Charles West. The case notes, which cover a period between 1852 and 1874, contain a wealth of information on the treatment and management of sick children in the mid-Victorian period.

Some of the information is accessible freely. For the rest you need to register. But the registration is easy, free, and they don’t require that you’d prove (or even claim to be) you are a researcher, doctor, or anything.

And what does it say about the future? About my own medical records, or yours? We trust[2] in doctor-patient confidentiality. In privacy laws. In that even if the doctor has to share the details with insurance companies, none of them could, or would, ever just list everything on the Internet for the curious masses.

Anyone having these expectations of privacy about your medical and health records? Just wait about a hundred years or so, and we’ll see. We most definitely will see. Everything. Free for searching and browsing.

After all, our friends in Kingston University are still working:

This outstanding resource will be further enhanced by the inclusion, at a later date, of the surviving Registers for Cromwell House (the Hospital’s convalescent home at Highgate), from 1869 to 1910.

Amusingly enough, when you register to the site they have a privacy policy, and they clearly state they won’t share your personal details with anyone. Which is admirable, and I wish more online services would be so clear about their privacy policy. It’s just that, well, they’d keep my name and email secret, but don’t feel any problem with showing me the names, addresses, medical history, and diagnoses, of many many past-children who never thought to agree to release it.

---
  1. Some of the names have been anonymised. This is a minority of them. I’m not sure what were the criteria to choose. And even for the anonymous ones, you still have a full home address, just not the name[back]
  2. Want to trust, anyway?[back]

Airline security theatre now starring airline passengers in live action

October 6th, 2006

I keep waiting for someone responsible for airline security to sober up, and realize how ridiculous, costly, invasive, and (maybe most importantly) unhelpful for security are all the new and increasing limitations and checks.

But that doesn’t seem to happen.

If anything, things just go worse, with more paranoia, and more pointless regulations being made. All in the name of security, almost all without any real security benefit, and almost all with high costs in terms of time, money, hassles, and privacy.

And now they’re working on a system that would record everything passengers say and do during a flight.

Researchers in Britain and Europe are looking at technology that would see a comprehensive network of microphones and cameras installed throughout the aircraft, including the lavatory, which would be linked to a computer.

Sounds fine for one of those silly reality shows.

But very far from being fine for regular flights. Microphones and cameras everywhere on a plane. Including the toilets.

This computer would be “trained” to pick up suspicious behaviour, said Catherine Neary, of Bae Systems, one of the British participants in a £24 million European Union project

Computers cannot pick up suspicious behaviour. It will be quite some time, many many years, until they will be able to come even close.

Heck, it’s hard enough to train real live people to pick up suspicious behaviour. They think very many things are very suspicious, all the time. And that involves detecting a lot of tiny cues, and requires instincts and experience. A computer cannot do that.

Computers will just be able to follow very crude rules. Meaning that they will miss actual suspicious behaviours, but will have lots and lots of innocent people tagged as acting suspiciously.

Actually, what the heck is suspicious for an airline passenger? And how do you separate the terrorist kind of suspicious from other kinds of suspicious?

Eventually, the computer would be programmed to understand a variety of languages.

Oh, yes, any day now. Because right now computers would be hard pressed to understand even one language. At most you can pre-define a limited set of key words, and have the computer pick up people who say them. And even that will fail on some accents, pitches, and taking speeds.

Not to mention, what words would these be? Will they train the computer to catch whole sentences, like “Let’s blow up the plane now”? Because obviously a terrorist who wants to blow up a plane is going to announce that before doing so, right? And other passengers around will never pick up on that, so it’s good that there will be a super sensitive microphone to do so (yes, I’m being sarcastic).

“Passengers are not being snooped on by humans, but by machines which will process the data, which would not be stored after the flight unless there is an incident,” she said.

But the machines cannot process the data properly, so the next obvious step is to have humans look in at anything the computer will flag as suspicious. And that will have to be almost everything, because it’s better that a human will snoop on a few extra events, instead of letting a terrorist go on undetected, right?

And, well, only keeping the data if there’s an incident? What does that mean, incident? If they mean unless the plane explodes, well, too late to do anything useful with that, no?

Or do they mean unless an incident happens which isn’t as critical? Because these happen these days for right about anything. Creating an “incident” is way too easy.

Heck, there are incidents when people accidentally drop their music players down the toilet. Would that justify a human going through an audio and video records of what everyone did on the plane, including inside the toilet?

It’s an incident when someone prays while on an airplane. Would that justify a human going through an audio and video records of what everyone did and said while on the plane?

It’s an incident when someone wants to drink water from a bottle. Very suspicious, bottles, and failing them around willy-nilly can alarm other passengers, so maybe it can even escalate to a truly serious incident.

Lots and lots of small and minor things can become an incident. Will all of these justify someone watching and listening to tapes from the flight? Why am I not feeling reassured?

“There are likely to be cameras and microphones in the toilet, because that is where terrorists go to assemble bombs.”

Yes, they always do that, don’t they, these terrorists? They go on a plane, then enter the toilet to assemble bombs. Quite an regular habit with them.

The camera could also be trained to detect seemingly harmless items being left in aircraft lavatories that could later be assembled to make a lethal device.

These days small containers with liquids, including… erm… toiletries, are considered dangerous. Liquid binary bombs, and all that. Which pretty much covers anything that can be left in a toilet. Anything that can be spilled in a toilet.

And the people running the system can be fully trusted not to do things like, say, decide to keep personal copies of the films of people (in the toilet, or otherwise) just because the ones filmed may be physically attractive acting somewhat suspicious, right? Nobody would ever do that.

On the bright side, though, people joining the mile high club may now easily obtain photographed proof to show all the doubters.

This is invasive madness. All of it.

Though it does give a new multi-layered meaning to the term security theatre.

How many really bored Texans are there?

June 7th, 2006

The brilliant Texas governor, or maybe a really drunk aid, have come up with a new plan to help prevent illegal immigration across the border from Mexico.

What’s the idea?

The Texas governor announced his plans for streaming the border surveillance camera footage over the internet at a meeting of police officials on Thursday.

“A stronger border is what Americans want and it’s what our security demands and that is what Texas is going to deliver,” Mr Perry said.

The cameras will cost $5m (£2.7m) to install and will be trained on sections of the 1,000-mile (1,600km) border known to be favoured by illegal immigrants.

Yep, placing lots and lots of cameras covering huge stretches of the border. Then wiring them all up, and broadcasting the footage on the Internet for anyone who wants to monitor.

The practicalities of effectively covering such an area with cameras are beyond me. For comparison, the entire border of Israel, with the sea and all neighbouring countries, is slightly more than 1,000km. They’re talking about 160% of that.

The price they quote for the job also seems widely inadequate. This should cover all the cameras, installation, wiring required to connect everything, computer servers to collect all the footage and store it, and bandwidth costs for transmitting all that video over the Internet?

No way. They’ll run out of money before even beginning to deploy and set the infrastructure, not to mention maintenance costs.

Heck, they current estimates I see for their fence idea is at $8 billion. This is a third of the length, but walls have much lower maintenance and upkeep costs, don’t require electricity, and don’t have to be wired. So maybe $5 billion is more likely than $5 million.

And that’s not even the biggest problem with the idea, I think. Who exactly do they expect to sit and watch those border cams??

Sure, some may be placed in locations with nice scenery, so may become popular. But most of the cameras will just be covering empty stretches of a deserted border. And totally deserted and eventless videos are mainly one thing: boring.

This is a part of why normally people who monitor such surveillance cameras are paid money. It’s a boring job. Nothing is happening, and there’s nothing to see.

Sure, the singular event of actually noticing a group of Mexicans trying to sneak in can be exhilarating and exiting, no doubt. But most people won’t get to see that even if they’ll wait hours, days, weeks, and months, just staring at a camera feed. It’s a very long border, I remind you.

Watching such a huge amount of cameras will require massive manpower dedicated to the task. Texas can’t employ so many people on this job, so they’re trying to get it done for free by the public.

But nobody will do it on their spare time. Not unless their alternatives are even more boring and dreary than watching a motionless camera feed.

Can there really be that many Texans out there who are constantly so bored out of their minds?


Hat tip to Make You Go Hmm

Lottery scam, by real mail

May 19th, 2006

A refreshing change (well, a change anyway) in all those scam attempts (Nigerian 419 types, or otherwise) everyone keeps receiving in email.

My brother received one in the mail. Regular mail. In an elegant envelope, printed on elegant stationary, and everything.

I know that these things also happen, and probably happened for a long time before email became so ubiquitous, but it’s certainly much rarer, and nothing I personally encountered before.

This one was a variation on the lottery scams.

The paper, addressing him by name, claimed to be from the Spanish elGordo lottery. And informed him that he won something like a million Euro.

Of course, not having ever purchased a lottery ticket in Spain, that’s not very likely. But they did have an explanation, this was a lottery done by randomly picking people from around the world as winners. Very convincing, no, to just randomly pick people and give them money, no need to apply?

They also mention that the money is transferred by a third-party, some security/insurance company, and that they’ll need to take 10% of the winning money as a commission for processing it. Another very convincing claim.

And there’s an attached form asking for all sorts of personal questions. Plenty of personal information, quite possibly enough for someone to even get into his bank account, for example, or for other identity-theft related reasons.

And most typical, though what I still find most peculiar about all of those scam attempts, the English was terrible. They did improve on the average by not having many spelling errors. That’s something that’s very rare for the emails. But the syntax and grammar, ouch. It hurt just reading the thing.

I admit, it’s quite possible that some random Spaniard off the street will use that as English, and expect it to be fine. I personally correspond with company clients from abroad who have worse English. But not when what’s written is supposed to be an official letter, sent by a respectable authority, and involving those amounts of money. And lottery foundation that can afford sending millions of Euros as prizes can certainly employ someone with reasonable English skills.

But those scammers apparently never can. Not once. Ever.

Sometimes I think these guys will have much higher success rate if people would only ignore those flimsy scam attempts because they make no sense, and not also because they have terrible grammar. With that language one can hardly even begin to try and take what’s actually written seriously.

And unlike the emails version, sending those real letters cost money. There’s postage, there’s the envelope cost, there’s printing the stationary on quality paper, stamping the paper and envelope with all sorts of official looking stamps. All sorts of stuff. So if they’re sending a large bunch of those, at least paying someone to go over the language would make sense.

Oh, well, can’t complain.

What I did find, however, is that throwing up these absurd amounts of money is actually helpful. It should have been obvious from the get-go that this is a fake. It was obvious from the get-go that this was a fake. But my brother, and my parents, still tried to check, and asked me several times to check, just in case maybe it is true.

They got annoyed when I told them, what they knew, that there isn’t a point in wasting time checking. They insisted. And when I actually checked, and reported back about the numerous reported cases of these scams, and obviously nothing real of the sort, they still kept insisting to maybe check again.

Almost sad to know that I share the same genes…

They got over it eventually. I just became more rude in pointing out all the obvious problems very clearly. But hey, send something that make no sense with a bait of a thousand Euro, and you’ll get instant scepticism. Do it with a million, and you’ll get a higher scepticism, but combined with a higher willingness to ignore it.

Depressing, actually. Even people who are relatively well off, and don’t need it, still get a little silly when the possibility of plenty of easy money comes off…

The supportive argument my brother came up with that most amused me was that they knew his name and address, and how could a scammer know these? Even before addressing the question, this is obviously a pathetic excuse, since by the same measure how would the real Spanish lottery know them, when he didn’t buy a ticket (or ever even been to Spain) ?

Just because something is an official institute doesn’t make it easier for them to know details that “nobody can know” compared to anyone else.

And, naturally, things like names and address are in lots of places. Easy, too easy, to know. It’s a major privacy issue, but also a part of life. Everyone (hermits and total paranoids excluded… sometimes) leaves their information in too many places. Almost any business or service someone interacts with will collect information, which can sometime include address. Plenty of government offices will as well. There are probably so many different registries that contain my brother’s name and address that guessing which one these scammers took the info from will not be possible.

Not for him/us, anyway. The police may be able to. If they get enough complaints, and can cross enough of the people somehow. But that’s doubtful as well, given how prevalent this information is.

At least nothing came off it, except for the amusement value. And the envelope and paper as small mementoes, if the police won’t impound them for investigation…

Context counts, even in spam blocking

March 15th, 2006

Different kinds of spam, while all being spam, are still different. As such, tools useful in limiting one kind are often not at all appropriate for another.

And lately one of those right tools for the wrong job is becoming very popular. In this case the DSBL list of open SMTP relays.

Open SMTP relays are basically mail servers set so that anyone could connect to them and send email messages through them. There’s nothing wrong with having a mail relay, but there is a problem with them being totally open an unauthenticated. They’re very popular with spammers, because the spam senders can connect to these relays and send their spam messages through them, instead of directly from their own computers.

Which is why things like the DSBL list exists. Mail servers can choose to check all incoming messages against the list, and if an incoming message came from one of those known open relays, they can treat the message as probably being spam. It won’t always be spam, but there’s good enough a chance that the false positive ratio isn’t too big.

The problem starts when people try to use the exact same list to decide if comments on blogs are spam. There is no real connection between the two. Blog comments are not sent as email messages, and do not transfer through those mail relays. And many of these relays are not intentionally so, but are rather just badly configured. Blocking email from them is legitimate, because they’re open to abuse. But blocking blog comments from them isn’t, because nothing on them indicate that they’re used by comment spammers instead of real people.

My problem isn’t with the concept of checking against problematical lists. There are alternative lists like the Blitzed DNSBL which are based on open proxy servers. Proxy servers are ones which allow to transfer through them regular web access methods, such as the ways used to post comments to blogs. And comment spammer do use these.

It’s just that more and more people are blocking against the wrong kind of list. They’re protecting themselves against the wrong kind of spam. Meaning that large majority of the addresses they block will be false positives. And that’s a bad ratio.

This is becoming a larger problem because it becomes easier to use. Many of the popular blogging platforms have plug-ins to fight spam. And a few, which are increasing in popularity, allow to check the IP address of the comment poster against such lists. And the DSBL list often comes on by default, for reasons I can’t quite grasp.

Pointless, and irrelevant. Fighting spam is good, but people should do it properly, not with the wrong methods. People sometimes don’t notice this, though, because these lists are often combined, including both mail relays, and some proxies. Which mean they may sometimes also block what people think they will. But using just a combined list is too blunt an instrument. It’s akin to blocking all English speaking people because there are spammers in the US.

Another thing which complicates using such lists, and blocking based on computers’ IP addresses in general, is dynamic addresses. Many internet users receive a dynamic IP address from their ISP whenever they connect to the internet. This means that when they disconnect, and then reconnect, they get a different address. And the previous address gets back into the pool of addresses, to be given to a different user.

If someone has a badly configured server on a home computer with a dynamic address, and it manages to get into such a list, that will not prevent them from sending spam (whether email, comment, or other kind), but will block other users of the same ISP instead.

The reason for this rant is, well, that this happened to me. More than once. I was blocked a few times posting to different blogs, because my IP address, my dynamic IP address that I possibly never used before that day, was included on the DSBL as an open mail relay.

And they were added to the list over either a single incident, or two incidents, which occurred no later than 2004. Someone had a server that allowed people to send mail messages, and because of that I was blocked years later from posting comments on a blog.

The first time this happened I thought it was a non-issue. But it’s becoming one very fast.

Yes, any form of automatically detecting spam will have false positives. But that’s not a reason to go with forms who will only happen to have non-false positive by pure luck. There are other ways to fight spam than methods who will interfere with legitimate users more than they will interfere with spammers

So does Hurtt has nothing to worry about?

February 21st, 2006

I’m not sure whether I really like the Hurtt Prize idea, or whether I think it’s totally appalling and the guy behind it should get thrown in jail just for the principal of it…

The chief of police in Houston has shown himself to be a total idiot, pushing forward a program to have constant video surveillance all around the city. That’s not the totally idiotic part (though it’s bad enough). The totally idiotic part was that, in response to privacy concerns, the idiot has the audacity to wonder why would people who didn’t do anything wrong need to worry…

Privacy, for anyone who isn’t capable of realizing it on their own, is important. No, really. Giving the government, police officials, your fellow neighbourhood people, or anyone else, the ability to spy on you and your actions freely, is a bad idea.

It will be misused, even if nobody plans to misuse it from the get-go. And it doesn’t help safety and security. It just helps the illusion of safety.

While adding the very non-illusionary feeling of being constantly monitored and under watch.

Bad, bad, bad idea.

Unless you’re, like chief of police Hurtt (Who to his credit isn’t the first, not the most important, of the many people around the world supporting such extensive surveillance), expecting to be the one having the power to use this, and not expecting to be the target.

So this Hurtt Prize idea is quite an apt response.

Somebody is setting up a monetary prize to be given to anyone presenting videotaped proof that chief of police Hurtt performed any sort of crime. This, obviously, with the implicit but very obvious idea that people will have to go around him all the time with cameras, watching and monitoring his every move.

Anyone doing that to me would find themselves sued very quickly for stalking. And I won’t take lightly the total ignorance of my privacy and right to personal life.

Chief of police Hurtt, however, doesn’t have any reason to complain. Obviously. Because, after all, if he isn’t doing anything wrong, what does he have to worry about?

If he would do something wrong, then that would put him in a bit of a problem, yes. It’s all the more likelier to get noticed and published. But he doesn’t need to worry and complain now, because he doesn’t actually plan on doing anything wrong, does he?

I wonder how this would develop…

Yahoo associating search keywords with ads, but not with user accounts

August 29th, 2005

I have an account with Yahoo, mostly used for an email address. And it’s usually logged in, so technically they are capable of linking my Yahoo searches with my account and whatever personal details they have. The same thing everybody is always worried about Google doing, but for some reason a lot less verbosely so about Yahoo or the rest of the gang.

I’m going on a trip to the US soon, and will need to rent a car. In addition to checking some specific places, I decided to also run a general search through a few search engines, Yahoo included, to see if anything interesting comes up.

And since then, all the ads I saw on my Yahoo account, from the mail interface, deal with car rentals. OK, not all, but about 80%-90% of them. Before those searches, I think I didn’t get any car rental ads at all, or maybe very few of them.

Meaning, obviously, that their ad server collects details from the search engine, to provide more targeted advertising.

Except it doesn’t get stored centrally with the Yahoo account. When I logged into my Yahoo mailbox from a different computer, the ads remained the same regular bunch, without a car rental ad in sight. Going back to the original computer I searched from, the rental ads were back in force.

Erasing just the Yahoo cookies also removed the car rental ads from the first computer.

So they are keeping a somewhat limited track of what was last searched on the computer, but are not keeping (or not showing that they keep) a central repository.

Now all they need to do is to either increase the amount of different ads, or do better targeting of other ads, in order to prevent the connection from being too obvious. Seeing relevant ads directly on a search results page is fine, perfectly legitimate, and can be useful. Seeing it afterwards, constantly, in different pages of the same service offering the search engine, is unnerving. Even if it isn’t directly tied in to the specific user… yet.