Daniel Solove (TeachPrivacy) | US | Patient access to medical records under HIPAA - significant reform needed

From the article:

“We’re well into the 21st Century now, and access to our health data should be much easier. HIPAA should do more than provide a right to access. It should encourage access and improve the ease of access. Perhaps the default should be that patients are provided with their medical records and will not receive them only if they request not to. The information should be much easier to compile and consolidate if a patient wants it.”

How to stop Windows 10's prying eyes
Windows 10 is here, and Microsoft's latest operating system is designed for a mobile-first, cloud-first future, as CEO Satya Nadella puts it. But that future relies on big data — your data — and by...
By Samit Sarkar

This is super important info. I believe that Win10 will eventually stabilize into MS’ best OS so far, but they’ve come out the gate with a bunch of really ill-advised moves that compromise you. If you’ve already upgraded, definitely follow this guide and disable a bunch of stuff.

It’s interesting how I am simultaneously a very private person and a person who sometimes overshares information. I’ve shared a bunch of random, funny stories that have happened to me, and definitely reveal something about me to people that I know (but not well). But when it comes to the deep, personal stuff, there’s a lot that I haven’t told anyone, not even my best friends or family members.


New comic! (link to complete un-tumblrized comic here)

This is Part 5 of the Other Series - the last chapter! Are there any conclusions? Not really!

The whole point of this comic when I first developed it, and of this series as I’ve adapted it here, is not to provide solutions, but to explore options. There isn’t a way to be perfectly represented in information systems. There also isn’t a way to opt out of systems we don’t want to be part of. CSIS is tracking you no matter how much you try to avoid it, as is Walmart.

The whole point is that it’s a constant negotiation - a give and take of information for services, and services for information. We make decisions about how we identify ourselves every single day, from the moment we wake up. These information systems are as part of our every day lives as putting on clothes.

My goal is 1) Be aware of the fact that information is being gathered and analyzed, 2) Be aware of opportunities to shape, clarify, or queer that information (and the consequences thereof), and 3) Be active in opportunities to to limit how information systems can influence our lives (glares in C-51’s direction).

And for people like me, who define and design information architecture, to always consider users first in what we require from them, how we’re storing their information, and how that information will be used. Always, always give as much control to the user as possible.

So, that’s the whole series. I had a lot of fun writing it when I first made it, and I’ve enjoyed revisiting it here. It’s a subject I care a lot about and think a lot about, and I hope that maybe this has been an interesting introduction into the category of Other for some of you.

Thanks for your indulgence - back to regular programming next week!

Would you like some more resources on this stuff, including other perspectives and contrasting opinions? Here are some links!

Want to learn more about legislative efforts to compromise citizen privacy? This is a great paper written for non-crypto experts!
Keys under doormats


There are no others - blog

Dewey deracialized: A critical race-theoretic perspective (PDF)

Selfing as, with, and without othering: Dialogical (im)possibilities with Dialogical Self Theory - Aydan Gülerce (abstract only, sorry)

Truth and Reconciliation Committee of Canada Report Findings

Durand, Rodolphe and Paolella, Lionel, Category Stretching: Reorienting Research on Categories in Strategy, Entrepreneurship, and Organization Theory (full DL available)

Categories, Identities, and Cultural Classification: Moving Beyond a Model of Categorical Constraint - Mary Ann Glynn and Chad Navis

Queering surveillance Research - David Phillips (google books excerpt)

Janet Mock discussing the ‘trapped’ narrative of the trans experience

Some Notes on the Care and Keeping Of Your Single/Solo Friends

Recently I made a Facebook status about how New York is the only place I really feel comfortable as a solo poly/uncoupled person, and that everywhere else I’ve ever been, it’s often really awkward/unpleasant to socialize with people because of how central The Couple is to everything. A friend asked me what coupled friends can do to make things less shitty for their friends who are solo (intentionally or otherwise), and I came up with this list:

1. When invited to something, ask if your partner can come rather than just assuming and bringing them, just like you’d ask if it were a friend. Like 99% of the time I’d say yes anyway, it just always feels kinda weird to me when people treat partners as extensions of themselves that way.

2. Also, occasionally hang out with me without your partner always being there, especially if it’s otherwise just the two of us. Otherwise it starts to feel like my company is worthless on its own, unless your partner is there to cuddle with.

3. When we do hang out along with your partner, for the love of everything don’t start bringing up all your cute little inside jokes while I just sit there staring straight ahead and swallowing my entire drink in one go because this is awkward and I have nothing to say why am I hearing this right now. If you want to go on a date, DON’T INVITE ME.

4. If I’ve never met your partner and don’t know who they are, actually say who they are in conversation rather than just dropping them in like “Oh yeah Bob and I visited the Bay Area last year, it was wonderful” who is Bob and how am I supposed to know this?? People do this online a lot and I end up just assuming it’s their partner but it’s annoying. I wouldn’t mention friends or family members by name without context, so why do people mention partners that way? (Psst because romantic/sexual partners are considered more important than all other relationships in our culture)

5. If we’re out late at night and getting home might be a little iffy, don’t just be like “ok I’m going home with [partner]” and peace out–maybe like check if I’m ok getting home alone? The single worst thing about being a solo poly girl is always having to worry about getting home. Obviously I have my ways of staying safe, but like, it’s so nice when friends at least acknowledge that this is hard and offer to help if they can.

6. [This one was added at the suggestion of a friend, but I’ve had to deal with this personally too.] Do not assume that anything a friend tells you in confidence is automatically fair game to share with your partner. Always ask your friends for their permission to share private conversations with your partner. It’s really, really uncomfortable for me when I realize that a friend has been telling their partner personal shit about me without my consent OR even my knowledge.

Luckily most of my friends are really great about all of this, but this all comes from experiences I have had many many times, and it was awkward, and plz no.

I also wish this didn’t have to be said, but like…this isn’t about bitterness/jealousy? At all? This is about the ways that our society prioritizes and privileges only one way of being in relationship with others. That grates, whether or not I want a Serious Partner right now or not (I don’t).

What jealousy I do have isn’t about their having a boyfriend or girlfriend or whatever. It’s about that social legitimacy that their relationships have and mine don’t. It’s about not having to worry about how to get home alone late at night. It’s about being able to include partners in family events. It’s about being able to access a partner’s health insurance and other benefits. It’s about not having to choose between living alone and living with strangers.

All of that comes down to structural privilege and social norms, not petty “jealousy.” Dismissing people like me by calling us bitter and jealous is their way of shutting down any complaints about their behavior. I don’t have time for it.

(All of this is also applicable to partners in addition to friends. I’ve definitely been in situations where I could NOT get any alone time with a partner because they ALWAYS brought their primary/whatever along too. That…is a really great way to get me to lose interest in being partnered with someone.)

A Nursing Student's Guide to Privacy

1. Never reveal your grades. If they’re good, people will judge you. If they’re bad, people will judge you.

2. Avoid telling people your GPA. if it’s 4.0 people assume you’re book smart, lacking clinical skills - and if it’s low, people assume your intellect is based solely on grades, and not on the intellect you have clinically.

3. There’s a general curiosity in nursing about where you went to Nursing School; other nurses etc - be proud of graduating from ANY nursing school. It doesn’t matter if it’s elite, or a community college: we all passed the same NCLEX, (or Licensing exams external to USA) , we all have have the same letters, RN after our name.

4. Be mindful of whom you share your goals, and your nursing aspirations with. Not everyone is supportive. Guard disclosure of your dreams, and your vision; know the difference between those who are hungry for information - and those who will keep your trust, and stand with you through it all.

5. Often during clinicals, students cluster together to watch others perform skills. It’s ok to want privacy if you’re nervous. It’s embarrassing when the instructor asks if it’s ok to do it with others watching, in front of everyone - so of course you feel obligated to say yes. Tell your instructor about it on the side, before everyone gathers around.

6. Follow your instincts with people; competitive people generally reveal themselves one way or another.

7. If you’re doing well, and a good, methodical note taker - people will ask for copies of your notes. Be vigilant of whom you share them with: notes are often passed down through semesters.

8. If you have a good mentorship relationship with one of your professors, be mindful who you share this information with - not everyone is kind or understanding of these important connections.

9. During simulations, it’s ok if you don’t do all the skills expected of you while the cameras are rolling. While these cameras are in place for evaluation of how a student can refine their skills - It can also be intimidating. How you operate as a nurse isn’t necessarily reflected by how you do in a hour long simulation where you can’t stop to ask questions, bounce ideas off a more experienced person, or go look for support, supplies or have a tinted room of people watching.

10. Keep the amount of NCLEX questions you had to answer to yourself. Regardless of whether you answered 75 or 265, it won’t help determine how others will do when they’re asking. You can be just as intelligent at 75 or 265, or anywhere in between.

10.5. If you graduate with honors, guess what, you still don’t owe anyone an explanation of what your grades are, your intellect, or your clinical skills - wear your tassels well, and ignore the naysayers.

The majority of Americans have been giving up their data for two reasons. One: they’re not aware they can do anything else, they think they don’t have a choice. And two, they’re resigned to it. They think their data is already out there and they feel helpless about it. Marketers and social networks have been putting forth the philosophy that this is something that people willingly do or want to do in order to get better recommendations or “better ads.”  No, people don’t want to be doing this. Now that they’re aware of what’s happening, they’re pretty upset about it. This is not something that they would have consented to had they known.
When you put people’s private sexual lives on trial, nobody wins.

That’s because we all sometimes act immorally, and we all sometimes fail to live up to our own ideals. That is not some special sort of failure reserved for Bad People; we all do it. There are times to speak up and stop people from hurting others, and there are gray areas where no one (certainly not me) can really say whether or not something should be publicized. This is neither.

If you want to prevent cheating–if that’s really such a hot issue for you–then encourage people to consider and explore alternatives to monogamy. Not all people who would cheat in a monogamous relationship would behave ethically in a nonmonogamous relationship, sure. Some people suck. Other people are trying to do their best with what they have, and they don’t realize that they have a lot more options than they thought.

So, what now? some will ask. Gawker’s gonna Gawk and hackers gonna hack. True, we can’t undo the damage that has been done and we can’t necessarily prevent creepy people from ever creeping on others and putting their personal business online.

What we can do is refuse to learn the information or act on it. I still don’t even know the name of the executive who hired the porn star, and I don’t intend to learn it. I will not look at the list of Ashley Madison users, just like I chose not to look at the nude celebrity photos that got leaked last year. You shouldn’t either. If more people agree not to look, this type of information loses its power, and those who collect it and leak it lose the power to judge and ruin others’ lives for the fun of it–or for whatever twisted moral justification they manage to invent.
Access to Your Email Without a Warrant: Updating ECPA For the Digital Age

Sara Cederberg, Campaign Director

“It sounded like a good idea at the time…”

When the Electronic Communications Privacy Act (ECPA) was passed in 1986, it aimed to set standards for law enforcement access to digital communications and privacy protections for users like us. Reasonable enough.

But time passed. Innovation in computing and Internet access progressed more quickly than anyone could have ever imagined, and policymakers struggled to keep up with a basic understanding of how the online tools that we use to shape our personal and office communications actually work.

As a result, we have a law that’s more outdated than one of these:

(In case you were wondering, that’s a pager.)

The patchwork quilt of standards that were modern in the mid ‘80′s are now woefully outdated – and an affront to even the most basic of our civil liberties.

Here’s how bad it is:

  • An email can be accessed without a warrant just because a message is over 180 days old. That dorky first email your partner sent you asking you out on a date six months ago and you’ve saved out of nostalgia? It’s open season for law enforcement!
  • Location information usage is ambiguous. ECPA does not have a clear policy on law enforcement access to your location data. With more and more apps and website relying on your position to serve you up localized content and directions on where you need to go, this is clearly a treasure trove of information waiting to be discovered without your consent. 

Luckily, Congress can make this right by moving legislation to fix ECPA forward. A large, bipartisan majority in the House (280+!) is already on board with a bill that would do just that — a rare feat for any piece of legislation on Capitol Hill. 

The Email Privacy Act — sponsored by Reps. Kevin Yoder (R-Kan.) and Jared Polis (D-Colo.) — is now the most popular bill in the House to not earn a vote.

But it doesn’t have to be that way. Demand Progress members are continuing to put the pressure on their legislators and Congressional leadership — and you can, too!

Click here to sign our petition calling on Congress to bring this bill to a vote — then ask your friends to do the same.

Being a good journalist means learning how to keep a secret

THE ROLE OF JOURNALISTS is to make information public. The irony is that in order to do so, they need to keep lots of things secrets.

They do that in all sorts of ways. Sometimes journalists promise anonymity in order to get officials to divulge what they’re not supposed to reveal. Sometimes they cloak the exchange of sensitive documents. Sometimes they conceal the nature of their stories so that governments can’t censor their work preemptively.

What news organizations don’t worry enough about is keeping the identity of their readers secret. In an era when electronic spycraft is rampant, people who go to a website looking for news can unwittingly endanger themselves just by clicking on a story or video. Governments that know who is accessing specific information can intrude in a variety of ways—by blocking or censoring the story or by targeting individuals who access prohibited information for harassment or even legal action.

As elemental as it is to keep Web-based communication secure, it’s been a largely overlooked subject by many news outlets. That’s beginning to change, thanks to aggressive efforts by advocacy groups to strengthen and reinfforce safety barriers around the Web.

Read more at CJR for story by CPJ director Joel Simon.

Image:  Edgard Garrido

Justice Brandeis once said that the right most cherished by civilized men is the right to be left alone,” Paul said. “Yet in Washington, every day in every nook and cranny of your lives—your business life, your personal life—the government wants to get a piece of you. What we need to do is shut down the Washington machine, and give you your freedom back.
—  Rand Paul [x]
Just the fax: internet activists go analog to fight Congress on cybersecurity bill
Cybersecurity Information Sharing Act would give tech firms broad latitude to collect personal data – even as Congress uses old tech to avoid prying eyes
By Sam Thielman

Internet activists determined to halt what they see as another ill-conceived Washington cybersecurity bill are hitting Congress where it hurts: right in the fax machine.

Protesters have programmed eight separate phone lines to convert emails sent from a handy box at FaxBigBrother.com (as well as tweets with the hashtag #faxbigbrother) to individual faxes and send them to all 100 members of the US Senate.

The rationale, said Evan Greer of activist group Fight for the Future, is that Congress doesn’t appear to understand technology invented in the current century.

“Groups like Fight for the Future have sent millions of emails, and they still don’t seem to get it,” said Greer. “Maybe they don’t get it because they’re stuck in 1984, and we figured we’d use some 80s technology to try to get our point across.” All 100 members of Congress will receive each of the faxes.

The deluge of badly printed screenshots is in protest of the the Cybersecurity Information Sharing Act (CISA), sponsored by California Democrat Dianne Feinstein, which proposes cooperation between government agencies and private tech companies and gives the latter broad latitude to collect as much data as possible from users in the name of cybersecurity and then share it with specific federal agencies, who in turn have latitude to share it with all federal agencies.

Findings shared by companies who work with the government will be specifically exempt from the Freedom of Information Act (Foia) and all other attempts by the public to learn exactly what pieces of their data are being collected, scaled and leafed through. Fans of the bill include Facebook, Google, AT&T, Comcast, Bank of America and Blue Cross Blue Shield.

The bill, stalled last year, has been recently resuscitated and will likely be considered next week before Congress adjourns for the summer on 7 August.

Do US senators really use their fax machines that often, though? “Yes, sadly,” one former Senate staffer told the Guardian. They love their pagers as well. Faxes “all get digitized by the time they get to the office, though”, which bodes ill for senatorial email inboxes.

And why is 1979’s hottest tech trend still so popular on Capitol Hill? “One thing that makes faxes – and pagers, for that matter – still good tech is that they are analog and difficult to search. Members love them, especially to transmit data for things like campaign financing records.”

It is, in other words, a great way for American elected officials to obey the letter of the law when it comes to campaign disclosures and Foia requests without exposing themselves to the kinds of invasive data-crunching to which the general public will be prey, should CISA pass. “No one wants to read” the transmissions, the ex-staffer said. “Readers get lost in them, but there is still a record of info being sent and received.”

But there’s still pressure on Congress to act on cybersecurity worries, especially after the recent hack of the Office of Personnel Management (to say nothing of the security problems at Target, Sony and a dozen other high-profile companies).

Matt Comyns, global cybersecurity practice leader with executive search firm Russell Reynolds, said there were great risks from simply letting the current arc of cybercrime take its course. “We are living in a new world and need to adjust our thinking and behavior,” he said. “The obvious risk to CISA and more regulation from the government is the abuse of privacy. However, the government seems to have decided that is the potential cost of creating a more secure environment for companies and US citizens.”

Greer had a different take. “With all these breaches,” she said, “there’s a lot of fearmongering going on in DC. They just say: ‘This is a problem – we’ve got to do something!’ And this is the something they’re going to do. It’s not just that this won’t fix things – it’ll make them worse. And it’ll give sweeping legal immunity to some of the largest companies in the world and open us all up to new forms of surveillance.”