Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //


01:25 PM
Connect Directly

Privacy Versus The 'Tyranny Of The Algorithm'

Health, social media, buying trends, and other data and activity are routinely bartered for profit, but at what cost to the consumer or user?

PRIVACY XCHANGE FORUM 2014 -- Scottsdale, Ariz. -- There's the black market trade of patient medical information, and then there's the legal one. Twitter, for example, sells tweets that mention mind and body wellness to some data analytics firms, privacy advocates say.

"The worst thing possible has happened: Information about our minds and bodies is for sale and in millions of databases," Dr. Deborah Peel, founder and chairwoman of Patient Privacy Rights, said here at the Privacy XChange Forum this week.

A recent study looked at more than 500,000 tweets about depression, took 4,000 tweets that mentioned a diagnosis or medication, and followed those Twitter users in order to create an app that predicts suicide. This use of tweets crosses a line, Peel said. "This is far more intrusive" than standard data-gathering from social media.

"There's so much legal trade in medical data now," said Peel, whose organization advocates for patients' rights to control the bartering and use of their electronic health record information and activity. You can't stop the data collection, but there needs to be a "chain of custody" and some boundaries and disclosure for patients.

Medical data is also valuable to criminals, and medical identify theft often takes longer to discover than other types. By the time many victims learn that their medical insurance was used by someone else, their insurance carrier may have dropped them or jacked up their premium, according to Peel. Criminals are after electronic medical records, as well as prescriptions and insurance information to pay for their own medical expenses or to acquire prescription drugs illegally.

Cybercrime today is dominated by theft of payment cards and other personally identifiable information that can be monetized easily and quickly in the online carder community and other nefarious forums. But consumers and users are also at risk of their privacy being abused or inadvertently exposed to attackers by legal data brokers (a.k.a. data analytics companies), whose business is all about the gathering, buying, and selling of information that can be aggregated into intelligence for marketing and business purposes.

The Internet of Things also comes with privacy and security implications. Kevin Ashton, general manager of Belkin International's Conserve and a creator of sensor-based technology used in smart grids and smart meters, says the convenience of emerging network-connected devices also comes with some risk. "It means your privacy is not just at risk when you interact with a device, but your privacy is now at risk when you interact with the world" of devices around you, he said in a keynote address here.

"Privacy is not the default setting," he said. And most free online things come at the price of privacy. "If you're not paying for it, you're the product. The price online is free, but not free of the cost of personal privacy."

David Vladeck, former director of the Federal Trade Commission's Consumer Protection Bureau and now a faculty member of Georgetown University Law Center, says data analytics companies hire data analysts and cognitive psychologists to manipulate consumers into certain purchasing decisions.

Jonathan Mayer, a computer scientist and lawyer from Stanford University, led Vladeck and Jules Polonetsky, executive director and co-chairman of Future of Privacy Forum, in a head-to-head debate at the Privacy Xchange Forum over controversial ways companies like Target and Facebook have used customer and member information.

"It's what I call the tyranny of the algorithm," Vladeck said. "What happens on the Internet is driven by algorithms. There are ethical constraints that need to be debated."

Mayer cited a recent social experiment by Facebook and Cornell University, where Facebook skewed some members' news feeds to show positive-sounding posts to see if it would result in more positive engagement on the social network.

"How we police algorithms and ethics will be the defining moral and ethical issue for this generation," Polonetsky said of the study. "Where and when are these decisions going to be shaped by corporate greed? Government benevolence? We don't even have a clear way to think about it."

Then there's the problem with the quality of the data being gathered by the major data brokers. Vladeck cited a recent Federal Trade Commission report on nine of the largest brokers. The report found that much of the data they are gathering is of poor quality, and some of it is inaccurate. "They get about half of it right and half of it wrong," he said.

Meanwhile, privacy is not exactly high on the corporate budget priority list. A new survey of Fortune 1000 companies by the International Association of Privacy Professionals found that, though 33% plan to hire more staff with privacy skills, the privacy budget today is dwarfed by the average security budget. Privacy gets about $2.4 million per year from the average Fortune 1000 company, while security gets about $4.1 million.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
11/6/2014 | 10:43:21 AM
Re: Attack of the Killer Algorithms..
You have some interesting stuff on your blog,  @MedicalQuack. Thanks for sharing. I'm reposting the live link here for others who might want to check it out. 
User Rank: Apprentice
11/6/2014 | 9:47:17 AM
Attack of the Killer Algorithms..
I started a series of blog poss called the Attack of the Killer algorithms with links and videos people smarter than me that helps the layman understand what is happening out there and then it grew to it'own page where I put most of the material together.  It gets quite  a few hits and from big companies.  One day even Acxiom even came out of the blue to address me on this topic.  MasterCard is another one who is selling data transactions to anyone who will buy just about.  I warned about that twice before they set up their big ecommerce center as they made big announcements about it.

Just go and search Killer Algorithms and find the page.

This is correct, it's all the algorithms and in fact is a big reason why the rate of inequality is growing at such a rapid pace as people are denied acess to something and much of it is flawed data.  I have had my own issues with flawed data with a couple aliases being added when people look me up and I have never used an alias.

I have a campaign I started to create a law to index and license data sellers, so we know who they are are news ones pop up right and left.  I just revised the campaign to a new page and there's links there too with a number of my numerous posts.  I used to be a developer and data base person so I know what's occurring here. 

It is the hardest thing for consumers to understand too as they can't see any of this as it runs on servers 24/7 and as you said, it's the algorithms.  I have been working on the campaig for about 3 years and write the FTC weekly along with a few members of Congress.  We license things that have much less risk exposure and we need the index so when the data is flawed, we know where to go to correct it when we are denied access and that's a problem, ask me. 

You can't find all of the repackagers and once it get data removed from one place it comes back up again and again.  Consumers need a look up list of all data sellers so at least we can have an idea of where to go to fix the errors otherwise we are stuck. 
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
11/5/2014 | 4:23:36 PM
Frightening & depressing
It's one thing for our governnment to erode our civil liberties in the name of security. But the "tyranny of the algorithm' is even creepier. $ShadesofHal  #2001ASpaceOdyssey
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-03-01
In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access.
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.