Mike Rogers Is Now Opportunistically Concerned About The Privacy Of Americans

Privacy

from the both-sides-of-mouth-completely-operational dept

Mike Rogers, who once famously stated that no privacy violations occur if no one finds out their privacy has been violated, is now very concerned about Americans’ privacy. Of course, this is because he’s in an adversarial role, rather than playing defense.

As we’re all aware, the much-anticipated and highly-touted national healthcare website made its very shaky debut recently. Immediately inundated by millions of Americans looking for a better deal on healthcare, the website performed with all the reliability of a dollar store electronic device, falling completely apart at the slightest touch.

Much has been made about the roll out and subsequent failure of a website that was supposed to be the crowning jewel of the Affordable Care Act. Health and Human Services Secretary Kathleen Sebelius was called before a Congressional hearing to field questions and complaints from legislators who wanted clarification on what went wrong and, more importantly, whom to direct their irritated constituents towards.

Mike Rogers was on hand and delivered a longish rant/question about the live roll out of untested code. While there are some good points in his query/beration (i.e., hot fixes are insecure, the site is a failure), Rogers suddenly felt compelled to defend something he’s taken a laissez faire approach to in recent months: the privacy of Americans.

Rogers, who questioned Health and Human Services Secretary Kathleen Sebelius during a hearing last week, has taken issue with concerns about the safety of Americans’ healthcare information.

“What was really shocking to me is even by their own words, they admitted that there was a high degree of risk when they offered the website to go public, they never told anybody about that. They said that they think the risk was acceptable. But their information wasn’t at risk, American people’s information was at risk,” he said.

Rogers is upset that all the personal information people willingly submitted to a barely functioning government website might be exposed or put at risk by the agency’s continual code fixes, almost all of which goes untested for security flaws before being rolled out.

So, now Rogers is worried about possible privacy issues. He doesn’t want to protect Americans’ data from government intelligence agencies, but he wants to make sure it doesn’t fall into the hands of other Americans or foreigners who might exploit the personal or financial data. Kudos for that I guess, but its not as if his favored intelligence community has been extra careful with what it’s collected.

Sure, it may be locked down tight in occasionally not-on-fire servers in Utah, but it’s hardly secure. Any number of American analysts have access to that data, with little more than some forced-into-practice minimization procedures and its defenders’ assurances that NSA employees are patriotic, virtuous Americans guarding it from abuse.

Not only that, but what the agency collects is far more inclusive than what Americans are volunteering to the government site. Let’s not forget that the TSA is already probing into Americans’ personal and financial data just to determine whether or not they can travel within the country with a minimum of security molestation. So, it’s not as if this information isn’t already in the hands of several government agencies already — with all the risks that entails.

But to claim this is a problem but not the NSA’s massive data collections is a bit rich. That information has been abused in the past and, worse, it’s been freely shared with other countries in unminimized form. Protecting the privacy of Americans isn’t something you get to do part time, Rep. Rogers, but I suppose if no one finds out their personal data has been leaked all over the net by a faulty .gov website, then it’s not really a problem, is it?

Filed Under: healthcare.gov, mike rogers, privacy

Is Snowden Inspiring A New Wave Of Whistleblowers?

Free Speech

from the courage-is-contagious dept

We noted last week that Japan was bringing in severe new punishments designed to discourage whistleblowing. That might suggest that following Snowden’s leaks, there will now be a period of repression where potential whistleblowers lie low to avoid bringing down the wrath of governments on their heads. One person with a better idea than most about what is really going on here is Jesselyn Radack. She’s employed by the General Accountability Project (GAP), a leading US whistleblower protection and advocacy organization. Here’s part of her biography on the GAP site:

That clearly puts her in an excellent position to judge to what extent whistleblowers within the intelligence community are intimidated by the actions being taken by the US government against leaks and the people who make them. This is what she says is happening, as told to ABC News:

It would be a truly extraordinary development if a new wave of whistleblowers started to come forward now — not least because they might inspire yet more people to do the same, leading to a cascade of revelations, and bringing an unstoppable momentum to moves to reform the NSA.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: ed snowden, jesselyn radack, nsa, nsa surveillance, whistleblowers

Aussie Security Research Hacks Music Charts, Puts His Own 'Songs' Up Top

Music Industry

from the nothing-to-it dept

It’s been known for quite some time that the music charts are subject to being easily gamed. In fact, one of the reasons why the major labels are “the major labels” was they figured out quite early on how to best game the system. Still, it appears that one security researcher down under took a somewhat different route to “topping the charts” down in Australia. As sent in by G Thompson, a guy by the name Peter Fillmore made himself into quite a musician in a very short period of time. Forget “practice, practice, practice.” Fillmore went a different route towards learning music and composing and recording his “songs.”

Rather than spend years practising an instrument and writing songs, he compiled music from clunky electronic MIDI files and later by applying algorithms that squashed together public domain audio.

He then posted the tracks to a variety of different platforms via CDBaby, apparently including Spotify, Rdio, MOG (from Telstra), Pandora, iTunes and some others — and then the fun part:

He then purchased three Amazon compute instances and wrote a simple bash script to simulate three listeners playing his songs 24 hours a day for a month.

This move apparently pushed the music up the charts on various systems — hitting the very top of the Rdio chart for Australia. In response, he released a second album, and saw it jump to the second spot (behind his first album) within a matter of weeks. Any human listeners, not surprisingly, were not particularly happy, and he got flooded with bad reviews, but it didn’t much matter. His favorite comment: “I call it troll music.” There was also one that said: “it might sound good on cocaine like when it was made, but this isn’t music.” He did get a single iTunes purchase, though.

MOG and Spotify actually appeared to suspect something was up and cancelled certain accounts. Spotify killed the accounts he had set up to listen (but not the actual music accounts) though he’s not entirely sure why — though he suspects a few things that made it obvious they weren’t legit (he didn’t try that hard to cover his tracks). With MOG, he suspects it was because almost no one uses the service, so someone probably noticed the anomaly situation pretty quick. Rdio, however, kept the albums up at the top, and even sent out promotional emails to people pushing his albums.

At this point, he created a third album, called A Kim Jong Christmas, which was all just actual public domain music, so that if anyone listened to it, they wouldn’t immediately realize it as “noise.” As that one shot up the charts as well, users were confused, with one commenting: “There ain’t no party like the Korean Worker’s Party. But seriously — what the hell is this doing on High Rotation?”

In the end, he apparently spent a grand total of about $30, but brought in decent royalties. Of course, once the story came out, his music’s been pulled from most of these services, though he’s started posting it to his own website, though even he admits that he can’t listen to it the whole way through.

Of course, this was all done for the purpose of research. He was interested in a variety of things, including the fraud-checking on various music services, how royalties on these services work (he’s got some data there as well) and various other things about how to make this kind of setup work. He also noted that when his accounts were suspended, almost no info was given, and he points out that this could also lead to a way for someone to attack a rival musician to get their works taken off of these services without warning or explanation.

The other question that I have is if Fillmore has opened himself up to any legal risk. It looks like he made about $1,000 in royalties, so I could potentially see some companies arguing it was a type of fraud. If he were in the US, I could even see some crazy CFAA charges thrown at him, because that’s the sort of crap that happens in the US under the CFAA. Hopefully calmer minds prevail and this is viewed in the spirit it was done: as a research project which popped out some rather interesting results (and some really bad music).

Filed Under: australia, fraud, music industry, peter fillmore, security
Companies: cdbaby, mog, rdio, spotify

Why Opening Up Clinical Trials Data Is Good For Pharma Companies Too

Innovation

from the everybody-wins dept

Earlier this year we wrote about how AbbVie, the pharma company spun out of Abbott Laboratories, had gone to court to stop the European Medicines Agency (EMA) from releasing clinical trials information about one of its drugs. Despite what AbbVie claimed, this was not commercially sensitive in any way, but simply basic data about safety and efficacy.

It’s often overlooked that this data is mostly obtained by testing new drugs on volunteer members of the public who take the medicines in order to establish their safety. By definition, these volunteers are putting themselves at risk. They selflessly offer to do that in order to advance medicine and confer benefits on society as a whole. That means the clinical data obtained from such tests belongs to the public that made them possible, at least from a moral viewpoint.

If a company seeks to prevent the free dissemination of that safety data, as AbbVie is doing in Europe, it is breaking the implicit compact it made with the people who agreed to try out its drugs. Those invited to take part in future trials of AbbVie’s drugs might then begin to ask why they should endanger their health and even lives purely to boost one company’s profits.

But even if AbbVie is resistant to the argument that it has a moral obligation to allow the clinical trials data to be released, and is not concerned that the public might think that it has something to hide, perhaps it will be won over by a recent article in The New England Journal of Medicine (NEJM), written by four people from the EMA. This puts forward a quite different argument, that releasing test data will directly benefit pharma companies themselves, and offers a number of reasons why.

Basically, the more information that drug companies have about what works and what doesn’t, the better they can design their future tests.

Again, the more information companies have about how different groups of patients responded to a drug, the easier it will be to spot particular sub-groups in the population who derive particular benefit. Selling products for that sub-group will be both easier, more profitable and more ethical than simply trying to sell to everybody, since the drug may be ineffective or even inappropriate for many of the general population.

For a given condition, there may be several possible treatments. Making clinical test data available allows them to be compared, and the best one selected for future drug development, instead of investing huge sums in what may well be a relatively ineffective approach.

In many ways this is the most important reason. If the results of clinical trials are kept secret, companies run the risk of repeating the mistakes already made by others. Not only is that a waste of time and money that could be better spent on more fruitful avenues, it is putting test subjects at risk unnecessarily. As the NEJM points out:

The article concludes:

In fact, this is no mere theoretical possibility. We know this approach works, because it is precisely what we see in the field of open source. Sharing the code freely creates a level playing-field that allows companies to innovate faster because they can build on the work of others. The rise of a multi-billion dollar software industry based around such sharing, and the unprecedented rate of innovation this drives, are yet more reasons that companies like AbbVie should be striving to promote, not prevent, the release and dissemination of clinical trials information as open data.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: clinical trials, data, innovation, openness, pharma
Companies: abbvie