Category Archives: privacy

Good Regulators: The Weakness of 1Password and Its Progeny

There’s a math theorem that I rather like because I think it appeals to so many situations. I feel this way about that quote from Frankenstein, “And now, once again, I bid my hideous progeny go forth and prosper… blahblah;” I used that repeatedly in school essays, on entrance exams, in acceptance speeches. Some things make little sense to you in-situ but come to mean much more when you apply them to other scenarios. In the Good Regulator Theorem, good regulators are a model of systems that they regulate, and if the model is not a performant echo, then the system is weak, unregulated, and welcome to compromise. In some ways, I feel passwords are “good regulators,” things that model what they manage, because they protect memory (stores of information that you might like to keep private), and in a meta-way, they rely on your memory to ensure their utility.

We often write weak passwords because we have weak memories. So then we write frameworks around them that weaken their ability to perform, their ability to echo the system they model, and thus we introduce our human weakness into an already crippled model of protection. We “salt” and “hash” our passwords but we are still distant from a happy breakfast, to a happy progeny, a product of our genius and not simply an echo of our faults. So what can be done about passwords? What can be done about the memory they protect? How does the weakness of passwords, and of “good regulation,” affection the bio-politics of our contemporary world?

Password Strength XKCD

Continue reading

Unfit Bits

Free your fitness data from yourself

Unfit Bits outlines everyday techniques for generating the fitness datasets of your choice, enabling you to qualify for insurance discounts without the lifestyle to match.

Why Unfit Bits?

It is increasingly assumed that fitness trackers provide an objective view of the activities of their wearer. The assumption is that a person’s acceleration data as interpreted by some fancy algorithms, gives a robust insight into the fitness, health and behavior of their body, and cuts through the blurry ambiguities of memory and perception. During the last year, data from a Fitbit tracker has been used as evidence in court both in a case about the impact of a workplace injury on a worker’s health and more recently as evidence of a rape. How these early examples play out, will reveal how tight the relationship between activity data and behavior of the wearer is assumed to be.

Continue reading

How Apple, Google, and Microsoft are trying to get inside your genes

re-posted from the Council for Responsible Genetics, and fusion

by Daniela Hernandez 

Not satisfied by having our emails, chats, status updates, search histories, clicking behaviors, and shopping preferences, some of Silicon Valley’s most powerful tech titans are in an arms race to get access to your most personal information:
your DNA.

Last week, for instance, the MIT Technology Review reported that Apple was looking to integrate genetic data into studies that run atop its new open-source research platform, ResearchKit. That should come as no surprise. There’s a national focus on personalized medicine, and since DNA information is becoming cheaper to get and store, the healthcare industry is hoping that personalized medicine will be part of the solution to rising costs.

Here’s a look at how three tech companies are preparing to dominate your DNA:

Continue reading

After Genetic Privacy: an Interview with Yaniv Erlich

In 2013, Yaniv Erlich’s genetics lab at MIT (now at Columbia) called the entire possibility of genetic anonymity into question when they discovered the identities of DNA donors by cross-referencing their genetic data with publicly available information from genealogy databases. Their article “Identifying Personal Genomes by Surname Inference”(1) published in Science created a stir across privacy and medical research communities.

Heather Dewey-Hagborg: In your own words, can you give us a brief explanation of the study? What did you do and what did it mean to you?

Yaniv Erlich: We showed that it is possible in some cases to infer the surnames of males from their allegedly de-identified DNA samples. In most societies, a male receives his surname from his father, who received his surname from his own father and so own. Now, since males receive their Y chromosome from their father and the father of their father, this process creates a correlation between surnames and y chromosomes.

Our technique exploits this correlation to identify the surname of individuals and uses open genetic genealogy databases to infer the right surname. Surnames are strong identifiers. Correctly inferring them dramatically narrows the search space. We specifically showed that if the age and state of the targeted individual are known (HIPAA does not protect these two identifiers), then a surname inference can virtually resolve the identity of the person.

To show that this technique works, we were able to identify with extremely high probabilities close to 50 people that were part of a large scale study, called the 1000 Genomes.

Continue reading

Newborn DNA Storage Raises Serious Privacy Concerns

Before they are even a week old, ninety-eight percent of the 4.3 million babies born annually in the United States have a small sample of blood taken from their heels. These newborn bloodspots (NBS) are then screened for a variety of inherited conditions and are often later stored in state-operated databases. Newborn screening itself is an important public health program and some have described these residual sample “biobanks” in equally positive terms. Although there are concrete benefits of newborn testing, there are also troubling consent and privacy issues raised by the screening, storage and use of the samples.

 

Newborn screening began in the United States as a series of state level pilot programs in the 1960s to test for PKU, a rare genetic condition that is easily treatable if caught early. The success of these early programs led to rapid adoption of newborn screening among all states in the US and the number of conditions screened for has grown progressively since with additional funding at the Federal level. Because of the singular history of newborn screening, it remains the only widespread health testing in the US conducted not by an individual’s doctor, hospital, or health care provider but by individual state departments of public health. This singular history can also account for a wide disparity in state law and policy with regards to parental consent, sample storage and use.

Continue reading