Showing posts with label data. Show all posts
Showing posts with label data. Show all posts

Saturday, January 27, 2024

Open source intelligence purchases that would require a warrent to be collected directly

 The NYT has the story:

N.S.A. Buys Americans’ Internet Data Without Warrants, Letter Says By Charlie Savage, January 25

"The National Security Agency buys certain logs related to Americans’ domestic internet activities from commercial data brokers, according to an unclassified letter by the agency.*

...

"In [a different] letter, General Nakasone wrote that his agency had decided to reveal that it buys and uses various types of commercially available metadata for its foreign intelligence and cybersecurity missions, including netflow data “related to wholly domestic internet communications.”

"Netflow data generally means internet metadata that shows when computers or servers have connected but does not include the content of their interactions. Such records can be generated when people visit different websites or use smartphone apps, but the letter did not specify how detailed the data is that the agency buys."

...

"Law enforcement and intelligence agencies outside the Defense Department also purchase data about Americans in ways that have drawn mounting scrutiny. In September, the inspector general of the Department of Homeland Security faulted several of its units for buying and using smartphone location data in violation of privacy policies. Customs and Border Protection has also indicated that it would stop buying such data."

#######

*Here is the letter referred to above. It is not in fact a letter "by the agency," but is from a senator to the Director of National Intelligence.

"As you know, U.S. intelligence agencies are purchasing personal data about Americans that would require a court order if the government demanded it from communications companies.  

...

"The FTC notes in its complaint [against the data broker X-Mode Social] that the reason informed consent is required for location data is because it can be used to track people to sensitive locations, including medical facilities, places of religious worship, places that may be used to infer an LGBTQ+ identification, domestic abuse shelters, and welfare and homeless shelters. The FTC added  that the sale of  such data poses an unwarranted intrusion into the most private areas of consumers lives. While the FTC's -Mode social complaint and order are limited to location data, internet metadata can be equally sensitive. Such records can identify Americans who are seeking help from a suicide hotline or a hotline for survivors of sexual assault or domestic abuse, a visit to a telehealth provider focusing on specific healthcare need, such as those prescribing and delivering abortion  pills by mail, or reveal that someone likely suffers from a gambling addiction."

Monday, June 12, 2023

Data privacy concerns in the U.S. and Europe

A selection from many news stories that touch on data privacy concerns (in the U.S. about Tiktok, in Europe about Facebook...and about DNA):

From the NYT:

Driver’s Licenses, Addresses, Photos: Inside How TikTok Shares User Data. Employees of the Chinese-owned video app have regularly posted user information on a messaging and collaboration tool called Lark, according to internal documents.  By Sapna Maheshwari and Ryan Mac

"Alex Stamos, the director of Stanford University’s Internet Observatory and Facebook’s former chief information security officer, said securing user data across an organization was “the hardest technical project” for a social media company’s security team. TikTok’s problems, he added, are compounded by ByteDance’s ownership.

“Lark shows you that all the back-end processes are overseen by ByteDance,” he said. “TikTok is a thin veneer on ByteDance.”

********

********

From the WSJ:

Former ByteDance Executive Claims Chinese Communist Party Accessed TikTok’s Hong Kong User Data. Allegation is made in suit against TikTok parent company; ByteDance says it vigorously opposes the claim. By Georgia Wells

"A former executive at ByteDance, the parent company of the hit video-sharing app TikTok, alleges in a legal filing that a committee of China’s Communist Party members accessed the data of TikTok users in Hong Kong in 2018—a contention the company denies. 

"The former executive claims the committee members focused on civil rights activists and protesters in Hong Kong during that time and accessed TikTok data that included their network information, SIM card identifications and IP addresses, in an effort to identify and locate the users. The former executive of the Beijing-based company said the data also included the users’ communications on TikTok.

From the Guardian:

Revealed: the contentious tool US immigration uses to get your data from tech firms. Documents show Ice has sent Google, Meta and Twitter at least 500 administrative subpoenas for information on their users.  by Johana Bhuiyan

"The US Immigration and Customs Enforcement Agency (Ice) sent tech giants including Google, Twitter and Meta at least 500 administrative subpoenas demanding sensitive personal information of users, documents reviewed by the Guardian show.

"The practice highlights the vast amount of information Ice is trying to obtain without first showing probable cause. Administrative subpoenas are typically not court-certified, which means companies are not legally required to comply or respond until and unless a judge compels them to. The documents showed the firms handing over user information in some cases, although the full extent to which the companies complied is unclear."

**********

From the WSJ:

Meta Fined $1.3 Billion Over Data Transfers to U.S.  Decision places pressure on Washington to implement surveillance changes for Europe to allow Meta to keep the data spigot open.  By Sam Schechner

"Meta’s top privacy regulator in the EU said in its decision Monday that Facebook has for years illegally stored data about European users on its servers in the U.S., where it contends the information could be accessed by American spy agencies without sufficient means for users to appeal."

*********

From the Guardian:

NHS data breach: trusts shared patient details with Facebook without consent. Observer investigation reveals Meta Pixel tool passed on private details of web browsing on medical sites."by Shanti Das

"Records of information sent to the firm by NHS websites reveal it includes data which – when linked to an individual – could reveal personal medical details.

"It was collected from patients who visited hundreds of NHS webpages about HIV, self-harm, gender identity services, sexual health, cancer, children’s treatment and more.

...

"In one case, Buckinghamshire Healthcare NHS trust shared when a user viewed a patient handbook for HIV medication. The name of the drug and the NHS trust were sent to the company along with the user’s IP address and details of their Facebook user ID."

**********

From the NYT:

Your DNA Can Now Be Pulled From Thin Air. Privacy Experts Are Worried. Environmental DNA research has aided conservation, but scientists say its ability to glean information about human populations and individuals poses dangers.  By Elizabeth Anne Brown

"Forensic ethicists and legal scholars say the Florida team’s findings increase the urgency for comprehensive genetic privacy regulations. For researchers, it also highlights an imbalance in rules around such techniques in the United States — that it’s easier for law enforcement officials to deploy a half-baked new technology than it is for scientific researchers to get approval for studies to confirm that the system even works."

**********

From the LA Times:

Microsoft will pay $20 million to settle U.S. charges of illegally collecting children’s data

"Microsoft will pay a fine of $20 million to settle Federal Trade Commission charges that it illegally collected and retained the data of children who signed up to use its Xbox video game console.

"The agency charged that Microsoft gathered the data without notifying parents or obtaining their consent, and that it also illegally held on to the data. Those actions violated the Children’s Online Privacy Protection Act, the FTC stated."

Sunday, June 11, 2023

Digital data yields suspect in Idaho murders (NYT)

 The NYT has the story of how a wide ranging search of a large variety of digital data  led to an arrest of a suspect (whose trial hasn't yet begun):

Inside the Hunt for the Idaho Killer,” by Mike Baker, New York Times, June 10, 2023

"“Online shopping, car sales, carrying a cellphone, drives along city streets and amateur genealogy all played roles in an investigation that was solved, in the end, as much through technology as traditional sleuthing.

...

"A week after the killings, records show, investigators were on the lookout for a certain type of vehicle: Nissan Sentras from the model years 2019 to 2023. Quietly, they ran down details on thousands of such vehicles, including the owners’ addresses, license plate numbers and the color of each sedan.

"But further scrutiny of the video footage produced more clarity, and on Nov. 25 the police in Moscow asked law enforcement agencies to look for a different type of car with a similar shape: white Hyundai Elantras from the model years 2011 to 2013.

"Just across the state border, at Washington State University, campus police officers began looking through their records for Elantras registered there. 

...

"The hunt broadened as investigators vacuumed up more records and data. They had already sought cellphone data for all phones that pinged cell towers within a half-mile of the victims’ house from 3 a.m. to 5 a.m., according to search warrant filings. 

...

"after getting back data on [one of the victim]’s account on the Tinder dating app, detectives asked for details on 19 specific account-holders, including their locations, credit card information and any “private images, pictures or videos” associated with the accounts.

...

"Investigators were also working with a key piece of evidence: a Ka-Bar knife sheath, branded with a U.S. Marine Corps logo, that had been found next to two of the victims. They initially began looking for local stores that may have sold the weapon, and then fanned out.

"A request to Amazon sought the order histories of account holders who had purchased such knives. A follow-up request to eBay focused on a series of specific users, seeking their purchase histories. Some had connections to the area — including one in Idaho and two in Washington State...

...

"Forensic teams had examined the knife sheath and found DNA that did not belong to any of the inhabitants of the house. They ran the sample through the F.B.I.’s database, which contains millions of DNA profiles of past criminal offenders, but according to three people briefed on the case, they did not get a match.

"At that point, investigators decided to try genetic genealogy, a method that until now has been used primarily to solve cold cases, not active murder investigations.

...

"F.B.I. personnel ...{spent] days building out a family tree that began with a distant relative.

"By the morning of Dec. 19, records show, investigators had a name: Bryan Kohberger. He had a white Elantra. He was a student at a university eight miles from the murder scene.

...

"On Dec. 23, investigators sought and received Mr. Kohberger’s cellphone records. The results added more to their suspicions: His phone was moving around in the early morning hours of Nov. 13, but was disconnected from cell networks — perhaps turned off — in the two hours around when the killings occurred.

"Four days later, agents in Pennsylvania managed to retrieve some trash from Mr. Kohberger’s family residence, sending the material to the Idaho State Police forensic lab. Checking it against their original DNA profile, the lab was able to reach a game-changing conclusion: The DNA in the trash belonged to a close relative of whoever had left DNA on the knife sheath.

"Mr. Kohberger was arrested on Dec. 30."


Wednesday, June 7, 2023

Snowden and state surveillance: the view from The Guardian, ten years later

 Here's a look back at the Snowden affair (publication of documents about government surveillance) by the then editor in chief of the Guardian, one of the newspapers that took the lead.

Ten years ago, Edward Snowden warned us about state spying. Spare a thought for him, and worry about the future by Alan Rusbridger

"one story the Guardian published 10 years ago today exploded with the force of an earthquake.

"The article revealed that the US National Security Agency (NSA) was collecting the phone records of millions of Verizon customers. In case anyone doubted the veracity of the claims, we were able to publish the top secret court order handed down by the foreign intelligence surveillance court (Fisa), which granted the US government the right to hold and scrutinise the metadata of millions of phone calls by American citizens.

...this was but the tip of a very large and ominous iceberg.

...

"the Guardian (joined by the Washington Post, New York Times and ProPublica) led the way in publishing dozens more documents disclosing the extent to which US, UK, Australian and other allied governments were building the apparatus for a system of mass surveillance

...

"It led to multiple court actions in which governments were found to have been in breach of their constitutional and/or legal obligations. It led to a scramble by governments to retrospectively pass legislation sanctioning the activities they had been covertly undertaking. And it has led to a number of stable-door attempts to make sure journalists could never again do what the Guardian and others did 10 years ago.

"Even now the British government, in hastily revising the laws around official secrecy, is trying to ensure that any editor who behaved as I did 10 years ago would face up to 14 years in prison.

...

"The British government believed that, by ordering the destruction of the Guardian computers, they would effectively silence us. In fact, we simply transferred the centre of publications to New York, under ​the paper’s then US editor, Janine Gibson.

...

"The notion that the state has no right to enter a home and seize papers was established in English law in the famous case of Entick v Carrington (1765), which later became the basis for the US fourth amendment. In a famous passage, Lord Camden declared: “By the laws of England, every invasion of private property, be it ever so minute, is a trespass.”

"When I went out to talk about the Snowden case to assorted audiences (including, after a suitable gap, at MI5 itself), I would begin by asking who in the audience would be happy to hand over all their papers to a police officer knocking on their front door, even if they assured them they would only examine them if there was sufficient cause.

"Never, in any of these talks, did a single member of any audience raise a hand. Yes, people valued their security and were open to persuasion that, with due process and proper oversight, there would be occasions when the state and its agencies should be granted intrusive powers​ in specific circumstances​. But the idea of blanket, suspicionless surveillance – give us the entire haystack and we’ll search for the needle if and when it suits us – was repellent to most people."

Saturday, October 22, 2022

Privacy and data gathered by home devices

 Does your robot vacuum cleaner make a map of your house as it moves around, and store it on the web?  Could the fact that your kitchen chairs haven't moved all week allow someone to know that no one is home?  These are the kinds of things that people worry about when thinking of all the data collected by smart devices.

The Washington Post has this story:

Tour Amazon’s dream home, where every appliance is also a spy. Here’s everything Amazon learns about your family, your home and you.  by Geoffrey A. Fowler


"Echo speaker

"Echos respond to the wake word “Alexa” to summon the voice assistant to play music, answer questions, shop and control other devices.

"What it knows: Collects audio recordings through an always-on microphone; keeps voice IDs to differentiate users; detects coughs, barks, snores and other sounds; logs music and news consumption; logs smart-home device activity and temperature; detects presence of people though ultrasound.

"Ring doorbell

"What it knows: Live and recorded video, audio and photos of the outside of your house; when people come and go and you receive packages; status of linked devices like lights.

...

"Kindle or Fire Tablet

"What it knows: What and when you read and watch entertainment and news; when you open, close and how long you use third-party apps; your location.

"Why that matters: Amazon knows exactly how fast you read and how far you actually got through your last novel. Kindles and Fire Tablets are another way Amazon gets to know your tastes, which helps it sell you things.

...

"Roomba vacuum cleaner

"A vacuum cleaner that automatically roams around your house to clean, which Amazon is acquiring in a still-pending deal for $1.7 billion.

"What it knows: Camera identifies obstacles and layout of rooms and furniture; when, how often and where you clean.

"Why that matters: When the deal was announced, some Roomba owners balked at the idea that Amazon might gain access to maps of their home, created by the robots to help them clean. "

Saturday, October 1, 2022

Your digital trail, in cyberspace and in public spaces

 Here are two recent privacy-related stories about how the digital trails we leave can be combined in surprising ways.

From the NYT a story about an artist who became a digital sleuth, to capture people working hard to take casual-seeming Instagram photos of themselves in famous locations.

This Surveillance Artist Knows How You Got That Perfect Instagram Photo. A tech-savvy artist unearthed video footage of people working hard to capture the perfect shot for Instagram. It is a lesson in the artifice of social media and the ubiquity of surveillance.  By Kashmir Hill

"The 24/7 broadcast that Mr. Depoorter watched — titled “Live From NYC’s Times Square!” — was provided by EarthCam, a New Jersey company that specializes in real-time camera feeds. EarthCam built its network of livestreaming webcams “to transport people to interesting and unique locations around the world that may be difficult or impossible to experience in person,” according to its website. Founded in 1996, EarthCam monetizes the cameras through advertising and licensing of the footage.

"Mr. Depoorter realized that he could come up with an automated way to combine these publicly available cameras with the photos that people had posted on Instagram. So, over a two-week period, he collected EarthCam footage broadcast online from Times Square in New York, Wrigley Field in Chicago and the Temple Bar in Dublin.

"Rand Hammoud, a campaigner against surveillance at the global human rights organization Access Now, said the project illustrated how often people are unknowingly being filmed by surveillance cameras, and how easy it has become to stitch those movements together using automated biometric-scanning technologies."

******

From the Washington Post, a story about how data from health apps makes its way to advertisers and others, with device identifiers (e.g. with the identity of your phone...):

Health apps share your concerns with advertisers. HIPAA can’t stop it. From ‘depression’ to ‘HIV,’ we found popular health apps sharing potential health concerns and user identifiers with dozens of ad companies  By Tatum Hunter and Jeremy B. Merrill 

"several popular Android health apps including Drugs.com Medication Guide, WebMD: Symptom Checker and Period Calendar Period Tracker gave advertisers the information they’d need to market to people or groups of consumers based on their health concerns.

"The Drugs.com Android app, for example, sent data to more than 100 outside entities including advertising companies, DuckDuckGo said. Terms inside those data transfers included “herpes,” “HIV,” “adderall” (a drug to treat attention-deficit/hyperactivity disorder), “diabetes” and “pregnancy.” These keywords came alongside device identifiers, which raise questions about privacy and targeting."

Thursday, August 18, 2022

Facebook data, abortion prosecution, and search warrents

 The Guardian has the story:

Facebook gave police their private data. Now, this duo face abortion charges  Experts say it underscores the importance of encryption and minimizing the amount of user data tech companies can store. Johana Bhuiyan

"In the wake of the supreme court’s upheaval of Roe v Wade, tech workers and privacy advocates expressed concerns about how the user data tech companies stored could be used against people seeking abortions.  

...

"when local Nebraska police came knocking in June – before Roe v Wade was officially overturned – Facebook handed the user data of a mother and daughter facing criminal charges for allegedly carrying out an illegal abortion. Private messages between the two discussing how to obtain abortion pills were given to police by Facebook, according to the Lincoln Journal Star. The 17-year-old, reports say, was more than 20 weeks pregnant. In Nebraska, abortions are banned after 20 weeks of pregnancy. The teenager is now being tried as an adult."

********

And the Washington Post focuses on search warrents:

Search warrants for abortion data leave tech companies few options. Facebook’s role in a Nebraska case underscores the risks of communicating on unencrypted apps. By Naomi Nix and Elizabeth Dwoskin 

"Prosecutors and local law enforcement have strict rules they must follow to obtain individuals’ private communications or location data to bolster a legal cases. Once a judge grants a request for users’ data, tech companies can do little to avoid complying with the demands.

...

“If the order is valid and targets an individual, the tech companies will have relatively few options when it comes to challenging it,” said Corynne McSherry, legal director at the privacy advocacy group Electronic Frontier Foundation. “That’s why it’s very important for companies to be careful about what they are collecting because if you don’t build it, they won’t come.”

************

And then there's this to watch out for, also from the Guardian:

How private is your period-tracking app? Not very, study reveals. Research on more than 20 apps found that the majority collected large amounts of personal data and shared it with third parties.  by Kari Paul

*******

The Washington Post offers some advice on keeping your data private (it's not so easy...)

Seeking an abortion? Here’s how to avoid leaving a digital trail. Everything you should do to keep your information safe, from incognito browsing to turning off location tracking.  By Heather Kelly, Tatum Hunter and Danielle Abril 



Tuesday, July 12, 2022

Evidence based medical policy: compensation for donors, by Luke Semaru and Arthur Matas in the AJT

The American Journal of Transplantation has posted ahead of print a great article proposing clinical trials of a sensible system by which kidney donors might be compensated.  It's main point is that evidence might be useful...

 A Regulated System of Incentives for Living Kidney Donation: Clearing the Way for an Informed Assessment by Luke Semaru, and Arthur J. Matas

First published: 25 June 2022 https://doi.org/10.1111/ajt.17129

This article has been accepted for publication and undergone full peer review but has not been through the copyediting, typesetting, pagination and proofreading process, which may lead to differences between this version and the Version of Record. Please cite this article as doi:10.1111/ajt.17129

Abstract: "The kidney shortage continues to be a crisis for our patients. Despite numerous attempts to increase living and deceased donation, annually in the United States, thousands of candidates are removed from the kidney transplant waiting list because of either death or becoming too sick to transplant. To increase living donation, trials of a regulated system of incentives for living donation have been proposed. Such trials may show: 1) a significant increase in donation, and 2) that informed, incentivized donors, making an autonomous decision to donate, have the same medical and psychosocial outcomes as our conventional donors. Given the stakes, the proposal warrants careful consideration. However, to date, much discussion of the proposal has been unproductive. Objections commonly leveled against it: fail to engage with it; conflate it with underground, unregulated markets; speculate without evidence; and reason fallaciously, favoring rhetorical impact over logic. The present paper is a corrective. It identifies these common errors so they are not repeated, thus allowing space for an assessment of the proposal on its merits."

The article begins with some relevant history:

"The  concept  of  incentives  for  living  donation  arose  early  in  the  history  of  kidney  transplantation.  In  the 1960s, the framers of the Uniform Anatomical Gift Act noted “every  payment  is  not necessarily  unethical”,  but  “until  the  matter  of  payment becomes a  problem  of  some  dimensions,  the  matter  should  be  left  to  the  decency  of  intelligent  human  beings”.1  In  1983, the  matter  of payment  became a problem when,  in response to the organ shortage, a physician  (whose license had previously  been revoked) established a company to broker international  kidney sales. Impoverished  residents of low-income countries  were to be flown  to the United States to sell their kidneys at a nominal  price. This was met with general condemnation,  and in part, led to passage of the  National  Organ  Transplant  Act (NOTA,  Public Law 98-507) which made it a federal crime to “knowingly  acquire, receive or otherwise transfer any  human  organ for valuable consideration for use in human  transplantation...”.  At  the  same  time,  the  World  Medical  Association,  the  World  Health  Organization,   the  Council  of  Europe,  and  the  International  Council of the Transplantation  Society, among others, issued statements  of opposition to the sale of organs. "

...

"We are not tempted to conclude,  for example, that,  since in the 1920s Prohibition brought  about  an increase in political corruption  and organized crime, the sale of alcohol,  when  legal  and  regulated,  would  do  the  same.  For the same reason, we should not be tempted to conclude  that, since participants in unregulated  markets were swindled by outlaws, incentivized  donors in a regulated system will fare the same."


Monday, July 4, 2022

American data privacy, post Roe

 As we plunge ahead into the post-Roe era, American laws about abortion are going to be very divided. Some states will seek to criminalize not only surgical abortions, but the use of pharmaceuticals as well (and, if Justice Thomas gets his wish, perhaps contraceptives of all sorts, as well as day-after pills).*

Some states may seek to prosecute their residents who seek treatment out of state, or who order mail order pharmaceuticals. Doing so will leave a data trail, in searches on the web, emails, and geo-location data.  How private will those data be?

This is going to be an issue for tech companies, prosecutors, and legislators at both state and federal levels.  E.g. can prosecutors access and use your geo-location data to determine if you visited a clinic?  Your web searches to see if you looked for one? Your emails or pharmacy data to see if you ordered drugs?  Your medical data of other sorts?

*Here is the Supreme Court Opinion, written by Justice Alito followed by the other opinions. Justice Thomas' concurring opinion begins on p. 117 of the pdf, after Appendix A to the majority opinion which ends on numbered page 108 (but the numbering restarts at 1 for Justice Thomas' opinion).  DOBBS, STATE HEALTH OFFICER OF THE MISSISSIPPI DEPARTMENT OF HEALTH, ET AL. v. JACKSON WOMEN’S HEALTH ORGANIZATION ET AL. 

Here are some thoughts on various aspects of the emerging situation.

From STAT:

HIPAA won’t protect you if prosecutors want your reproductive health records  by By Eric Boodman , Tara Bannow , Bob Herman  and Casey Ross

"With Roe v. Wade now overturned, patients are wondering whether federal laws will shield their reproductive health data from state law enforcement, or legal action more broadly. The answer, currently, is no.

"If there’s a warrant, court order, or subpoena for the release of those medical records, then a clinic is required to hand them over. 

...

"As far as health records go, the most salient law is HIPAA — the Health Insurance Portability and Accountability Act. It’s possible that federal officials could try to tweak it, so records of reproductive care or abortion receive extra protection, but legal experts say that’s unlikely to stand up in the courts in a time when many judges tend to be unfriendly to executive action.

...

"In states that ban abortion, simply the suspicion that a patient had an abortion would be enough to allow law enforcement to poke around in their medical records under the guise of identifying or locating a suspect, said Isabelle Bibet-Kalinyak, a member of Brach Eichler’s health care law practice. “They would still need to have probable cause,” she said."

***

Health tech companies are scrambling to close data privacy gaps after abortion ruling By Katie Palmer  and Casey Ross July 2

"STAT reached out to two dozen companies that interact with user data about menstrual cycles, fertility, pregnancy, and abortion, asking about their current data practices and plans to adapt. The picture that emerged is one of companies scrambling to transform — building out legal teams, racing to design new privacy-protecting products, and aiming to communicate more clearly about how they handle data and provide care in the face of swirling distrust of digital health tools.

"Period-tracking apps have been the target of some of the loudest calls for privacy protections, and the most visible corporate response. At least two period-tracking apps are now developing anonymous versions: Natural Cycles, whose product is cleared by the Food and Drug Administration as a form of birth control, said it’s had calls to trade insights with Flo, which is also building an anonymous version of its app."

********

From the Guardian:

Tech firms under pressure to safeguard user data as abortion prosecutions loom. Private information collected and retained by companies could be weaponized to prosecute abortion seekers and providers by Kari Paul

"Such data has already been used to prosecute people for miscarriages and pregnancy termination in states with strict abortion laws, including one case in which a woman’s online search for abortion pills was brought against her in court. 

...

"Smaller companies are also being targeted with questions over their data practices, as frantic calls to delete period tracking apps went viral following the supreme court decision. Some of those companies, unlike the tech giants, have taken public stands.

“At this fraught moment, we hear the anger and the anxiety coming from our US community,” period tracking app Clue said in a statement. “We remain committed to protecting your reproductive health data.”

"Digital rights advocacy group the Electronic Frontier Foundation (EFF) has advised companies in the tech world to pre-emptively prepare for a future in which they are served with subpoenas and warrants seeking user data to prosecute abortion seekers and providers.

"It recommends companies allow pseudonymous or anonymous access, stop behavioral tracking, and retain as little data as possible. It also advocated for end-to-end encryption by default and refrain from collecting any location information."

**********

From the NYT:

When Brazil Banned Abortion Pills, Women Turned to Drug Traffickers. With Roe v. Wade overturned, states banning abortion are looking to prevent the distribution of abortion medication. Brazil shows the possible consequences.  By Stephanie Nolen

"The trajectory of access to abortion pills in Brazil may offer insight into how medication abortion can become out of reach and what can happen when it does.

"While surgical abortion was the original target of Brazil’s abortion ban, the proscription expanded after medication abortion became more common, leading to the situation today where drug traffickers control most access to the pills. Women who procure them have no guarantee of the safety or authenticity of what they are taking, and if they have complications, they fear seeking help.

************

From the Guardian

Google will delete location history data for abortion clinic visitsThe company said that sensitive places including fertility centers, clinics and addiction treatment facilities will be erased

"Alphabet will delete location data showing when users visit an abortion clinic, the online search company said on Friday, after concern that a digital trail could inform law enforcement if an individual terminates a pregnancy illegally.

...

"Effective in the coming weeks, for those who do use location history, entries showing sensitive places including fertility centers, abortion clinics and addiction treatment facilities will be deleted soon after a visit."

***********

And while we await further developments here, the Times has an article about growing surveillance in China:

‘An Invisible Cage’: How China Is Policing the Future By Paul Mozur, Muyi Xiao and John Liu, June 25, 2022

It begins "The more than 1.4 billion people living in China are constantly watched. They are recorded by police cameras that are everywhere, on street corners and subway ceilings, in hotel lobbies and apartment buildings. Their phones are tracked, their purchases are monitored, and their online chats are censored..."

Sunday, July 3, 2022

Pregnancy in Poland, a database and anti-abortion laws

 The Lancet recently reported on new pregnancy data being collected in Poland, and controversy on whether and how it might be used in enforcing Poland's very stringent anti-abortion laws.

Poland to introduce controversial pregnancy register, by Ed Holt, Lancet,  VOLUME 399, ISSUE 10343, P2256, JUNE 18, 2022  DOI:https://doi.org/10.1016/S0140-6736(22)01097-2

"A new legal provision in Poland requiring doctors to collect records on all pregnancies has been condemned by critics who fear it could create a pregnancy register to monitor whether women give birth, or track those who go abroad for abortions.

Poland has some of Europe's strictest abortion laws, with terminations allowed in only two instances—if the woman's health or life is at risk and if the pregnancy is the result of either rape or incest. Until last year, abortions had also been allowed when the fetus had congenital defects. Most legal terminations in Poland were carried out under this exemption. But this provision was removed by a constitutional court ruling following a challenge by members of the ruling right-wing Law and Justice party, which some rights activists accuse of systematic suppression of women's rights.

Rights groups and opposition Members of Parliament (MPs) say that, in light of the tightened abortion legislation, they worry that the collected pregnancy data could be used by police and prosecutors in an unprecedented state surveillance campaign against women. “A pregnancy register in a country with an almost complete ban on abortion is terrifying”, Agnieszka Dziemianowicz-BÄ„k, an MP for the New Left party, said. 

***********

Here's a recent NY Times story on the implementation of Polish anti-abortion law:

Poland Shows the Risks for Women When Abortion Is Banned. Poland’s abortion ban has had many unintended consequences. One is that doctors are sometimes afraid to remove fetuses or administer cancer treatment to save women’s lives.  By Katrin Bennhold and Monika Pronczuk, Updated June 16, 2022

"Today, Poland and Malta, both staunchly Catholic, are the only European Union countries where abortions are effectively outlawed.

"The consequences in Poland have been far-reaching: Abortion-rights activists have been threatened with prison for handing out abortion pills. The number of Polish women traveling abroad to get abortions, already in the thousands, has swelled further. A black market of abortion pills — some fake and many overpriced — is thriving.

"Technically, the law still allows abortions if there is a serious risk to a woman’s health and life. But critics say it fails to provide necessary clarity, paralyzing doctors."

Friday, May 27, 2022

Personal data as a national (not international) resource

 The NY Times has the story:

The Era of Borderless Data Is Ending. Nations are accelerating efforts to control data produced within their perimeters, disrupting the flow of what has become a kind of digital currency.  By David McCabe and Adam Satariano

"France, Austria, South Africa and more than 50 other countries are accelerating efforts to control the digital information produced by their citizens, government agencies and corporations. Driven by security and privacy concerns, as well as economic interests and authoritarian and nationalistic urges, governments are increasingly setting rules and standards about how data can and cannot move around the globe. The goal is to gain “digital sovereignty.”

...

"In Washington, the Biden administration is circulating an early draft of an executive order meant to stop rivals like China from gaining access to American data.

"In the European Union, judges and policymakers are pushing efforts to guard information generated within the 27-nation bloc, including tougher online privacy requirements and rules for artificial intelligence.

"In India, lawmakers are moving to pass a law that would limit what data could leave the nation of almost 1.4 billion people.

"The number of laws, regulations and government policies that require digital information to be stored in a specific country more than doubled to 144 from 2017 to 2021, according to the Information Technology and Innovation Foundation.

"While countries like China have long cordoned off their digital ecosystems, the imposition of more national rules on information flows is a fundamental shift in the democratic world and alters how the internet has operated since it became widely commercialized in the 1990s.


Thursday, July 1, 2021

Data for the people: Emily Oster in the NY Times

The NY Times writes about Emily Oster, who has pioneered a new way for an economist to be a public intellectual, by bringing to a general audience her skills at assembling and interpreting data on a wide variety of subjects, including parenting (is it ok to drink a glass of wine while pregnant?) and the Covid pandemic (how to decide when schools should reopen?)

She Fought to Reopen Schools, Becoming a Hero and a Villain. The economist Emily Oster offers loads of data-driven advice about children and Covid-19. Many parents live by her words. Others say she’s dangerous. By Dana Goldstein

"This steady stream of counterintuitive advice has made Dr. Oster a lodestar for a certain set of parents, generally college-educated, liberal and affluent. Many had first latched onto her data-driven child-rearing books. Her popularity grew during the pandemic, as she collected case counts of Covid-19 in schools and advanced her own strongly held views on the importance of returning to in-person learning.

"Some parents said, half-seriously, “Emily Oster is my C.D.C.”

"But others — teachers, epidemiologists and labor activists — criticized her, pointing out that she was not an infectious disease expert, nor did she have any deep personal or professional experience with public education. "

Wednesday, March 31, 2021

US Renal Data System 2020 Annual Data Report

 Here's the USRDS Annual Data Report for 2020. Volume 2 concerns End Stage Renal Disease (ESRD)

Incidence, Prevalence, Patient Characteristics, and Treatment Modalities

"Across the 18 ESRD Networks, adjusted incidence of ESRD in 2018 ranged from 284.6 cases per million in Network 1 (New England) to 434.6 cases per million in Network 14 (Texas) (Table 1.2).

"The adjusted incidence of ESRD among Blacks fell 1.7% between 2017 and 2018. The ratio of adjusted incidence in Blacks versus Whites was 2.7, the lowest value since at least 1980 (Figure 1.4).

"The adjusted prevalence of ESRD increased to a new high of 2,242 cases per million people in 2018 (Figure 1.5).

"At the end of 2018, there were 554,038 (70.7%) patients undergoing dialysis and 229,887 (29.3%) patients with a functioning kidney transplant (Figure 1.6).

Transplantation

"In 2018, the cumulative number of kidney transplants reached an all-time high of 22,393, an increase of 6.5% since 2017 (Figure 6.9). However, the kidney transplant rate among ESRD patients increased only slightly between 2017 and 2018, from 3.5 to 3.6 transplants per 100 patient-years.

"In 2018, the number of patients with ESRD who were newly added to the kidney transplant waiting list hit an all-time high of 26,726 patients (Figure 6.1).

"The total number of individuals with ESRD on the kidney transplant waiting list hit an all-time high in 2014 (Figure 6.2). Since that time, it has decreased, but the decrease has been predominantly among those with inactive status, with only a small decline in those on the waiting list with active status.

...

"The percentage of prevalent ESRD patients who received dialysis and were on the waiting list for a kidney transplant reached 13.5% at the end of 2018 (Figure 6.4), continuing a decrease that began in 2013

...

"Adjusted 1-year graft survival among deceased donor transplant recipients in 2017 improved to 93.0%, and adjusted 1-year graft survival among living donor transplant recipients in 2017 was 96.9% (Figure 6.16)."

Thursday, March 18, 2021

Data use agreements, and university research policies regarding restrictions on publication

 Since the beginning of the year, I've been sent several Data Use Agreements from organizations interested in the possibility of sharing some of their data for research purposes.  I've had to decline the opportunity more than once, because of publication restrictions that conflict with Stanford research policies (and those of most other universities, I think, out of concern for academic freedom, and to keep academic publications free from selection bias concerning the research findings).

The relevant Stanford policies are here:   https://doresearch.stanford.edu/policies/research-policy-handbook/conduct-research/openness-research

The most relevant paragraphs are these:

"C. Publication Delays

"In a program of sponsored research, provision may be made in the contractual agreement between Stanford and the sponsor for a delay in the publication of research results, in the following circumstances:

"For a short delay (the period of delay not to exceed 90 days), for patenting purposes or for sponsor review of and comment on manuscripts, providing that no basis exists at the beginning of the project to expect that the sponsor would attempt either to suppress publication or to impose substantive changes in the manuscripts.

"For a longer delay in the case of multi-site clinical research (the period of delay not to exceed 24 months from the completion of research at all sites), where a publication committee receives data from participating sites and makes decisions about joint publications. Such delays are permitted only if the Stanford investigator is assured the ability to publish without restrictions after the specified delay."

**************

Alex Chan points me to this article in Science by some of our Stanford colleagues:

Waiting for data: Barriers to executing data use agreements  by Michelle M. Mello, George Triantis, Robyn Stanton, Erik Blumenkranz, David M. Studdert,   Science  10 Jan 2020: Vol. 367, Issue 6474, pp. 150-152 DOI: 10.1126/science.aaz7028


Here's a figure from the paper that makes clear that concerns about publication often are serious obstacles (and that concerns about indemnification clauses are frequent obstacles).



"The third set of issues relates to clashes between DUA negotiators over what is and is not acceptable in the contract. Negotiators reported that the most common and serious of these substantive issues related to provisions concerning information privacy and security, indemnification, and the definition of confidential information; provisions concerning publication rights and ownership of academic researchers' work product were less commonly in dispute but serious problems when they were. These are no mere matters of “legalese”; each implicates potentially important risks to the university and faculty member.

...

"Indemnification is another actionable area. At least where low-risk data are involved, university contract negotiators may be spending more time on these provisions than is warranted. If good privacy and security protections are in place, the risk of a data breach is low, and haggling over who pays in the unlikely event of a breach that causes harm should not obstruct timely data transfers for research. Yet, negotiators at 13 of 48 universities had walked away from a negotiation because of indemnification issues.

"When it comes to provisions safeguarding publication rights and ownership of faculty members' work product, on the other hand, universities must remain resolute. These provisions implicate core values of the university and of open science. A potential strategy for minimizing haggling over non-negotiable issues is for universities as a group to more clearly signal their unified position. Existing university policies setting forth institutional commitments to academic freedom and policies concerning IP are helpful in communicating norms, but even more helpful would be a universal DUA template."


Tuesday, February 9, 2021

Understanding Big Data:Data Calculus In The Digital Era : report from the Luohan Academy

 Here's a new report from the Luohan Academy

Understanding Big Data:Data Calculus In The Digital Era   Feb 05, 2021 

Authors

Luohan Community: Patrick Bolton, Bengt Holmström, Eric Maskin, Sir Christopher Pissarides, Michael Spence, Tao Sun, Tianshu Sun,Wei Xiong, Liyan Yang

In-house: Long Chen, Yadong Huang, Yong Li, Xuan Luo, Yingju Ma, Shumiao Ouyang, Feng Zhu

From the foreword: "The pervasive use of digitized information has reached a new height that we call the era of "big data." While this has led to unprecedented societal cooperation, it has also intensified three major concerns: How can we properly protect personal privacy in the age of big data? How do we understand and manage the ownership and distribution of benefits and risks arising from the use of data? Will the use of big data lead to "winner-take-all" markets that undermine competition to the detriment of consumers and society? "

From the conclusion: "While acknowledging the challenges of privacy and data security risks, we have explored how such risks can be effectively and efficiently managed through a middle ground of government and industry self-regulation. With the right design of mechanisms and technologies, it has become increasingly possible to maintain anonymity, collect and share data while avoiding the sharing of personally identifiable information and reducing privacy and security risks, while still allowing data to freely flow. With the right technologies, the benefits of data sharing do not have to conflict with unacceptable risks to privacy. There is a way forward to capture the enormous benefits of big data while mitigating its risks, the goal of efficient and effective privacy protection. 

"One major issue is data ownership. Giving ownership of data to users who are the subjects of the data may seem like a natural safeguard of privacy. But exclusive ownership would run up against the efficient use of data as a non-rivalry good. In practice, individuals are seldom willing to make the effort of producing and recording data. In the language of economists, the private provision of a public good is generally inefficient. In addition, most people on the street do not have the capacity to mine and create big data for innovation. Data producers -- engineers at information technology firms -- do.

...

"We conclude by recommending the following three principles for governing the market for digital data:

Principle 1: Data ownership by data producers (including data subjects as producers) should be predicated on data integrity, anonymity, and especially the protection of personal and societal privacy.

Principle 2: Privacy protection and data security can to a large extent be achieved by combining state-of-the-art technologies and innovative mechanism designs.

Principle 3: Competition and consumer protection analyses of and policy prescriptions for data-driven markets should take into account the documented pro-competitive and pro-consumer benefits of big data along with any potential for anti-competitive and anti-consumer effects in specific markets."

Thursday, January 9, 2020

Reforming stock exchange governance, from the SEC

It's good to know that sometimes the SEC reads papers by market designers (in this case Budish et al.):

Statement on Reforming Stock Exchange Governance by Commissioner Robert J. Jackson Jr., Jan. 8

"As today’s release explains, America’s stock markets are riven by a fundamental conflict of interest: exchanges both operate public data feeds and profit from selling superior private ones.[1] Because exchanges have no economic reason to produce robust public data on stock prices, investors have long demanded a vote on how the public feeds are run.[2] Rather than give investors a real say over the data that drives our markets, today’s release merely invites for-profit exchanges to draft their own rules on these questions. Because that approach has failed investors before, and there’s no reason to expect it to succeed now, I respectfully dissent.
*          *          *          *
In 1934, American investors struck a fundamental bargain with our stock exchanges. The Commission was created to oversee the markets, and nonprofit exchanges were given the special legal status they needed to play a role in protecting ordinary investors.[3] But over a decade ago the deal changed: Exchanges became for-profit entities with powerful incentives to maximize profits, not protect investors.
That’s how we ended up with the two-tiered system for market data we have today. Congress mandated the creation of a public feed when exchanges were still nonprofits, but today’s for-profit exchanges also sell their own private feeds. So it’s unsurprising that exchanges underinvest in the public feed—it’s a product they directly compete with. The only question is what the Commission should do about it. Rather than recognize the reality of the exchanges’ incentives, the Commission today chooses hope over experience, asking exchanges to act contrary to their own economic interests.[4] For two reasons, we should not expect that approach to produce the robust public data that American investors deserve.
First, by proposing an order under a national market system (NMS) plan, we’re asking the exchanges to tell us how best to address the conflicts of interests that currently allow them to profit by controlling the public feed while selling superior private data.[5] No one should be surprised when the exchanges respond that, rather than give investors votes on the operation of the public feed, they’d rather continue controlling it themselves.[6] Instead of a clear solution to an obvious problem, today’s proposal will produce little more than a long process that will benefit lobbyists and lawyers—but not the ordinary investors living with the tax of rising data costs in our markets.[7]
Second, our history governing markets through NMS plans is hardly encouraging. One need look no further than the consolidated audit trail to see what happens when the Commission replaces real regulation with mere hope that stock exchanges will act against their own interests. The CAT was launched in the wake of a terrifying market event nearly a decade ago. Both Chairman Clayton and Director Redfearn have done tremendous work to move it forward. But our predecessors left the construction of the CAT to the NMS process. And the CAT will protect investors, not produce profits. So it’s no surprise that the CAT is still not complete.[8] I hope our successors won’t someday say the same about today’s attempt to reform exchange governance.
*          *          *          *
Those who, like me, are frustrated by today’s failure to require real reform may be tempted to direct their ire towards our stock exchanges. But it’s a mistake to blame private enterprises for maximizing the profit opportunities the law gives them.[9] Instead, we should change the law to address the incentives produced by giving exchanges both control over our public feeds and the opportunity to profit by selling private ones.[10] Without changing those incentives, we cannot and should not expect the market to fix the market.[11]
That’s why I hope commenters will come forward and urge the Commission to do more than merely hope that stock exchanges will act contrary to their private interests. Until we do, our stock markets will continue to fall short of the level playing field that ordinary American investors deserve."
....
"[11] Important recent research shows that, even when the market for trading is perfectly competitive, exchanges can extract supra-competitive rents from selling speed technology in the form of proprietary data feeds. See Eric Budish, Robin S. Lee & John J. Shim, Will the Market Fix the Market? A Theory of Stock Exchange Competition and Innovation, National Bureau of Economic Research Paper No. w25855 (2019)."