| |
|
Monday, August 21, 2006
|
|
Congress wants all patients' data to be computerized. But critics say the legislation needs more privacy safeguards, pointing to recent breaches.
[...]
Privacy advocates say the legislation needs stronger protections,
such as provisions that would allow patients to control who sees their
records or even to opt out of the electronic system. Agencies should be
required to notify patients of a security breach, and patients should
have the right to sue over unauthorized disclosures, privacy advocates
say.
"The main thing we are concerned about is that if this
information leaks out to employers, it can destroy people's reputations
and livelihoods," said Dr. Deborah Peel, a leading critic and a
psychiatrist who heads the Patient Privacy Rights Foundation in Austin,
Texas.
Under the legislation, patients would not "have the
basic right to control who can see and use the most sensitive
information on Earth about you," Peel added.
Supporters of the
legislation -- known as the Health IT bill -- say existing federal
medical-privacy laws offer sufficient safeguards. Such laws "already
provide absolute protection of our health information," said Rep. Nancy
L. Johnson (R-Conn.), a coauthor of the legislation.
The Senate
unanimously approved a version of the Health IT bill last year. The
House version sparked partisan battles over complex technical and legal
issues, as well as privacy. But House Republicans won passage over
Democratic opposition last month.
A House-Senate conference to
try to iron out differences promises to be contentious. Sen. Edward M.
Kennedy (D-Mass.) has branded the House legislation "a weak, partisan
bill."
1:59:35 PM 
|
|
A privacy group has asked the Federal Trade
Commission to investigate AOL for publishing on the Web search phrases
and words used by 658,000 subscribers during a three-month period.
The Electronic Frontier Foundation, based in San Francisco, said
AOL violated its own privacy policy and FTC regulations, and should be
ordered to notify the people affected, and to stop logging search data "except where absolutely necessary."
"Search terms can expose the most intimate details of a person's life
-- private information about your family problems, your medical
history, your financial situation, your political and religious
beliefs, your sexual preferences, and much more," EFF attorney Marcia
Hofmann said in a statement issued this week. "At the very least, AOL
should notify every customer whose privacy has been jeopardized by the
company's careless handling of this incredibly private information, and
AOL should not store this kind of data in the future when it doesn't
have to."
AOL confirmed last week
that it had posted and then taken down the information and apologized
for what the company said was a mistake on the part of its research
team. Nevertheless, the data was available on the Internet for days,
which was long enough for it to be downloaded and posted on other
sites.
In releasing the data, AOL tried to hide the identity of the
people whose search patterns were tracked by replacing their names with
numbers. The New York Times, however, was able to identify users based
on the information listed.
1:49:18 PM
|
|
Homeland Security Secretary Michael Chertoff called on state
legislators Thursday to embrace new federal driver's license
requirements to strengthen security, but state lawmakers later demanded
that Congress either fund the program or drop it. In a speech at
the annual meeting of the National Conference of State Legislatures,
Chertoff sought to allay privacy concerns about the federal Real ID
Act, saying there are no plans to create a federal database of drivers'
personal information. Editor: Yeah, They won't create one big database, they'll just standardize and tie together the 50 databases the states have already created.
1:45:05 PM
|
|
"When you go out at night, I think you have the right
to be anonymous," he told The New York Times. "Not everybody's out of
the closet, and therefore it's an invasion of privacy."
Robert Perry, legislative director for the New York Civil Liberties Union, said Roskoff's privacy concerns are warranted.
"When a club or bar maintains video taped images,
clearly there's a question of how long will they be retained, who will
have access to them, what's the policy regarding destruction of the
image and what safeguards are in place to prevent improper or unlawful
release of images," Perry said.
Whether the New York Police Department would have
access to the images and under what circumstances is also a key
question. Perry cited an incident in 2004 where a Bronx suicide was
captured on tape by NYPD-monitored cameras. The footage ended up on a
porn site where the victim's family saw it.
Quinn dismissed privacy concerns about the cameras at
club entrances. "Cameras at places of public assembly are commonplace
now, so I don't think there's any rub there at all," she said in a New
York Times interview.
But Perry said the Speaker's point actually heightened
need for review. "The fact that [cameras] are proliferating does not
mean that we have had a serious discussion about the privacy
implications," he said. "The technology has gotten way ahead of our
understanding of the risks and harms to basic rights and liberties."
Beyond privacy considerations, Perry also questioned
the efficacy of cameras in deterring crime. He said the NYCLU testified
before the City Council and presented the findings of comprehensive
British research on 20 independent studies about cameras and crime.
"Of these studies, including two in New York City, not
one found a reduction in crime attributable to surveillance cameras,"
Perry said. Though taped footage can clearly be helpful evidence during
investigations, he said, "this notion that cameras are somehow a magic
bullet in fighting crime is not borne out by the facts."
1:41:20 PM
|
|
EA's 'Invasion of Privacy' Policy. Justus writes "Gamers with Jobs has posted an article covering EA's privacy policy for Xbox Live users. In a nutshell, by using an EA game over Xbox Live, you are automatically creating an 'EA Online' account and granting Electronic Arts the ability to collect your name, address, and credit card information, as well as a variety of demographic information about how you use their products. Not only that, they explicitly say that they may tie these demographics to your personal information [~] no anonymous aggregation here! When Gamers with Jobs asked EA and Microsoft about these issues, they were met with stony silence, a fact they attribute to the pending release of the new Madden game next week. Without an official comment from the companies involved, it certainly looks like EA has the most invasive privacy policy they could come up with." [Slashdot: Your Rights Online]
1:03:28 PM
|
|
An important series of investigative reports by my friend and respected trade journalist Dennis Schaal in the past week in Travel Weekly
(free registration and cookie acceptance required) has exposed a
significant spat between American Airlines (IATA code AA) and the Sabre
computerized reservation system or CRS (a/k/a "global distribution system" or GDS)
over charges -- denied by Sabre -- that "Sabre approached the airline
about a year ago and tried to sell American personal information in Passenger Name Records (PNRs) related to passenger travel on other carriers":
The dispute came to light in the context of an extremely complex and
acrimonious process of renegotiation and revision of the agreements
between all of the 4 major CRS's/GDS's and the largest USA-based
airlines. I won't try to go into the background here, other than to say
that the result of the ongoing transformation of the "travel
distribution" industry is likely to reduce the ability of
consumers, and of travel agents, to get the information from any single
source that they they would need to make efficient comparisons of
different airlines' prices.
The allegations in Schaal's story were foreshadowed in a recent white paper from the Business Travel Coalition , which also gives some useful background and analyzes how the current changes in CRS-airline agreements threaten the interests of business (and other) travellers.
Three things stand out about these stories:
12:57:04 PM
|
|
America's top four Internet companies, Google, Yahoo, AOL and
Microsoft's MSN, promise they will protect the personal information of
people who use their online services to search, shop and socialize.
But a close read of their privacy policies reveals as much exposure as protection.
The massive amounts of data these companies collect, which can
include records of the searches you make, the health problems you
research and the investments you monitor, can be requested by
government investigators and subpoenaed by your legal adversaries.
But this same information is generally not available to you.
The risk is that personal information that can be traced to you will
at some point be provided to someone else, like the 20 million AOL
searches that were published on the Internet at the beginning of August
and are now causing random AOL users to admit that they looked for
``movies for dogs'' or ``welley shoes.''
Two months ago, the San Jose Mercury News began asking the Big Four
Internet companies to clarify their privacy policies. The newspaper
wanted to know precisely what information was recorded when someone
made a date on Yahoo, sought help for addiction on MSN or plotted their
daily peregrinations on Google maps.
How long was the data kept? Could someone's Internet searches be
cross-referenced with their horoscope habit? Could a person find out
exactly what was stored about him or her? Could a person ask Google,
Yahoo, AOL or Microsoft to delete that data?
How often was personal data being requested by law enforcement?
Could someone subpoena someone else's searches in a civil suit? Was
this happening?
Few answers were forthcoming.
Google and Yahoo both said they kept data ``for as long as it is
useful.'' Microsoft said it kept data ``based on needs to run and
maintain our online services effectively while protecting user
privacy.''
AOL said in an interview that data was retained for ``roughly up to 30 days'' -- but that turned out to be not entirely true.
The companies declined to provide any details about how often user information was given to law enforcement or to others.
``If these companies can't give definitive answers about how they
are handling this incredibly sensitive and private information,
Congress needs to demand answers from them,'' said Kevin Bankston, an
attorney for the Electronic Frontier Foundation, a civil liberties
group that has asked the Federal Trade Commission to investigate AOL's
disclosure of search records.
A few weeks after the Mercury News made its request to the
companies, AOL published the searches of approximately 658,000 AOL
users on a public Web site as part of an effort to share data with
researchers. The searches, which were done from March to May, provided
an incredibly intimate glimpse into the life of the searchers.
12:39:10 PM
|
|
Gilmore Asks Supremes to Abolish Secret Rule.
In the midst of all the hullabaloo about :
I forgot to tell you that John Gilmore is trying to get the Supreme Court to rule on whether the government can issue secret regulations. It's a long shot, but it would be very interesting if it did take the case.
Gilmore, who was one of the original employees of Sun Microsystems and a co-founder of the Electronic Frontier Foundation, has been battling airline identification requirements since July 2002.
In December 2005, the Ninth Circuit rejected his bid to have the rule that passengers must show ID to board a flight declared unconstitutional. The decision noted that the secret Transportation Security Administration rule, which the judges looked at in their chambers, allows passengers to either show identification or face extra screening.
The judges declined to see this as an administrative punishment and also said that the identification rule was not unconstitutional burden on travel, since Gilmore was free to travel by other means.
Standard security signs in the airport admit to no such exception and generally state that passengers "must present identification."
The TSA's website has said the same things for years, but after its recent redesign and news stories pointing out the false statements, the site now simply says," We encourage each adult traveler to keep his/her airline boarding pass and government-issued photo ID available until exiting the security checkpoint. The absence of proper identification will result in additional screening."
The TSA argues that the rule can't be made public since it would put air travel at risk. In his appeal to the Supreme Court to review the decision, Gilmore has narrowed the issues and is focusing simply on the existence of a secret rule, albeit one whose broad outlines are known to the public.
Secret laws have been anathema to democracies for centuries, as they deprive persons of their right to contest the legality of a law or to be able to comply.
Under our system of laws, it is not sufficient for the Executive, charged under the Constitution with administering the laws, simply to assure the public as to what the law requires. That inevitably results in arbitrary enforcement of the law. There instead is a basic due process right to actually see the law. Stripped of that right, individuals are seriously disadvantaged in their ability to protect their rights in a court of law, debate existing policy and petition the government for change.
The whole petition clocks in at about 21 pages and is a great primer on the history of secret law, ranging from the Magna Carta through philosopher Jeremy Bentham through to James Madison and American case law. I highly recommend reading pps. 9 to 21of the writ of cert (17 to 28 in the pdf -- contains Ninth Circuit decision).
Grab the pdf here and you can read more at his case's website.
 [27B Stroke 6]
12:19:30 PM
|
|
|
© Copyright 2006 Paul Hardwick.
Last update: 9/2/06; 4:26:07 AM.
|
|
|
