Tuesday, July 28, 2009

Dr Google will see you now

"The Conservatives, whose independent review on medical IT reports soon, say there is no prospect of NHS records being handed over to Google in bulk. The party argues that it is simply preparing for an open source world, where individuals will manage and share data more effectively, and cheaply, than government ever can. If people want to use Google Health, or Microsoft HealthVault, they should be allowed to, on their own terms.

"But for individuals to be empowered, they must first be protected. Data is only guarded by the promises of the organisations that hold it. Users can protest if the terms of their contracts are changed, but there are no central rules and no central control. For some, that is the attraction. But do not mistake this for a right to privacy." —The Guardian

Monday, July 27, 2009

Lord Lester, tethered goat

"What about the Human Rights Act? The government damaged its creation by blaming the act for its own political mistakes. It never campaigned effectively to explain why human rights protection matters for everyone and not only for villains or cranks. It published proposals for a separate 'bill of rights and responsibilities' that would create no new legal rights and impose no new responsibilities, but would create uncertainty and confusion. The idea of building on the Human Rights Act by creating a Great Charter of Rights and Freedoms was entirely beyond ministers. The sad reality is that the government is illiberal and often deeply reactionary. It lacks imagination, ambition and respect for personal liberty. It continues to make too many vastly complex laws instead of making existing laws work in practice." —Anthony Lester

What should replace the NHS überdatabases?

It's good to see that the discussion is now opening up on what should replace the £20bn NHS system of centralised medical databases if the Conservative party wins the next election. David Davis MP writes in today's Times:
"There are powerful arguments for people owning their own information and having rights to control it. There are massive weaknesses in the NHS’s bloated central database and there are benefits from using the private sector. But there are also enormous risks, so we are still a long step from being able to give personal data to any company, let alone Google."

No doubt Google's PR flacks will be running around today trying to contain the damage (update: here we go). But Mr Davis is right that extreme caution is required in the design of systems containing so much highly sensitive personal data; and that while many solutions are likely to be preferable to the NHS's ill-starred National Programme for IT, that doesn't mean we should rush into the arms of Google (or indeed Microsoft).

We DO want competition in the provision of health data services that meet strong privacy (and interoperability) requirements.

We don't want any more centralisation than is necessary, because of the security and availability risks, but also the temptation for future governments to grab hold of that data without patient consent — for national security, medical research, and whatever other purposes are politically convenient at the time. So a Google-type solution would probably look less like Google Search and more like Google Wave, with GP practices and hospitals running Wave apps on their own servers, federated to exchange data where necessary, with strict controls and an absolute requirement for patient consent.

The best solution is to fund GPs and hospitals to buy whichever electronic patient record software best meets their clinical needs, so long as it meets key interoperability and privacy standards — not to push patients into the arms of large database companies whose business models are based on exploiting medical records.

Saturday, July 25, 2009

Secret life of the private eye

"If one considers the profitable activities of companies like QinetiQ, Blackwater, Sandline International and myriad similar companies, their dominance in providing these sorts of less well advertised services in trouble hotspots all over the world and at home, one cannot but surmise that industrial and personal spying on largely innocent people has been turned into a very lucrative industry." —Helen Pender

Wednesday, July 22, 2009

Corporate (c) bullshit

"While one hears, constantly, corporate chieftains claiming that they're out there fighting for the creators, we all know that is b.s.: the creators are merely an expense item on a balance sheet, to be reduced as much as possible. We also hear politicians make similar paeans to creators, yet when was the last piece of legislation that was passed that benefited creators at the expense of corporations? When was the last time you heard a government official suggest such a thing?" —William Patry

Friday, July 17, 2009

Canada echoes EU: Facebook breaking privacy law

Social networking sites raise some interesting questions for privacy law. However, some practices — such as Facebook giving all third-party applications access to users' and their friends' personal data — are just inexplicable. Canadian Privacy Commissioner Jennifer Stoddart yesterday echoed the EU's Article 29 Working Party in telling Facebook to improve their level of privacy protection or face legal action.

Michael Geist has more.

Sunday, July 12, 2009

Is data burglary in the public interest?

"Any hacker knowing the right passwords could get access to personal computer information — often at call centres. The private detective just needed to pose as, say, a health worker to check details. Once one newspaper started hiring these gumshoes, rivals were obliged to follow. It became standard practice to ring an investigator and request all manner of information to avoid being beaten to the story." —Dominic Kennedy, Sunday Times Investigations Editor

Saturday, July 11, 2009

When the spotlight is the story

"The press cannot expect to be immune from a widespread and growing public concern about access to databases and personal information, whether it be CCTV, medical records, ID cards, emails or mobile phones. In a world in which editors plead total ignorance of industrial-scale data-burglary under their noses it can hardly be surprising that wider questions are being asked about accountability and regulation." —The Guardian

Thursday, July 09, 2009

Snooping biters can be bit


"Some MPs may bridle at the extent of public surveillance, but parliament has shown not the slightest desire to defend personal freedom from state surveillance. The bland claim is made by home secretaries that intrusion is required for 'national security', the excuse for absolute power down the ages. Nor is data remotely safe in state hands. When the government tells us its national identity register is wholly secure, it is lying: witness the high-security laptops and CDs discarded by the week. There is no such thing as secure electronics.

"Technology gives to those in power, whether in government or the media, immense scope for intrusion. The snooper will always be one step ahead of the defenders of personal freedom. In the case of the government, ministers might at least learn from the Telegraph and News of the World that biters can be bit. If they find ways of gathering absurd amounts of information about private citizens, citizens will gather absurd amounts of information about them." —Simon Jenkins

Thousands have voicemail and data hacked

Today's Guardian leads with the news that Rupert Murdoch's UK newspaper group has paid out over £1m in an attempt to cover-up a crime wave by its journalists:
The payments secured secrecy over out-of-court settlements in three cases that threatened to expose evidence of Murdoch journalists using private investigators who illegally hacked into the mobile phone messages of numerous public figures to gain unlawful access to confidential personal data, including tax records, social security files, bank statements and itemised phone bills. Cabinet ministers, MPs, actors and sports stars were all targets of the private investigators… officers found evidence of News Group staff using private investigators who hacked into "thousands" of mobile phones.

There are two particularly troubling aspects to this story. The Metropolitan Police, Crown Prosecution Service and Information Commissioner's Office all had prima facie evidence of these crimes, but have declined to take action against News Group. And, mobile phone companies continue to allow access to messages using voicemail PINs set to defaults that are apparently known throughout the media.

Perhaps in future:
  1. Law enforcement agencies will take action against those discovered to be breaking the law, whether or not they work for powerful newspaper groups?
  2. Mobile phone companies will not leave their customers' communications wide open to abuse?
  3. Government agencies and companies will think a little more carefully before building up large collections of sensitive personal data that will inevitably be sold to the highest bidder?

Sunday, July 05, 2009

MI6 stung by Facebook privacy settings


Even the new MI6 chief's wife can't cope with Facebook's privacy settings. Those geographical networks claim another victim… Clearly our book chapter should be required reading for new intelligence officers and their families.

Friday, July 03, 2009

‘디지털 시대, 표현의 자유’ 컨퍼런스 개최

What did I say!

두 번째 세션은 “인터넷상 이용자 및 타인의 권리보호”라는 주제로 논의된다. ‘인터넷상의 명예훼손 및 모욕’, ‘인터넷과 익명성 권리’, ‘인터넷상에서의 청소년 보호’에 대해 이언 브라운(Ian Brown) 옥스퍼드 대학교 교수와 황철증 방송통신위원회 네트워크정책국장이 주제 발표하고, 윤영철 연세대학교 언론홍보대학원장과 한상기 KAIST 문화기술대학원 교수, 한종호 네이버 정책담당이사가 토론자로 참석한다.

Human rights and Internet regulation

I'm in Seoul this week for a conference organised by the Foreign Office and the Korean government on freedom of expression in the digital age. Here is my presentation on the protection of online speech:

Yesterday the British Embassy kindly organised a visit to the DMZ (demilitarised zone) and the North Korean border. Sadly there was no Dear Leader to be seen, but I will post some photos shortly — it was a remarkable experience.