Do you agree or disagree with the following proposition? (take our poll and we'll compare it with the Economist's poll results) :
People's DNA sequences are their own business, and no one else's.
Art Caplan and Craig Venter go toe-to-toe on this issue, with Art Caplan defending the privacy of DNA and Craig Venter arguing for public access. An excerpt of the discourse:
Art Caplan: "There are, it is increasingly said, plenty of reasons why people you know and many you don't ought to have access to your DNA or data that are derived from it. Have you ever had sexual relations outside a single, monogamous relationship? Well then, any children who resulted from your hanky-panky might legitimately want access to your DNA to establish paternity or maternity" ...to read more, click here.
Craig Venter: "As we progress from the first human genome to sequence hundreds, then thousands and then millions of individual genomes, the value for medicine and humanity will only come from the availability and analysis of comprehensive, public databases containing all these genome sequences along with as complete as possible phenotype descriptions of the individuals"...to read more, click here.
Let us know what you think!
Showing posts with label privacy. Show all posts
Showing posts with label privacy. Show all posts
Tuesday, March 24, 2009
Thursday, April 17, 2008
Feds to cast a wider DNA dragnet
Following up on Sue's post last week about surreptitious sampling of DNA by law enforcement officials comes this disturbing report about Federal plans to widen their DNA database, CODIS, to include samples taken from anyone arrested by a federal law enforcement agency. This represents a major change from the Federal government's current policy of collecting genetic samples only from those convicted of felonies.
For all of us, but particularly for those of us who have been detained by the Feds in the past for being in the wrong place at the wrong time (okay, well maybe because of being at a protest ... but the charges were dropped), this new policy raises serious privacy and civil liberty issues. The newly proposed regulations will be published in the Federal Register shortly, followed by a 30-day public comment period.
Tuesday, March 25, 2008
wearing your way into the club
A little late night posting before I try to re-regulate my sleep schedule (again). I was checking my Google alerts, which are truly fabulous things I recommend to anyone, and the good Dr. McGee popped up in a blog written by a former student of his, Kipum Michael Lee. Now, before I mentioned the content of Lee's post, let me say, having no clue who this person is, I just spent an interesting half an hour browsing his professional website. He does something called interaction design, which I've never heard of, and appears to be a cool blend of design, architecture, and technology. If you have a few minutes, it's worth checking out - not just for the 12:30am and I'm tired so it's really cool, but because I think we're going to see, more and more, people moving towards these interdisciplinary fields that merge interests. Why choose something boring like philosophy, when instead you can study, say, the philosophical implications of architecture and the psychological and ethical impact that has on residents? (And while I wish I could claim credit for pulling that out of my hat, in reality a former student is studying just that, via the graduate department of architecture at his university.)
Right - I was going to focus. So Kip has a blog. Kip mentioned his former Penn professor (McGee), as well as praise for their ethics curriculum, and that brought it to my mailbox. What was Kip blogging about? It seems the nightclub Baja Beach (two European locations) has decided to forgo VIP cards and instead has gone with VIP RFID chips. They have the RFID tag implanted and it serves as their access to the club, as well as payment for their drinks. Because they are a VIP, it's free club entrance for life, free access to the VIP lounge, and can order their drinks all night long, to have the cost of drinks subtracted from their bank account (linked to the RFID tag) at the end of the night. In addition to bank account information, the tag apparently includes a picture for identification, as well as full name. You can see a full interview with Conrad Chase here, including a rough count of numbers:
Chase considers this something unique, like a tattoo or body piercing - just the next step.
So Kip asks a very typical question, which is not "can we do this" (obviously, we can), but "should we do this"? He raises the point that people with the technology to make things happen do need to be the ones who lead the discussion in the ethical applications of the technology, and then wanders off into a consideration of what it means to be human. Now as something of a devotee of both DIY Biotech and Donna Haraway's A Cyborg Manifesto (warning: postmodern feminist content at that link!), I don't fear the cyborg - I embrace it, and think in many ways we are already there. I do, however, think there are questions to be asked about this RFID implantation technology.
First, and foremost, I don't believe Chase's claims that the information is not accessible outside of the club. There is something on the RFID tag that is being read every time they walk in - something that identifies them. Now it might be that the credit card information of the patrons is left on an in-house server and the RFID tag only provides a number to correspond with the identifying number in that server database, but there is something linking the RFID tag and the credit card to that person. Likewise, there's something on the chip allowing a computer to pull up the person's name and face as they walk in the door.
Privacy advocates are understandably concerned about this - for maybe a couple of hundred dollars, I can easily build a scanner that would allow me to pick up the RFID signals being broadcast from any of these implanted chips. Even if I had to sit in the club itself, to have access to the chips and the servers housing the desired data (names, credit card numbers - assuming none are stored locally), it would be possible to do - and walk out with enough information to have an online shopping spree or three. Identity theft becoming one step easier.
But admittedly, I don't think the nightclub crowd will ever grow large enough that it'd be a worthwhile (and illegal) practice to pursue. Instead, I worry more about the broader social implications. As anyone who is familiar with social networking theory knows (or has read Malcolm Gladwell's book The Tipping Point, trends often move into social acceptance by first beginning on the edges, in a club or other "scene". Once adopted by someone who has social capital in the larger group, whatever was edgy and new suddenly explodes into mass acceptance and popularity. Tattoos, piercings, clothing, all sorts of trends - and what happens when the trend moves to RFID tags that broadcast information to anyone who's listening? Your MySpace, Facebook, homepage, LiveJournal, blog, email, full name, school, gender, sexual preference - any of the information that people willingly put on these social network sites, suddenly on a chip and broadcast not to the internet at large, but the small world in their immediate surroundings.
Then what?
It's an interesting question, reaching beyond the idea of RFID tags to track children, pets, or your medical data (other currently used applications of the technology). What do you think - the future, or simply overblown fears?
-Kelly
Right - I was going to focus. So Kip has a blog. Kip mentioned his former Penn professor (McGee), as well as praise for their ethics curriculum, and that brought it to my mailbox. What was Kip blogging about? It seems the nightclub Baja Beach (two European locations) has decided to forgo VIP cards and instead has gone with VIP RFID chips. They have the RFID tag implanted and it serves as their access to the club, as well as payment for their drinks. Because they are a VIP, it's free club entrance for life, free access to the VIP lounge, and can order their drinks all night long, to have the cost of drinks subtracted from their bank account (linked to the RFID tag) at the end of the night. In addition to bank account information, the tag apparently includes a picture for identification, as well as full name. You can see a full interview with Conrad Chase here, including a rough count of numbers:
Chase considers this something unique, like a tattoo or body piercing - just the next step.
So Kip asks a very typical question, which is not "can we do this" (obviously, we can), but "should we do this"? He raises the point that people with the technology to make things happen do need to be the ones who lead the discussion in the ethical applications of the technology, and then wanders off into a consideration of what it means to be human. Now as something of a devotee of both DIY Biotech and Donna Haraway's A Cyborg Manifesto (warning: postmodern feminist content at that link!), I don't fear the cyborg - I embrace it, and think in many ways we are already there. I do, however, think there are questions to be asked about this RFID implantation technology.
First, and foremost, I don't believe Chase's claims that the information is not accessible outside of the club. There is something on the RFID tag that is being read every time they walk in - something that identifies them. Now it might be that the credit card information of the patrons is left on an in-house server and the RFID tag only provides a number to correspond with the identifying number in that server database, but there is something linking the RFID tag and the credit card to that person. Likewise, there's something on the chip allowing a computer to pull up the person's name and face as they walk in the door.
Privacy advocates are understandably concerned about this - for maybe a couple of hundred dollars, I can easily build a scanner that would allow me to pick up the RFID signals being broadcast from any of these implanted chips. Even if I had to sit in the club itself, to have access to the chips and the servers housing the desired data (names, credit card numbers - assuming none are stored locally), it would be possible to do - and walk out with enough information to have an online shopping spree or three. Identity theft becoming one step easier.
But admittedly, I don't think the nightclub crowd will ever grow large enough that it'd be a worthwhile (and illegal) practice to pursue. Instead, I worry more about the broader social implications. As anyone who is familiar with social networking theory knows (or has read Malcolm Gladwell's book The Tipping Point, trends often move into social acceptance by first beginning on the edges, in a club or other "scene". Once adopted by someone who has social capital in the larger group, whatever was edgy and new suddenly explodes into mass acceptance and popularity. Tattoos, piercings, clothing, all sorts of trends - and what happens when the trend moves to RFID tags that broadcast information to anyone who's listening? Your MySpace, Facebook, homepage, LiveJournal, blog, email, full name, school, gender, sexual preference - any of the information that people willingly put on these social network sites, suddenly on a chip and broadcast not to the internet at large, but the small world in their immediate surroundings.
Then what?
It's an interesting question, reaching beyond the idea of RFID tags to track children, pets, or your medical data (other currently used applications of the technology). What do you think - the future, or simply overblown fears?
-Kelly
Wednesday, March 05, 2008
Free genetic testing ... buyer beware
Following along the lines of several recent posts, another privacy bulletin: a company called Aperture Health has announced that it's offering free genetic testing as part of its Wellness360 program. The program, called geneVIEW, will "uncover hidden diseases--before they have a chance to cause symptoms," and allow you to "learn about your genetic heritage--and know your true history." These are interesting claims, playing into cloudy public perceptions of what genetic testing actually can and can't do, and reinforcing concepts of genetic determinism in both medical and more existential terms. Aperture doesn't offer any counseling in connection with results, though they do suggest that members print their results and discuss them with their doctor or a genetic counselor. There also doesn't appear to be much information available about what, exactly, is tested for if you sign up. These are all things I could go on about for quite some time.But the really interesting piece here, and the one that some regulatory body somewhere really ought to be paying attention to, has to do with the business model and the protection of privacy. First, the business model: they make their money from (1) advertisers and (2) employers. Chew on what that might mean for a few minutes, and then come with me on a trip through the website.
The section on geneVIEW claims, "Your genetic code is your private property--we'll help you unlock its secrets, just for you to see." In the Q&A section, they say, "At no time is your information shared, sold, rented, loaned or made available to anyone;" but if you dig around, you'll find that they define this protected "private information"as your name, address, phone number, and SSN. So when they say, "We never share personal information about our members with insurance companies, employers or advertisers," it's a little fuzzy just what this means.
Your health information--including, as far as I can tell, the results of your genetic tests--is another story. To find out this stuff, you have to look at their HIPAA policy--not just the privacy policy. Here, they note that they are not a covered entity under HIPAA, but promise to behave in ways consistent with "applicable" rules. Here's what they say about your medical information:
For Services
We will use medical information about you to provide you with treatment and services. We may share this information with members of our provider network or with others involved in your care such as doctors, nurses, or health care facilities.
For Payment
We may use or disclose your medical information to bill and collect payment from your employer for the services we provide to you. For example, we may need to inform your employer that services provided by a Aperture Health provider have been performed and as such, either you or Aperture Health are eligible for reimbursement by your employer.
Third-Party ResearchWe may use and disclose medical, diet and exercise information to any third-party. The information will be stripped of all information that could allow for the identity of the member. For example, a member's records will only contain, birth date, general geographic location and related information. The member's name, address, phone number and any identifying information will be removed from all records to which third-party access is provided.
What's the upshot? Well, first, there's a pretty good chance that the fact that you've had a genetic test will be known to your employer and (possibly) to your insurer. As I blogged recently, this is an issue to be concerned about. It also looks to me like they can, and will, sell your genetic information--de-identified, for what that's worth--to researchers (a term that isn't defined anywhere I can see). I've blogged some of these issues, too.
There's also this odd little disclaimer:
You may ask that family members or other individuals not be informed of specific medical information. That request must be made in writing to our Designee. We do not have to agree to your request. If we agree to your request, we must keep the agreement, except in the case of a medical emergency. Either you can stop a restriction at any time. [sic]
Yeah. Free genetic testing? This is one "opportunity" we should decline.
Wednesday, December 05, 2007
Facebook Saving Face?
Social networking site apologizes to users over flap from new controversial ad feature.
Angry users complained of privacy and truth in advertising violations. To see the whole scoop, click here.
Angry users complained of privacy and truth in advertising violations. To see the whole scoop, click here.
Friday, March 23, 2007
Doctors Dishing the Dirt
"I informed a patient's parents that we would call them when their child was off the heart bypass machine and back in the intensive care unit. That went down like a lead balloon as the child was in fact having spinal surgery. Oops...." (From http:/
An article in the Washington Post today examines the troubling trend of doctors blogging about their patients (sometimes rather harshly and crudely). The phenomenon is so new that medical boards, schools and professionals disagree on what is acceptable. The trend is troubling because not only because of the risk of compromising patient privacy but also because of potential liability for hospitals. I certainly could envision lawsuits -- can't you just see the latest lawyer ads? (Is your doctor talking about you behind your back? Dial 1-888-SueTheBastards or visit our website at www.SueTheBastards.com!)
For more on this (the Washington Post article, that is), click here.
Subscribe to:
Posts (Atom)
