Category Archives: Privacy

“Should AI Have Access to Your Medical Records? What if It Can Save Many Lives?”

Posted on by
1

The Wall Street Journal asked that question last week. And their subheadline:

We asked readers: Is it worth giving up some potential privacy if the public benefit could be great?

A good many of the published answers centered on Yes, with oversight by, among others, medical professionals.

This reader (unpublished in the WSJ) says, resoundingly, No. Not now, and not for the foreseeable future, say I. Personal data aggregators, whether government or private enterprise, have shown no ability to protect our personal data, whether from hackers or from organizational carelessness, incompetence, or ignorance. With our medical data especially, very good protection, even six sigma-level protection, isn’t good enough. This is one of the few areas where perfection must be the standard. Since that’s an unachievable standard, AIs must not be permitted any access to our personal data, including our personal medical data.

There are additional reasons for saying no. One is the inherent bias programmers build into AIs. Alphabet’s overtly bigoted Gemini is an extreme example, but the programmers build their biases into AIs through the data sets they use and have their AIs use in training.

There’s also the just as overt bigotry too many medical training institutions apply through their emphasis on diversity, equity, inclusion claptrap at the expense of training actual medicine. Those institutions are producing the doctors that would the second generation of “medical” professionals doing the oversight.

In the current state of affairs, and for that foreseeable future, it’s not feasible to let AIs into any aspect of our personal lives. The blithely assumed public benefit is vastly overwhelmed by the threat to our individual privacy—the “public,” after all, is all of us individuals aggregated.

Is PRC-Level Surveillance Coming to California

Posted on by
Reply

California, whose gas taxes are among the highest in the nation, is on net losing revenue from those taxes as ICE motorists drive less and the number of motorists driving battery cars increases. The Progressive-Democratic Party, which reigns over California, is looking hard at implementing a…solution…straight out of the People’s Republic of China. Party is

piloting the idea of a “road charge,” which would charge drivers based on the number of miles they drive rather than how much gas they purchase.

So far, driver participation is voluntary, but when the pilot program is replaced by a permanent replacement, look for participation to become mandatory. Track the number of miles driven? That’ll be via uplink to the California government odometer readings.

It’s a short step from there to uplink all the places the motorists’ cars stop, and the routes the car took to get there.

At least nanny states can claim to be looking out for the welfare of their citizens. This is Party looking out for its own welfare by snooping increasingly into citizens’ lives.

Concerns Regarding “Unreasonable” Searches

Posted on by
Reply

There are concerns that a bill under consideration in the House, the Fourth Amendment Is Not For Sale Act, goes too far in protecting us Americans from 4th Amendment violations by the government at the expense of our counterintelligence capabilities.

The bill…would ban the government from buying information on Americans from data brokers. This would include many things in the cloud of digital exhaust most Americans leave behind online, from information on the websites they visit to credit-card information, health information, and political opinions.

Worse, goes the argument, the bill

would prohibit the US government from buying digital information that would remain available to the likes of China and Russia.

That last is a non sequitur, though. The fact that the data are readily available to our enemies doesn’t legitimize its collection by our government, which has Constitutional bars against most kinds of searches. It’s further the case that if we can’t be secure against the unwarranted [sic] intrusions of our own government, how can we expect our own government to keep us secure from the intrusions of foreign governments, especially enemy foreign governments?

There also is a misunderstanding buried in the claim regarding that digital exhaust [that] most Americans leave behind online. A significant fraction of that “digital exhaust” is not voluntary; it’s left behind as a condition of doing business with those enterprises that require collection of the data. Some of those data are legitimately needed by businesses: credit card account numbers if payment is being offered via credit card, shipping addresses so the seller can deliver the product, personal names so the seller can be sure of the credit card numbers and shipping addresses, and the like. Other data are demanded by the business as a condition of doing business with the customer for reasons unique to the specific enterprise.

Better would be to bar the sale, rather than bar the purchase, of such data.

That sale, too, should be barred universally, not just with respect to our government, within the following boundaries. All data that an enterprise demands be collected in order to do business needs to be barred from sale or any other transfer, to any other entity, whether government or not. There should be no default position or opt in or out; the sale or transfer of these data should be prohibited. Government legitimately can still access those data on presentation in court of a probable cause, supported by Oath or affirmation, and particularly describing the [data] to be searched, and the [data] to be seized. Voluntarily left data should require affirmative opt-in before those data can be sold or transferred. Failure to choose should be taken as not opting in—the enterprise cannot sell of transfer the data.

How is this Possible?

Posted on by
Reply

Personal information of 7.6 million AT&T customers and of 65 million former AT&T customers have appeared on the dark web in the last two weeks. Stuff happens, even egregiously bad stuff. What makes this stuff especially egregiously bad, though, is AT&T‘s claim that the data appear[] to have come from 2019 or earlier.

That especially bad status flows from some questions:

Why wasn’t the data breach discovered those 5 or more years earlier; why did AT&T not know of the breach of its own systems until they saw the results of the breach just recently?

If AT&T did know of the breach those years ago, why did they sit on the information all this time?

If AT&T did discover the data breach promptly, and the data that appeared on the dark web only happened to be from 2019 and prior, what were the safe guards in place—or not—for what would have been archived data? What are the safeguards for data from 5 years ago through to the present? How does AT&T know those data haven’t been penetrated and stolen, also?

Protecting Your Cell Phone “from a banking threat”

Posted on by
Reply

Kurt Knutsson has a Fox News article centered on protecting Android cell phones from malware that bypasses Android’s Restricted Setting Feature to steal, among other things, a user’s banking app PIN. It’s well worth reading and taking appropriate action, given that so many users have so many have banking (and other) access apps on their cells.

However.

Knutsson missed, in his article, the larger solution, or perhaps he deliberately elided it given how easy it is to use a cell phone—Android or other—to do things besides make and receive telephone calls or to exchange text messages.

What he missed is that that convenience comes with a very large cost, and that it’s an unavoidable cost given the ubiquitous presence of thieves in the world, including the virtual world of the Internet. The unavoidability of that cost stems directly from the fact that the contest between security and hacking past security is a permanent arms race in which security is, of necessity, reactive and not proactive. The hackers always have the first-user advantage, and that advantage lasts until security catches up—a gap that may be short or long but is always present.

The solution the Knutsson missed? Don’t have those banking (and other) access apps on your cell in the first place. At least, don’t go beyond social media apps—Facebook, Instagram, et al. (as if these are must haves)—at all. What’s not on a cell phone cannot be hacked by a cell phone hacker.

It’s certainly true that a laptop or PC is subject to the same vulnerabilities, but there’s no reason to extend and expand the reach of those vulnerabilities.