Sally Hubbard, director of enforcement strategy at Open Markets Institute, from left, Matthew ... [+]
The Association for Computing Machinery (ACM) has announced the formation of the new ACM Technology Policy Council to coordinate an agenda for its activities around the world which relate to social and political issues such as algorithmic bias and online privacy. This is a long-overdue move for such an organization given the changes in recent years to data privacy, NSA domestic spying programs and the more recent revelations of how free speech has been outsourced to big tech. Indeed, we need to comprehend the need to demand that private companies and governments yield to privacy concerns before anything else.
When we conduct a search on Google, for instance, our search query and results are not private, hence in recent years, browsers are offering “incognito mode” or “InPrivate Browsing” for Firefox. But these ostensibly secure modes aren’t completely private either. When searching in private or incognito mode, however, your Internet Service Provider (ISP) can see your browsing activity and will, if requested by the government, hand over such information. Similarly, the websites that are visited can also track users. So, while incognito browsing has certain benefits, it is not a fool-proof tool for protecting one’s privacy.
Where other services such as VPN and anonymous search engines can bolster online privacy, the larger problem is that privacy needs to be implemented from the top down, and not the inverse. Certainly, as I am currently moving house and searching for a new home and movers to transport my goods, my fear of a data breach is infinitesimally small compared to other types of searches where private data that would directly be attached to my name and my very real, private information.
Despite the deflection of privacy issues from the government, there is good reason for concern given that this past May, the U.S. Senate Committee on Health, Education, Labor and Pensions proposed legislation that planned the expansion of public health data systems in order to enhance health data interoperability. What could go wrong?
Well, if you look to what happened with the NHS gender identity clinic in the UK which recently disclosed email contacts of over 2,000 patients, then a lot can go wrong. Aside from private medical information at risk of exposure, there is related data at risk of exposure such as insurance and other financial information stored alongside health-related data. Additionally, there are the many web searches that we conduct related to subjects currently under legal scrutiny or challenge in the US such that, for instance, women who research information on safe abortions, the causes of birth injuries and matters related to child safety may face legal scrutiny should such information be hacked or rendered public. A recent study has even shown “that local restrictions on abortion lead individuals to seek abortion services outside of their area” meaning that in states where abortion is now illegal, NSA-like spying could potentially lead to the persecution of women seeking the safe termination of pregnancy much less other thought crimes.
There is much much to consider when examining what many consider to be the tradeoff between data access and data security. This basically comes down to how much do you value data over your privacy? For protected health information (PHI) breaches, the reporting requirements are quite light and the damage done to the public sector is quite daunting. Effectively, there seems to be no litmus test for what makes data truly secure today as each institutional guidelines vary with the exception of HIPA (Health Insurance Portability and Accountability Act of 1996) which specifies that data breaches must be reported within 60 days. But HIPPA was enacted in an era when software and data were held on closed systems and private data centers and where the IoT and the cloud did not yet exist as a virtual interface between users and information. Today, the new tech footprint means that such legal reforms need to be updated if not entirely rethought.
How privacy and data are secured by organizations is part of the problem, but the larger part of the problem is that both health and financial information on patients is stored together. Many have suggested that the way data is stored and what data is stored where ought to be entirely restructured to make private data less enticing for hackers.
The solution will come at the expense of many more individuals whose private data has been breached and it will ultimately take the public to decry the mechanisms for data storage for things to change.
