Wednesday, October 23, 2013

The pendulum swings again...
Happy to report a great win for the ACLU in U.S. v. Katzin. From the decision issued today by the Third Circuit Court of Appeals:
The instant case … calls upon us to decide two novel issues of Fourth Amendment law: First, we are asked to decide whether the police are required to obtain a warrant prior to attaching a GPS device to an individual’s vehicle for purposes of monitoring the vehicle’s movements (conduct a “GPS search”). If so, we are then asked to consider whether the unconstitutionality of a warrantless GPS search may be excused for purposes of the exclusionary rule, where the police acted before the Supreme Court of the United States proclaimed that attaching a GPS device to a vehicle constituted a “search” under the Fourth Amendment. For the reasons discussed below, we hold that the police must obtain a warrant prior to a GPS search and that the conduct in this case cannot be excused on the basis of good faith. Furthermore, we hold that all three brothers had standing to suppress the evidence recovered from Harry Katzin’s van. We therefore will affirm the District Court’s decision to suppress all fruits of the unconstitutional GPS search.
You can access the full opinion here.

Patients lie. Will reading their Tweets or looking at their Facebook page reveal the truth?
Art Caplan poses an interesting ethical question:
A friend recently brought to my attention a disturbing question from a psychiatrist working with a transplant team: Should she be checking the sobriety claims of liver transplant candidates by looking on their Twitter and other social media sites? That question merits discussion because it’s clear both doctors and patients are entering a new world of uncertain medical privacy due to Twitter, Facebook, Google+ and other outlets.
Read more on NBC.

Would this reduce bullying? After all, unlike the First Amendment, “It's for the children!”
Lorraine Bailey reports:
A mother sued Twitter for the identities of people who impersonated her daughter on the social media site, tweeting in her name “my passion is being fat,” “free hand and blowjobs call me,” and posting her phone number and picture online.
The mother sued Twitter on behalf of her minor daughter, in Cook County Court.
She seeks a court order compelling Twitter to release the identities of people who set up two Twitter accounts.
Read more on Courthouse News. Twitter suspended the two accounts.

Get the government to give your clients money to use your free service? Now that's a business model! (and like Facebook, it has a few “Privacy issues”)
Kashmir Hill writes:
Medical records start-up Practice Fusion has attracted a whopping $134 million in venture capital thanks to its appealing business model: it offers 100,000 (and counting) medical types free, web-based patient management services. The doctors get for free something that’s usually quite expensive, while cashing in on $150 million (so far) in government incentives to adopt electronic health record technology. Practice Fusion gets an attractive platform of doctors that medical labs, hospitals and medical billers pay to access. “Our community drives $100 billion in spend,” says CEO Ryan Howard. The start-up also gets data on 75 million patients’ health conditions and prescriptions, which it de-identifies and then makes available to analysts, pharma companies, and market research types, who also pay. You can see why a VC firm like Kleiner Perkins put $70 million into the start-up this September, valuing it at $700 million. It’s like Facebook but with tons of valuable medical data.
But the start-up could have a big privacy problem thanks to a doctor review site it launched in April. ‘Patient Fusion’ debuted with 30,000 doctor profiles and a stunning two million reviews, all from verified patients of the doctors. The site came as a surprise to some doctors – who knew the start-up emailed their patients appointment and prescription reminders but didn’t realize it had been reaching out to their patients after visits asking for reviews. And it is likely a surprise to some of the patients whose reviews are available publicly on the site. There are candid reviews with sensitive medical data and “anonymous reviews” that contain patients’ full names and/or contact details, suggesting they didn’t realize that what they were writing was going to be made public.
Read more on Forbes.
This sounds like a HIPAA/CMIA/FTC nightmare brewing. Practice Fusion has a lengthy privacy policy that says, in part:
Confidentiality of Health Information: Some of our users – such as healthcare providers – are subject to laws and regulations governing the use and disclosure of health information they create or receive. Included among them is the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health of 2009 (“HITECH”), and the regulations adopted thereunder. When we store, process or transmit “individually identifiable health information” (as such term is defined by HIPAA) on behalf of a health care provider who has entered a Healthcare Provider User Agreement, we do so as its “business associate” (as also defined by HIPAA). Under this agreement, we are prohibited from, among other things, using individually identifiable health information in a manner that the provider itself may not. We are also required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of individually identifiable health information we store and process on behalf of such providers. To see our Healthcare Provider User Agreement, and to specifically review our business associate obligations, please review Sections 4.1.8 and 9 of that agreement. We are also subject to laws and regulations governing the use and information of certain personal and health information, including HIPAA, when we operate as a business associate of a healthcare provider.
If patients weren’t properly informed about the public nature of their feedback and didn’t provide informed consent, I’d say that Practice Fusion has a whopping HIPAA privacy disclosure breach on its hands. Hopefully, HHS is looking into this whole thing. And if healthcare providers didn’t fully understand how Practice Fusion would be using the information provide, then that’s a second round of complaints/matter to be investigated.

Bad laws never die, they do morph and change names and attract lots of lobbying money.
Dana Liebelson reports:
This summer, when Edward Snowden dropped his bombshell about PRISM, the NSA’s vast Internet spying program, the House had recently passed a bill called the Cyber Intelligence Sharing and Protection Act (CISPA). Widely criticized by privacy advocates, CISPA aimed to beef up US cybersecurity by giving tech companies the legal freedom to share even more cyber information with the US government—including the content of Americans’ emails, with personal information intact. CISPA supporters, among them big US companies such as Verizon and Comcast, spent 140 times more money on lobbying for the bill than its opponents, according to the Sunlight Foundation. But after Snowden’s leaks, public panic over how and why the government uses personal information effectively killed the bill. Now that the dust has settled a bit, NSA director Keith Alexander is publicly asking for the legislation to be re-introduced, and two senators confirmed that they are drafting a new Senate version.
“I am working with Senator Saxby Chambliss (R-Ga.) on bipartisan legislation to facilitate the sharing of cyber related information among companies and with the government and to provide protection from liability,” Sen. Dianne Feinstein (D-Calif.) told Mother Jones in a statement.
Read more on Mother Jones.
Haven’t the big tech companies and providers taken enough of a reputation hit already with the Snowden leaks? Do they really want to come out and support more data sharing without user consent or knowledge?
That a bill could be a Good Thing for cybersecurity has never been disputed by the privacy security. The problems were the lack of meaningful restrictions on use of personally identifiable information. Until we see the language of what Senator Feinstein is proposing, we simply won’t know whether the same privacy concerns will continue or if our concerns will be appropriately addressed. Given that it’s Feinstein who’s the sponsor, however, I am not optimistic.

Interesting that parents (who are not “digital natives”) understand the negative implications of technology when “educators” (and their lawyers?) do not.
John Hildebrand reports:
Angry parents worried about their children’s privacy are fighting New York State’s planned turnover of 2.3 million public school students’ names and records to a private, high-tech corporation that will store and manage the records within a computerized “cloud” service.
The release of data to inBloom Inc., a nonprofit based in Atlanta, will include information on about 400,000 students on Long Island and is set to occur this fall or winter, officials said.
Read more on Newsday (sub. req.). The state, of course, is minimizing/denying parental concerns:
State education officials, who have worked with inBloom since 2011 to establish the “cloud” project, said parents’ fears were unwarranted.
InBloom will never release student information without permission from local districts, state and corporate officials said, and the data cannot be sold. The service will provide a high degree of data security through sophisticated encryption, they said.
Notice that there is no provision for parents to opt-out – or better yet, opt-in – as it is up to others to determine whether data will be shared.
And those in the state who are relying on assurances of data security should spend a week or so reading my blogs, including, to see how many supposedly secure databases get hacked or compromised on a daily basis.

Not so surprising...
Don’t Blame IT for Obamacare’s Tech Troubles
“Many eyes, shallow bugs.” Perhaps the gang that couldn’t code straight had never heard this software mantra. One can’t be sure. The Centers for Medicare and Medicaid Services, the agency overseeing the technically troubled Affordable Care Act exchanges, has done a far better job concealing the details of its systems design, development, and deployment practices than producing working websites. IT experts uncharitably observe that what the President describes as “glitches” are symptomatic of deeper digital dysfunctions. Are they right?

Should I believe this or is this 'The Onion' of Washington DC?
Exclusive: White House Official Fired for Tweeting Under Fake Name
A White House national security official was fired last week after being caught as the mystery Tweeter who has been tormenting the foreign policy community with insulting comments and revealing internal Obama administration information for over two years.

For my students who read...
5 Places To Read Fiction Online – For Free!
Classic Reader Classic Reader is a website dedicated to the classics. This site is a gold mine for lovers of classic literature as well as school students who want to read without having to purchase their own copies.

No comments: