6 C
Wednesday, November 22, 2017
Home Tags Medical conditions

Tag: medical conditions

The FDA zeros in on health software, not one-off wearable devices.
Strange medical codes used in health insurance claims are surprisingly common.
Family-based team’s design beat out tough competition for Star Trek-inspired win.
Religious beliefs, political leanings, and medical conditions are up for grabs.
Enlarge / Former Reuters social media editor Matthew Keys (R), seen here with his lawyer Jay Leiderman at the federal courthouse in Sacramento in 2013.Max Whittaker / Getty Images News reader comments 6 Share this story After having served nearly three months in a federal prison camp in central California, Matthew Keys is making the best of it. In August 2016, the 29-year-old journalist began his two-year sentence in Atwater, California, about 120 miles east of San Francisco.

Earlier this year, Keys was convicted at trial under the Computer Fraud and Abuse Act (CFAA), the notorious anti-hacking federal law that dates back to the 1980s.

An effort to reform that law has languished in Congress. Keys told Ars that, even post-conviction, he did not hand over any login information that led to the 40-minute alteration of a Los Angeles Times headline in 2010. Hours before Keys’ sentencing hearing in April 2016, Ars received a letter from someone under the pseudonym “Sam Snow,” who claimed that he, and not Keys, was the one who actually handed over the login details.

This new claim by Snow will likely have no impact on Keys’ appeal, which is pending at the 9th Circuit US Court of Appeals. Ars has been periodically corresponding with Keys by e-mail through CORRLINKS, the monitored e-mail system set up for federal inmates, and the following interview has been edited for clarity. We hope to be able to visit him in person in the coming months. Ars: What is your day-to-day like? Keys: I wake up around 6:30am, shower, sometimes grab breakfast or nibble on something on my way to work. Work starts around 7:30.
I'm at work until 10:10am, lunch is at 10:30am, back to work around 11am, and then usually I'm off work by 2:20pm. (except for lately, which I'll get into later).

Dinner is at 3:30pm, after which I usually wait around the dormitory until mail call (between 4 and 5pm).
If I don't have classes that day (programming classes, not "college classes," basically classes we can take to do something interesting and kill some time), I'll nap until around 8pm or I'll read the newspaper, a magazine, or a book.

TV time from 8pm until around 10pm, then I’m usually in bed. Weekends are a little different. With the rare exception of an overtime day (there have been three of those), we don’t work on the weekends. My boyfriend visits me every other Sunday, so I’m awake around 8am to get ready for his visit (from 10:30am to 3pm); otherwise the schedule is about the same.
I use weekend time to work out and catch up on reading and writing. What is your living situation like? There are two buildings at Satellite Camp Prison (SCP) Atwater: A dormitory, which is an open living area with three rows of metal bunk beds and a common area, with round tables and television sets, and another building with a visitation room, a library, a chapel, and three classrooms.

The dormitory also houses a recreation room/small gymnasium, a TV viewing room, staff offices, and lavatory with private-stall showers.

There are, at any given time, around 90 to 100 men living in the dorms (there are no cells at a satellite camp). Most people are here for one of two crimes: White collar (mostly financial fraud) or non-violent drug related offenses.

The number of drug-related offenses generally outnumbers the white collar cases. Camps have a general reputation of being "Club Fed," an easy place to do time.

But that’s wrong.

This is still prison. We might have slightly more freedom of movement, but we still have plenty of restrictions.

The system of rehabilitation here is significantly flawed in a way that almost guarantees most people here who actually committed a crime will offend again.
Very rarely is this a staff issue—most of the staff members I've met here are cordial, respectful, and helpful—it's an institutional problem.
Someone thousands of miles away is making broad decisions governing all inmates, regardless of their crime, situation, living condition, financial situation, education, or health. The problem with that is everyone's circumstance is unique and different.
Some people can’t afford medical care (we have to pay out of pocket for it), some can't afford toiletries, some (like me) have medical conditions the government refuses to acknowledge and treat.
Some people have been told they will not receive halfway house time—time meant to help rehabilitate and reintegrate a person into society—if they are unable to pay hundreds of dollars in owed fines and restitution.
Some people have been told they will spend weeks, if not months, in redundant GED classes despite having graduated with college degrees. (For a while, one of the inmates here with a doctorate in jurisprudence was told, despite his scholarly record, he would still have to attend GED classes.) Taxpayer resources are wasted in some areas, while resources that could go toward helping rehabilitate people, prepare them for reintegration into society, and encourage their success are severely lacking. Yes, this is prison.

But it seems to me if society is willing to take a person’s liberty away, society has a responsibility to ensure that person is taken care of while in custody and is well-prepared and well-informed in order to function as a constructive member of society once they are released.
I’ve only been here three months, but it’s clear to me that even at “Club Fed,” that doesn't happen.

That’s a problem that can only be fixed at the institution level. How did you spend your last few days on the outside? On the suggestion of a friend, I encouraged people to contact the White House.
I wrote a letter to a White House official and distributed the letter to a select handful in the media. POLITICO was the only news organization to write about the campaign, which both surprised me and didn’t surprise me. When I realized that our effort wasn’t getting us anywhere, I spent the last of those days with my family, my boyfriend, and a handful of close friends. Who is managing your digital accounts/devices while you’re away? Nobody. What contingency plans, if any, did you establish for re-establishing your accounts when you get back? I took steps to ensure I could access my accounts when I’m released.

Depending on when I’m released will depend on whether I’m able to re-access my accounts, I guess.
I really don’t know if something will happen or something will change between now and then—inmates in the federal prison system do not have Internet access. Is there any opportunity to do journalism from the inside, whether about the BOP, the Atwater facility, or otherwise? You mentioned to me that a lot of people are interested in criminal justice reform.

Does your experience now make you want to cover the criminal justice system more when you get out?
I’m still exploring this possibility. Officially, the Bureau of Prisons does not allow for an inmate to act as a reporter or publish under a byline while they are incarcerated. Legal material available to us here challenges that policy, suggesting it may be a constitutional issue.

There have been cases in the past where people have written columns while incarcerated—Barrett Brown, who wrote for The Intercept, and the Manhattan Madame who wrote for XOJane—though there have also been consequences for people who have exercised their constitutional rights while they’ve been incarcerated. One thing that did make me happy: I received a letter from the FCC earlier this month letting me know I had won an issue I raised on appeal two years ago, and the outcome of the appeal meant more documents would be disclosed pursuant to a [Freedom of Information Act] request I made a while back.

Another journalist, Shawn Musgrave, filed the same FOIA about a year after I did, so I’m hoping he does something with the documents that emerge, since I can’t while I’m here.
I’m glad to know, though, that the public will continue to be informed on important issues based in some small part on the work I was able to do before I arrived here. Who is Sam Snow? I don’t reveal the names of sources who have been promised confidentiality. Since you reported to Atwater, I have received a few more very short e-mails from Sam Snow.

Frankly, he seems a bit naïve as to how the legal system works. On July 26, for example, he wrote me: "no i dont plan on visiting him i'm hoping he won't have to go to prison at all!" and when I told him that this was extremely unlikely, he seemed surprised.

Can you tell me anything more about who he is and what your relationship with him is? Now that you are serving your sentence, is he worth protecting? Under what circumstances would you reveal more about him?
I would reveal more about any confidential source only if I had their permission to do so, and if I felt their decision to volunteer their identity was made of sound mind and not under duress or persuasion.

A change in my circumstance does not alter the fact that a source was offered and accepted anonymity. Do you have any regrets about not taking a plea deal? It strikes me that even if your conviction and/or sentence is overturned on appeal, you’ll have already served the bulk, if not all, of your time.
Is that price worth it? Do you have any regrets about not taking the stand at trial? You told me in Vacaville that you want to “narrow the applicability of the law so it doesn’t happen to anybody else...” Does that motivation still hold true?
I am innocent.
Innocent men should, and do, fight for their liberty. My main motivation for taking this case to trial, and now to appeal, is to clear my name.

But there are other reasons for fighting this case as well.

An aggressive prosecutor is seeking to create precedent by using a broad, vague law to charge a journalist with conspiracy for committing an act of journalism.

As I’ve said before, that should frighten many people in the journalism community.

For some reason, it apparently doesn’t, because no journalistic institution came to my defense—which was more than disappointing—although a number of journalists did challenge the prosecutor’s intentions and the harshness and vagueness of the Computer Fraud and Abuse Act. It is well-documented, through FBI reports published on the Internet, that I was under surveillance [and] that the prosecutor in the case had personal motivations for wanting this case. He reportedly threw a fit when the lead FBI agent sought to move the case to Los Angeles, where the Times newspaper was based, because, according to the document, “he really wants to prosecute Keys.” That the Department of Justice has targeted journalists and their sources in a number of other cases (the New York Times, Fox News, the Associated Press, and others)—in some cases, threatening to jail reporters for contempt.

But here, there was no main suspect for about three years, so they couldn’t charge me with contempt.
Instead, they charged me as a conspirator. Which, as I’ve said many times before, is bullshit. What happened to me can, and almost certainly will, happen to others—to journalists, to activists and to others the government deems to be unsavory.
If we succeed on appeal—and we believe we will—it’ll prevent another person from having to go through what I’ve been through. Let’s assume for a moment that the 9th Circuit doesn’t rule in your favor, and an en banc appeal is declined. Would that change anything for you, and how you talk about your case? No. We still have the Supreme Court.

As my attorney Jay Leiderman said in one of the hearings, the Supreme Court “is bound to take up this issue, and it might as well be us” who brings the case before them.
Languages Download icon watchOS 3.1.3  This update includes improvements and bug fixes. For information on the security content of Apple software updates, please visit this website: https://support.apple.com/kb/HT201222 watchOS 3.1.1  This update includes improvements and bug fixes. Fixes an issue that could prevent contact names from appearing in the Messages app and notifications Fixes an issue that could impact ability to respond to notifications Resolves an issue where the Stocks complication may not update on the watch face Fixes an issue that may prevent the Activity rings from displaying on the Activity watch faces Fixes an issue that prevented the dials on an analog watch face from appearing after changing the temperature unit in the Weather app Resolves an issue that could cause the Maps app to stay launched after navigation has ended Resolves an issue where the incorrect date could be displayed in the Calendar app month view For information on the security content of Apple software updates, please visit this website: https://support.apple.com/kb/HT201222 watchOS 3.1 This update includes improvements and bug fixes. New option to replay bubble and full screen effects in Messages Messages effects can play with Reduce Motion enabled Fixes an issue that could cause the notification for Timer complete to be delivered twice Resolves an issue that could prevent Apple Watch Series 2 from fully charging Resolves an issue where Activity rings may disappear from the watch face Fixes an issue that prevented Force Touch options from appearing in some third-party apps For information on the security content of Apple software updates, please visit this website: https://support.apple.com/kb/HT201222 watchOS 3.0 This update includes support for pairing multiple watches to one iPhone, Maps improvements and new language support.

This release also includes additional improvements and bug fixes. Performance and Navigation Press the side button to access your favorite apps in the Dock Apps in the Dock launch instantly with already updated information Add up to 10 apps in the Dock, control music from Now Playing or launch your most recently used app Swipe edge-to-edge to quickly switch your watch face Swipe up from the bottom of your watch face to access important settings in Control Center Watch faces New Minnie Mouse, Activity, and Numerals watch faces Complications now available on Photo, Photo Album, Timelapse, and Motion New complications including Workout, Music, and Messages New Face Gallery in the Apple Watch app on iPhone to add and customize watch faces Discover and add third party complications in the Face Gallery Activity Ability to share and compare your Activity rings Rank alphabetically, or by progress towards Move goal, Exercise goal, steps or today’s workouts Automatic notifications when a friend completes their rings, finishes a workout, or earns an achievement Customized smart replies for encouragement or smack talk New Sharing tab in the Activity app on iPhone to view history Workout Quick Start for most commonly used workouts Multiple metric view, customizable for each workout type New gestures for pause, resume, and marking segments Labels for “Other” workouts to keep track of Yoga, Pilates, Cross Training, and more Auto-pause for running workouts Siri support for pause, resume, and end workouts Route maps with speed indicators for outdoor workouts Wheelchair use Activity rings optimized for wheelchair users Accounts for varying speeds, terrains, and pushing techniques Pushes contribute to all-day calorie goals Time to roll notification and roll ring New Outdoor Run Pace and Outdoor Walk Pace workouts Breathe New Breathe app to take a moment in your day for short deep breathing sessions Calming visualization and haptic cues guide you while you inhale and exhale Adjust session length and breaths per minute Summary upon completion including heart rate Time to breathe reminders Weekly summary Communication Expressive Messaging Full-screen effects to celebrate special moments Tapback for quick replies to messages, links, and photos Handwritten messages animate like ink on paper Send recent built-in or third-party stickers View secret messages with invisible ink Scribble Write words on the display and Apple Watch will convert the handwriting to text Use the Digital Crown to scroll through predicted options Available in English (US), Traditional Chinese, and Simplified Chinese Reply options available in the Messages and Mail notification, including Digital Touch, emoji, and smart replies New emoji, including gender diverse options to existing characters, single parent family variations, rainbow flag, and redesigns of popular emoji Emergency SOS Press and continue to hold the side button to call emergency services Automatically notify SOS contacts and share your location Display your Medical ID with information about medications, allergies, and medical conditions Adjusts the emergency number to your current location Home New Home app to control HomeKit enabled accessories Enable scenes created on your iPhone to control groups of accessories with just a tap Control favorite accessories from your wrist, even remotely with Apple TV or iPad Support for IP cameras to see live video in rich notifications and accessory controls Other improvements New Reminders app for managing scheduled reminders, grocery lists, and more New Find My Friends app for viewing location of friends and family Pay with Apple Pay within third party apps Delete events and switch calendars in Calendar app Support for FaceTime Audio calls directly from Apple Watch Search for Settings in Apple Watch app on iPhone Camera app controls for Flash, Live Photos, HDR, Zoom, Burst, and Front or Rear facing Siri support for Spanish (Chile), Chinese (Cantonese - China), English (Ireland), English (South Africa) Some features may not be available for all countries or all areas. For information on the security content of this update, please visit this website: http://support.apple.com/kb/HT1222
No middleman required to ding sites for info Black Hat Malicious ads can potentially masquerade as people online and grab their personal information from HTTPS-protected websites, two boffins have shown. The technique is dubbed HEIST – HTTP Encrypted Information can be Stolen through TCP-Windows – and it was devised by Tom Van Goethem and Mathy Vanhoef, both PhD researchers at the University of Leuven in Belgium. The attack involves sneaking malicious JavaScript onto a webpage to swipe people's personal details, such as social security numbers and email addresses, from HTTPS-encrypted websites.

The code can be smuggled into dodgy ads or simply placed on a website by hackers or an unscrupulous administrator. It was demonstrated [slides, white paper] at Black Hat in Las Vegas this week. An attacker doesn't have to intercept or snoop on the encrypted web traffic flowing over the network to decode it.
Instead, the JS code pulls off a side-channel attack to extract the sensitive goodies. When a visitor visits a webpage tainted with the HEIST script, the malicious code silently runs and fires off lots of requests to a particular website – perhaps a popular online bank or healthcare portal – that the victim is still logged into.

The script runs code that looks like the following; in this example, it requests someone's profile page on a healthcare portal: fetch('https://myhealthcare.org/myprofile', { mode: "no-cors", credentials: "include"}); This calls fetch(), telling it to hand over the user's credentials – their login cookie so we can continue to log in as them – and to use a standard HTTP GET call to fetch the profile page.

This last bit is important: for security reasons, when using HEAD, GET or POST, the JavaScript code is not allowed to see the encrypted page returned by the website.
So far, so good. fetch() is aimed at asynchronous communications: it returns a Promise object that triggers a callback as soon as the first byte is received from the server, even if it's encrypted. Using performance.getEntries() it is possible to find out when the last byte was received.
So we have a start time and a stop time. Now we're cooking on gas. Now we know how long it took to receive the whole response.

The packets of data will have been sent in batches, known as congestion windows, one window at a time, one after the other, with a slight pause at the end of each window for the browser to acknowledge to the server that everything is going OK. It is possible, judging from the time taken, to work out if a fetched page fitted inside one or more than one window: any delays will be apparent to the HEIST script.

The JavaScript code is not allowed to know how much data is returned, in terms of the number of bytes – it has to rely on timing to judge how large a response is. Now, most websites employ a compression algorithm to reduce the amount of data transferred.
If there's a block of duplicated information on the page, the server sends that block once.
If the HEIST script can send a request to a website knowing that part of the request will appear on the page, it can vary that request to, byte by byte, sniff out the contents of the encrypted page. Let's say the page being targeted includes an email address, bob@example.com, and the request sent includes some text that will appear in a HTML form on the returned page – we're imagining some sort of settings page, here. We want to find out the email address.
So first we send aaa@example.com and get back, say, 200 bytes of compressed encrypted data. We next send a combination of addresses until we hit bob@example.com and get back 184 bytes.

The address in the HTML form matched the address we want, the compression algorithm replaced the duplicated data with a placeholder to the first instance of the matching text, and our script senses that as shorter data. It's possible, in a matter of seconds, to replay this over and over again and slowly construct the information required from the page, by watching for when the returned data dropped from fitting in two TCP windows to one window.
It may even be possible to lift sensitive information such as CSRF tokens from people's sessions. Don't forget though, to work, HEIST requires a webpage that reflects part of the browser's request in its own content, and for the victim to have enabled JavaScript execution and third-party cookies. Response It's similar to the 2012 CRIME and 2013 BREACH attacks that exploited compression to decrypt web traffic. "The impact of our findings has been illustrated by showing how compression-based attacks such as BREACH can be executed without requiring a man-in-the-middle position," Van Goethem and co-author Mathy Vanhoef said in their white paper. "Additionally, by using search-based oracles, personal information such as credit card numbers can be obtained, and the medical conditions of victims can be exposed.

Finally, we have argued that it is difficult to defend against our attacks." You may think that the more modern HTTP/2 protocol might provide some protection against this attack, but the two said it actually makes things worse because it supports parallel requests, which speeds up the overall technique. The researchers said that the only way to protect against HEIST is to disable third-party cookies, which is an option on most browsers but not enabled by default.

Disabling third-party cookies would prevent HEIST's fetch() call from authenticating with the raided webpage. The pair added that they had been in contact with some developers and patches are being worked on. ® Sponsored: 2016 Cyberthreat defense report
You WON’T BELIEVE THE ANSWER Sketch So, what, if anything, keeps former New York Mayor Rudy Giuliani awake at night? Actually, he told a BlackBerry event today, there is this one thing. “You gotta always worry about a nation with an insane leader,” he told startled attendees. Well, Rudy.
It’s funny you should say that. Giuliani had flown overnight from Cleveland, Ohio, after giving a restrained speech at the Coronation of The Donald.

That's this year's Republican National Convention at the Quicken Loans Arena, where party delegates will vote to make Donald Trump its choice of keeper of the nuclear launch codes in this year’s US presidential election. What’s Rudy's logic here? Perhaps the logic is: it takes one to know one. An old friend of BlackBerry CEO John Chen, Giuliani told a surprise audience of some 400 BlackBerry partners, journalists and analysts at BlackBerry’s annual Security Summit in NYC that cybersecurity was his “last crusade.” “We hide important information.
Information about law cases, about new inceptions, about medical conditions,” he explained. “All this is locked up. Now all of this is” – and Giuliani made an arc shape with his hands – “here.” “We have got to find the same solutions we had for physical information for digital information and cyber information.

And BlackBerry is, because of its beginnings, the way it's grown and the way John has repurposed it, he has some of the most innovative and creative solutions to cybersecurity that any company I have looked at or talked to,” he said. Giuliani related his work “busting the Columbian drug cartels and the New York mafia,” before pausing to qualify it a bit. “President Santos broke the cartels – I gave them a lot of help,” he said. “Blackberry began as a secure phone,” he added. [Are you sure? – ed.] Giuliani relayed how BlackBerry’s point-to-point security had allowed him to keep control during the September 11 attacks in 2001. "You know what saved us [on 9/11]? BB’s point to point service," said the former mayor. "They all had point to point service.
It worked through the original attack, when the second building came down, it worked all day.
I gotta tell ya, it saved lives and made it possible for me within a half hour to restore our complete command center, even though our command centers were out of power." BlackBerrys can’t do that any more, of course. So anyway. Why the "insane leaders"? What else was worrying him? Go on.

Do tell. “I worry about terrorist groups that operate within states. Maybe sponsored by it, maybe opposed to it. Like the Chechen rebels, but I’m not saying the Chechen rebels are such a group,” said Giuliani. (I was beginning to get the hang of decoding a Giuliani keynote after a few minutes.) “Those are the ones who worry me because we don’t have a Mutually Assured Destruction (sic) for them.” “Nations. Well, you gotta always worry about a nation with an insane leader." He was less worried about the traditional rogues gallery. “Iran won’t cyberhack us. We’ll cyberhack them back! Just like we did with Israel.


And I underline the word allegedly.” After the BlackBerry event Giuliani headed straight back to Cleveland.

That’s devotion.

And we’re told he waived his fee. ® Sponsored: 2016 Cyberthreat defense report
Up and down the country, probably across the world, new projects in big data are starting up. Many are focusing on personal data that has been freely given combined with information that has been bought in and, using big data analytic techniques, and they're finding out more about their customers than was ever dreamed possible. Off the record (perhaps with the aid of some alcoholic liquid lubricant) the data scientists working on such projects will tell you more about all the different ways they are mining this data - and the new insights on clients, potential customers and business operations that these big data projects are uncovering and the ways in which they are being used. However, the Information Commissioner's Office (ICO) has already sounded a warning: at the end of July, it released a 50-page report entitled "Big data and data protection", in which it warned companies that they must adhere to the Data Protection Act when conducting customer-focused big-data projects. Big data and data protection The ICO's concern is that as customer-focused big-data projects become more widespread and pervasive, the rules governing data protection will be forgotten as organisations rush to learn more and more about their customers, and the maximum fines that the ICO can dish out for non-compliance - if and when it finds out - are small compared to the potential business benefits. "[Big data] is characterised by volume, variety and velocity of data, and by the use of algorithms, using ‘all' the data and re-purposing data. The ICO is interested in big data as it can involve processing personal data," says the ICO. It continues: "Many instances of big data analytics do not involve personal data at all. Using climate and weather data, for example, could enable new discoveries and improved services without using personal data. "However, there are many examples of big data analytics that do involve processing personal data, from sources such as social media, loyalty cards and sensors in clinical trials. Where personal data is being used, organisations must ensure they are complying with their obligations under the Data Protection Act," warns the report. The Data Protection Act - which will be broadly applicable across Europe - applies in a number of ways, says the ICO. One key data protection requirement is to ensure that the processing of personal data is "fair". This is especially important where that processing will be used to make decisions that could affect individuals. "Fairness is partly about how personal data is obtained," explains the report. "Organisations need to be transparent when they collect data, and explaining how it will be used is an important element in complying with data protection principles. The complexity of big data analytics is not an excuse for failing to obtain consent where it is required." In other words, there is an emerging grey area over the use of multiple different data sets for big data analytics where personal data is involved. For example, an organisation might have legacy customer data in a customer relationship management (CRM) system, which it is now combining with data gleaned from its e-commerce website, as well as data - both online and offline - acquired from third parties. Yet, as far as the ICO is concerned, this may not be compliant with the Data Protection Act. Indeed, it is quite explicit that it probably isn't: "Big data analytics can involve re-purposing personal data. If an organisation has collected personal data for one purpose and then decides to start analysing it for completely different purposes (or to make it available for others to do so) then it needs to make its users aware of this." Theory and practice In theory, big data techniques ought to enable organisations to better serve their customers. In practice, though, it's a little different, says data scientist Andrew Maclaren, managing director of consultancy Brilliant Data. "Organisations are massaging customer data to try and create customer wants and needs," says Maclaren, citting a contract with an agency involved taking web logs of customer activity. "It did demographic research on its customers to find out what they were searching for, how long they were taking, who was searching and why," says Maclaren. That research found a correlation of various factors, such as that between the hours of 1pm and 3pm, women between about the ages of 28 and 38 frequently looked at new cars. Drilling down, it found that in four-fifths of cases those women also had children and were therefore most interested in family cars with a good reputation for safety. In response, the agency pushed that information to its car-making clients, advising them how they could identify users on their websites and push offers appropriate to the needs that Maclaren's research had identified. "That kind of analysis worked across industry, although it was mostly a B2C thing," says Maclaren. The example demonstrates how big data analysis can be used to determine likely customer needs and serve them appropriate offers. However, many users might also be surprised at the ease with which they can be identified on websites with the aid of data-aggregating third parties. In the US, ethical questions have increasingly been raised over the activities of "data brokers", commercial organisations that keep ever-expanding databases about people's buying, web browsing and other habits for sale to all-comers. Acxiom, for example, claims to have files on 10 per cent of the world's population, with about 1,500 pieces of information per consumer - at the moment. Data brokers' files on individuals are generally sold by list, which according to testimony before the US Congress includes lists of rape victims, pensioners with dementia, "financially vulnerable" people, people with specific medical conditions and the medication they are taking, and even police officers, including their home addresses. "The advertising community has been woefully unforthcoming about how much data they're collecting and what they're doing with it. And it's going to backfire on them, just as the Snowden revelations backfired on the National Security Agency [NSA]," high-profile angel investor Esther Dyson told Adobe's CMO.com website. She continues: "Ethics don't change. Circumstances change, but the same standards apply." In response to such concerns, some organisations have started appointing chief privacy officers or chief data officers, although it is unclear how much real power they actually wield. Martin Houghton, managing partner at HP - and a former chief data officer at rival services firm CSC - believes that the criticisms of big data have been largely over-done. "Consent is the key to getting it right," says Houghton. Banks today, for example, will request permission from customers to be able to use publicly available data about them. "That consent is absolutely vital," he says. With people increasingly sensitive to privacy issues, "companies have got to weigh up how they are perceived from a marketing perspective by their customers", he adds. Big data investments Regardless of whether organisations are becoming more ethical about their use of data or not, one of the key investors in big data technology is the CIA, the US intelligence-gathering agency, via its "not for profit venture capital firm", In-Q-Tel. It unashamedly describes its aim as helping to fund the development of technology "with the sole purpose of delivering these cutting-edge technologies to intelligence-community end users quickly and efficiently". In recent years, it has invested in RedOwl Analytics, "a company that applies statistics to the ever-growing corporate digital trail to examine organisational dynamics in support of governance, risk, and compliance"; Paxata, a developer of a data preparation platform "that lets business analysts rapidly connect, explore, transform and combine data"; and, Narrative Science, a company that claims to be "a leader in automated business analytics and natural language communication technology". While the CIA is a separate entity from the National Security Agency (NSA), the leaks by former NSA contractor Edward Snowden have demonstrated the extent to which such organisations are prepared to use technology to spy on friends, enemies and citizens alike. The emergence of big data technologies perhaps explains their apparent desire to monitor communications globally. Furthermore, they are also typically among the first customers of new, privacy-busting technology, regardless of how ethical the companies producing them endeavour to be. "Let's face it," says one data scientist, speaking off the record, "how ethical can you be when your first clients are the US Army and then Google?" @graemeburton What is big data? Definitions of big data vary. However, such organisations as McKinsey and Gartner and even the ICO have devised definitions that summarise the technology and how it ought to work:  "Big data is high-volume, high-velocity and high-variety information assets that demand cost-effective, innovative forms of information processing for enhanced insight and decision making." Gartner "'Big data' refers to datasets whose size is beyond the ability of typical database software tools to capture, store, manage, and analyse. This definition is intentionally subjective and incorporates a moving definition of how big a dataset needs to be in order to be considered big data... We assume that, as technology advances over time, the size of datasets that qualify as big data will also increase."  McKinsey "Before the advent of big data, analysing a dataset involved, in general terms, deciding what you wanted to find out from the dataset and constructing a query to find it, by identifying the relevant entries. Big data analytics, on the other hand, often involves running a very large number of algorithms against the data in order to find correlations, rather than testing a particular hypothesis." "Big data and data protection" - Information Commissioner's Officer
NEWS ANALYSIS: Some signs point to health care companies being more of a personal information leak risk than the retail sector—and with much more serious consequences. After the massive data breaches reported by Target, Neiman Marcus and other chain stores, the retail industry has faced plenty of criticism for cyber-security lapses. Yet the health care industry shows signs of having just as big a data security problem, one that places at risk personal information considered even more sensitive than credit-card data, according to a number of recent reports. In studies published in the past four months, data collected from the Internet has shown that health care companies continue to expose their networks and patient data to online thieves. In February, the SANS Institute published a report based on data from threat intelligence firm Norse that found online evidence of breaches at 375 health care-related organizations. A second report, released by security metrics firm BitSight the week of May 26, found that the health care industry scored lower than the retail sector, on average, in security ratings calculated from externals signs of infections. Because the sensitivity of patient records, and the problems posed by health care fraud, the health care industry needs to put greater focus on bolstering the security defenses around medical records, Stephen Boyer, CEO of BitSight, told eWEEK. "We know that retail is certainly being covered now, but our fear is that health care seems to have flown under the radar and there doesn't seem to be the same transparency there," he said. In 2013, more than 7 million records were put at risk in nearly 200 breaches reported to the U.S. Department of Health and Human Services (HHS), a jump of 138 percent, according to security consulting firm Redspin. With the launch of HealthCare.gov, the Obama administration's health care portal and the arrival of electronic medical records (EMR), a greater amount of health care data is connected to the Internet. Yet widely varying security protections of the data have led to a large increase in the number of records put at risk. "Hackers can engage in widespread theft of patient information that includes everything from medical conditions to social security numbers to home addresses, and they can even manipulate medical devices used to administer critical care," Barbara Filkins, a senior SANS analyst and health care specialist, said in a statement. In total, health care fraud—of which identity theft based on stolen electronic records is a part—cost the United States $80 billion, according to the FBI. Currently, the U.S. spends more than $2.7 trillion on health care annually. The potential reward from such a huge economic sector is very alluring to criminals, and most health care companies are not prepared to protect themselves, Boyer said. "Their systems are often times designed for ease of use and security sometimes gets in the way," he said. "Many are failing to do some of those basic protections that you would expect from an information security program." The U.S. Department of Health and Human Services has begun to crack down on organizations that do not protect their patient data. Earlier in May, HHS fined two health care organizations—New York and Presbyterian Hospital and Columbia University—$4.8 million for "failing to secure thousands of patients’ electronic protected health information," the federal agency said in a statement. In July 2013, managed care company WellPoint agreed to pay $1.7 million for putting more than 600,000 patient records at risk.