Guest post by Pierluigi Stella, co-founder of Network Box USA.
I live in Houston and have an EZ-tag in my car, so I can “zip” through the toll booths without stopping. Should I be concerned that my driving speed is being recorded and, perhaps, some day shared with my insurance? Yes, federal law says that it can’t be done, but the Constitution also says the government can’t spy on us!
I visited a specialist recently for a minor procedure. He then proceeded to share the results thereof with my family doctor via EMR. In fact, all my health records are stored electronically. Should I be concerned that my medical insurance may be able to see things I wouldn’t necessarily like them to see? Maybe they can’t, but then again, see above!
Browsers download tracking cookies on my computer so companies can better “tailor” advertisements based on my browsing habits. Which literally means they WILL share that information, though they never asked me if they could even plant that cookie in the first place. Should I be concerned?
I too have a Facebook account and that is a source of grave concern.
My iPhone has a GPS and apps can track where I am, any time. Yes the phone asks for my permission; but first, I can’t be sure that when I press “Cancel” it actually does deny that action. Second, when for my own convenience I press “Continue,” where is that data going? This morning I was looking for a pharmacy using my iPhone, and when asked, I pressed “Continue,” so I allowed the map app to know where I was.
Where did that information finally end up? What if based on that map app, someone snooping around knew I was 10 miles from home and grabbed that opportunity to come burglarize my house?
Everything we do electronically is stored somewhere and can easily be correlated to other data to infer all kinds of information about us. We go to the grocery, pay with a debit card; what we buy is easily associated with us forever. They probably know things about me that even I don’t know.
I could likely continue this list for hours.
The point is, we have the technical capacity to store an incredible amount of data and to basically track anything and everything, at any time. So, the answer to the initial question “can the NSA get my health records” is “sure they can, if they want to.” Should I be concerned? Personally no, since I’m perfectly healthy; but it all depends on what you’re hiding. I’d be more concerned about my freedom of speech than my health records. Sharing with the world that I have a stomachache isn’t as big a deal as having to be careful about what I say or write, and having to worry that it may be used against me.
My opinions, what I think, what I write, what I say, are always going to be of higher value than my health records to anyone who wants to control my life. Should all this even be happening, you ask? Certainly not. But it is happening, and right now, we have bigger fish to fry than to worry about our health records.
Our government is spying on us, on our conversations, on our ideas; it is breaching the very foundation of the first Amendment. And that is what concerns me (not my medical records).
At least, not until I find out how they could be used against me.
After 15 years at IBM, Pierluigi Stella co-founded Network Box USA (the American division of Network Box Corporation Ltd) in 2003. As CTO, he has extensive knowledge of security issues with emphases on the financial; banking; hospitality and travel; healthcare; and education sectors.
Stella has been featured in SC Magazine; USA Today; LATimes.com, Dark Reading; NYTimes.com; Tech News World; Better Banks System; PC Mag; Communications News; PC Today; CU Times; and Tech Port. He is a frequent Featured Expert Contributor on CUinsight.com and has also been profiled in the Houston Business Journal as well as Houston Public Radio. A regular sight at premiere trade shows and industry conferences, he has presented, among others, at the ISACA/IAOP 2011 Risk Management & Data Security World Conference in Denver.
In the year 2008, Stella was a contributor to the European Networks and Information Security Agency (ENISA)’s “Cloud Computing Risk Assessment” project which analyzed data protection and data security issues.