The Department of Homeland Security’s Privacy Office has released a privacy impact assessment, “Future Attribute Screening Technology (FAST)/Passive Methods for Precision Behavioral Screening, DHS/S&T/PIA-012(a)” (DHS pdf; archive pdf); this is an update to a Privacy Impact Assessment (pdf) released in 2008. FAST, which I wrote about four years ago, seeks to divine an individual’s criminal or benign intent from a bio scan, and members of Congress have raised privacy questions concerning the technology.

According to DHS, “FAST seeks to improve the screening process at transportation and other critical checkpoints by developing physiological and behavior-based screening techniques that will provide additional indicators to screeners to enable them to make more informed decisions. FAST is not intended to provide ―probable cause for law enforcement processes, nor would the technology replace or pre-empt the decisions of human screeners.”

Now, according to the new PIA:

The FAST research is adding a new type of research, the Passive Methods for Precision Behavioral Screening (hereinafter FAST/Passive). The purpose of the FAST/Passive study is to build upon existing FAST research using volunteers and increase the performance of FAST primary screening procedures and to increase the ability to differentiate malintent through the inclusion of passive stimuli. The aim of the FAST/Passive study is to devise passive stimuli that will evoke malintent cues and incorporate these stimuli into the FAST screening project. [...] Read more »

Last week, the BBC News reported that British Prime Minister David Cameron said he sought  change so that the National Health Service could automatically opt-in all of its patients so their medical data would be used for research. A patient would have to opt-out if he or she did not want the personal medical data to be shared. Cameron said that the data would be “anonymized,” but there are questions about anonymization and de-anonymization. (I’ve discussed de-anonymization and its privacy risks before.)

Now, the Guardian looks at the issues of anonymity, identification and patient data:

The prime minister said last week that plans to share records and other NHS data would make it easier to develop and test new drugs and treatments. The [Department of Health] says all necessary safeguards would be in place to ensure protection of patients’ details.

But Ethics and Genetics, a social and technology campaign group, says freedom of information requests show that under certain circumstances data anonymity would not always be guaranteed. Read more »

NPR reports on medical privacy and smartphone apps:

The American Medical Association just rolled out a shiny new iPhone app, My Medications, that you can use to keep track of your meds.

Mobile medical apps are a hot market, but unlike “Angry Birds,” they’re not just harmless fun. Some come with real privacy risks.

Sure, many medical apps are pretty benign. People use them to track how they’re doing with their diets or to help them stop smoking. But apps are also being used to monitor their blood sugar, chart blood pressure and screen for depression. You might be a little more concerned about strangers finding out that information. [...]

One big issue: Medical apps aren’t covered by a federal privacy law, known as HIPAA, that controls how doctors and health care providers store and share patients’ health information. [...] Read more »

BBC News reports on the issue of medical privacy in the UK:

Every NHS patient should be a “research patient” with their medical details “opened up” to private healthcare firms, says David Cameron. The PM says it will mean all those who use the NHS in England will be helping in the fight against disease.

He hopes the result will be that patients get faster access to new treatments and Britain’s life sciences sector will become a world leader.

But critics say commercial interests are being put ahead of patient privacy. [...]

The Prime Minister said it was “simply a waste” to have a health service like the NHS and not to use the medical data it generated. Read more »

The New York Times has an editorial about privacy and a case before the Supreme Court:

The Privacy Act of 1974 allows a person to sue a federal agency for intentionally disclosing personal, confidential information without permission. But the government is trying to limit the force of that law and make it harder to hold agencies accountable for such violations.

In Federal Aviation Administration v. Cooper, a case argued this week in the Supreme Court, the government contends that the statute allows a plaintiff to recover “actual damages” only for monetary losses, but not for emotional distress.

Stanmore Cooper brought the suit because in an exchange of data to identify medically unfit pilots, the Social Security Administration gave the Federal Aviation Administration confidential information that revealed that he was H.I.V.-positive and was receiving disability benefits. He was devastated when he learned of this revelation. [...] Read more »

I saw this Dilbert cartoon by Scott Adams a few weeks ago and thought it was a funny, extreme take on employers researching job applicants via online Web sites such as social networks or drug/DNA tests. Click on the cropped image to see the full cartoon.