Chapter Twelve: Secure vs. Cure

Topol takes on privacy and security in our digital world. This is the darkest chapter of the book. It is filled with problems and the answers he poses seem thin and inadequate. That said it is an important issue and a cheerleader like Dr. Topol might have been tempted to skip it rather than to take on these issues. So despite the lack of answers these are important issues and I think he does a thorough job of identifying them.

Today’s Web-enabled gadgets should come with a digital Miranda warning: Anything you say or do online, from a status update to a selfie, can and will be used as evidence against you on the Internet.
— Nick Bilton

Topol starts off by pointing out the fundamental problem: the rush to digitalize our lives has left us with gaping vulnerabilituies. In fact, often the goals are in frank opposition. We want openness at the time we want privacy. We want a government that is transparent but at same time provide protection and security.

The premise behind the whole book is that big data will lead to better health but as topol says, "so far there's been a lot of curating without a lot of cures."

After introducing the fundamental conflict he describes how we all leave digital breadcrumbs that lead to our identity. It began with credit cards and has accelerated with cellphones, social networks and Internet searches. Avoiding leaving these traces is inconvenient and rarely done. For example a DuckDuckGo is a search engine that does not save your searches. They do a billion searches a year, Google does 100 billion every month.

Government efforts to give people tools to protect their privacy have been ineffective up to now. The consumer tool, "Do Not Track" has had little effect and a consumer Privacy Bill of Rights introduced by President Obama has not gone anywhere.

Topol then points out that tracking continues even when you are away from your computer. CCTV monitors everyone and your cellphone can give up your location even if you turn on privacy settings. He talks about sensors detecting what store you are in, and even what items you are looking at on the shelves. Companies are now taking that data and sending shoppers coupons appropriate for their tastes and the store they are in. Sounds like a creepy technology, though I have never seen a coupon delivered this way. So maybe this is just a potential technology rather than one currently implemented.

He talks about how CCTV data is now being paired with facial recognition software like Facebook is using to identify people in pictures. Pairing these technologies could permanently end the pleasure of anonymously wandering around a city.

All of this data on everyone's digital lives is scooped up and auctioned by "data brokers". He briefly describes the largest one of these, Acxiom. Part of the problem of all this data being centralized is that these repositories become juicy targets for hackers. But even when the data isn't stolen by digital thieves, it sometimes can be purchased. Choice Point, a large data broker, sold personal information including social security numbers on 140,000 people to an identity theft ring.

One of the biggest scandals of medical data loss occurred in the NHS's Care.data. This was a strategic move by the NHS to create a massive database of de-identified medical data to aid researchers. There was some opposition to this collection of data as opponents were worried the data was not secure. But the actual problem was that the NHS itself, sold access to the data of 47 million people to an insurance company. 

He then talked about how our cell phones are loaded with apps that collect health data but that most of it is insecure and has no publicly disclosed privacy policy. People just click "accept" without thought.

The most frightening area open to hackers were medical devices like pace makers and insulin pumps. These devices were often designed without much consideration for security. Companies are now scrambling to add security. 

He closes the list threats with the biggest one of all, one's genome. There is a federal law that prevents genetic information being used to deny medical insurance but the law doesn't apply to life insurance or to long term care insurance. So it is only a partial umbrella.

Topol thinks the best approach to these threats is for patients to own their data and to have control over all of their data that is stored in the cloud. It is not clear how having patients own it but having it stored by a third person prevent data breaches.