Uncategorized

Cyberwar, What Is It Good For?

flying cadeuciiSome wars are supposed to last forever. Lyndon B. Johnson started a war on poverty. Richard Nixon kicked off a war on drugs. Ronald Reagan initiated a war on terror. Poverty, drug use and terror are booming. It’s time to launch another good ol’ war. Let’s make it relevant, cool, hip and infinite. So how about a 21st century war on Cybertheft?  This may sound trifle by comparison to those other wars, but wars are rarely about the actual title we bestow upon them. The war on terror evolved into a war on people living under secular dictators, the war on poverty ended up being a war on poor people, and the war on drugs became a war on black people. The war on Cybertheft will be the war on all people everywhere.

The war on Cybertheft has been simmering since the banks decided to do business online. The threat of “identity theft” should have been a monumentally mobilizing battle cry. But it wasn’t. Oh sure, it spawned a bunch of fear inducing exposés and some mildly successful businesses, but all in all, it failed to generate the zombie apocalypse panic it was supposed to trigger. Luckily, our wise leaders decided to put all our medical information on the Internet. It’s one thing for a Romanian hacker to gain access to your checking account balance, and quite another if Marcel is suddenly able to peruse your history of vaginal yeast infections. It makes no sense really, but the latter seems like an unbearable and humiliating violation of who you are. Wars have been launched for much less than that.

Let me give you an example that is splashed all over the news lately. A nondescript bunch of hackers broke into Democratic Party servers, stole all sorts of documents and emails and provided them to WikiLeaks for publication. This incident proved to be an embarrassment for the global money cartel behind our democratic curtain, and at the same time a great opportunity to score some cheap points in this weird election while stoking the fires of war. Within 24 hours, and with ample assist from corporate media tools, the conversation moved from corrupt, political machinations to an alternate universe where the Kremlin is colluding with insurgents to overthrow the rightful rulers of America. Terrifying stuff.

Back to medical records. There is a major, and very public, wringing of hands in policy and technology circles on how to safeguard the privacy and security of computerized medical records. Huge health care databases seem to get hacked almost on a daily basis. Shady hackers are advertising stolen medical records for sale on the “dark” web. The term “ransomware” is entering the health care vernacular (i.e. hackers asking health related entities to pay for keeping security breaches secret). Some experts say that thieves engage in fraudulent billing (it is a bit unclear to me how a fraudster makes money when the hospital charges you for a fake surgery, unless the hospital is stealing its own data). Other experts are hypothesizing that medical data could be used for personal blackmail (with not one shred of evidence). Hackers are posting screenshots of EMRs saying that this is the data they “stole” (although gaining access to an EMR is not equivalent to having its data). Pretty scary stuff here too, no?

But here is what is not happening. You don’t see curated lists of famous people treated for cooties. You don’t see lists of women who had abortions or of politicians suffering from palmar hyperhidrosis. You don’t really see anything that could be due to theft of strictly medical information and the “samples” posted by hackers are about Social Security numbers, dates of birth, addresses, phone numbers, emails and all the stuff you can steal from a bank. Is this a big deal?  Maybe, but judging by the number and magnitude of security breaches in the last few years, there must be dozens upon dozens of copies of our financial data floating out there and frankly, people seem rather oblivious to the whole thing. We can’t have that. We need some pizzas, some fireworks, like they have in politics.

As I’m writing this, more Democratic Party servers are being hacked, prompting increasingly unhinged conspiracy theories to justify a reboot of the Cold War with Russia, and if we’re lucky a real war. You see, in this election we unfortunately have one candidate who didn’t get the memo outlining the benefits of a nuclear war with Russia. Blabbering about NATO’s lack of purpose and how nice it would be to get along with Putin is not moving us forward. Watching CNN or reading The New York Times or the neo-conservative rags, is like watching a train wreck in slow motion. The Cybertheft attacks on Democratic Party servers are worse than Watergate, maybe worse than Pearl Harbor or 9/11, it’s an attack on our Nation, and there should be stern consequences (did you notice the unusual patriotic rah-rah at this year’s Democratic convention?).

America, we’re under attack. We are being Cyber-attacked on our own soil. A foreign power is attempting regime change in our country by exposing the dirty electioneering of the party currently in power. The question is not how come we have banana republic electioneering. The question is how come Putin dares to point that out. We don’t know if Putin did any such thing, but the theoretical possibility that he might have, or may do so in the future, is reason enough to perhaps slap some more sanctions somewhere, or move a few tanks or submarines closer to the missile shield we just deployed in Romania (?) to protect it from Iran (?). So Annie, get your guns, because Cyberwar is just the prelude.

In health care the war on Cybertheft of essentially financial data is a front for facilitating massive trafficking in actual medical information. The government agencies in charge of health information technology are accelerating the good fight to “protect” security and privacy with its quintessential tools of building awareness, promulgating regulations and funding the creation and enforcement of more regulations. But the war on who gets to be the king cyber thief is getting a bit more interesting, and perhaps more important to humanity, than the Russia-bad-America-good games played on the global theater stage, because while the public is being distracted by the legends of “TheDarkOverlord” who is stealing and selling disconnected phone numbers, the data cartel is emptying the vaults of our collective human dignity.

It was Google that invented the idea of data “liberation” to put a progressive face on its efforts to amass and sell access to personal information. It was the disruptive innovation lobby in health care that ported the data liberation movement to health care in the hopes of lowering the barriers to entry in an exceedingly complex and saturated market. The government bought the idea lock, stock and barrel because governments love surveillance of citizens and because our government is in bed with, or in the pocket of, giant technology companies aspiring to liberate a piece of the $3 Trillion health care market. But something strange happened on the way to data without borders. The government decided to fund Precision Medicine and it awarded the biggest chunk of money to the most vocal advocates for the creative destruction of imprecise medicine.

It didn’t take long to figure out that an academic medical center, as flush with cash as it may be, is no match for Google or Apple when it comes to stealing personal information from millions of people. And it didn’t take long to figure out that data liberation is set up to work in one direction and one direction only – from everywhere, into Google, Apple and other mega-rich Silicon Valley companies.  So after years of pushing the free-market miracles of iPhone medicine and genomic tests, it’s time to demand that government declares personal information to be a “public good” confiscated at will and freely available to tech giants and researchers, because anything else would be, wait for it, racist. Yes, racist, like in discriminatory against non-white minorities. The only thing left to ponder is whether we will be destroyed quickly by external weaponry, or extinguished slowly from the inside out.

On January 17, 1961 President Dwight Eisenhower delivered his farewell address, warning the nation of what he called the military-industrial complex: “In the councils of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the military-industrial complex. The potential for the disastrous rise of misplaced power exists and will persist.” Note the wonderful nuance when he says “sought or unsought”. Whatever arguments, apologies, explanations, justification you may be inclined to offer, that “unwarranted influence” is undeniably here. We chose not to heed Ike’s warning and have been paying in blood and treasury ever since. The balloon payment is right around the corner.

And Ike had one more lesser known warning: “For every old blackboard there are now hundreds of new electronic computers. The prospect of domination of the nation’s scholars by Federal employment, project allocations, and the power of money is ever present – and is gravely to be regarded. Yet, in holding scientific research and discovery in respect, as we should, we must also be alert to the equal and opposite danger that public policy could itself become the captive of a scientific-technological elite.” He saw it clearly. He saw it coming more clearly than we, who are living in it, are seeing it today. From half a century away, Dwight Eisenhower saw the forest in which we wonder, lost amongst the trees.

Livongo’s Post Ad Banner 728*90

Categories: Uncategorized

15 replies »

  1. The MIC has come up with so many schizophrenic ideas, it is hard to keep track of them. What exactly is “de-identified” data? It had to be identified first,right? How exactly is that undone? All it will take is some crisis of security or fraud or whatever to claim that the right to undo it is in the public interest.

  2. Folks beginning to have to pay:
    /home/dnaxy/Desktop/widespread-hipaa-vulnerabilities-result-in-settlement-with-oregon-health-science-university.html

  3. It’s never too late.

    Unless you fundamentally believe the glass is completely empty.

  4. Everything…. 🙂
    The only observation I have is that you don’t “call up the dark-net”. You call up some “background” check service that bought its data legally from a thousand sources, some fully identified, some supposedly de-identified, mashed it all up and created these beautiful portfolios, maybe accurate, maybe not. Our laws are lagging a few decades behind reality and by the time they update them, if they ever do, it will be too late. It’s already too late.

  5. You are in human resources. Your firm is thinking of hiring a new vice-president. You call up the dark-net and find out if he has diabetes or hypertension or obesity. Value? You are getting a divorce. You suspect your wife had an abortion, a pregnancy by another guy. You call up the dark-net…,You are investing in a new start-up. The entreprenuer looks shaky. You call up the dark-net and discover an episode of esophageal bleeding suggesting cirrhosis. Your newborn doesn’t look like you. It needed some blood-work in the nursery. You call up the dark-net and find that the blood group and type excludes you as the father. You are applying to Delta for an airline pilots job. You are a sickle cell trait and its possible that you could get into trouble if the cabin pressure fell. You are afraid Delta will check with the dark-net. You are getting married. You have a positive VDRL. Will your future spouse call the dark-net? You newborn was a true hermaphrodite, born with both testes and ovaries. You decide early on to raise the child as a female. The child is really a mosaic with both XX cells and XY cells. Later the unknowing child wonders about her/his sexual orientation and her/his new spouse begins to look into medical information on the dark net…what could go wrong?

  6. Highly recommended: https://www.aclu.org/blog/speakeasy/invasion-data-snatchers-big-data-and-internet-things-means-surveillance-everything

    “Estimates vary, but by 2020 there could be over 30 billion devices connected to the Internet. Once dumb, they will have smartened up thanks to sensors and other technologies embedded in them and, thanks to your machines, your life will quite literally have gone online…”

    Couple “digital exhaust” with eventual “genomic exhaust.” What could POSSIBLY go wrong?

  7. Great reference. I think Eisenhower must have been influenced by that book, mostly because of the inclusion of “sought and unsought, influence” into his argument, which is one of the things that struck me in Mills’ work.

  8. Why is there is a need to keep medical records on the web at all. The justification for doing so – to save someone’s life – is bogus. I’ve never had a case in 35 years where we couldn’t work through a lack of medical records. And as for megadata that quants will use to discover new diagnostic tools and therapies – poppycock. As long as insurance companies play games with reimbursement, diagnoses will change to fit with what is being paid. In other words, the megadata is bogus. It’s made even more bogus by government’s insistence that providers clerk in useless information that gets cloned in because providers are still liable for their patient’s welfare.

    A better approach might be a healthcare information account to which providers can email, text or upload medical information into the patient’s account in whatever format the provider desires. The patient could choose among thousands of independent healthcare account caretakers so as to spread risk. Allowing providers to specify their own formats prevents hackers and the government from accumulating mass information that is too easily analyzed. Allowing providers to specify their own formats allows providers to custom-tailor their own medical records programs- essential for higher quality care.

    Or we could develop an implantable chip where all healthcare info could be stored – at the patient’s discretion.

    Anything but the web.

    Anyway, for other views: http://www.fixthebus.com

  9. Also, we should all go back 40 years and locate a copy of “The Power Elite” by C. Wright Mills. Scary stuff! You don’t think so. Just remember that most of our Supreme Court justices came from just two law schools.

  10. Let’s divide and conquer (it’s so popular now 🙂 ):
    Hacking in health care is not health care specific. It’s not intended to steal clinical information.They’re not looking for x-rays.There is no reason to fret, make up stories and pretend we need new and special regulations any more than we do for banks.
    This is all just one big distraction from the buildup of huge repositories of personal information including clinical, which cannot be truly de-identified and which will be used (if they are not already) to our detriment. All the privacy & security in the world cannot stop database owners/operator from selling or “sharing” data without your knowledge and without your permission. Topol has it right, but the answer is not to bar Google while allowing Scripps to do its thing (need those hyperlinks :-). Goes to the Ike quote.

    Now to the DNC hacking parallel. This has nothing to do with favorite party or not. Stealing is wrong. Breaking an entry is wrong. Hacking here and in HC is wrong. But two wrongs don’t make a right. The primaries were rigged. We never had a chance, and most of us felt that, but there was always some doubt. There is no doubt now. I feel cheated… personally. This is not democracy.
    And if that’s not bad enough, did this incident bring something else to light? Is the hacking really the big game here, or a distraction? And if a distraction then a distraction from what?
    We don’t know who hacked the servers, Clapper doesn’t know, the FBI doesn’t know, but that didn’t prevent that creepy Mook guy from floating the most insanely outlandish conspiracy theory on TV, to change the subject. Maybe it was Kim Jong-un, after all Trump supposedly likes him too. Maybe Manafort hired an Ukrainian hacker or something. Maybe one of Podesta’s Russian “business” buddies did it. Maybe they had a mole in the DNC or maybe Assange himself sent Mr. Robot there…. No, it had to be Putin…

    Have you noticed how the Cold War rhetoric is picking up steadily? Have you noticed how the really rich people and the neocon purists, and their intelligentsia servants, are lining up behind one side, while the poor saps who are going to be put in harms way are lining up on the other side, and the liberal kids are disrupting the festivities with “no more war” chants that are drowned out by phony (scripted) U.S.A. chants? Have you noticed how the next big thing was a discussion about aggression in Ukraine and Crimea?

    If every disaster is indeed an opportunity, then all this hacking all over the place seems to be the mother of opportunities for very bad actors. I’m just trying to keep my eyes on the big ball and ignore the little marbles strewn on the floor….

  11. I agree. And I disagree. As usual.

    There are valid reasons to argue the risks of hacking are overstated.

    But not sure I get the Clinton e-mail thing. As a keen student of history (point noted on your excellent and rare Eisenhower reference) you’ll note that a break in to the DNC helped to bring down a rather well known president by the name of Richard M. Nixon.

    Interfering with democratic process is rightly a big deal in our society.

    The line between burglary and hacking is a bit fine for me.

    Where exactly does it lie? Are we against data liberation but in favor of activist hackers? If the government hacks into a private citizen’s home system — or indignity of indignities their iPhone — we are supposed to be outraged, right? If somebody we happen to agree with politically does the same to a politician we disagree with the correct response is fistbumping and another round of root beer? If a government we don’t like … If a candidate we like .. if a corporation we don’t like

    Wait. I concede this is getting a bit confusing. Perhaps somebody could draw a helpful chart to let us know how to appropriately respond?

Leave a Reply

Your email address will not be published.