Privacy in the world of [Google Glass] and wearable computing . . . and wifi, apparently

Sticks

AngelHedgie wrote: »

Sticks wrote: »

spacekungfuman wrote: »

Sticks wrote: »

spacekungfuman wrote: »

Sticks wrote: »

spacekungfuman wrote: »

Good bye HIPAA. We barely knew you:

We've seen a few interesting apps built specifically for Google's new headset but, to our knowledge MedRef for Glass is the first that recognize people's faces. The basic functions aren't anything terribly ground breaking: you can create and search patient files, and even add voice or photo notes. What makes Lance Nanek's creation unique is its support for facial recognition. A user can snap a picture of a subject and upload it to the cloud, where it will search patient records for a match using the Betaface API. All of this can be done, relatively hands-free leaving a doctors well-trained mitts available to perform other necessary medical duties. There's still a lot of work to do, and Nanek hopes that with more powerful hardware the facial recognition feature could be left running constantly, removing the need to snap and upload photos.


http://www.engadget.com/2013/05/13/medref-for-glass-uses-facial-recognition-to-identify-patients/?utm_medium=feed&utm_source=Feed_Classic&utm_campaign=Engadget

That's only a HIPAA violation if the medical records are accessible to any old person using Glass.

Hell, I can even see setting it up so they can give electronic consent via a thumbprint on the practitioner's smartphone or something to OK those records being forwarded to necessary parties.

I doubt very much that the hardware has the right encryption to satisfy the HIPAA security rule. Anything google related probably does not.

Are you talking about storing the data on the device, or securing it while it's being transmitted to the headset? I confess I'm not exceptionally well informed on the storage requirements mandated by HIPAA, but the most you need to transmit PHI is https with valid means of insuring authentication (user credentials, SSL cert, etc). And I would be pretty surprised if Glass doesn't support that.

As to storage, I would assume the app itself can be programmed to handle the necessary encryption/decryption for compliance.

I'm concerned about two things. First is storage, but second, like all google products, presumably there is information capture from google.

It would have to be setup in such a way that google can't see the actual contents of the records while their in transit. Like, you use their face recognition software to generate a name, then you send that name and your credentials over HTTPS to whatever vendor is housing the records. The transmission of the data is totally doable in a compliant way.

Of course, I'm assuming that once the records are actually on Glass that they're not being reuploaded to Google's servers simply by virtue of viewing the data. But that would be an issue for anything remotely private (financial data, private correspondence, etc) that you wished to view over the headset, so I feel like there has to be a way to control that built in.

Maybe that's a naive assumption though?

Have you read a Google EULA? There be dragons in there.

No I haven't, but I would like to see the EULA where you can consent to give out another person's legally protected data.

Either Google doesn't want the device used in a medical context, or it is possible to secure PHI on the device. Anything else is a massive lawsuit waiting to happen, or possibly even government fines if they swing it so that Google is a covered entity under HIPAA. Which I can see, given that they undertook to store patient data on their servers in this hypothetical scenario.

I don't see any reason why Google would expose themselves to that sort of liability just to serve you a few more ads, but then I'm assuming they aren't inherently evil or stupid.

Sticks wrote: »

Maybe that's a naive assumption though?

edit: apparently, we're on a new page now so quote is probably handy

mcdermott

Drez wrote: »

Quid wrote: »

zerzhul wrote: »

Tastyfish wrote: »

spacekungfuman wrote: »

The idea would be to make it a non-default setting, so you need to deliberately choose to set a network as public.

Already is, secured network is the default - you have to deliberately set it as open usually, don't you?

This is just my experience, but every router I have ever purchased has the default set to wide open. I have not purchased a router for about 3 years, so things may have changed, and it could be different across brands.

This was my experience up until my most recent router which was a pleasant surprise. Though it's also Verizon's and not mine.

Yeah, I just got a new FIOS router recently and it defaulted to WPA 64-bit.

But that's not the norm, I don't think.

This is, i think, becoming the norm. Of the last three consumer routers I unboxed (one for me, two for friends), two of them came secured out of the box.

AngelHedgie

Sticks wrote: »

No I haven't, but I would like to see the EULA where you can consent to give out another person's legally protected data.

Either Google doesn't want the device used in a medical context, or it is possible to secure PHI on the device. Anything else is a massive lawsuit waiting to happen, or possibly even government fines if they swing it so that Google is a covered entity under HIPAA. Which I can see, given that they undertook to store patient data on their servers in this hypothetical scenario.

I don't see any reason why Google would expose themselves to that sort of liability just to serve you a few more ads, but then I'm assuming they aren't inherently evil or stupid.

Sticks wrote: »

Maybe that's a naive assumption though?

A lot of Google's EULAs contain "you give Google license to use the stuff that you send us" clauses. Then again, they abandoned their e-health platform about a year ago.

AngelHedgie

I think a large part of the issue is that a lot of techies simply see the world differently from most people. There's a few reasons why that I can think of - I myself feel like I straddle the line and get to see both worldviews (and wind up with a massive headache in the process.) Technocracy has a certain seductive charm to it.

The problem occurs when the techies decide that discussion and negotiation are no longer worth having, and instead choose to push their own views on the rest of us. Again, a lot of that is because they live in a different world from the rest of us, in some cases quite literally. And more and more, they're working at turning their wealth into political power and influence.

Sticks

Yea, but I don't think you can give Google that license in this particular case. It's legally not yours to give. They can also have a clause in there saying "we now own your first born child" and it would amount to the same.

Basically, I don't think doctors using Glass for medical purposes is much of a concern because there are legal barriers to protect privacy. So either it's possible, and everything should work out ok. Or it's not, and they won't be using it. The issue with Glass is all those areas where we are accustomed to privacy, but there is no legal protection.

AngelHedgie

So, Page's comments at I/O were interesting, to put it mildly. As The Verge put it, he wants a beta-test country.

AngelHedgie

Or to put it more bluntly, I cannot wait for Google to open the Rapture Googleplex.

Sticks

I am Larry Page, and I'm here to ask you a question. Is a man not entitled to the bits in his tubes? 'No!' says the man in the Government, 'We must have access for national security.' 'No!' says the man at the ISP, 'We must have access to prioritize traffic.' 'No!' says the man on the internet, 'We must have access for freedom of information.' I rejected those answers; instead, I chose something different. I chose the impossible. I chose... Googletopia.

Vorpal

AngelHedgie wrote: »

So, Page's comments at I/O were interesting, to put it mildly. As The Verge put it, he wants a beta-test country.

I actually love the idea of a beta test country.

Let's give them Wyoming.

Phyphor

Underwater cities are old hat. Plus, water blocks wifi and cellular. Take to the skies, Googlumbia!

AngelHedgie

So, seems that Congress has questions about Glass.