Sunday, April 13, 2014

The Curse of the Internet

It's hard to imagine our lives without the
Someone from 1950s appeared today... what's most difficult thing about life to explain to them. A device in pocket capable of accessing all information known to man. Use it to look at pictures of cats and argue with strangers.
Internet  - either mobile or desktop.

The Internet has become a catalyst of innovation, an essential tool in business and social life. It brought new levels of participation and access to knowledge. It enabled new forms of interaction, albeit mostly utilized for entertainment purposes (as in the famous answer of a Reddit user to a now deleted question captured in the figure on the right).

But despite all the advantages and conveniences, does the Internet really serve us or is it the other way around?

Internet companies, large and small, are quietly but forcefully collecting our life's data hoping to have us "on the leash."

If people want to use a web service, the service gets away with almost anything. Google knows about our friendships, content of gmail and google voice conversations. They see the places we go or want to go on maps and how we spend time on millions of websites. Amazon knows about our tastes and interests, phone carriers have nearly minute-by-minute accounts of months and years of our lives, credit card companies are building our psychographic profiles. Target stores can figure out their customers' health conditions before they do... and if you think other companies are better protecting sensitive information (remember the giant data breach?), think again.

Discovered this week, major security flow dubbed "Heartbleed" had existed for over two years. The defect in encryption technology used by many websites and networking equipment makers have put millions of passwords and other sensitive information at risk. Just another reminder of why you should scrutinize the security on the Internet and other web-connected gadgetry.

Vulnerabilities can be found everywhere. The network of a big oil company was hacked through the online menu of a Chinese restaurant popular with employees. Target was breached through its heating and cooling system. Printers, thermostats, videoconferencing equipment, household items, even vending machines and gas pumps can be used to gain access to your data. And so can employees of the companies collecting data. Last year there were multiple cases when stolen patient identification information was used to file unauthorized income tax returns.

Recently published SANS healthcare cyberthreat report reveals that health care networks (hospitals, insurance carriers, pharmaceutical companies, web sites, software and devices) - have been and continue to be compromised by successful cybercriminal attacks. Health networks seem to have the weakest Internet security among sites dealing with sensitive information, often not addressing very basic issues, vulnerable to off-line password guessing and user impersonation attack.

Trust is especially important in health care. As the days of blind trust that 'doctor knows best' are becoming a distant memory, new cases of security breaches can lower the trust further discouraging use of digital health services and disclosure of important medically relevant information.

At present, most digital health products and corporate wellness programs fail both companies and patients. There are many fundamental flaws responsible for that. And the lack of trust is not going to make it any more successful.

Paraphrasing Derek Thompson's passage about Facebook and Amazon, for the Internet of Things for Health and Wellness to succeed, we have to embrace a new version of intimacy that felt natural when the good old-fashioned country doctor made house calls. The machines have to know us. Will we let them?


Pogue D (2014). The curse of the cloud. Scientific American, 310 (2) PMID: 24640327

Wu F, & Xu L (2013). Security analysis and Improvement of a Privacy Authentication Scheme for Telecare Medical Information Systems. Journal of medical systems, 37 (4) PMID: 23818249

The SANS-Norse Healthcare Cyberthreat Report:
blockquote { margin:1em 20px; background: #dfdfdf; padding: 8px 8px 8px 8px; font-style: italic; }