Our laws don’t do enough to protect our health data

Curated on Posted on by Stefaan Verhulst

 at the Conversation: “A particularly sensitive type of big data is medical big data. Medical big data can consist of electronic health records, insurance claims, information entered by patients into websites such as PatientsLikeMeand more. Health information can even be gleaned from web searches, Facebook and your recent purchases.

Such data can be used for beneficial purposes by medical researchers, public health authorities, and healthcare administrators. For example, they can use it to study medical treatments, combat epidemics and reduce costs. But others who can obtain medical big data may have more selfish agendas.

I am a professor of law and bioethics who has researched big data extensively. Last year, I published a book entitled Electronic Health Records and Medical Big Data: Law and Policy.

I have become increasingly concerned about how medical big data might be used and who could use it. Our laws currently don’t do enough to prevent harm associated with big data.

What your data says about you

Personal health information could be of interest to many, including employers, financial institutions, marketers and educational institutions. Such entities may wish to exploit it for decision-making purposes.

For example, employers presumably prefer healthy employees who are productive, take few sick days and have low medical costs. However, there are laws that prohibit employers from discriminating against workers because of their health conditions. These laws are the Americans with Disabilities Act (ADA) and the Genetic Information Nondiscrimination Act. So, employers are not permitted to reject qualified applicants simply because they have diabetes, depression or a genetic abnormality.

However, the same is not true for most predictive information regarding possible future ailments. Nothing prevents employers from rejecting or firing healthy workers out of the concern that they will later develop an impairment or disability, unless that concern is based on genetic information.

What non-genetic data can provide evidence regarding future health problems? Smoking status, eating preferences, exercise habits, weight and exposure to toxins are all informative. Scientists believe that biomarkers in your blood and other health details can predict cognitive decline, depression and diabetes.

Even bicycle purchases, credit scores and voting in midterm elections can be indicators of your health status.

Gathering data

How might employers obtain predictive data? An easy source is social media, where many individuals publicly post very private information. Through social media, your employer might learn that you smoke, hate to exercise or have high cholesterol.

Another potential source is wellness programs. These programs seek to improve workers’ health through incentives to exercise, stop smoking, manage diabetes, obtain health screenings and so on. While many wellness programs are run by third party vendors that promise confidentiality, that is not always the case.

In addition, employers may be able to purchase information from data brokers that collect, compile and sell personal information. Data brokers mine sources such as social media, personal websites, U.S. Census records, state hospital records, retailers’ purchasing records, real property records, insurance claims and more. Two well-known data brokers are Spokeo and Acxiom.

Some of the data employers can obtain identify individuals by name. But even information that does not provide obvious identifying details can be valuable. Wellness program vendors, for example, might provide employers with summary data about their workforce but strip away particulars such as names and birthdates. Nevertheless, de-identified information can sometimes be re-identified by experts. Data miners can match information to data that is publicly available….(More)”.

A Systematic Scoping Review of the Choice Architecture Movement: Towards Understanding When and Why Nudges Work

Curated on Posted on by Stefaan Verhulst

Barnabas Imre Szaszi et al in the Journal of Behavioral Decision Making: “In this paper, we provide a domain-general scoping review of the nudge movement by reviewing 422 choice architecture interventions in 156 empirical studies. We report the distribution of the studies across countries, years, domains, subdomains of applicability, intervention types, and the moderators associated with each intervention category to review the current state of the nudge movement. Furthermore, we highlight certain characteristics of the studies and experimental and reporting practices which can hinder the accumulation of evidence in the field. Specifically, we found that 74 % of the studies were mainly motivated to assess the effectiveness of the interventions in one specific setting, while only 24% of the studies focused on the exploration of moderators or underlying processes. We also observed that only 7% of the studies applied power analysis, 2% used guidelines aiming to improve the quality of reporting, no study in our database was preregistered, and the used intervention nomenclatures were non-exhaustive and often have overlapping categories. Building on our current observations and proposed solutions from other fields, we provide directly applicable recommendations for future research to support the evidence accumulation on why and when nudges work….(More)”.

Open data, democracy and public service reform

Curated on Posted on by Stefaan Verhulst

Mark Thompson at Computer Weekly: “Discussion around reforming public services is as important as better information sharing rules if government is to make the most of public data…

Our public services face two paradoxes in relation to data sharing. First, on the demand side, “Zuckerberg’s law” – which claims that the amount of data we’re happy to share with companies increases exponentially year-on-year – flies in the face of our wariness as citizens to share with the state….

The upcoming General Data Protection Regulation (GDPR) – a beefed-up version of the existing Data Protection Act (DPA) – is likely to only exacerbate a fundamental problem, therefore: citizens don’t want the state to know much about them, and public servants don’t want to share. Each behaviour is paradoxical, and thus complex to address culturally.

Worse, we need to accelerate our public conversation considerably if we are to maintain pace with accelerating technological developments.

Existing complexity in the data space will shortly be exacerbated by new abilities to process unstructured data such as images and natural language – abilities which offer entirely new opportunities for commercial exploitation as well as surveillance…(More)”.

How online citizenship is unsettling rights and identities

Curated on Posted on by Stefaan Verhulst

James Bridle at Open Democracy: “Historically, and for those lucky enough to be born under the aegis of stable governments and national regimes, there have been two ways in which citizenship is acquired at birth. Jus soli – the right of soil – confers citizenship upon those born within the territory of a state regardless of their parentage. This right is common in the Americas, but less so elsewhere (and, since 2004, is to be found nowhere in Europe). More frequently, Jus sanguinis – the right of blood – determines a person’s citizenship based on the rights held by their parents. One might be denied citizenship in the place of one’s birth, but obtain it elsewhere….

One of the places we see traditional notions of the nation state and its methods of organisation and control – particularly the assignation of citizenship – coming under greatest stress is online, in the apparently borderless expanses of the internet, where information and data flow almost without restriction across the boundaries between states. And as our rights and protections are increasingly assigned not to our corporeal bodies but to our digital selves – the accumulations of information which stand as proxies for us in our relationships to states, banks, and corporations – so new forms of citizenship arise at these transnational digital junctions.

Jus algoritmi is a term coined by John Cheney-Lippold to describe a new form of citizenship which is produced by the surveillance state, whose primary mode of operation, like other state forms before it, is control through identification and categorisation. Jus algoritmi – the right of the algorithm – refers to the increasing use of software to make judgements about an individual’s citizenship status, and thus to decide what rights they have, and what operations upon their person are permitted….(More)”.

When Cartography Meets Disaster Relief

Curated on Posted on by Stefaan Verhulst
Mimi Kirk at CityLab: “Almost three weeks after Hurricane Maria hit Puerto Rico, the island is in a grim state. Fewer than 15 percent of residents have power, and much of the island has no clean drinking water. Delivery of food and other necessities, especially to remote areas, has been hampered by a variety of ills, including a lack of cellular service, washed-out roads, additional rainfall, and what analysts and Puerto Ricans say is a slow and insufficient response from the U.S. government.

Another issue slowing recovery? Maps—or lack of them. While pre-Maria maps of Puerto Rico were fairly complete, their level of detail was nowhere near that of other parts of the United States. Platforms such as Google Maps are more comprehensive on the mainland than on the island, explains Juan Saldarriaga, a research scholar at the Center for Spatial Research at Columbia University. This is because companies like Google often create maps for financial reasons, selling them to advertisers or as navigation devices, so areas that have less economic activity are given less attention.

This lack of detail impedes recovery efforts: Without basic information on the location of buildings, for instance, rescue workers don’t know how many people were living in an area before the hurricane struck—and thus how much aid is needed.

Crowdsourced mapping can help. Saldarriaga recently organized a “mapathon” at Columbia, in which volunteers examined satellite imagery of Puerto Rico and added missing buildings, roads, bridges, and other landmarks in the open-source platform OpenStreetMap. While some universities and other groups are hosting similar events, anyone with an internet connection and computer can participate.

Saldarriaga and his co-organizers collaborated with Humanitarian OpenStreetMap Team (HOT), a nonprofit that works to create crowdsourced maps for aid and development work. Volunteers like Saldarriaga largely drive HOT’s “crisis mapping” projects, the first of which occurred in 2010 after Haiti’s earthquake…(More)”.

Once and Future Nudges

Curated on Posted on by Stefaan Verhulst

Paper by Arden Rowell: “The nudge – a form of behaviorally-informed regulation that at-tempts to account for people’s scarce cognitive resources – has been explosively successful at colonizing the regulatory state. This Essay argues that the remarkable success of nudges as a species creates new challenges and opportunities for individual nudges that did not exist ten years ago, when nudges were new. These changes follow from the new fact that nudges must now interact with other nudges. This creates opportunities for nudge versus nudge battles, where nudges compete with other nudges for the scarce resource of public cognition; and for nudge & nudge symbiosis, where nudges work complementarily with other nudges to achieve greater good with fewer resources. Because of the potential for positive and negative interactions with other nudges, modern nudges should be expected to operate differently from ancestral nudges in important ways, and future nudges should be expected to operate more differently still. Policymakers should prepare to manage future positive and negative nudge-nudge interactions….(More)”.

Can Blockchain Bring Voting Online?

Curated on Posted on by Stefaan Verhulst

Ben Miller at Government Technology: “Hash chains are not a new concept in cryptography. They are, essentially, a long chain of data connected by values called hashes that prove the connection of each part to the next. By stringing all these pieces together and representing them in small values, then, one can represent a large amount of information without doing much. Josh Benaloh, a senior cryptographer for Microsoft Research and director of the International Association for Cryptologic Research, gives the rough analogy of taking a picture of a person, then taking another picture of that person holding the first picture, and so on. Loss of resolution aside, each picture would contain all the images from the previous pictures.

It’s only recently that people have found a way to extend the idea to commonplace applications. That happened with the advent of bitcoin, a digital “cryptocurrency” that has attained real-world value and become a popular exchange medium for ransomware attacks. The bitcoin community operates using a specific type of hash chain called a blockchain. It works by asking a group of users to solve complex problems as a sort of proof that bitcoin transactions took place, in exchange for a reward.

“Academics who have been looking at this for years, when they saw bitcoin, they said, ‘This can’t work, this has too many problems,’” Benaloh said. “It surprised everybody that this seems to work and to hold.”

But the blockchain concept is by no means limited to money. It’s simply a public ledger, a bulletin board meant to ensure accuracy based on the fact that everyone can see it — and what’s been done to it — at all times. It could be used to keep property records, or to provide an audit trail for how a product got from factory to buyer.

Or perhaps it could be used to prove the veracity and accuracy of digital votes in an election.

It is a potential solution to the problem of cybersecurity in online elections because the foundation of blockchain is the audit trail: If anybody tampered with votes, it would be easy to see and prove.

And in fact, blockchain elections have already been run in the U.S. — just not in the big leagues. Voatz, a Massachusetts-based startup that has struck up a partnership with one of the few companies in the country that actually builds voting systems, has used a blockchain paradigm to run elections for colleges, school boards, unions and other nonprofit and quasi-governmental groups. Perhaps its most high-profile endeavor was authenticating delegate badges at the 2016 Massachusetts Democratic Convention….

Rivest and Benaloh both talk about another online voting solution with much more enthusiasm. And much in the spirit of academia, the technology’s name is pragmatic rather than sleek and buzzworthy: end-to-end verifiable Internet voting (E2E-VIV).

It’s not too far off from blockchain in spirit, but it relies on a centralized approach instead of a decentralized one. Votes are sent from remote electronic devices to the election authority, most likely the secretary of state for the state the person is voting in, and posted online in an encrypted format. The person voting can use her decryption key to check that her vote was recorded accurately.

But there are no validating peers, no chain of blocks stretching back to the first vote….(More)”.

Handbook on Political Trust

Curated on Posted on by Stefaan Verhulst

Book edited by Sonja Zmerli and Tom W.G. van der Meer: “Political trust – of citizens in government, parliament or political parties – has been centre stage in political science for more than half a century, reflecting ongoing concerns about the legitimacy of representative democracy. This Handbook offers the first truly global perspective on political trust and integrates the conceptual, theoretical, methodological, and empirical state of the art.

An impressive, international body of expert scholars explore established and new venues of research, by taking stock of levels, trends, explanations and implications of political trust, and relating them to regional particularities across the globe. Along with a wealth of genuine empirical analyses, this Handbook also features the latest developments in personality, cognitive and emotional research and discusses, not only the relevance, but also the ‘dark side’ of political trust….(More)”.

Selected Readings on Blockchain and Identity

Curated on Posted on by Stefaan Verhulst

By Hannah Pierce and Stefaan Verhulst

The Living Library’s Selected Readings series seeks to build a knowledge base on innovative approaches for improving the effectiveness and legitimacy of governance. This curated and annotated collection of recommended works on the topic of blockchain and identity was originally published in 2017.

The potential of blockchain and other distributed ledger technologies to create positive social change has inspired enthusiasm, broad experimentation, and some skepticism. In this edition of the Selected Readings series, we explore and curate the literature on blockchain and how it impacts identity as a means to access services and rights. (In a previous edition we considered the Potential of Blockchain for Transforming Governance).

Introduction

In 2008, an unknown source calling itself Satoshi Nakamoto released a paper named Bitcoin: A Peer-to-Peer Electronic Cash System which introduced Blockchain. Blockchain is a novel technology that uses a distributed ledger to record transactions and ensure compliance. Blockchain and other Distributed Ledger technologies (DLTs) rely on an ability to act as a vast, transparent, and secure public database.

Distributed ledger technologies (DLTs) have disruptive potential beyond innovation in products, services, revenue streams and operating systems within industry. By providing transparency and accountability in new and distributed ways, DLTs have the potential to positively empower underserved populations in myriad ways, including providing a means for establishing a trusted digital identity.

Consider the potential of DLTs for 2.4 billion people worldwide, about 1.5 billion of whom are over the age of 14, who are unable to prove identity to the satisfaction of authorities and other organizations – often excluding them from property ownership, free movement, and social protection as a result. At the same time, transition to a DLT led system of ID management involves various risks, that if not understood and mitigated properly, could harm potential beneficiaries.

Annotated Selected Reading List

Governance

Cuomo, Jerry, Richard Nash, Veena Pureswaran, Alan Thurlow, Dave Zaharchuk. “Building trust in government: Exploring the potential of blockchains.” IBM Institute for Business Value. January 2017.

This paper from the IBM Institute for Business Value culls findings from surveys conducted with over 200 government leaders in 16 countries regarding their experiences and expectations for blockchain technology. The report also identifies “Trailblazers”, or governments that expect to have blockchain technology in place by the end of the year, and details the views and approaches that these early adopters are taking to ensure the success of blockchain in governance. These Trailblazers also believe that there will be high yields from utilizing blockchain in identity management and that citizen services, such as voting, tax collection and land registration, will become increasingly dependent upon decentralized and secure identity management systems. Additionally, some of the Trailblazers are exploring blockchain application in borderless services, like cross-province or state tax collection, because the technology removes the need for intermediaries like notaries or lawyers to verify identities and the authenticity of transactions.

Mattila, Juri. “The Blockchain Phenomenon: The Disruptive Potential of Distributed Consensus Architectures.” Berkeley Roundtable on the International Economy. May 2016.

This working paper gives a clear introduction to blockchain terminology, architecture, challenges, applications (including use cases), and implications for digital trust, disintermediation, democratizing the supply chain, an automated economy, and the reconfiguration of regulatory capacity. As far as identification management is concerned, Mattila argues that blockchain can remove the need to go through a trusted third party (such as a bank) to verify identity online. This could strengthen the security of personal data, as the move from a centralized intermediary to a decentralized network lowers the risk of a mass data security breach. In addition, using blockchain technology for identity verification allows for a more standardized documentation of identity which can be used across platforms and services. In light of these potential capabilities, Mattila addresses the disruptive power of blockchain technology on intermediary businesses and regulating bodies.

Identity Management Applications

Allen, Christopher.  “The Path to Self-Sovereign Identity.” Coindesk. April 27, 2016.

In this Coindesk article, author Christopher Allen lays out the history of digital identities, then explains a concept of a “self-sovereign” identity, where trust is enabled without compromising individual privacy. His ten principles for self-sovereign identity (Existence, Control, Access, Transparency, Persistence, Portability, Interoperability, Consent, Minimization, and Protection) lend themselves to blockchain technology for administration. Although there are actors making moves toward the establishment of self-sovereign identity, there are a few challenges that face the widespread implementation of these tenets, including legal risks, confidentiality issues, immature technology, and a reluctance to change established processes.

Jacobovitz, Ori. “Blockchain for Identity Management.” Department of Computer Science, Ben-Gurion University. December 11, 2016.

This technical report discusses advantages of blockchain technology in managing and authenticating identities online, such as the ability for individuals to create and manage their own online identities, which offers greater control over access to personal data. Using blockchain for identity verification can also afford the potential of “digital watermarks” that could be assigned to each of an individual’s transactions, as well as negating the creation of unique usernames and passwords online. After arguing that this decentralized model will allow individuals to manage data on their own terms, Jacobvitz provides a list of companies, projects, and movements that are using blockchain for identity management.

Mainelli, Michael. “Blockchain Will Help Us Prove Our Identities in a Digital World.” Harvard Business Review. March 16, 2017.

In this Harvard Business Review article, author Michael Mainelli highlights a solution to identity problems for rich and poor alike–mutual distributed ledgers (MDLs), or blockchain technology. These multi-organizational data bases with unalterable ledgers and a “super audit trail” have three parties that deal with digital document exchanges: subjects are individuals or assets, certifiers are are organizations that verify identity, and inquisitors are entities that conducts know-your-customer (KYC) checks on the subject. This system will allow for a low-cost, secure, and global method of proving identity. After outlining some of the other benefits that this technology may have in creating secure and easily auditable digital documents, such as greater tolerance that comes from viewing widely public ledgers, Mainelli questions if these capabilities will turn out to be a boon or a burden to bureaucracy and societal behavior.

Personal Data Security Applications

Banafa, Ahmed. “How to Secure the Internet of Things (IoT) with Blockchain.” Datafloq. August 15, 2016.

This article details the data security risks that are coming up as the Internet of Things continues to expand, and how using blockchain technology can protect the personal data and identity information that is exchanged between devices. Banafa argues that, as the creation and collection of data is central to the functions of Internet of Things devices, there is an increasing need to better secure data that largely confidential and often personally identifiable. Decentralizing IoT networks, then securing their communications with blockchain can allow to remain scalable, private, and reliable. Enabling blockchain’s peer-to-peer, trustless communication may also enable smart devices to initiate personal data exchanges like financial transactions, as centralized authorities or intermediaries will not be necessary.

Shrier, David, Weige Wu and Alex Pentland. “Blockchain & Infrastructure (Identity, Data Security).” Massachusetts Institute of Technology. May 17, 2016.

This paper, the third of a four-part series on potential blockchain applications, covers the potential of blockchains to change the status quo of identity authentication systems, privacy protection, transaction monitoring, ownership rights, and data security. The paper also posits that, as personal data becomes more and more valuable, that we should move towards a “New Deal on Data” which provides individuals data protection–through blockchain technology– and the option to contribute their data to aggregates that work towards the common good. In order to achieve this New Deal on Data, robust regulatory standards and financial incentives must be provided to entice individuals to share their data to benefit society.

Paraguay’s transparency alchemists

Curated on Posted on by Stefaan Verhulst

Story by the Open Contracting Partnership: “….The “Cocido de oro” scandal is seen as part of a well-organized and well-informed youth movement that has sprung up in Paraguay in recent years. An equally dramatic controversyinvolving alleged corruption and unfair staff appointments at one of the country’s top public universities led to the resignation of the Chancellor and other senior staff in September 2015. Mostly high school and university students, they are no longer willing to tolerate the waste and corruption in public spending — a hangover from 35 years of authoritarian rule. They expect their government to be more open and accountable, and public decision-making processes to be more inclusive and democratic.

Thanks to government initiatives that have sought to give citizens greater access to information about public institutions, these students, along with investigative journalists and other civil society groups, are starting to engage actively in civic affairs. And they are data-savvy, basing recommendations on empirical evidence about government policies and processes, how they are implemented, and whether they are working.

Leading the pack is the country’s public procurement office, which runs a portal that ranks among the most open government data sources in the world. Together with information about budgets, public bodies’ payrolls, and other government data, this is helping Paraguayans to tackle some of the biggest long-standing problems faced by the government, like graft, overpricing, nepotism and influence-peddling….

The government recognizes there’s still a long way to go in their quest to open up public data. Few institutions have opened their databases or publish their data on an open data portal, and use of the data that has been published is still limited, according to a report on the country’s third OGP Action Plan. Priority data sets aren’t accessible in ways that meet the needs of civil society, the report adds.

And yet, the tremors of a tectonic shift in transparency and accountability in Paraguay are already being felt. In a short time, armed with access to information, citizens have started engaging with how public money is and should be spent.

The government is now doubling down on its strategy of fostering public participation, using cutting-edge technology to increase citizens’ access to data about their state institutions. Health, education, and municipal-level government, and procurement spending across these areas are being prioritized….(More).