Tag: privacy

Doctors as Data Entry Clerks for the Government Health Surveillance System

As a practicing physician I have long been frustrated with the Electronic Health Record (EHR) system the federal government required health care practitioners to adopt by 2014 or face economic sanctions. This manifestation of central planning compelled many doctors to scrap electronic record systems already in place because the planners determined they were not used “meaningfully.” They were forced to buy a government-approved electronic health system and conform their decision-making and practice techniques to algorithms the central planners deem “meaningful.”  Other professions and businesses make use of technology to enhance productivity and quality. This happens organically. Electronic programs are designed to fit around the unique needs and goals of the particular enterprise. But in this instance, it works the other way around: health care practitioners need to conform to the needs and goals of the EHR. This disrupts the thinking process, slows productivity, interrupts the patient-doctor relationship, and increases the risk of error. As Twila Brase, RN, PHN ably details in “Big Brother in the Exam Room,” things go downhill from there.

With painstaking, almost overwhelming detail that makes the reader feel the enormous complexity of the administrative state, Ms. Brase, who is president and co-founder of Citizens’ Council for Health Freedom (CCHF), traces the origins and motives that led to Congress passing the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009. The goal from the outset was for the health care regulatory bureaucracy to collect the private health data of the entire population and use it to create a one-size-fits-all standardization of the way medicine is practiced. This standardization is based upon population models, not individual patients. It uses the EHR design to nudge practitioners into surrendering their judgment to the algorithms and guidelines adopted by the regulators. Along the way, the meaningfully used EHR makes practitioners spend the bulk of their time entering data into forms and clicking boxes, providing the regulators with the data needed to generate further standardization.

Brase provides wide-ranging documentation of the way this “meaningful use” of the EHR has led to medical errors and the replication of false information in patients’ health records. She shows how the planners intend to morph the Electronic Health Record into a Comprehensive Health Record (CHR), through the continual addition of new data categories, delving into the details of lifestyle choices that may arguably relate indirectly to health: from sexual proclivities, to recreational behaviors, to gun ownership, to dietary choices. In effect, a meaningfully used Electronic Health Record is nothing more than a government health surveillance system.  As the old saying goes, “He who pays the piper calls the tune.” If the third party—especially a third party with the monopoly police power of the state—is paying for health care it may demand adherence to lifestyle choices that keep costs down.

All of this data collection and use is made possible by the Orwellian-named Health Insurance Portability and Accountability Act (HIPAA) of 1996.  Most patients think of HIPAA as a guarantee that their health records will remain private and confidential. They think all those “HIPAA Privacy” forms they are signing at their doctor’s office is to insure confidentiality. But, as Brase points out very clearly, HIPAA gives numerous exemptions to confidentiality requirements for the purposes of collecting data and enforcing laws. As Brase puts it, 

 It contains the word privacy, leaving most to believe it is what it says, rather than reading it to see what it really is. A more honest title would be “Notice of Federally Authorized Disclosures for Which Patient Consent Is Not Required.”

Kavanaugh, Klayman, and the Fourth Amendment

In the few days since President Trump nominated him to be an Associate Justice on the Supreme Court, Judge Brett Kavanaugh has seen his life put under the microscope. It turns out that the U.S Court of Appeals for the D.C Circuit judge really likes baseball, volunteers to help the homeless, and has strong connections to the Republican Party – especially the George W. Bush administration. More consequentially, Kavanaugh is an influential judge with solid conservative credentials. For libertarians, Kavanaugh’s record includes much to applaud, especially when it comes to reining in the power of regulatory authorities. However, at least one of Kavanaugh’s concurrences reveals arguments that should concern those who value civil liberties. Members of the Senate Committee on the Judiciary should press Kavanaugh on these arguments at his upcoming confirmation hearing.

In 2015, Kavanaugh wrote a solo concurrence in the denial of rehearing en banc in Klayman v. Obama (full opinion below), in which the plaintiffs challenged the constitutionality of the National Security Agency’s (NSA) bulk telephony metadata program. According to Kavanaugh, this program was “entirely consistent” with the Fourth Amendment, which protects against unreasonable searches and seizures.

The opening of the concurrence is ordinary enough, with Kavanaugh mentioning that the NSA’s program is consistent with the Third Party Doctrine. According to this doctrine, people don’t have a reasonable expectation of privacy in information they volunteer to third parties, such as phone companies and banks. This allows law enforcement to access details about your communications and your credit card purchases without search warrants. My colleagues have been critical of the Third Party doctrine, filing an amicus brief taking aim at the doctrine in the recently decided Fourth Amendment case Carpenter v. United States

Because the Third Party Doctrine remains binding precedent, Kavanaugh argues, the government’s collection of telephony metadata is not a Fourth Amendment search. Regardless of one’s opinion of the Third Party Doctrine, this is a reasonable interpretation of Supreme Court precedent from an appellate judge.

Yet in the next paragraph the concurrence takes an odd turn. Kavanaugh argues that even if the government’s collection of millions of Americans’ telephony metadata did constitute a search it would nonetheless not run afoul of the Fourth Amendment:

Even if the bulk collection of telephony metadata constitutes a search,[…] the Fourth Amendment does not bar all searches and seizures. It bars only unreasonable searches and seizures. And the Government’s metadata collection program readily qualifies as reasonable under the Supreme Court’s case law. The Fourth Amendment allows governmental searches and seizures without individualized suspicion when the Government demonstrates a sufficient “special need” – that is, a need beyond the normal need for law enforcement – that outweighs the intrusion on individual liberty. Examples include drug testing of students, roadblocks to detect drunk drivers, border checkpoints, and security screening at airports. […] The Government’s program for bulk collection of telephony metadata serves a critically important special need – preventing terrorist attacks on the United States. See THE 9/11 COMMISSION REPORT (2004). In my view, that critical national security need outweighs the impact on privacy occasioned by this program. The Government’s program does not capture the content of communications, but rather the time and duration of calls, and the numbers called. In short, the Government’s program fits comfortably within the Supreme Court precedents applying the special needs doctrine.

This paragraph includes a few points worth unpacking: 1) That the collection of telephony metadata is permitted under the “Special Needs” Doctrine, and 2) The 9/11 Commission Report buttresses the claim that “The Government’s program for bulk collection of telephony metadata serves a critically important special need – preventing terrorist attacks on the United States.”

Surveillance Tech Still a Concern After Carpenter

Last week the Supreme Court issued its ruling in Carpenter v. United States, with a five-member majority holding that the government’s collection of at least seven days-worth of cell site location information (CSLI) is a Fourth Amendment search. The American Civil Liberties Union’s Nathan Wessler and the rest of Carpenter’s team deserve congratulations; the ruling is a win for privacy advocates and reins in a widely used surveillance method. But while the ruling is welcome it remains narrow, leaving law enforcement with many tools that can be used to uncover intimate details about people’s private lives without a warrant, including persistent aerial surveillance, license plate readers, and facial recognition.

Background 

Timothy Carpenter and others were involved in a string of armed robberies of cell phone stores in Michigan and Ohio in 2010 and 2011. Police arrested four suspects in 2011. One of these suspects identified 15 accomplices and handed over some of their cell phone numbers to the Federal Bureau of Investigation. Carpenter was one of these accomplices.

Prosecutors sought Carpenter’s cell phone records pursuant to the Stored Communications Act. They did not need to demonstrate probable cause (the standard required for a search warrant). Rather, they merely had to demonstrate to judges that they had “specific and articulable facts showing that there are reasonable grounds to believe” that the data they sough were “relevant and material to an ongoing criminal investigation.”

Carpenter’s two wireless carriers, MetroPCS and Sprint, complied with the judges’ orders, producing 12,898 location points over 127 days. Using this information prosecutors were able to charge Carpenter with a number of federal offenses related to the armed robberies. 

“Genetic Informants” and the Hunt for the Golden State Killer

Last week officers with the Sacramento County Sheriff’s Department arrested Joseph James DeAngelo, the suspected Golden State Killer who allegedly committed a dozen murders, at least 50 rapes, and more than 100 burglaries in California between 1976 and 1986. Police made the arrest after uploading DeAngelo’s “discarded DNA” to one of the increasingly popular genealogy websites. Using information from the site, investigators were able to find DeAngelo’s distant relatives, thereby significantly narrowing their list of suspects. This investigatory technique is worth keeping an eye on, not least because millions of people are using DNA-based genealogical sites.

I’m one of them. I’ve signed up to 23andMe as well as MyHeritage, both of which offer DNA analysis. I did this in part because family history is a minor hobby of mine, but also because 23andMe offers interesting medical information. While both companies offer a DNA service, I’ve only used 23andMe’s because MyHeritage allows its users to upload 23andMe data. One of the features of MyHeritage is its “DNA Matching” service, which updates me when a distant relative is found thanks to automated DNA analysis.

This month alone MyHeritage has altered me to the existence of two more 3rd - 5th cousins. This DNA Matching service has identified hundreds of my distant relatives, with varying degrees of confidence. 23andMe has a similar relative-finding feature. MyHeritage and 23andMe, as well as Ancestry.com, have all denied working with law enforcement in the Golden State Killer case.

According to The New York Times, investigators sent the suspected Golden State Killer’s DNA to GEDmatch, a free genealogical service. A GEDmatch release stated that it had not been approached by law enforcement and warned customers, “If you are concerned about non-genealogical uses of your DNA, you should not upload your DNA to the database.”

Privacy Still at Risk Despite New CBP Search Rules

International travelers, citizens and foreigners alike, enjoy reduced privacy protections at ports of entry. Thanks to the “border exception” to the Fourth Amendment, Customs and Border Protection (CBP) officers do not need reasonable suspicion or probable cause to search electronic devices at airports. This regrettable authority made headlines last year after CBP officers searched phones belonging to innocent American citizens. CBP has updated its electronic device search policy via a new directive. While the directive does include a welcome clarification, it states that CBP can search anyone’s electronic devices without probable cause or reasonable suspicion.

The CBP’s new directive begins by outlining the unfortunate state of the Fourth Amendment at the border and ports of entry. The Fourth Amendment protects “persons, houses, papers, and effects” from “unreasonable searches and seizures.”

Yet, as Justice Rehnquist wrote in his majority opinion in United States v. Ramsey (1977):

[S]earches made at the border, pursuant to the longstanding right of the sovereign to protect itself by stopping and examining persons and property crossing into this country, are reasonable simply by virtue of the fact that they occur at the border.

In 1985, Rehnquist reiterated this point, writing in his United States v. Montoya de Hernandez (1985) majority opinion:

Routine searches of the persons and effects of entrants are not subject to any requirement of reasonable suspicion, probable cause, or warrant.

CBP conducted numerous warrantless searches of electronic devices last year. Perhaps most notable was the January 2017 case involving Sidd Bikkannavar, an American citizen, member of the CBP Global Entry program, and NASA Jet Propulsion Laboratory engineer. After arriving from Chile (not exactly a hotbed of international terrorism), a CBP officer at Houston’s George Bush Intercontinental Airport asked Bikkannavar to unlock his smartphone, which happened to be NASA property. Despite Bikkannavar pointing out that the phone contained sensitive information, the officer persisted, and Bikkannavar eventually gave up the phone’s passcode.

A month after CBP needlessly interrupted Bikkannavar’s travel, agency officials reportedly stopped another American citizen, Haisam Elsharkawi, from leaving Los Angeles on his way to Saudi Arabia. According to Elsharkawi, CBP officers put him in handcuffs and pressured him into unlocking his phone. The officers released Elsharkawi without charge hours after his plane had left.

Searches of electronic devices at the border are on the rise. According to CBP’s own figures, the number of international travelers processed with electronic device searches in the 2017 fiscal year increased almost 60 percent compared to the 2016 fiscal year. While the number of travelers subjected to these searches represents a small fraction of total international travelers, it’s clear that these warrantless searches have targeted innocent Americans and are unlikely to stop. At a time when the smartphone is an increasingly integral part of modern life, containing most of our intimate and private details, this authority is of acute concern.

Body Cameras Worth Deploying Despite Limited Impact

A study that examined the effects body worn cameras (BWCs) have on police officers in Washington, D.C. has been making the rounds recently. The study’s findings have reinvigorated discussions about BWCs, not least because of its counterintuitive finding that BWCs did not have a statistically significant effect on officers’ use of force or civilian complaints against the police. This finding is worth considering, but the study shouldn’t deter local officials from mandating police BWCs. Even if they don’t change police officers’ behavior, BWCs can, with the right policies in place, provide a much-needed increase in police accountability and transparency.

During the study, officers with the Metropolitan Police Department of the District of Columbia were randomly assigned BWCs. Researchers with The Lab @DC, a study team in the D.C. mayor’s office, and Yale University examined use of force incidents and complaints against police officers.

The study did not seek to measure the impact of BWCs’ other benefits such as accountability, transparency, and protection for officers, but rather narrowly measured their impact. In addition to examining how often police officers use force and are the subject of complaints, researchers also studied police discretion and the judicial outcomes related to police charges.

You might expect that officers improved their behavior when they were wearing BWCs. After all, if you know that you’re being filmed you have plenty of incentives to be on your best behavior, whether you’re an officer or a resident. And yet, the recent D.C. body camera study showed that BWCs had no statistically significant effect on officers’ behavior.

This may strike many as odd. But we shouldn’t forget the limitations that restrict researchers looking into the effects of BWCs. Researchers cannot, for instance, insist that when an officer wearing a BWC calls for backup that only officers also wearing BWCs respond. In a situation where two officers are interacting with a resident and only one of the officers is wearing a BWC there is a good chance that the BWC will influence the behavior of the officer not wearing the BWC.

LAPD Drones Threaten Privacy

Today, the Los Angeles Police Department (LAPD) civilian police commission voted to approve proposed guidelines for a one-year unmanned aerial vehicles (UAVs) pilot program. According to the LAPD’s guidelines, UAVs will not be equipped with lethal or nonlethal weapons and will only be deployed in a narrow set of circumstances. The guideline also requires officers to obtain a warrant before using a UAV “when required under the Fourth Amendment or other provision of the law.” This looks all well and good, except that the Fourth Amendment and California law provide little protection when it comes to aerial surveillance.

The Fourth Amendment protects “persons, houses, papers, and effects” from “unreasonable searches and seizures.” Many Americans could be forgiven for thinking that this constitutional provision would act as a shield against warrantless aerial surveillance. Sadly, this is not the case. California law is similarly of little help. California is not one of the states that require law enforcement to obtain a warrant before using a UAV, with Gov. Jerry Brown in 2014 vetoing a bill that would have imposed such a requirement.  

To the LAPD’s credit, routine surveillance is not included in its list of approved UAV operations. However, the LAPD has a history of using new surveillance gadgets, and it’s reasonable to be wary of UAVs being regularly used for surveillance as they become an everyday feature of police departments’ toolboxes.

Although the Supreme Court has yet to take up the issue of UAV surveillance, it did address aerial surveillance in a few cases in the 1980s. In Dow Chemical Co v. United States (1986) the Supreme Court ruled that the Environmental Protection Agency did not need an administrative warrant when it hired a commercial photographer using a mapping camera to inspect a 2,000 acre Dow Chemical plant from an aircraft.

Pages