January 5, 2007

Medical Identity Theft

From the January 8, 2007 issue of Businessweek, an article about medical identity theft and health care databases:

But some privacy advocates fear that the rush toward digital health records could ironically create new nightmares for victims of medical ID theft. Rather than residing in a single doctor's paper files, fraudulent information—such as the erroneous diabetes diagnosis in Lind Weaver's records—could circulate in other medical databases across the country. Given that some medical ID thefts are "inside jobs," wherein rogue clerks sell patient data to fraudsters on the outside, privacy advocates believe that allowing data to flow more freely around a national network could make such thefts even easier. "We can expect [medical ID theft] to grow the more we move toward an electronic health-care system. It's going to be a disaster," says Dr. Deborah Peel, an Austin (Tex.) psychiatrist and founder of the Patient Privacy Rights Foundation.

...but, as usual, the weakest link is usually a human:

In September, federal authorities arrested a scheduling clerk at the Cleveland Clinic's Weston (Fla.) hospital who allegedly had passed on the personal identification information of more than 1,100 patients to her cousin—who in turn submitted $2.8 million in false claims to Medicare. "Hospitals have done a poor job of implementing security procedures on their computer systems," says one federal investigator. "You'd be astonished how many people have access to your medical records."

U.S. Mint Data Mining & Credit Card Privacy

This freetimes.com article on U.S. federal government surveillance mentions the U.S. Mint's credit card data mining program:

Unlike the NSA and Treasury spy programs, a U.S. Mint program that trawls through your credit card data when you make online purchases isn't aimed at terrorists. It was built to spy on ordinary Americans in an effort to "detect criminal activities or patterns" and "stop fraudulent activity involving stolen credit cards." Yet very little has ever been written or reported about it.

The article also mentions the DIA's purchase of Verity K2 Enterprise software to search the databases of other intelligence agencies, and IRS's Reveal, and others from the GAO report on government data mining.

January 1, 2007

The Value of Privacy

Cryptographer Bruce Schneier on the value of privacy:

Cardinal Richelieu understood the value of surveillance when he famously said, "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." Watch someone long enough, and you'll find something to arrest -- or just blackmail -- with. Privacy is important because without it, surveillance information will be abused: to peep, to sell to marketers and to spy on political enemies -- whoever they happen to be at the time.