Backchannel’s package on medical data and the health-tech industry profiles three people who were able to shake loose their own data and make real improvements in their lives with it:
1. Marie Moe, who discovered that the reason she was having terrifying cardiac episodes was out-of-date firmware on her pacemaker;
2. Steven Keating, who created a website with exquisitely detailed data on his brain tumor, including a gene-sequence that had to be run a second time because the first scan wasn’t approved for “commercial” use, which included publishing it on his own site; and
3. Annie Kuehl, whose advocacy eventually revealed the fact that doctors had suspected all along that her sick baby had a rare genetic disorder, which she only learned about after years of agonizing victim-blaming and terrifying seizures.
The conundrum is made worse by the fact that
- insurers, data-miners, and commercial tech giants are routinely given access to the data that is denied to patients,
- while patients themselves can’t choose to donate their own data to public-interest, open access research efforts.
Identity thieves and other criminals also routinely access this data, because medical practices, insurers and other aggregators are every bit as prone to leaks as the DNC, OPM and Ashley Madison are.
The use of DRM (Digital rights management) in medical implants complicates things further: because section 1201 of the DMCA has been used to sue and criminally prosecute people who bypassed DRM for legal purposes
Last autumn, the US Copyright Office granted a limited exemption to jailbreak medical implants for security research purposes, but this exemption is grossly inadequate. It only covers the act of bypassing DRM, but not making or sharing tools or information needed to bypass the DRM (each researcher must make her own DRM-breaking tool and cannot share it with other researchers, making it impossible to replicate her experiments)
Last month, the Electronic Frontier Foundation filed a federal lawsuit to invalidate section 1201 of the DMCA; the suit was filed just weeks after the ACLU filed suit to challenge the constitutionality of the Computer Fraud and Abuse Act, which has been used to jail researchers who discovered mass privacy-leaking defects in online services (the CFAA defines hacking as “exceeding authorization” on a remote system; prosecutors argued that since the service’s terms of service banned security researchers from investigating their integrity, the researchers had exceeded their authorization).
“Property” is a terrible framework for understanding personal information — it’s led to a situation where people aren’t allowed to know what’s going on in their own bodies, and where corporations can use anti-theft laws to attack scientists, security researchers, and the people whose bodies generated the data the corporations have turned into crown jewels.
We need a drastic, urgent rethink of this:
Our networked health future will only serve us well if it arrives with
- privacy protection for patients,
- transparency for security researchers, and
- universal access for scientists working in the public interest.
Our Medical Data Must Become Free [K McGowan/Backchannel]