Computers, Privacy & the Constitution

View   r5  >  r4  >  r3  >  r2  >  r1
KevinHoungFirstPaper 5 - 26 Jun 2015 - Main.MarkDrake
Line: 1 to 1
Changed:
<
<
META TOPICPARENT name="FirstPaper"
>
>
META TOPICPARENT name="OldPapers"
 

Big Data and its Intrusion Into Our Medical History: An Investigation Into Matchback Programs


KevinHoungFirstPaper 4 - 11 May 2015 - Main.KevinHoung
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper"
Line: 9 to 9
 

Introduction

Changed:
<
<
Silently, big data companies have been methodically mining sensitive medical history on patients throughout the U.S and selling it to Big Pharma through a process known as a matchback. Similar to why Amazon tracks your purchase history to suggest possible future purchases, pharmaceutical companies are now privy to once confidential medical information. Whether or not such information is de-identified is irrelevant, because the collection and possession of sensitive medical history should be available only to ourselves, doctors, and medical researchers.
>
>
Silently, large data companies have been methodically mining sensitive medical history on patients throughout the U.S and selling it to Big Pharma through a process known as a matchback. Similar to why Amazon tracks your purchase history to suggest possible future purchases, pharmaceutical companies are now privy to once confidential medical information. Whether or not such information is de-identified is irrelevant, because the collection and possession of sensitive medical history should be available only to ourselves, doctors, and medical researchers.
 

What are Matchback Programs?


KevinHoungFirstPaper 3 - 06 May 2015 - Main.KevinHoung
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper"
Changed:
<
<

The Tangibility of Privacy

>
>

Big Data and its Intrusion Into Our Medical History: An Investigation Into Matchback Programs

 
Changed:
<
<
-- By KevinHoung - 06 Mar 2015
>
>
-- By KevinHoung - 05 May 2015
 

Introduction

Changed:
<
<
The intangibility of privacy in modern society has led to a generation of apathy and placid acceptance towards the intrusion of personal privacy.
>
>
Silently, big data companies have been methodically mining sensitive medical history on patients throughout the U.S and selling it to Big Pharma through a process known as a matchback. Similar to why Amazon tracks your purchase history to suggest possible future purchases, pharmaceutical companies are now privy to once confidential medical information. Whether or not such information is de-identified is irrelevant, because the collection and possession of sensitive medical history should be available only to ourselves, doctors, and medical researchers.
 
Changed:
<
<
How about a first sentence introducing your idea that is less abstract, more ... tangible?
>
>

What are Matchback Programs?

 
Added:
>
>
The process begins when a patient, John, purchases a drug through his pharmacy. Now not only does John’s pharmacy have record of his prescription, but so does the hospital or doctor that prescribed him the medicine. Pharmacies and hospitals are ordinarily prohibited from selling this confidential information by the Health Insurance Portability and Accountability Act. However, HIPAA only protects identifiable information. Therefore, savvy medical providers may sell confidential information as long as they de-identify personal information by transforming personal identifiers such as your name, address, and date of birth into a multidigit number through one way hash encryption. Your unencrypted medical history is then linked to your encrypted personal information. Data brokers then buy this information from hospitals and pharmacies.
 
Changed:
<
<
Though privacy has always been an abstract concept, the act of protecting one’s privacy has traditionally been that of a tangible act. The Fourth Amendment protects against the intrusion into one’s home and in certain circumstances against the unreasonable search and seizure of one’s automobile. A person’s home has long been considered a personal space protected from government or private spying as opposed to public space, where one no longer enjoys the same notions of privacy. Thus traditionally, the notion of privacy has always entailed a protection of some form of physical space or tangible object. However in cyberspace, there is no longer a tangible form of privacy that individuals can exert some sort of physical dominion over. It is extremely difficult to define what is one’s home or personal space on the internet. To protect the sacred value of personal privacy though, it is necessary that society be able to delineate the line between where one’s privacy on cyberspace begins and where one’s public persona is available to everyone.
>
>
But now the question remains, how do pharmaceutical companies seem to systematically anticipate your medical purchases? Data brokers also buy encrypted personal information collected from web browsers such as Google Chrome. When you set up a user profile on a web browser like Chrome you are asked to enter personal identifiers such as name, birthday, and address. These personal identifiers are encrypted using the same algorithm used to encrypt your identifiable medical information; and this encrypted personal information is subsequently sold to data brokers. Data brokers then match the encrypted personal information tied to your unencrypted medical history, which was bought from your medical provider, back to the encrypted personal information that was bought from your web browser of choice. In other words, information regarding your medical history is no longer tied to your personal information, but to a unique number, like a social security number. Data brokers sell this information to pharmaceutical companies, who use it to systematically target patients online.
 
Deleted:
<
<

Big Data

 
Changed:
<
<
Debates concerning Internet privacy often revolves around the dissemination of metadata. Most, if not all, would find that reading another person’s email without consent is a breach of privacy. However, arguments become less clear when metadata is involved. Yet my argument is that whether you are collecting information regarding the content of an email or the location from which that email was sent, the intrusion of privacy is the same. If I can use metadata taken from your Instagram account to construct a picture of your daily movements throughout your day, the result is the same as if I directly placed a tracking device on your body. If a random stranger walked up to you on the street and asked for your iCloud password so that they could track your daily GPS movements, you would most certainly dismiss their request. However, companies collect data everyday through which they possess the potential to retrace one’s physical steps throughout the day. Malte Spitz, an executive member of the German Green Party, went to court and requested his cell phone carrier, Deutsche Telekom, turn over the information it gathered and stored on his cell phone activity. As a result, Deutsche Telekom turned over 35,830 lines of code essentially documenting the last six months of Spitz’s life almost down to the minute. In addition to retracing one’s physical steps, American companies now possess the capability to and do engage in collecting information on their customers’ electronic footsteps in cyberspace. Companies claim this may be for the betterment of the user experience, however in the end, this data is used to generate business and ultimately revenue for the company.
>
>

Evading Privacy Concerns

 
Changed:
<
<

Matchback Programs

>
>
According to Big Pharma, this form of marketing complies with medical privacy laws by encrypting the patient’s name with a unique code so that the name of the patient remains hidden. However, replacing a patient’s name with a unique code is no different than not encrypting a patient’s name at all. Whether or not you are identified by your given name or a unique number is irrelevant. Everyone is given a social security code, yet no reasonable person would place this number on a public forum whether in cyberspace or in the newspaper. Just as your bank account is linked to your name, date of birth, and address, the same information may be linked to your social security number. Therefore, how you are identified by an organization is irrelevant, but the collection of source material, your medical history, is not.
 
Changed:
<
<
Silently, Big Pharma and Internet companies are targeting customers through a process known as matchback. Matchback allows third parties to assign patients unique numerical codes based on their prescription records. Then websites use the same process to assign codes to registered users. According to Big Pharma, this form of marketing complies with medical privacy laws because the name of the patient is always hidden, instead replacing the name with the unique code. Replacing a patient’s name with a unique code does not completely eliminate the privacy concerns though. Whether or not you are identified by your given name or a unique number is irrelevant. Everyone is given a social security code, yet no reasonable person would likely place this number on a public forum whether in cyberspace or by taking out an ad in the newspaper. Just as your bank accounts, personal records, and consumption habits are linked to your name, bank statements, credit card statements, and job applications may be linked to your social security number.
>
>
Instead of being focused on the process of encrypting one’s personal identifiable information, we should instead by asking why companies are allowed to monetize our medical information at all. Medical information should inherently be protected because it is so sensitive, regardless of whether it is linked to identifiable information. We offer doctors our medical information because they are supposed to use that information to help diagnose and treat our conditions, but that information is now being sold. Admittedly, data brokers also sell de-identified patient information to medical researchers, who are then able to track health trends. However, my argument is not that medical data be prohibited from being sold to researchers, but that private companies should be prohibited from monetizing private medical history for the aim of personalized marketing.
 
Changed:
<
<
This is at best confusing, even to an expert.
>
>
Data brokers claim matchbacks enhance the user’s experience by personalizing ads without requiring a patient’s name be revealed. However, these firms profile millions of patients, often, without their knowledge. GlaxoSmithKline, the sixth largest pharmaceutical manufacturer in the world stopped using matchbacks after concerns websites were not informing its users about the data collection. Sara Alspach, a GlaxoSmithKline spokesperson said that websites must “uphold appropriate privacy standards” and be transparent about the way data is used. If, as data brokers claim, there are no privacy concerns associated with matchback programs, why are patients not instead offered an opt-in option to participate in the program? Companies claim this may be for the betterment of the user experience, however ultimately, this data is used to generate revenue for the company. McKinsey and Co. projects that medical data analytics will grow to be a $20 billion industry by 2020 and IMS Health, one of the largest data brokers, reported revenues of $2.6 billion last year alone.
 
Added:
>
>
Convenience should never eclipse society’s concerns over privacy. Matchback programs should raise startling privacy concerns. Trading information concerning one’s commercial purchasing habits is arguably harmless. However, there is hardly ever a circumstance where an individual will freely and publicly disseminate one’s medical purchasing history to a company let alone one’s close friends.
 
Deleted:
<
<
Data firms that perform these matchbacks claim such marketing tools enhance the user experience and that the goal is to personalize ads without ever revealing patient’s names. However, these firms are still building extensive and comprehensive information databases and profiles of thousands of patients often without their knowledge. GlaxoSmithKline? , the world’s six largest pharmaceutical manufacturer with yearly revenues of approximately $24 billion euros, stopped using matchbacks after concerns that websites may not be informing its users about the collection of such information. Sara Alspach, a GlaxoSmithKline? spokesperson said that websites must “uphold appropriate privacy standards” and be transparent about the way data is used.
 

Conclusion

Changed:
<
<
Privacy concerns over metadata and user initiated platforms such as Facebook and Instagram often draw little concern from its users. Perhaps this is due to the high cost of switch, or at the very least the “perceived” cost of switching. There is no alternative to Facebook as broad or far reaching.

No? How about the Web?

Convenience is now overtaking privacy as Internet users’ chief concern.

Convenience however should never alleviate society’s concerns over privacy.

What does "should" mean?

Matchback programs should raise startling privacy concerns. Trading information concerning one’s commercial purchasing habits is arguably harmless. However, there is hardly ever a circumstance where an individual will freely and publicly disseminate one’s medical purchasing history to a company let alone one’s close friends. The matchback process essentially eliminates the protections Congress passed in the Health Insurance Portability and Accountability Act (HIPAA).

There is no privacy protection in replacing one’s name with a number, as long as that number identifies yourself and your medical and purchasing history. Companies have long held a veil of convenience over their customers’ eyes, however medical privacy requires the utmost protection. Medical conditions are those of the most intimate nature and there is no claim of convenience that can overcome the duty to protect such intimate information.

Word Count: 947

The essay's idea is either obscure or merely cliche. The most promising route to improvement is to present your own idea clearly, simply and forcefully, in the first paragraph. Then you develop that idea in subsequent paragraphs, showing how your idea is placed in its context, and meeting the objections or questions your skeptical editing of your own idea causes you to foresee. Your conclusion then offers your reader implications of your idea that she can explore further on her own. If you try to outline carefully such an essay, starting from clarity about the idea of your own you are presenting, you will be much more successful.
>
>
Simply replacing one’s name with a number fails to protect privacy, as long as that number identifies you and your medical purchase history. If I told you from this point forward your name is Ted and that the stores you shopped at in the past as well as the future would refer to you as Ted, would that give you a sense of anonymity? Most likely it would not because your identity, what people refer to you as, is irrelevant as it pertains to anonymity. But what is relevant is that everyone can identify you with a unique number. Companies have long held a veil of convenience over their customers’ eyes, however medical privacy requires the utmost protection. Medical conditions are those of the most intimate nature and there is no claim of convenience that can overcome the duty to protect such intimate information.
 
Added:
>
>
Word Count: 1000
 
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

KevinHoungFirstPaper 2 - 28 Apr 2015 - Main.EbenMoglen
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper"
Line: 9 to 9
 

Introduction

Changed:
<
<
The intangibility of privacy in modern society has led to a generation of apathy and placid acceptance towards the intrusion of personal privacy. Though privacy has always been an abstract concept, the act of protecting one’s privacy has traditionally been that of a tangible act. The Fourth Amendment protects against the intrusion into one’s home and in certain circumstances against the unreasonable search and seizure of one’s automobile. A person’s home has long been considered a personal space protected from government or private spying as opposed to public space, where one no longer enjoys the same notions of privacy. Thus traditionally, the notion of privacy has always entailed a protection of some form of physical space or tangible object. However in cyberspace, there is no longer a tangible form of privacy that individuals can exert some sort of physical dominion over. It is extremely difficult to define what is one’s home or personal space on the internet. To protect the sacred value of personal privacy though, it is necessary that society be able to delineate the line between where one’s privacy on cyberspace begins and where one’s public persona is available to everyone.
>
>
The intangibility of privacy in modern society has led to a generation of apathy and placid acceptance towards the intrusion of personal privacy.

How about a first sentence introducing your idea that is less abstract, more ... tangible?

Though privacy has always been an abstract concept, the act of protecting one’s privacy has traditionally been that of a tangible act. The Fourth Amendment protects against the intrusion into one’s home and in certain circumstances against the unreasonable search and seizure of one’s automobile. A person’s home has long been considered a personal space protected from government or private spying as opposed to public space, where one no longer enjoys the same notions of privacy. Thus traditionally, the notion of privacy has always entailed a protection of some form of physical space or tangible object. However in cyberspace, there is no longer a tangible form of privacy that individuals can exert some sort of physical dominion over. It is extremely difficult to define what is one’s home or personal space on the internet. To protect the sacred value of personal privacy though, it is necessary that society be able to delineate the line between where one’s privacy on cyberspace begins and where one’s public persona is available to everyone.

 

Big Data

Line: 23 to 30
 Silently, Big Pharma and Internet companies are targeting customers through a process known as matchback. Matchback allows third parties to assign patients unique numerical codes based on their prescription records. Then websites use the same process to assign codes to registered users. According to Big Pharma, this form of marketing complies with medical privacy laws because the name of the patient is always hidden, instead replacing the name with the unique code. Replacing a patient’s name with a unique code does not completely eliminate the privacy concerns though. Whether or not you are identified by your given name or a unique number is irrelevant. Everyone is given a social security code, yet no reasonable person would likely place this number on a public forum whether in cyberspace or by taking out an ad in the newspaper. Just as your bank accounts, personal records, and consumption habits are linked to your name, bank statements, credit card statements, and job applications may be linked to your social security number.

Added:
>
>
This is at best confusing, even to an expert.

 Data firms that perform these matchbacks claim such marketing tools enhance the user experience and that the goal is to personalize ads without ever revealing patient’s names. However, these firms are still building extensive and comprehensive information databases and profiles of thousands of patients often without their knowledge. GlaxoSmithKline? , the world’s six largest pharmaceutical manufacturer with yearly revenues of approximately $24 billion euros, stopped using matchbacks after concerns that websites may not be informing its users about the collection of such information. Sara Alspach, a GlaxoSmithKline? spokesperson said that websites must “uphold appropriate privacy standards” and be transparent about the way data is used.

Conclusion

Changed:
<
<
Privacy concerns over metadata and user initiated platforms such as Facebook and Instagram often draw little concern from its users. Perhaps this is due to the high cost of switch, or at the very least the “perceived” cost of switching. There is no alternative to Facebook as broad or far reaching. Convenience is now overtaking privacy as Internet users’ chief concern.
>
>
Privacy concerns over metadata and user initiated platforms such as Facebook and Instagram often draw little concern from its users. Perhaps this is due to the high cost of switch, or at the very least the “perceived” cost of switching. There is no alternative to Facebook as broad or far reaching.

No? How about the Web?
 
Changed:
<
<
Convenience however should never alleviate society’s concerns over privacy. Matchback programs should raise startling privacy concerns. Trading information concerning one’s commercial purchasing habits is arguably harmless. However, there is hardly ever a circumstance where an individual will freely and publicly disseminate one’s medical purchasing history to a company let alone one’s close friends. The matchback process essentially eliminates the protections Congress passed in the Health Insurance Portability and Accountability Act (HIPAA).
>
>
Convenience is now overtaking privacy as Internet users’ chief concern.

Convenience however should never alleviate society’s concerns over privacy.

What does "should" mean?

Matchback programs should raise startling privacy concerns. Trading information concerning one’s commercial purchasing habits is arguably harmless. However, there is hardly ever a circumstance where an individual will freely and publicly disseminate one’s medical purchasing history to a company let alone one’s close friends. The matchback process essentially eliminates the protections Congress passed in the Health Insurance Portability and Accountability Act (HIPAA).

 There is no privacy protection in replacing one’s name with a number, as long as that number identifies yourself and your medical and purchasing history. Companies have long held a veil of convenience over their customers’ eyes, however medical privacy requires the utmost protection. Medical conditions are those of the most intimate nature and there is no claim of convenience that can overcome the duty to protect such intimate information.

Word Count: 947

Added:
>
>
The essay's idea is either obscure or merely cliche. The most promising route to improvement is to present your own idea clearly, simply and forcefully, in the first paragraph. Then you develop that idea in subsequent paragraphs, showing how your idea is placed in its context, and meeting the objections or questions your skeptical editing of your own idea causes you to foresee. Your conclusion then offers your reader implications of your idea that she can explore further on her own. If you try to outline carefully such an essay, starting from clarity about the idea of your own you are presenting, you will be much more successful.

 
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

KevinHoungFirstPaper 1 - 06 Mar 2015 - Main.KevinHoung
Line: 1 to 1
Added:
>
>
META TOPICPARENT name="FirstPaper"

The Tangibility of Privacy

-- By KevinHoung - 06 Mar 2015

Introduction

The intangibility of privacy in modern society has led to a generation of apathy and placid acceptance towards the intrusion of personal privacy. Though privacy has always been an abstract concept, the act of protecting one’s privacy has traditionally been that of a tangible act. The Fourth Amendment protects against the intrusion into one’s home and in certain circumstances against the unreasonable search and seizure of one’s automobile. A person’s home has long been considered a personal space protected from government or private spying as opposed to public space, where one no longer enjoys the same notions of privacy. Thus traditionally, the notion of privacy has always entailed a protection of some form of physical space or tangible object. However in cyberspace, there is no longer a tangible form of privacy that individuals can exert some sort of physical dominion over. It is extremely difficult to define what is one’s home or personal space on the internet. To protect the sacred value of personal privacy though, it is necessary that society be able to delineate the line between where one’s privacy on cyberspace begins and where one’s public persona is available to everyone.

Big Data

Debates concerning Internet privacy often revolves around the dissemination of metadata. Most, if not all, would find that reading another person’s email without consent is a breach of privacy. However, arguments become less clear when metadata is involved. Yet my argument is that whether you are collecting information regarding the content of an email or the location from which that email was sent, the intrusion of privacy is the same. If I can use metadata taken from your Instagram account to construct a picture of your daily movements throughout your day, the result is the same as if I directly placed a tracking device on your body. If a random stranger walked up to you on the street and asked for your iCloud password so that they could track your daily GPS movements, you would most certainly dismiss their request. However, companies collect data everyday through which they possess the potential to retrace one’s physical steps throughout the day. Malte Spitz, an executive member of the German Green Party, went to court and requested his cell phone carrier, Deutsche Telekom, turn over the information it gathered and stored on his cell phone activity. As a result, Deutsche Telekom turned over 35,830 lines of code essentially documenting the last six months of Spitz’s life almost down to the minute. In addition to retracing one’s physical steps, American companies now possess the capability to and do engage in collecting information on their customers’ electronic footsteps in cyberspace. Companies claim this may be for the betterment of the user experience, however in the end, this data is used to generate business and ultimately revenue for the company.

Matchback Programs

Silently, Big Pharma and Internet companies are targeting customers through a process known as matchback. Matchback allows third parties to assign patients unique numerical codes based on their prescription records. Then websites use the same process to assign codes to registered users. According to Big Pharma, this form of marketing complies with medical privacy laws because the name of the patient is always hidden, instead replacing the name with the unique code. Replacing a patient’s name with a unique code does not completely eliminate the privacy concerns though. Whether or not you are identified by your given name or a unique number is irrelevant. Everyone is given a social security code, yet no reasonable person would likely place this number on a public forum whether in cyberspace or by taking out an ad in the newspaper. Just as your bank accounts, personal records, and consumption habits are linked to your name, bank statements, credit card statements, and job applications may be linked to your social security number.

Data firms that perform these matchbacks claim such marketing tools enhance the user experience and that the goal is to personalize ads without ever revealing patient’s names. However, these firms are still building extensive and comprehensive information databases and profiles of thousands of patients often without their knowledge. GlaxoSmithKline? , the world’s six largest pharmaceutical manufacturer with yearly revenues of approximately $24 billion euros, stopped using matchbacks after concerns that websites may not be informing its users about the collection of such information. Sara Alspach, a GlaxoSmithKline? spokesperson said that websites must “uphold appropriate privacy standards” and be transparent about the way data is used.

Conclusion

Privacy concerns over metadata and user initiated platforms such as Facebook and Instagram often draw little concern from its users. Perhaps this is due to the high cost of switch, or at the very least the “perceived” cost of switching. There is no alternative to Facebook as broad or far reaching. Convenience is now overtaking privacy as Internet users’ chief concern.

Convenience however should never alleviate society’s concerns over privacy. Matchback programs should raise startling privacy concerns. Trading information concerning one’s commercial purchasing habits is arguably harmless. However, there is hardly ever a circumstance where an individual will freely and publicly disseminate one’s medical purchasing history to a company let alone one’s close friends. The matchback process essentially eliminates the protections Congress passed in the Health Insurance Portability and Accountability Act (HIPAA).

There is no privacy protection in replacing one’s name with a number, as long as that number identifies yourself and your medical and purchasing history. Companies have long held a veil of convenience over their customers’ eyes, however medical privacy requires the utmost protection. Medical conditions are those of the most intimate nature and there is no claim of convenience that can overcome the duty to protect such intimate information.

Word Count: 947


You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Revision 5r5 - 26 Jun 2015 - 20:14:08 - MarkDrake
Revision 4r4 - 11 May 2015 - 21:50:49 - KevinHoung
Revision 3r3 - 06 May 2015 - 00:34:49 - KevinHoung
Revision 2r2 - 28 Apr 2015 - 16:08:32 - EbenMoglen
Revision 1r1 - 06 Mar 2015 - 20:44:06 - KevinHoung
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM