The Curious Side Effects of Medical Transparency

“Transparency has always been seen as a hallmark of honesty and integrity. The logic is familiar: democracies aspire to be transparent, but dictatorships are opaque; faithful spouses are guileless, while philanderers lie; reputable businesses operate in the open, but shady operations literally draw the shades. Collectively, we’ve embraced Louis Brandeis’s dictum that sunlight is the best disinfectant. We demand transparency in government, charitable institutions, nutrition labels, and middle-school grading rubrics. The medical record should be no different. [..] In 2008, Ethan Bernstein, an associate professor at Harvard Business School, travelled with a team of students to a vast mobile-phone-manufacturing plant … Read More

Washington passes law requiring consent before companies collect health data

“A new Washington state law will require companies to receive a user’s explicit consent before they can collect, share, or sell their health data. Washington Governor Jay Inslee signed the My Health, My Data bill into law on Thursday, giving users the right to withdraw consent at any time and have their data deleted. The law should help shield users’ health data from the companies and organizations not included under the HIPAA Privacy Rule, which prevents certain medical providers from disclosing “individually identifiable” health information without consent. The HIPAA Privacy Rule doesn’t cover many of the health apps and sites that collect medical data, … Read More

How to preserve secrets in a quantum age

“The existing encryption standards that underpin just about every online exchange of information are a bit of gnarly mathematics designed to be well-nigh impossible for today’s computers to crack without just the right arithmetical key. But NIST’s scientists have not been pondering today’s machines. They worry about a coming era of quantum computers. These exploit the weirdness of the quantum world to perform calculations in fundamentally different ways from those used by conventional computers. This confers an enormous theoretical advantage in a small number of problem types—including identifying a large number’s prime factors (numbers, divisible only by themselves and one, … Read More

Why Privacy Matters

“as Vox reporter Sara Morrison wisely observed, “[D]eleting a period tracker app is like taking a teaspoon of water out of the ocean.” So much data is collected about people these days that removing a small amount of data from an app or a phone is not going to erase all traces of a newly criminalized activity. The Electronic Frontier Foundation notes that pregnant people are far more likely to be turned over to law enforcement by hospital staff, a partner or a family member than by data in an app —and that the types of digital evidence used to … Read More

Smartphone apps promised to help combat the pandemic. How well did they work?

“A new review paper, published Monday in Nature Biotechnology, explores the wide range of apps rolled out to combat the pandemic [..]. Here are four questions that still need to be answered about how apps can combat Covid. [1] How do you get broad swaths of the public to adopt an app? “Contact tracing had a lot of problems,” said [physician and Director of Digital Medicine at Scripps Research Translational Institute and a co-author of the new paper Jay] Pandit. [..] The initial goal for the U.K. National Health Service’s Covid-19 app was to reach a 60% adoption rate. [..] … Read More

Not All MFA is Equal, and the Differences Matter a Lot: Why FIDO2 and WebAuthN are so much better than SMS and app-based auth

“People are starting to get the message that text/SMS is a weak form of multi-factor authentication (MFA). Fewer people know that there’s a big gap between the post-SMS MFA options as well. [..] it doesn’t really matter how you got that MFA code. It might have been a text, or it could have been something “strong”, like a mobile authenticator app like Google Authenticator or Authy. However you got it, you now have it, which means you can now type it into a text field owned by a bad guy. [..] FIDO stands for Fast Identity Online, and it uses … Read More

The New Rules of Data Privacy

“For most of its existence, the data economy was structured around a “digital curtain” designed to obscure the industry’s practices from lawmakers and the public. Data was considered company property and a proprietary secret, even though the data originated from customers’ private behavior. That curtain has since been lifted and a convergence of consumer, government, and market forces are now giving users more control over the data they generate. Instead of serving as a resource that can be freely harvested, countries in every region of the world have begun to treat personal data as an asset owned by individuals and … Read More