Hi Everyone,

It’s becoming clear to me that in regions without unified leadership against COVID-19, safe restarts will not be possible. Places such as Vietnam and Taiwan, where we have offices, are keeping their citizens safe (and working), while others are not…

In this unfortunate time, Bitmark hopes to make a difference. Let me get you caught up with what’s new at Bitmark:

We teamed up with Girls in Tech to launch a new podcast series, Hope in Crisis, discussing how technology can help us rise from various crises in modern society, both in English and Chinese.

 

You can follow the series on the following platforms:

  1. SoundOn: https://reurl.cc/AqV4Vj
  2. Spotify: https://reurl.cc/NjvQ6k
  3. YouTube: https://lnkd.in/gnriUFZ
  4. Anchor: https://reurl.cc/Wd6W7D

 

  1. News anchor Catherine Lu’s Facebook English-language interview with Bitmark CEO Sean Moss-Pultz “美國怎麼了?台灣做對了什麼?(Part.1)” about our public health app Autonomy received over 330K views, 7.8K likes, 2.8K reshares, and about 300 comments. (English and Chinese)
  2. We have faced serious difficulty in launching Autonomy to App Stores. Coindesk covered our failed launch, asking what happens when the gatekeepers we trust have too much power?
  3. Bitmark and Blockchain Commons announced Charter, a new and open architecture for the next generation of social media projects:
    1. Charter reimagines social media to recover its initial promise, with new safeguards so that no single vendor one can steal it away. Its architecture ensures that every social-media participant has both autonomy and agency. As individuals we control and govern our own data, deciding for ourselves how online information is shared, used, and deleted. For social media, this means we have authority over not just a timeline of posts, but also our social graph of connections. Each individual now decides who reads our posts and what we see ourselves.
  4. We conducted a workshop with RadicalxChange on “Restoring Data Dignity in COVID-19” (English)

Other Media Coverage:

  1. Business Weekly “防疫新生活,隱私也不愁” (Taiwan minister Audrey Tang discusses Autonomy) (Chinese)
  2. Sean’s Op-Ed on DigiTimes “【Sean Moss-Pultz專欄】在台美國人對於全球防疫與公衛的數位剖析” (Chinese)
  3. INSIDE “【科技防疫】Bitmark 開發 Autonomy,提供 COVID-19 等健康預報” (Chinese)
  4. Popular Blockchain Writer Astro Hsu gave Autonomy his vote of approval “總統盃黑客松投票指南:假新聞、數位民主、個資隱私” (Chinese)
  5. Taiwan Today “Winners of Taiwan-US coronavirus Hackathon announced in Taipei” (English)
  6. iThome “臺美防疫松吸引7國逾50團隊參加,最終5大科技抗疫應用方案出爐” (Chinese)
  7. Coverage of our announcement to leave Facebook “【獨家專訪】停用臉書捍衛數據主權!台灣新創 Bitmark 開闢社交新時代” (Chinese)

If you enjoy this newsletter or our work, please help us by sharing it with a friend.


Meanwhile, here are some articles that caught my attention over the last month:

John Gruber on Apple’s failure with its App Store:

But more than anything I worry that this exemplifies where Apple has lost its way with the App Store. What exactly is the point of running a strict approval process for apps if not, first and foremost, to ensure that they’re good apps? An iPad email app that doesn’t support split-screen multitasking for five years is, by definition, not a good app.

I’d like to see all the vim, vigor, and vigilance Apple applies to making sure no app on the App Store is making a dime without Apple getting three cents applied instead to making sure there aren’t any scams or ripoffs, and that popular apps support good-citizen-of-the-platform features within a reasonable amount of time after those features are introduced in the OS. I don’t know exactly how long “reasonable” is, but five fucking years for split-screen support ain’t it.

If technology companies often don’t understand (or prioritize) security and privacy, why do we think governments do? From the New York Times:

Norway is one of many countries that rushed out apps to trace and monitor the coronavirus this spring, only to scramble to address serious complaints that soon arose over extensive user data-mining or poor security practices. Human rights groups and technologists have warned that the design of many apps put hundreds of millions of people at risk for stalking, scams, identity theft or oppressive government tracking — and could undermine trust in public health efforts. The problems have emerged just as some countries are poised to deploy even more intrusive technologies, including asking hundreds of thousands of workers to wear virus-tracking wristbands around the clock.

In fact, “the vast majority” of virus-tracing apps used by governments lack adequate security and ‘are easy for hackers’ to attack, according to a recent software analysis by Guardsquare, a mobile app security company.

The need for local communities and neighborhoods to have autonomy to make the right decisions during COVID, backed by data and science, not just opinion. From the New York Times:

Far from Denver, pushed up against the Utah border, Mesa County is known for its stunning flat-topped mountains and abundant outdoor activities. Residents are proud of their record so far on the coronavirus — just 55 known cases, and nearly all have already recovered — but some worry about the price the county has paid.

The largest country music festival in Colorado has been canceled. So has the Junior College Baseball World Series. Despite getting state permission to open some businesses ahead of the rest of Colorado, many in the county are struggling — and patience is thinning.

“Obviously we don’t want to let it get away from us, we don’t want to ruin a good thing, but did it really have to be this level of shutdown?” said Doug Simons, a third-generation owner of Enstrom Candies, which has five retail stores that have remained open as essential businesses.

“There was a real reluctance from our leaders to let things open back up, even though we had practically zero disease in our community,” he said. “I thought: ‘What the heck is going on? We don’t have any cases here and we’re being told to shut down like it’s New York City.’

See you next month. We’ll keep fighting for your #digitalrights.

Michael Nguyễn
Head of Operations, Bitmark
www.bitmark.com

Every generation brings something new to the world. Your generation is going to liberate music and creativity. We believe your creativity and rights should never be compromised – you deserve better.

For most of the popular music today, with no beat, there is no song. However, there is another aspect which is often overlooked: recognition, both personal and financial. We know that money is not a primary incentive in creating culture, but beatmakers should reap the success and recognition should their beats become hit songs.

OurBeat is a musical ecosystem for beatmakers. Anyone who registers their beats with our app can freely sample and remix beats from other OurBeat creators. Those beats are streamed on OurBeat Radio – free of cost for anyone to listen to, free of cost for anyone to contribute to. A constant 24/7 ad-free stream created by you and the OurBeat community.

Sell your beats across the Internet and never worry about being unable to track where your beats end up. If your beat ends up on the top of the charts, you will be duly compensated and credited for it. Likewise, we know you do not want to have accidentally ripped someone else off.

How do rights work? Who talks to who? Where do you get clearance for what? OurBeat simplifies this complicated world of copyright and makes it easy to understand and inspiring for you as a beatmaker.

Today, we stand at the edge of a maturing digital music world. We’re excited about OurBeat, and we want to help you create freely, without worry and break new heights of collaboration.

Join our mailing list to be part of this exciting new initiative. We welcome beatmakers, musicians, creators, music lovers, developers and futurists alike to join us on this journey to reimagine the limits of digital collaboration.

Sincerely,

Terence LeongGroup Chief Content Officer, KKBOX Group / Co-founder, OurSong & KKFARM
Sean Moss-PultzCo-Founder & CEO, Bitmark Inc.

About KKBOX Group

KKBOX Group is Asia’s leading music entertainment company. Started by a group of music loving Internet software developers, we built and launched one of the world’s first music streaming services in 2005. Based in Taipei, the heart of Chinese pop music, we gradually grew our business from Taiwan out to Hong KongSingaporeMalaysia and Japan. Ever curious towards reinvention and discovering new business models of the future, we have expanded our business scope from music streaming to live events, technology services, content, investments and continue to explore reinvention through innovation in the digital entertainment space.

About Bitmark

Bitmark restores trust in data by democratizing rights control for any digital resource at scale, including media, personal data, and information. Bitmark’s work with KKBOX Group on OurBeat empowers creators, simplifying rights management for all beat makers.

Hi Everyone,

In the United States (where I am), we’re currently seeing states starting to open up due to political and economic pressure. It seems like there’s too much pressure from the top (President Trump) and the bottom (unemployment) to hold people on extreme lockdowns any longer, but this is driving a bigger question of “how do we all operate in this environment without creating a runaway pandemic?”

As I mentioned in my last newsletter, this need is why we’re building Autonomy, a neighborhood public health forecasting tool. A couple of weeks ago, Autonomy won Cohack, an online hackathon co-organized by the Taiwanese and the US governments with the goal of developing sophisticated solutions for managing the coronavirus pandemic.

You can learn about how we protect user privacy in hopes to activate mass participation in public health on our website. You can also sign up to get notified once Autonomy is out. Currently, we’re still in internal testing and we expect to have exciting announcements about launch partners soon.

In other news, Bitmark was named a 2020 Technology Pioneer by the World Economic Forum. Personally speaking, I am really happy to see our mission to restore trust in data validated at a global level.

In other COVID-19 related thoughts:

– Michael C. Lu, MD, MPH, dean of the School of Public Health at the University of California at Berkeley talked about fighting future pandemics in the Washington Post:

First, we can create a global early warning system. Much like systems for tsunamis and earthquakes, an early warning system could allow for early detection of and rapid response to an outbreak before it spreads. It would gather intelligence through a combination of zoonotic reconnaissance, artificial intelligence (AI) surveillance and outbreak investigation.” 

– Laurie Garrett, Pulitzer Prize winning science journalist on the state of America’s handling of the crisis in the New York Times:

The problem, Garrett added, is bigger than Trump and older than his presidency. America has never been sufficiently invested in public health. The riches and renown go mostly to physicians who find new and better ways to treat heart disease, cancer and the like. The big political conversation is about individuals’ access to health care.

But what about the work to keep our air and water safe for everyone, to design policies and systems for quickly detecting outbreaks, containing them and protecting entire populations? Where are the rewards for the architects of that?

– How Japanese are living with COVID-19 on What Japan Thinks. Health isn’t simply about our physical symptoms, it includes our mental health, it includes how the people around us affect us. Until there’s a safe way for people to participate in these discussions, we cannot hope to move health significantly forward.

– Contact Tracing isn’t the simple solution we’re all hoping helps us get back to normalcy, as Ars Technica suggests. The reason why? Trust. The same companies that use our data at their will and hide behind complex terms of use to justify doing so are now asking us to trust them with our safety. Related to that, The Verge discusses how contact tracing technology by itself cannot be the solution. A year ago, Bitmark Ambassador Bunnie Huang told us that Technology is not Magic.

– What’s the line between privacy / freedom and safety? It’s easy to be cynical about the need for privacy when people seem to share more than ever. Well-regarded venture capitalist Fred Wilson shares his perspective.

– Why is public health so important? Because modern society depends on it, yet the incentives, as discussed by Modern Healthcare, to fund it continue to ensure future pandemics.

The Trust for America’s Health estimates public health efforts are about $4.5 billion underfunded. That’s led state and local health departments woefully unprepared to address public health emergencies such as infectious disease outbreaks, extreme weather events, and the opioid crisis.

“One could argue that there has always been underfunding but it is more meaningful at a period of time when cuts haven’t been restored and risks have increased,” said John Auerbach, president and CEO of Trust for America’s Health.

– Context into Benjamin Franklin’s famous quote: “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety”, from NPR.

Thanks for reading, and keep up the support for #digitalrights.

Stay safe!

Michael Nguyễn
Head of Operations, Bitmark
www.bitmark.com

Dear Friends of the Internet,

Corporate social media has failed us.

When social networks first appeared, they offered the hope of human connection: the promise that we could gather our friends and families together online; that we could connect to businesses of our choice; that we could select news from sources that appealed to us most. It was to be the dawn of the citizen-journalist and the global family. In the modern day, with its social distancing and sheltering in place, these goals are more important than ever, but our hopes and the promises of a new, more open, respectful social institution have been dashed.

Unfortunately, today’s most popular social networks cut us off from our family and friends with arbitrary algorithms. They sever us from our news services and favored businesses in order to gain favor and advertisements. Their corporate greed led directly to the misappropriation of our personal information, adversely impacting the US 2016 election. Even today, these networks encourage blatant falsehoods to propagate across their platforms, simply because doing so makes them more money. They have literally sold out our democracy.

It doesn’t have to be that way.

Charter reimagines social media to recover its initial promise, with new safeguards so that no single vendor one can steal it away. Its architecture ensures that every social-media participant has both autonomy and agency. As individuals we control and govern our own data, deciding for ourselves how online information is shared, used, and deleted. For social media, this means we have authority over not just a timeline of posts, but also our social graph of connections. Every individual gets to decide who reads our posts, and also what we see ourselves. That’s what Charter does.

This new initiative is founded upon individual rights recognized by Europe in the GDPR and by California in the CCPA, both of which ensure that individuals may request copies of any personal data held by a vendor. This has forced social networks to make archives of accounts available to all their users. Bitmark’s Spring app focuses on Facebook and allows people to download their timeline and its graph of social connections. It’s the dawn of data independence.

This is just the first step. Blockchain Commons and Bitmark are now working in concert to develop an engagement model for what comes next. We are expanding the well-tested and trusted Bitmark Protocol, which protects digital assets using blockchain technology, to offer cryptographic object capabilities. This will allow individuals to create a graph of online connections under their own control.

People also gain personal agency that simply doesn’t exist on current social networks. Anyone can charter community groups based on any criteria: geographic location, topical interest, old friendships, or something else. Individuals get to decide which groups to join, and each group gets to decide what the rules are for participating. Meanwhile, personal data and community data will be protected in online data stores cryptographically restricted to only the appropriate people.

How is Charter different from the most popular social networks of today? The underlying algorithms and protocols are open source and will be open standards, not owned by any single company. Personal data is stored in a private vault, but the rights to it are recorded on a public blockchain, maximizing the balance between privacy and public needs. When someone uses Charter, the platform itself doesn’t limit what posts they get to see; it won’t boot people for violations of arbitrary rules; and it can’t sell personal data to advertisers. Instead, Charter is under the control of individuals and the groups that people create and join.

Charter replaces corporate social media with open infrastructure: everyone can use it, anyone can improve it, and no one can take it away.

We expect the first deployment of the Charter architecture to be in Bitmark’s Autonomy app, which uses Charter’s social graphs for public health by defining neighborhoods that can share information. We’ll be talking about that in the near future.

To take the next step in developing Charter, we need your help. We invite you to join us at a virtual conference to discuss how to reinvent our social institutions through new collaborations. Join our mailing list to stay informed and to be a part of this new initiative. We welcome futurists, developers, and social-media users alike, so that we can have a wide spectrum of views. Together, we can create a social network built upon social independence, where we decide with whom we associate.

Sincerely,

Christopher Allen, Founder & Principal Architect, Blockchain Commons
Sean Moss-Pultz, Co-Founder & CEO, Bitmark Inc.

#digitalrights

About Blockchain Commons

The open infrastructure of Charter is being designed with Blockchain Commons, who is proudly a “not-for-profit” social benefit corporation and champion for decentralization on the internet, giving power to the people instead of to corporations. Its founder, Christopher Allen, is the co-author of the TLS standard that is used today to protect almost all secure connections on the internet, granting people the power to make purchases on the internet, securely bank online, and more. He has championed object capabilities for use on the decentralized web at the Rebooting the Web of Trust design workshops, which he founded; the first such papers, “Identity Hubs Capabilities Perspective” and “Linked Data Capabilities”, were authored by participants at RWOT V in Boston, 2017.

https://www.blockchaincommons.com/

About Bitmark

Charter is being developed by Bitmark, who has been working on empowering people online since 2014. Bitmark’s best-known product, the Bitmark Protocol, allows people to autonomously govern their digital properties and gives them the agency to use them as they see fit. Charter is a new initiative for Bitmark, built on the Bitmark Protocol and the company’s core principles. It is a response to the 2016 attacks on democracy.

https://www.bitmark.com

It’s been a stressful last few months for everyone at Bitmark, and I am sure you or many people you know have been struggling as well. After the last newsletter, we had expected to launch Spring, our app to help people get their Facebook data, understand it, and eventually use it under their own control.

As we saw the suffering caused by COVID-19, however, we felt an obligation to use our resources to help.

You may already know that through our past efforts in healthcare, our team has learned from patients around the world who suffered greatly from data breaches or were denied access to their health data. Since then, these insights have led our work to put individuals in full control of their data. Our past projects include helping Pfizer match patients to clinical trials while preserving privacy, UC Berkeley safely source health data from underrepresented populations for public health studies, and H2 form the world’s first data trust to cure diabetes.

As we spoke with people about the impact of COVID-19, we learned that people understood what was going on at a greater regional level, but did not know what this meant specifically for them. Was anyone in their neighborhood affected? Were certain areas nearby less exposed to the virus than others? Where would it be safe to take family for a walk?

In response, we are building Autonomy to answer these questions through local neighborhood health forecasts. These forecasts are presented through a numerical score that encapsulates the relative danger of a neighborhood. Autonomy learns from data provided by you, those near you, and verified public sources – every so often, you’ll receive a notification when your neighborhood’s health forecast has changed and requests to share information about how you are doing. Your privacy is always protected.

While Autonomy was created to help measure the spread of COVID-19, our vision is for much wider applicability by enabling mass participation in public health. In the future it might detect cancer clusters or assess how common the cold is in your local community. It might help to evaluate the precise effects of pollution or allergens on our health. It can be an early warning system, a danger assessor, and an analytic research tool. It can help us all to get better. Together.

We expect to launch Autonomy next week in Taiwan, and we are talking with partners throughout the US and Europe to help us support local communities – Autonomy needs local, verified data along with advocates to get the word out. If you can help, please reach out to me. As with the Bitmark protocol, Autonomy is open-source software and available for anyone to use, validate, or modify for themselves.

To join the waiting list or learn more, visit https://bitmark.com/products/autonomy/faq

Thanks for reading, and keep up the support for #digitalrights.

Michael Nguyễn
Head of Operations, Bitmark
www.bitmark.com

Happy new decade! I hope you’re not looking for the unsubscribe button already – we have not sent a newsletter in a very long time. There are a number of reasons for that, but I’ve been mainly wondering about what you wanted when you originally signed up.

No one likes getting junk in their email and I certainly do not want to waste your time.

Next week, we’re going to release our new app Spring to the Apple iOS and Android app stores. I will send you a separate email about that soon. I’m very excited to tell you about it.

Here’s what I’d like to do moving forward, however. Each month, I can give you an update on how Bitmark is doing:

  • Any recent media coverage
  • Past and upcoming events
  • News on current projects, partners, and products
  • Interesting articles that we’ve been sharing internally

For example, a few months ago, we ran an “Artist-to-Peer” (A2P) experiment with renown artist Casey Reas that was covered by WIRED and also Artnome. We see computational art as the beachhead into the larger art market. How, and Why, Artists Exchange Work (NYT article) and Fluxus show how this method has worked in the past. Reas, along with three other curators, selected 75 of the top artists working with digital formats. Each artist made an original digital artwork that was registered to the Bitmark system. From that artwork, 11 tradable editions were generated, each with its own unique provenance. The artists then had one week to build a personal art collection by trading their editions with one another.

You can relive this trading experience for yourself at: https://a2p.bitmark.com/

Sean also spoke on the UFO podcast (100K followers), was interviewed by DigiTimes for our work in health, presented Spring at UC Berkeley, was a panelist at the 4th Taiwan Blockchain Summit 2019, and spoke at RadicalXChange Berlin about  “Data Dignity and Digital Property Rights” and “Data Dignified Healthcare” with Robert Miller (ConsenSys), Nicolas Della Penna (MIT), Anish Mohammed (SRH Berlin). Bitmark represented Taiwan at the Singapore FinTech Festival, which hosted 60,000 people from 130 countries.

Sean’s talk in Berlin can be watched on YouTube.

I’d love to hear from you, more soon.

Michael Nguyễn
Head of Operations, Bitmark
www.bitmark.com

Technology is Not Magic: The Hacker’s Point of View — Bitmark Ambassador “bunnie” Huang

Technology is Not Magic: The Hacker’s Point of View — Bitmark Ambassador “bunnie” Huang

“One of the reasons I am so passionate about open source, is that I worry that, if people believe that technology is magic, then we find ourselves in a dangerous situation. We essentially become slaves to the technology…”

Andrew “bunnie” Huang is a renowned hacker, author, researcher, and activist

The Bitmark Ambassador series highlights innovators who understand the importance of property rights in the modern digital environment. They are industry pioneers — artists, lawyers, scientists, health researchers, hackers, makers and creators.

Andrew “bunnie” Huang is a renowned hacker, author, researcher, and activist. He is best known for his open hardware designs: the Chumby (app-playing alarm clock), Chibitronics (peel-and-stick electronics for craft), and Novena (DIY laptop). His book on reverse engineering, Hacking the Xbox, is a widely respected tool for hardware hackers. He serves as a Research Affiliate for the MIT Media Lab and a technical advisor for several startups including Bitmark and MAKE magazine. bunnie received his PhD in Electrical Engineering from MIT and currently lives in Singapore where he runs a private product design studio, Kosagi.

Watch bunnie’s talk to learn more about his new project! (betrusted)

Throughout his various projects to empower fellow hackers, journalists, and women, these projects all share one core value: “The Importance of Free Will”.

“I really value free will. A lot of times at the end of the day, part of the idea of seeing the world as a hacker and not seeing the labels on things — that’s kind of the essence of free will.”

In his Bitmark Ambassador video, bunnie raises an interesting question about the people behind large organizations and companies that create rules and define structure. These people are no better than us — we all have the intelligence and capability to question what we are led to believe. We do not need to settle for blind acceptance.

“I really hope in the future we can always find a way to preserve free will. And a lot of the idea behind open source and sharing and sharing the idea of hacking is teaching people how to have that sense of free will and independence, that ability to control their destiny.”

bunnie tells us that if technology makes people feel trapped or lost then there is a path to understand it. That is how a hacker looks at technology, seeing it for what it really is, not what it’s only packaged to be.

“That kind of experience of being able to just kind of touch the hardware and play around with it, break it, fix it, kind of got me over even the notion that technology is magic. Technology is something that you can understand.”

Enjoy “Technology is Not Magic” below and let us know how technology impacts your perspective on the world.

Set the quality to HD for this inspirational video!

More about bunnie:

▪ He filed a lawsuit against the U.S. government arguing that Section 1201 of the Digital Millennium Copyright Act stifles innovation and free speech.

▪ He worked with a PhD candidate at the MIT Media Lab to develop programmable circuit stickers that encourage more girls to experiment with electronics and physical computing.

▪ He created a reference design for a cheap Geiger counter with the goal of helping citizens detect environmental radiation resulting from the Fukushima Daiichi disaster in Japan.

▪ He teamed up with NSA whistleblower Edward Snowden to develop Introspection Engine, an iPhone case for journalists and human rights activists that detects if their devices are secretly transmitting Wi-Fi, cellular, Bluetooth, or GPS signals when they shouldn’t be.

By Bitmark Inc. on July 16, 2019.

Under-the-Radar Health Information Markets: the Supply, the Demand, and the Exploited.

Nowadays, it is not a secret that healthcare providers — such as hospitals — can store and utilize individuals’ health information. Hospitals keep records of individuals so that the diagnosis can be based on more information, and some countries even have a health information exchange system among different hospitals for the same purpose.

Yet, there are also some unnoticeable health information markets that are growing rapidly by consuming your health data without your awareness or explicit consent. In the following paragraphs, I will examine the players in the under-the-radar health information market from the view of supply and demand. I will then wrap up the article by raising awareness of the high risks that individuals face.

The Supply: Who is accessing and supplying your health information without your consent?

Health Data Brokerage Industry

In general, data brokers refer to entities that collect information about individuals and sell that data to other data brokers, companies and individuals. Accordingly, health data brokers refer to those who particularly focus on health information. In the US, Health data brokers can legally buy and sell anonymous (de-identified) data under the Health Insurance Portability and Accountability Act (HIPAA), as well as non-anonymous health data not covered by that privacy standard, including what you put into search engines and health websites [1].

“Your medical data is for sale — all of it.”

— The Guardian

One of the biggest health data brokers in the field is IMS Health (now called “IQVIA” after the merge). According to Forbes, IMS claimed it “processes data from more 45 billion healthcare transactions annually and collects information from more than 780,000 different streams of data worldwide.[2]” It is noteworthy that data brokers do not have a direct relationship with the people who they are collecting data from — meaning that people tend to be unaware of their data being collected and sold.

Health Data Breaches

Throughout history, one of the common ways for criminals to get something valuable is via stealing — and at the age of the internet, it becomes data breaches. Suggested by the Forbes, healthcare industry is now the most cyber-attacked industry. In the United States alone, between 2009 and 2017, there have been 2,181 healthcare data breaches that have resulted in the exposure of 176,709,305 healthcare records — accounting for 54.25% of its population [3]. In 2016, there were 9 times more medical than financial records breached [4]. It is also noteworthy that 75% of those records were exposed or stolen as a result of hacking or IT incidents, signaling how criminals saw value in the actions [5].

Every year, with the exception of 2015, the number of healthcare data breaches (in the USA) has increased, rising from 199 breaches in 2010 to 344 breaches in 2017.

Apart from the United States, Australia and Singapore also recently faced a serious health data breach. The Office of the Australian Information Commissioner has revealed in July 2018 that there have been more than 300 major data breaches this year — among which healthcare sector was the worst hit with 49 major data breaches [6]. Singapore, on the other hand, also suffered from one of the worst cyber attacks in history this year. Hackers invaded the computers of SingHealth, Singapore’s largest group of healthcare institutions, and stolen the health records of 1.5 million patients — including Prime Minister Lee Hsien Loong [7].

Darknet Market

Darknet Market, also known as the “Dark Web” or the “Deep Web”, can be seen as an online form of black market. Many of health records from the previously mentioned data breaches go to the darknet market for sale.

“Stolen health credentials can go for $10 each, about 10 or 20 times the value of a U.S. credit card number.” — PhishLabs.

On the dark web, complete health records normally contain an individual’s name, date of birth, social security number, and medical information. Such records can sell for as much as $60 a piece, whereas stolen credit cards sell for just $1 to $3 [8]. The prices might vary due to the number of items available in the package, characteristic of the victim, the source of the stolen data and the underground reputation of the sellers [9].

Source: Redsocks Malicious Threat Detection (11st Apr 2018), Dark Web: The Harmful Business of Medical Data. Available at: https://www.redsocks.eu/blog-2/dark-web-the-harmful-business-of-medical-data/

According to Guardian, a darknet trader even claimed to have access to any Australian’s Medicare details and can supply it upon request. The price for purchasing an Australian’s Medicare card details is 0.0089 bitcoin –equivalent to US$22 at the time [10].


The Demand: Who is buying your health information without your consent?

Medical Identity Theft

Medical identity theft, as defined by the World Privacy Forum, occurs when “someone uses a person’s identity without the person’s consent to obtain medical services or goods, or uses the person’s identity information to make false claims for medical services or goods” [11].

In the US, medical records have been in great demand from cybercriminals because they contain valuable personal information — such as name, address, date of birth and Social Security Number — all in one record [12]. With such information, criminals can access specific medical equipment or drugs available upon prescription — and then later sell them on the black market.

Pharmaceutical Companies

The pharmaceutical industry has traditionally depended on aggressive marketing for the products promotion. However, the traditional commercial method does not seem to do the trick anymore these days. Particularly, companies are failing to engage with patients when they look for information about symptoms in the early stages [13]. So by accessing more health information about individuals, they can gain better insights into the market and how to best interact with patients/consumers [14].

Besides the marketing aspect, to prove the value of their drugs, pharmaceutical companies have started to involve real-world data when conducting clinical studies over the past decade. Between 2010 and 2016, the average cost of bringing a drug to market has increased by 33%, yet the average peak sales decrease by 49%. Meanwhile, the market for precision medicine is expected to grow from $39 billion in 2015 to &87.7 billion by 2023 [15]. IMS Health, for instance, claims that pharmaceutical sales and marketing are a key part of IMS’ business, and its data also helps big pharma justify prices for drugs by demonstrating their effectiveness [16].


The Exploited: High risks, yet low (if any) returns for individuals

Your health information cannot exist without you. Yet, other people are benefiting from it instead of you.

All the health information that I mentioned above — whether it is in a data breach or being purchased by the pharmaceutical companies — are generated by individuals. Therefore, I believe it is fair to argue that individuals, instead of the data brokers or the hackers, have the most at stake — yet as it shows, receive the least benefits from the market.

Privacy is at stake

Most of the current legal protections (e.g. HIPAA) focus on removing personally identifiable information — such as name, phone number, address, date of birth — when it comes to health records. Health data brokers, for instance, tend to only deal with such de-identified health information when running their business. However, it is critical to realize that such method is no longer enough for securing one’s privacy as it is possible to re-identify those data what were de-identified. One of the popular ways to do so is by combing databases to fill in the blanks, which is also known as “mosaicking”[17].

“Enough anonymous data gathered over time will eventually contain enough clues to re-identify nearly anyone who has received medical care, posing a big potential threat to privacy [18].”

The Australian government, for instance, published medical billing records covers 2.9 million people on its open data website and those data were later found re-identifiable by using known information about the individuals [19]. With the increasing popularity of consumer genomics, a research has found out the “more than 60 per cent of Americans with European ancestry can be identified through their DNA using open genetic genealogy databases, regardless of whether they’ve ever sent in a spit kit [20].” In the below graph, Bloomberg shows how someone can successfully re-identify your medical records in 5 simple steps.

Source: Bloomberg Research

Pay the high price for being a medical identity theft victim

In the US, it is suggested that a medical identity theft can cost one about $13,500 to resolve [21]. Unlike the traditional financial identity theft, medical identity theft is more difficult to be discovered and dealt with. One of the main reasons is that health information tends to be very private and unchangeable — one cannot simply cancel his/her demographic data, family history, insurance information or medication.

Once you become a victim of medical identity theft, doctors might update your health records with the imposter’s medical information, which can lead to false treatment for you and medical bills that you have to pay for [22].

What’s it in for the individuals?

Bearing such costs and risks as mentioned, one would assume that there must be something in it for the individuals. But in my reality, I have never get rewarded (in any forms) from hospitals, pharmaceutical companies or health data brokers for utilizing my valuable health information — I believe that is the experience of almost everyone out there.

To conclude, our health information (in many forms) are in fact traded around more than we expected, both legally and illegally. From data brokers to hackers, entities get on hold of valuable and sensitive health information/data and make profits out of them. I believe the very first step is to raise public awareness as well as empowering individuals to request better control over their health information.


Reference:

[1] Fast Company (1st Apr 2018). Can this app that lets you sell your health data cut your health costs. Available at: https://www.fastcompany.com/40512559/can-this-app-that-lets-you-sell-your-health-data-cut-your-health-costs[2] Forbes (6th Jan 2014). Company that knows what drugs everyone takes going public. Available at: https://www.forbes.com/sites/adamtanner/2014/01/06/company-that-knows-what-drugs-everyone-takes-going-public/#2f37caf24c90[3] HIPAA Journal. Healthcare Data Breach Statistics. Available at: https://www.hipaajournal.com/healthcare-data-breach-statistics/[4] Forbes (Dec 2017). The Real Threat Of Identity Theft Is In Your Medical Records, Not Credit Cards. Available at: https://www.forbes.com/sites/forbestechcouncil/2017/12/15/the-real-threat-of-identity-theft-is-in-your-medical-records-not-credit-cards/#5c7f7fa01b59[5] HIPPA Journal (Sep 2018), Study reveals 70% Increase in Healthcare Data Breaches Between 2010 and 2017. Available at: https://www.hipaajournal.com/study-reveals-70-increase-in-healthcare-data-breaches-between-2010-and-2017/[6] News.Com.AU (31st Jul 2018). Health sector tops the list as Australians hit by 300 data breaches since February. Available at: https://www.news.com.au/technology/online/hacking/health-sector-tops-the-list-as-australians-hit-by-300-data-breaches-since-february/news-story/5e95c47694418ad072bf34d872e22124 [7] The Strait Times (Jul 2018). Personal info of 1.5m SingHealth patients, including PM Lee, stolen in Singapore’s worst cyber attack. Available at: https://www.straitstimes.com/singapore/personal-info-of-15m-singhealth-patients-including-pm-lee-stolen-in-singapores-most[8] Fast Company (2016). On the Dark Web, Medical Records Are a Hot Commodity. Available at: https://www.fastcompany.com/3061543/on-the-dark-web-medical-records-are-a-hot-commodity[9] Redsocks Malicious Threat Detection (Apr 2018). Dark Web: The Harmful Business of Medical Data. Available at: https://www.redsocks.eu/blog-2/dark-web-the-harmful-business-of-medical-data/[10] The Guardian (Jul 2018). The Medicare machine: patient details of ‘any Australian’ for sale on darknet. Available at: https://www.theguardian.com/australia-news/2017/jul/04/the-medicare-machine-patient-details-of-any-australian-for-sale-on-darknet[11] World Privacy Forum. Medical Identity Theft. Available at: https://www.worldprivacyforum.org/category/med-id-theft/ [12] Entefy (Dec 2017). Medical records fetch a premium on the black market. Then along comes blockchain. Available at: https://www.entefy.com/blog/post/500/medical-records-fetch-a-premium-on-the-black-market-then-along-comes-blockchain[13] McKinsey & Company (May 2016). How pharma companies can better understand patients. Available at: https://www.mckinsey.com/industries/pharmaceuticals-and-medical-products/our-insights/how-pharma-companies-can-better-understand-patients[14] Lewis, R. J., Weintraub, S., Sitler, B., McHugh, J., Zan, R., & Morales, S. (2015). Results: The Future of Pharmaceutical and Healthcare Marketing. [15] Deloitte (2017). Life Sciences and Health Care Prediction 2022. Available at: https://www2.deloitte.com/uk/en/pages/life-sciences-and-healthcare/articles/healthcare-and-life-sciences-predictions.html[16] Fortune (9th Feb 2018). This Little-Known Firm Is Getting Rich Off your Medical Data. Available at: http://fortune.com/2016/02/09/ims-health-privacy-medical-data/[17] Forbes (2016). The Big Data Era of Mosaicked Deidentification: Can we Anonymize Data Anymore? Available at: https://www.forbes.com/sites/kalevleetaru/2016/08/24/the-big-data-era-of-mosaicked-deidentification-can-we-anonymize-data-anymore/#802d2be3f1e2[18] The Century Foundation (2017). Strengthening Protection of Patient Medical Data. Available at: https://tcf.org/content/report/strengthening-protection-patient-medical-data/?agreed=1[19] The Guardian (Jul 2018). ‘Data is a fingerprint’: why you aren’t as anonymous as you think online. Available at: https://www.theguardian.com/world/2018/jul/13/anonymous-browsing-data-medical-records-identity-privacy[20] Wired (2018). Genome Hackers Show No One’s DNA Is Anonymous Anymore. Available at: https://www.wired.com/story/genome-hackers-show-no-ones-dna-is-anonymous-anymore/[21] AARP (2017). Medical Identity Theft: It Can Cost You Thousands. Available at: https://states.aarp.org/medical-identity-theft-can-cost-thousands/ [22] Panda Security. Identity Theft. Available at: https://www.pandasecurity.com/mediacenter/news/identity-theft-statistics/

By Hsiang-Yun L. on July 01, 2019.

Blocktrend Today’s Q&A With Bitmark CEO Sean

A few months ago, our CEO Sean did an interview with Astro Hsu for Astro’s publication Blocktrend Today. Astro is Taiwan’s top blockchain writer and influencer who has thousands of paid subscribers for his blockchain Chinese newsletters. Below is the English translation of that interview:

Bitmark is an independent public blockchain. Its biggest difference with other blockchains is that Bitmark has not issued its own cryptocurrency, however, it does use bitcoin to reward miners. Users can also use it to issue music, business cards, and other digital files. In 2017 Bitmark received support from Alibaba’s Taiwan Entrepreneur Fund.

In this interview, we’ll be talking with Bitmark CEO Sean Moss-Pultz. He is also responsible for guiding HTC Blockchain Phone Exodus 1’s technology and data R&D.

Sean is an American, and is married to a Taiwanese woman, with whom he speaks Chinese and English. This interview was conducted in both Chinese and English.

Astro: We’ll start with the simplest, yet most difficult question to answer, okay? In terms of everyday life, what are Blockchain’s biggest use cases?

Sean: As many physical things are being digitized, people to people interactions are becoming “less warm”. Blockchain can bring back this warmth.

Half a year ago Pochang Wu gave me one of his CDs. I then went and bought a new CD player for the occasion, and listened with my son. Physical CDs are special. If you don’t use physical CDs, it’s really hard for us to wrap music and gift it to friends. Of course in the era of streaming, we can gift KKBOX gift cards, but it’s just not the same. With CDs, people can feel like they’re getting a special gift. But with gift cards it just doesn’t have that special significance, it’s not something you can really collect.

Blockchain allows us to create a sense of gift giving in the era of digital music, so that music can be collected again.

Astro: Bringing about the feeling of giving gifts by hand, but in the digital world, that sounds very abstract. How can blockchain do this?

Sean: With blockchain, you can really easily trace back something’s origin. People who obtain music not only know who originally published the files, but also know who has transferred the files. If your music was given to you directly by the producer and without any middleman, then this is just like getting an autograph, it’s very meaningful.

Astro: Perhaps later when getting an important person’s business card, people might screenshot its blockchain transfer record and share it on social media to show off. This could be the feeling of “gift delivery by hand” in the digital world. In that way, what does Bitmark use blockchain to do?

Sean: Bitmark built its own blockchain, and uses it to register people’s digital property rights. It’s slightly similar to an intellectual property office. Before, we could only duplicate or share digital assets. Now we can finally allow people to formally authorize the use of their digital property if they have a clear record of digital data’s provenance and transfer history.

Bitmark and KKBOX’s subsidiary (KKFARM) digital publication platform are collaborating to bring digital property registration to music publishing software. As paperwork digitizes, efficiency will improve and producers will also receive compensation more quickly.

Now, Bitmark is also collaborating with HTC to allow consumers to register their data under their names.

Astro: Producers often want to authorize music, using blockchain to digitize the process, that’s easy to understand. However, what’s the use of Bitmark allowing consumers to register their data under their names? Is it also to authorize information?

Sean: The Cambridge Analytica scandal happened in 2018, Facebook apologized and was fined. But consumers didn’t receive any of Facebook’s reparations because the consumer data was certainly not their own to begin with.

Consumers provide their data in exchange for Facebook’s services, and Facebook ought to satisfactorily fulfill their data management responsibility. However, just who really owns the data has no clear boundary. Consumers and Facebook both say they own the data.

The same situation happens in hospitals. Do medical records actually belong to hospitals or patients? I think people should confront this problem, and blockchain is what we can use to solve it.

In the future, consumers just have to take one more measure — registering their data under their own name — and things can become very different. Accordingly, data property rights will have no room for uncertainty, and will be convenient to authorize.

Now that data property rights belong to consumers, only authorizing enterprises can use it, one can assume some enterprises who experience data breaches will necessarily have to pay consumers reparations. It’s just like if a bank gets hacked and sustains losses, they must necessarily repay depositors the same.

Astro: Do you think companies will have to buy or rent data from consumers, and won’t be like how currently they directly take and use it? Likewise, how can consumers register data under their own name?

Sean: Data is an important digital asset, and now everybody knows that data can be used to make money. So data has to be similar to copyrights or land in that property rights and ways to authorize should all be clearly defined.

In the past nobody did this, because at the time there wasn’t any blockchain technology. People had no way to register their data bit by bit, and because of this data property rights are entirely controversial, every party thinks data should be theirs, and in the end companies like Facebook and Google have the advantage.

Bitmark blockchain helps register all kinds of digital property rights. We are going to embed our services into an HTC phone, and all data output will be immediately registered to consumers. Consumers won’t think there’s any change, but these data property rights will register themselves.

In the future, there will be more and more research institutions and enterprises that want to purchase data from consumers. Besides HTC’s phone, Bitmark is also collaborating with KKBOX to allow producers to authorize music. In the healthcare sphere, we are going to directly embed into health apps or hospitals’ systems. If institutions have research demands, they just have to get paid or unpaid authorization from consumers.

Astro: I originally wanted to ask: if the market has more than 1000 different kinds of blockchains, how are people supposed to choose the best one or the best suitable blockchain for them? Now it seems like this question is just asked as a counter. People certainly aren’t taking the initiative to go choose which blockchain to use, but people might have no idea what blockchain they are using, because blockchain is quietly sneaking into everybody’s devices and apps, right?

Sean: Right. Blockchain is an underlying technology, people won’t know which blockchain their underlying technology uses, just like people usually don’t know whether the chips in their own phones are actually manufactured by TSMC or Samsung.

Even though we’re collaborating with HTC, KKBOX, or other health apps, blockchain will slowly make its way into people’s daily lives through these companies.

Astro: When consumers first register a lot of data on the Bitmark blockchain, will there be any privacy issues?

Sean: This is a common misperception. Consumers aren’t giving their data to Bitmark, instead, they’re just registering their data’s property rights on the Bitmark blockchain. Consider that it’s like a random hash appearing as data, there are no privacy issues. It’s just like land management bureau registering land property rights, you’re just giving them your property rights information, and the bureau doesn’t own your land.

In the future, data will exist on consumers’ phones, or in companies’ data centers, however, it won’t be on Bitmark blockchain in that way. Protecting the genuine security of this data is extremely important, but this is already beyond the scope of Bitmark’s control.

Astro: Everybody is looking for suitable situations to use blockchain. Currently, do the companies Bitmark is collaborating with have anything in common with each other?

Sean: They’ve all encountered problems due to the lack of clarity surrounding digital property rights. Corporations will do whatever they can to own data for themselves, but data is generated by consumers. Bitmark helps consumers register data’s digital property rights, and creates a platform for exchanging data, allowing consumers to authorize its use, thus establishing a completely new data trade standard.

Astro: This is the last question. When do you think blockchain will be universally used?

Sean: Even I don’t know. This is just like asking a newly hatched chick “when did you think you were going to hatch?” The chick just knows that it always wants to hatch, but it doesn’t know when it will.

This interview essentially did not discuss cryptocurrency. However, it is still very worthwhile to solely discuss pure use cases of blockchain.

Bitmark blockchain helps people establish property rights over their digital assets, coinciding with HTC’s blockchain phone to “let go of data.” After consumers own their data property rights, the next immediate question will be one of authorizing data.

This is an important milestone. In the future when companies want to use users’ data they will need permission and will have to pay compensation. Because of this, Sean also predicts that in the future there will exist data commercial agents, who are responsible for matching companies and consumers. On one hand, this will help enterprises obtain authorization and conduct payments as well as help consumers find the buyers who are most in accordance with their needs, for example finding the highest prices and values.

Furthermore, this also can produce impact against today’s tech giants. Whether it’s for Facebook or Google, to them data is a golden hen, and they won’t want to give it up overnight. This is the inventor’s dilemma. Because of this, tech giants might not go with the new generation’s flow. On the contrary, the governments that currently do not rely on consumers’ data to make money or the startups that don’t have data can extend both arms and embrace the new trends.

The beginning of the revolution, perhaps might be the moment of blockchain phone’s emergence and that small group of users. Phones are what people spend most of their time on, and the influence that blockchain’s entering the realm of phones will not be limited to managing cryptocurrencies, but can also allow people to more conveniently manage their own data rights.

Subtly applying Bitmark’s technology to devices and applications is the next key step towards giving power back to the people.

Here is a link for the original publication (in Chinese): https://blocktrend.today/03-12-2019-interview-bitmark-ceo-sean-moss-pultz

Subscribe to BlockTrend Today Newsletter (in Chinese): https://blocktrend.today/member-plan

Page composed with the free online HTML editor. Please subscribe for a license to remove these messages from the edited documents.

By Simon Imbot on May 03, 2019.

With Data Anonymization Becoming A Myth, How Do We Protect Ourselves In This World Of Data?

With humanity moving into the world of big data, it has become increasingly challenging, if not impossible, for individuals to “stay anonymous”.

Every day we generate large amounts of data, all of which represent many aspects of our lives. We are constantly told that our data is magically safe for releasing as long as it is “de-identified”. However, in reality, our data and privacy are constantly exposed and abused. In this article, I will discuss the risks of de-identified data and then examine the extent to which existing regulations effectively secure privacy. Lastly, I will argue the importance for individuals to take more proactive roles in claiming rights over the data they generate, regardless of how identifiable it is.

What can go wrong with “de-identified” data?

Most institutions, companies, and governments collect personal information. When it comes to data privacy and protection, many of them assure customers that only ”de-identified” data will be shared or released. However, it is critical to realize that de-identification is no magic process and cannot fully prevent someone from linking data back to individuals — — for example via linkage attacks. On the other hand, there are also new types of personal data, like genomic data, that simply cannot be de-identified.

Linkage attacks can re-identified you by combining datasets.

A linkage attack takes place when someone uses indirect identifiers, also called quasi-identifiers, to re-identify individuals in an anonymized dataset by combining that data with another dataset. The quasi-identifiers here refer to the pieces of information that are not themselves unique identifiers but can become significant when combined with other quasi-identifiers [1].

One of the earliest linkage attacks happened in the United States in 1997. The Massachusetts State Group Insurance Commission released hospital visit data to researchers for the purpose of improving healthcare and controlling costs. The governor at the time, William Weld, reassured the public that patient privacy was well protected, as direct identifiers were deleted. However, Latanya Sweeney, an MIT graduate student at the time, was able to find William Weld’s personal health records by combining this hospital visit database with an electoral database she bought for only US$ 20 [2].

Another famous case of linkage attack is the Netflix Prize. In October 2006, Netflix announced a one-million-dollar prize for improving their movie recommendation services. They published data about movie rankings from around 500,000 customers between 1998 and 2005 [3]. Netflix, much like the governor of Massachusetts, reassured customers that there are no privacy concerns because “all identifying information has been removed”. However, the research paper How To Break Anonymity of the Netflix Prize Dataset” was later published by A. Narayanan and V. Shmatikov to show how they successfully identified Netflix records of non-anonymous IMDb users, uncovering information that could not be determined from their public IMDb ratings [4].

Some, if not all, data can never be truly anonymous.

Genomic data is some of the most sensitive and personal information that one can possibly have. With the price and time it takes to sequence a human genome advancing rapidly over the past 20 years, people now only need to pay about US$ 1,000 and wait for less than two weeks to have their genome sequenced [5]. Many other companies, such as 23andMe, are also offering cheaper and faster genotyping services to tell customers about their ancestry, health, traits etc [6]. It has never been easier and cheaper for individuals to generate their genomic data, but, this convenience also creates unprecedented risks.

Unlike blood test results having an expiration date, genomic data undergoes little changes over and individuals’ lifetime and therefore has long-lived value [7]. Moreover, genomic data is highly distinguishable and various scientific papers have proven that it is impossible to make genomic data fully anonymous. For instance, Gymrek et al. (2013) argue that surnames can be recovered from personal genomes by linking “anonymous” genomes and public genetic databases [8]. Lippert et al. (2017) also challenge the current concepts of genomic privacy by proving that de-identified genomes can be identified by inferring phenotypic measurements such as physical traits and demographic information [9]. In short, once someone has your genome sequence, regardless of the level of identifiability, your most personal data is out of your hands for good — unless you could change your genome the way you would apply for a new credit card or email address.

That is to say, we, as individuals, have to acknowledge the reality that simply because our data is de-identified doesn’t mean that our privacy or identity is secured. We must learn from linkage attacks and genomic scientists that what used to be considered anonymous might be easily re-identified using new technologies and tools. Therefore, we should proactively own and protect all of our data before, not after, our privacy is irreversibly out of the window.

Unfortunately, existing laws and privacy policies might protect your data far less than you imagine.

Understanding how NOT anonymous your data really is, one might then wonder how existing laws and regulations keep de-identified data safe. The answer, surprisingly, is that they don’t.

Due to the common misunderstanding that de-identification can magically make it safe to release personal data, most regulations at both the national or company levels do not regulate data that doesn’t relate to an identifiable person.

At the national level

In the United States, the Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA) protects all “Individually Identifiable Health Information (or Protected Health Information, PHI)” held or transmitted by a covered entity or its business associate, in any form or media. The PHI includes many common identifiers such as name, address, birth date, Social Security Number [10]. However, it is noteworthy that there are no restrictions on the use or disclosure of de-identified health information. In Taiwan, one of the leading democratic countries in Asia, the Personal Information Protection Act covers personal information such as name, date of birth, ID number, passport number, characteristics, fingerprints, marital status, family, education, occupation, medical record, medical treatment etc [11]. However, the Act doesn’t also clarify the rights concerning “de-identified” data. Even the European Union, which has some of the most comprehensive legislation for protecting data, states in its General Data Protection Regulation (GDPR) that “the principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable” [12].

Source: Privacy on iPhone — Private Side (https://www.youtube.com/watch?v=A_6uV9A12ok)

At the company level

A company’s privacy policy is to some extent the last resort for protecting an individual’s rights to data. Whenever we use an application or device, we are complied to agree with its privacy policy and to express our consent. However, for some of the biggest technology companies, whose business largely depends on utilizing users’ data, their privacy policies tend to also exclude the “de-identified data”.

Apple, despite positioning itself as one of the biggest champions of data privacy, states in its privacy policy that Apple may “collect, use, transfer, and disclose non-personal information for any purpose [13].” Google also mentions that they may share non-personally identifiable information publicly and with partners — like publishers, advertisers, developers, or rights holders [14]. Facebook, the company that has caused massive privacy concerns over the past year, openly states that they provide advertisers with reports about the kinds of people seeing their ads and how their ads are performing while assuring users that Facebook doesn’t share information that personally identifies the users. Fitbit, which is argued to have 150 billion hours of anonymized heart data from its users [15], states that they may share non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual [16].”

Overall, none of the governments or companies are currently protecting the de-identified data of individuals, despite the foreseeable risks of privacy abuses if/when such data gets linked back to individuals in the future. In other words, none of those institutions can be held accountable by law if such de-identified data is re-identified in the future. The risks fall solely on individuals.

An individual should have full control and legal recourse to the data he/she generates, regardless of identifiability levels.

Acknowledging that the advancement of technology in fields like artificial intelligence makes complete anonymity less and less possible, I argue that all data generated by an individual should be seen as personal data despite the current levels of identifiability. In a rule-of-law and democratic society, such a new way of viewing personal data will need to come from both bottom-up public awareness and top-down regulations.

As the saying goes, “preventing diseases is better than curing them.” Institutions should focus on preventing foreseeable privacy violations when “anonymous” data gets re-identified. One of the first steps can be publicly recognizing the risks of de-identified data and including it in data security discussions. Ultimately, institutions will be expected to establish and abide by data regulations that apply to all types of personally generated data regardless of identifiability.

As for individuals who generate data every day, they should take their digital lives much more seriously than before and be proactive in understanding their rights. As stated previously, when a supposedly anonymous data is somehow linked back to somebody, it is the individual, not the institution, who bears the costs of privacy violation. Therefore, with more new apps and devices coming up, individuals need to go beyond simply taking what is stated in the terms and conditions without reading through, and acknowledge the degree of privacy and risks to which they are agreeing. Some non-profit organizations such as Privacy InternationalTactical Technology Collective and Electronic Frontier Foundation may be a good place to start learning more about these issues.

Overall, as we continue to navigate the ever-changing technological landscape, individuals can no longer afford to ignore the power of data and the risks it can bring. The data anonymity problems addressed in this article are just several examples of what we are exposed to in our everyday lives. Therefore, it is critical for people to claim and request full control of and adequate legal protections for their data. Only by doing so can humanity truly enjoy the convenience of innovative technologies without compromising our fundamental rights and freedom.

Reference

[1] Privitar (Feb 2017). Think you ‘anonymised’ data is secure? Think again. Available at: https://www.privitar.com/listing/think-your-anonymised-data-is-secure-think-again[2] Privitar (Feb 2017). Think you ‘anonymised’ data is secure? Think again. Available at: https://www.privitar.com/listing/think-your-anonymised-data-is-secure-think-again[3] A.Narayanan and V. Shmatikov (2008). Robust De-anonymization of Large Sparse Datasets. Available at:https://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf [4] A.Narayanan and V. Shmatikov (2007). How To Break Anonymity of the Netflix Prize Dataset. Available at: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.100.3581&rep=rep1&type=pdf[5] Helix. Support Page. Available at: https://support.helix.com/s/article/How-long-does-it-take-to-sequence-my-sample [6] 23andMe Official Website. Available at: https://www.23andme.com/[7] F. Dankar et al. (2018). The development of large-scale de-identified biomedical databases in the age of genomics — principles and challenges. Available at: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5894154/[8] Gymrek et al. (2013). Identifying personal genomes by surname inference. Available at: https://www.ncbi.nlm.nih.gov/pubmed/23329047 [9] Lippert et al. (2017). Identification of individuals by trait prediction using whole-genome sequencing data. Available at: https://www.pnas.org/content/pnas/early/2017/08/29/1711125114.full.pdf [10] US Department of Health and Human Services. Summary of the HIPAA Privacy Rule. Available at: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html[11] Laws and regulations of ROC. Personal Information Protection Act. Available at: https://law.moj.gov.tw/Eng/LawClass/LawAll.aspx?PCode=I0050021[12] GDPR. Recital 26. Available at: https://gdpr-info.eu/recitals/no-26/ [13] Apple Inc. Privacy Policy. Available at: https://www.apple.com/legal/privacy/en-ww/ [14] Google. Privacy&Terms (effective Jan 2019). Available at: https://policies.google.com/privacy?hl=en&gl=tw#footnote-info [15] BoingBoing (Sep 2018). Fitbit has 150 billion hours of “anonymized” health data. Available at: https://boingboing.net/2018/09/05/fitbit-has-150-billions-hours.html [16] Fitbit. Privacy Policy (effective Sep 2018). Available at: https://www.fitbit.com/legal/privacy-policy#info-we-collect

By Hsiang-Yun L. on April 29, 2019.