Honkin' News banner

Meet the Company Selling Our Medical Data

July 22, 2016

A company with a long history is getting fresh scrutiny. An article at Fortune reports, “This Little-Known Firm Is Getting Rich Off Your Medical Data.” Writer Adam Tanner informs us:

“A global company based in Danbury, Connecticut, IMS  buys bulk data from pharmacy chains such as CVS , doctor’s electronic record systems such as Allscripts, claims from insurers such as Blue Cross Blue Shield and from others who handle your health information. The data is anonymized—stripped from the identifiers that identify individuals. In turn, IMS sells insights from its more than half a billion patient dossiers mainly to drug companies.

“So-called health care data mining is a growing market—and one largely dominated by IMS. Last week, the company reported 2015 net income of $417 million on revenue of $2.9 billion, compared with a loss of $189 million in 2014 (an acquisition also boosted revenue over the year). ‘The outlook for this business remains strong,’ CEO Ari Bousbib said in announcing the earnings.”

IMS Health dates back to the 1950s, when a medical ad man sought to make a buck on drug-sales marketing reports. In the 1980s and ‘90s, the company thrived selling profiles of specific doctors’ proscribing patterns to pharmaceutical marketing folks. Later, they moved into aggregating information on individual patients—anonymized, of course, in accordance with HIPAA rules.

Despite those rules, some are concerned about patient privacy. IMS does not disclose how it compiles their patient dossiers, and it may be possible that records could, somehow someday, become identifiable. One solution would be to allow patients to opt out of contributing their records to the collection, anonymized or not, as marketing data firm Acxiom began doing in 2013.

Of course, it isn’t quite so simple for the consumer. Each health record system makes its own decisions about data sharing, so opting out could require changing doctors. On the other hand, many of us have little choice in our insurance provider, and a lot of those firms also share patient information. Will IMS move toward transparency, or continue to keep patients in the dark about the paths of their own medical data?

 

Cynthia Murrell, July 22, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

There is a Louisville, Kentucky Hidden Web/Dark
Web meet up on July 26, 2016.
Information is at this link: http://bit.ly/29tVKpx.

Finding Information Takes a Backseat to Providing a Comprehensive User Experience

July 20, 2016

The article titled An Intranet Success Story on BA Insight asserts that search is less about finding information than it is about user experience. In the context of Intranet networks and search, the article discusses what makes for an effective search engine. Nationwide Insurance, for example, forged a strong, award-winning intranet which was detailed in the article,

“Their “Find Anything” locator, navigation search bar, and extended refiners are all great examples of the proven patterns we preach at BA Insight…The focus for SPOT was clear.  It’s expressed in three points: Simple consumer-like experience, One-stop shop for knowledge, Things to make our jobs easier… All three of these connect directly to search that actually works. The Nationwide project has generated clear, documented business results.”

The results include Engagement, Efficiency, and Cost Savings, in the form of $1.5M saved each year. What is most interesting about this article is the assumption that UX experience trumps search results, or at least, search results are merely one aspect of search, not the alpha and omega. Rather, providing an intuitive, user-friendly experience should be the target. For Nationwide, part of that targeting process included identifying user experience as a priority. SPOT, Nationwide’s social intranet, is built on Yammer and SharePoint, and it is still one of the few successful and engaging intranet platforms.

 

 
Chelsea Kerwin, July 20, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

There is a Louisville, Kentucky Hidden Web/Dark
Web meet up on July 26, 2016.
Information is at this link: http://bit.ly/29tVKpx.

Mouse Movements Are the New Fingerprints

May 6, 2016

A martial artist once told me that an individual’s fighting style, if defined enough, was like a set of fingerprints.  The same can be said for painting style, book preferences, and even Netflix selections, but what about something as anonymous as a computer mouse’s movement?  Here is a new scary thought from PC & Tech Authority: “Researcher Can Indentify Tor Users By Their Mouse Movements.”

Juan Carlos Norte is a researcher in Barcelona, Spain and he claims to have developed a series of fingerprinting methods using JavaScript that measures times, mouse wheel movements, speed movement, CPU benchmarks, and getClientRects.   Combining all of this data allowed Norte to identify Tor users based on how they used a computer mouse.

It seems far-fetched, especially when one considers how random this data is, but

“’Every user moves the mouse in a unique way,’ Norte told Vice’s Motherboard in an online chat. ‘If you can observe those movements in enough pages the user visits outside of Tor, you can create a unique fingerprint for that user,’ he said. Norte recommended users disable JavaScript to avoid being fingerprinted.  Security researcher Lukasz Olejnik told Motherboard he doubted Norte’s findings and said a threat actor would need much more information, such as acceleration, angle of curvature, curvature distance, and other data, to uniquely fingerprint a user.”

This is the age of big data, but looking Norte’s claim from a logical standpoint one needs to consider that not all computer mice are made the same, some use lasers, others prefer trackballs, and what about a laptop’s track pad?  As diverse as computer users are, there are similarities within the population and random mouse movement is not individualistic enough to ID a person.  Fear not Tor users, move and click away in peace.

 

Whitney Grace, May 6, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Out of the Shadows and into the OpenBazaar

May 2, 2016

If you believe the Dark Web was destroyed when Silk Road went offline, think again!  The Dark Web has roots like a surface weed, when one root remains there are dozens (or in this case millions) more to keep the weed growing.  Tech Insider reports that OpenBazaar now occupies the space Silk Road vacated, “A Lawless And Shadowy New Corner Of The Internet Is About TO Go Online.”

OpenBazaar is described as a decentralized and uncensored online marketplace where people can sell anything without the fuzz breathing down their necks. Brian Hoffman and his crew had worked on it since 2014 when Amir Taaki thought it up.  It works similar to eBay and Etsy as a peer-to-peer market, but instead of hard currency it uses bitcoin.  Since it is decentralized, it will be near impossible to take offline, unlike Silk Road.  Hoffman took over the project from Taaki and after $1 million from tech venture capital firms the testnet is live.

“There’s now a functioning version of OpenBazaar running on the “testnet.” This is a kind of open beta that anyone can download and run, but it uses “testnet bitcoin” — a “fake” version of the digital currency for running tests that doesn’t have any real value. It means the developer team can test out the software with a larger audience and iron out the bugs without any real risk.” If people lose their money it’s just a horrible idea,” Hoffman told Business Insider.”

A new user signs up for the OpenBazaar testnet every two minutes and Hoffman hopes to find all the bugs before the public launch.  Hoffman once wanted to run the next generation digital black market, but now he is advertising it as a new Etsy.  The lack of central authority means lower take rates or the fees sellers incur for selling on the site.  Hoffman says it will be good competition for online marketplaces because it will force peer-to-peer services like eBay and Etsy find new ways to add value-added services instead of raising fees on customers.

 

Whitney Grace, May 2, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Netflix Algorithm Defaults To “White” Content, Sweeps Diversity Under the Rug

April 1, 2016

The article Marie Claire titled Blackflix; How Netflix’s Algorithm Exposes Technology’s Racial Bias, delves into the racial ramifications of Netflix’s much-lauded content recommendation algorithm. Many users may have had strange realizations about themselves or their preferences due to collisions with the system that the article calls “uncannily spot-on.” To sum it up: Netflix is really good at showing us what we want to watch, but only based on what we have already watched. When it comes to race, sexuality, even feminism (how many movies have I watched in the category “Movies With a Strong Female Lead?”), Netflix stays on course by only showing you similarly diverse films to what you have already selected. The article states,

“Or perhaps I could see the underlying problem, not in what we’re being shown, but in what we’re not being shown. I could see the fact that it’s not until you express specific interest in “black” content that you see how much of it Netflix has to offer. I could see the fact that to the new viewer, whose preferences aren’t yet logged and tracked by Netflix’s algorithm, “black” movies and shows are, for the most part, hidden from view.”

This sort of “default” suggests quite a lot about what Netflix has decided to put forward as normal or inoffensive content. To be fair, they do stress the importance of logging preferences from the initial sign up, but there is something annoying about the idea that there are people who can live in a bubble of straight, white, (or black and white) content. There are among those people some who might really enjoy and appreciate a powerful and relevant film like Fruitvale Station. If it wants to stay current, Netflix needs to show more appreciation or even awareness of its technical bias.

Chelsea Kerwin, April 1, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Third Party Company Profiteering

March 31, 2016

We might think that we keep our personal information from the NSA, but there are third party companies that legally tap ISP providers and phone companies and share the information with government agencies. ZDNet shares the inside story about this legal loophole, “Meet The Shadowy Tech Brokers That Deliver Your Data To The NSA.”  These third party companies hide under behind their neutral flag and then reap a profit.  You might have heard of some of them: Yaana, Subsentio, and Neustar.

“On a typical day, these trusted third-parties can handle anything from subpoenas to search warrants and court orders, demanding the transfer of a person’s data to law enforcement. They are also cleared to work with classified and highly secretive FISA warrants. A single FISA order can be wide enough to force a company to turn over its entire store of customer data.

Once the information passes through these third party companies it is nearly impossible to figure out how it is used.  The third party companies do conduct audits, but it does little to protect the average consumer.  Personal information is another commodity to buy, sell, and trade.  It deems little respect for the individual consumer.  Who is going to stand up for the little guy?  Other than Edward Snowden?

 

Whitney Grace, March 31, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

DuckDuckGo Grows in 2015

December 30, 2015

Do you not love it when the little guy is able to compete with corporate giants?  When it comes to search engines DuckDuckGo is the little guy, because unlike big search engines like Google and Yahoo it refuses to track its users browsing history and have targeted ads.  According to Quartz, “DuckDuckGo, The Search Engine That Doesn’t Track Its Users, Grew More Than 70% This Year.”  Through December 15, 2015, DuckDuckGo received 3.25 billion queries up from twelve million queries received during the same time period in 2014.  DuckDuckGo, however, still has trouble cracking the mainstream..

Google is still the biggest search engine in the United States with more than one hundred million monthly searches, but DuckDuckGo only reached 325 million monthly searches in November 2015.  The private search engine also has three million direct queries via desktop computers, but it did not share how many people used DuckDuckGo via a mobile device to protect its users’ privacy.  Google, on the other hand, is happy to share its statistics as more than half of its searches come from mobile devices.

“What’s driving growth? DuckDuckGo CEO Gabriel Weinberg, reached via email, credits partnerships launched in 2014 with Apple and Mozilla, and word of mouth.  He also passes along a Pew study from earlier this year, where 40% of American respondents said they thought search engines ‘shouldn’t retain information about their activity.’… ‘Our biggest challenge is that most people have not heard of us,’ Weinberg says. ‘We very much want to break out into the mainstream.’”

DuckDuckGo offers an unparalleled service for searching.  Weinberg stated the problem correctly that DuckDuckGo needs to break into the mainstream.  Its current user base consists of technology geeks and those in “the know,” some might call them hipsters.  If DuckDuckGo can afford it, how about an advertising campaign launched on Google Ads?

Whitney Grace, December 30, 2015

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

The Ins and Outs of Hacking Software

December 23, 2015

Hacking software is and could be a potential problem.  While some government agencies, hacktivist organizations, and software companies are trying to use it for good, terrorist groups, digital thieves, and even law enforcement agencies can use it to spy and steal data from individuals.  The Technology Review shares some interesting stories about how software is being used for benign and harmful purposes in “The Growth Industry Helping Governments Hack Terrorists, Criminals, And Political Opponents.”

The company Hacking Team is discussed at length and its Remote Control System software, which can worm its way through security holes in a device and steal valuable information.  Governments from around the globe have used the software for crime deterrence and to keep tabs on enemies, but other entities used the software for harmful acts including spying and hacking into political opponents computers.

Within the United States, it is illegal to use a Remote Control System without proper authority, but often this happens:

“When police get access to new surveillance technologies, they are often quickly deployed before any sort of oversight is in place to regulate their use. In the United States, the abuse of Stingrays—devices that sweep up information from cell phones in given area—has become common. For example, the sheriff of San Bernardino County, near Los Angeles, deployed them over 300 times without a warrant in the space of less than two years. That problem is only being addressed now, years after it emerged, with the FBI now requiring a warrant to use Stingrays, and efforts underway to force local law enforcement to do the same. It’s easy to imagine a similar pattern of abuse with hacking tools, which are far more powerful and invasive than other surveillance technologies that police currently use.”

It is scary how the software is being used and how governments are skirting around its own laws to use it.  It reminds me of how gun control is always controversial topic.  Whenever there is a mass shooting, debates rage about how the shooting would never had happened if there was stricter gun control to keep weapons out of the hands of psychopaths.  While the shooter was blamed for the incident, people also place a lot of blame on the gun, as if it was more responsible.  As spying, control, and other software becomes more powerful and ingrained in our lives, I imagine there will be debates about “software control” and determining who has the right to use certain programs.

Whitney Grace, December 23, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Bye-Bye Paid Reviews

December 22, 2015

One has to admit that this sounds like a sweet way to make a few quick dollars: write a fake online review about a product or service highlighting good points and sellable features, post it on your social media accounts, Amazon, your blog, Yelp, TripAdvisor, and then collect a few bucks.  While Twitter might slowly be losing the social media race against Facebook and Instagram, the UK Telegraph says that the social network has another useful purpose: “Has Twitter Finally Killed The Mess Of The False Online Review?”

Fake reviews cost consumers millions of dollars each year, because they believe that first hand accounts from regular people trump a corporate advertising account.  However, it spawned a big market for people to spend a few dollars to pay someone write a fake review and give a product/service a positive spin.  The consumer is getting tired of fake reviews, as are online retailers like Amazon and the US government, which has even drafted the Consumer Review Freedom Act.

Twitter is jumping into action using big data moves like real time data sentimental analysis, location-based apps that search social media content for content, and algorithms to analyze tweets

“Chief executive Giles Palmer believes that apps such as Twizoo are only the start of how products and businesses are evaluated, especially as social media continues to evolve. ‘Until recently, social media monitoring has been a listening business where companies and brands have kept an eye on what their customers are doing, but not doing too much about it…But with mobile customers are after products and goods where they want to make an instant decision based on instant data. What’s more they want that data to be reliable and to be truthful; Twitter provides that.’”

Consumers are being more discerning about the products and services they purchase, but they also trust reviews to help them evaluate them so they will not be duped.  High praise for Twitter for proving how social media is valuable as a learning tool and also for proving it is still a worthwhile network.

 

Whitney Grace, December22, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Amazon Punches Business Intelligence

November 11, 2015

Amazon already gave technology a punch when it launched AWS, but now it is releasing a business intelligence application that will change the face of business operations or so Amazon hopes.  ZDNet describes Amazon’s newest endeavor in “AWS QuickSight Will Disrupt Business Intelligence, Analytics Markets.”  The market is already saturated with business intelligence technology vendors, but Amazon’s new AWS QuickSight will cause another market upheaval.

“This month is no exception: Amazon crashed the party by announcing QuickSight, a new BI and analytics data management platform. BI pros will need to pay close attention, because this new platform is inexpensive, highly scalable, and has the potential to disrupt the BI vendor landscape. QuickSight is based on AWS’ cloud infrastructure, so it shares AWS characteristics like elasticity, abstracted complexity, and a pay-per-use consumption model.”

Another monkey wrench for business intelligence vendors is that AWS QuickSight’s prices are not only reasonable, but are borderline scandalous: standard for $9/month per user or enterprise edition for $18/month per user.

Keep in mind, however, that AWS QuickSight is the newest shiny object on the business intelligence market, so it will have out-of-the-box problems, long-term ramifications are unknown, and reliance on database models and schemas.  Do not forget that most business intelligence solutions do not resolve all issues, including ease of use and comprehensiveness.  It might be better to wait until all the bugs are worked out of the system, unless you do not mind being a guinea pig.

Whitney Grace, November 11, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Next Page »