1) The U.S. government comes up with some, um, interesting names for its surveillance programs. “Perfect Citizen” sounds like it’s right out of Orwell. As the article points out, there are some major unanswered questions. How do they collect this data? Where do they get it? Do they use it just to look for interesting patterns that then lead them to identify specific individuals, or are all the individuals apparent and visible from the get-go? And what are the regulations around re-use of this data?
2) Health and Human Services has issued proposed updated regulations to HIPAA, the law regulating how personal health information is shared. CDT has made some comments about how these regulations will affect patient privacy, data security, and enforcement. HIPAA, to some extent, lays out some useful standards on things like how electronic health information should transmitted. But it also has been controversial for suppressing information-sharing, even when it is legal and warranted.
So what if instead of talking about what we can’t do, what if we started talking about what we can do with electronic health data? I’m not imagining a list of uses where anything outside of the list is barred, but rather an outline of the kinds of uses that are useful. The whole point of electronic health records is to make information more easily shareable so care is more continuous and comprehensive and research more efficient and effective.
I love this bit from an interview with a neuroscientist who studies dog brains because, “dogs aren’t covered by Hipaa! Their records aren’t confidential!”
3) A start-up called Bynamite is trying to give users control over the information they share with advertisers online. It’s another take on something we’ve seen from Google and BlueKai, where users get to see what interests have been associated with them. Like those services, Bynamite allows you to remove interests that don’t pertain to you or that you don’t want to share. Bynamite then goes further by opting you out of networks that won’t let you make these choices. That definitely sounds easier to managing P3P, and easier than reading through the policies of all the companies that participate in the National Advertising Initiative.
I agree with Professor Acquisti that all of us, when we use Google or any other free online service, are paying for our use of the service with our personal information, and that Bynamite is trying to make that transaction more explicit. But I wonder if the value of the data companies have gained is explicit. Is the price of the transaction fair? Does 1 hour of free Google search equal x amounts of personal data bits? Can you even put a dollar value on that transaction, given that the true value of all this data is in aggregate?
The accompanying blog post to this article cites a study demonstrating how hard it is to assign a dollar value to privacy. The study subjects clearly did value “privacy,” but the price they put on it depended on how much they felt they had any privacy to begin with!