A new article in Communications of the ACM by Timothy Libert, a doctoral student in the Annenberg School for Communication, demonstrates that web sites – including government web sites such as CDC.gov and Healthcare.gov – pass personal health information to companies that are not subject to regulation or oversight.
- Libert, Tim. “Privacy Implications of Health Information Seeking on the Web.” Communications of the ACM 58, no. 3 (February 23, 2015): 68–77. [free copy at arxiv] [subscriber only copy at ACM doi:10.1145/2658983].
Brian Merchant provides a non-technical summary and analysis of Libert’s paper:
- Looking Up Symptoms Online? These Companies Are Tracking You, by Brian Merchant, Motherboard (February 23, 2015)
Libert says that this health information may be inadvertently misused by some companies, sold by others, or even stolen by criminals. He identified more than eighty thousand unique health-related Web pages and monitored the HTTP requests initiated on the page to third parties by companies such as Google, Facebook, Twitter, Experian, and Acxiom. Ninety-one percent of those pages make such third-party requests, putting user privacy at risk. Some 70% of those third-party requests transmit information on specific symptoms, treatments, and diseases to those companies.
Merchant explains: “[T]he CDC has installed Google Analytics to measure its traffic stats, and has, for some reason, included AddThis code which allows Facebook and Twitter sharing; … the CDC also sends a third party request to each of those companies. That request… makes explicit to those third party corporations in its HTTP referrer string [what you searched for]… From there, it becomes relatively easy for the companies receiving the requests, many of which are collecting other kinds of data (in cookies, say) about your browsing as well, to identify you and your illness. That URL, or URI, which very clearly contains the disease being searched for, is broadcast to Google, Twitter, and Facebook, along with your computer’s IP address and other identifying information.”
“Given that I found Experian tracking users on thousands of health-related web pages, it is entirely possible the company not only knows which individuals went bankrupt for medical reasons, but when they first went online to learn about their illness as well…”
Merchant also quotes Libert on alternative search engines:
“Even if you use an iPhone, DuckDuckGo, and Hotmail, the second you open your browser there is a huge chance Google gets your data.” That’s because Google is absorbing your information through a variety of hosted services and domain names, from Google Analytics, which measures site traffic, to DoubleClick, an advertising service, and YouTube, its video platform.
Wikipedia was one of the only sites that trafficked in health information that sent no third party requests to corporations.
Here Are the Agency Websites Google Doesn’t Think are Mobile Friendly, By Hallie Golden NextGov (April 22, 2015).
Google’s newly implemented policy to adjust mobile search rankings based on a website’s mobile friendliness could leave some federal websites on a Google search engine’s dreaded second page — at least when users search from a smartphone.
Eleven sites were deemed “not mobile friendly” by Google including the EPA, the IRS, and NARA.
Companion bipartisan bills have been introduced in the House and Senate to amend the Computer Fraud and Abuse Act (CFAA). The legislation was inspired by the late Internet innovator and activist Aaron Swartz, who faced up to 35 years in prison for an act of civil disobedience. Senator Wyden said:
“Violating a smartphone app’s terms of service or sharing academic articles should not be punished more harshly than a government agency hacking into Senate files,” [apparently referring to a CIA report acknowledging it infiltrated Senate computers]. “The CFAA is so inconsistently and capriciously applied it results in misguided, heavy-handed prosecution. Aaron’s Law would curb this abuse while still preserving the tools needed to prosecute malicious attacks.”
- Wyden, Lofgren, Paul Introduce Bipartisan, Bicameral Aaron’s Law to Reform Abused Computer Fraud and Abuse Act. Senator Ron Wyden, Press Release (April 21, 2015).
Aaron’s Law’ focuses penalties on malicious hackers, By Cory Bennett, The Hill (04/21/15 04:17 PM EDT).
SECTION-BY-SECTION SUMMARY of Aaron’s Law Senator Ron Wyden (D-Ore.).
H.R.1918 – To amend title 18, United States Code, to provide for clarification as to the meaning of access without authorization, and for other purposes.
S.1030 – A bill to amend title 18, United States Code, to provide for clarification as to the meaning of access without authorization, and for other purposes.
The Commerce Department has announced a redesigned section of its website to better integrate its catalog of its more than 40,000 publicly available data sets into Commerce.gov via Data.Commerce.Gov.
- Commerce Announces Redesigned Website, Furthering Commitment to Expand Data Access U.S. Department of Commerce, Blog (April 20, 2015).
- Commerce Data Hub.
The announcement says:
Data.Commerce.Gov is still a work-in-progress and there are many additional improvements that are still on the horizon. For example, the new layout has the data organized in the organizational structure of the Department of Commerce (e.g. Census Bureau, Patent & Trademark Office, etc.) and not necessarily how data customers want to interact with the data (e.g. Housing assistance, climate change resiliency, etc.).
Additionally, savvy data consumers will notice that the individual Bureau catalogs do not roll up perfectly to the catalogs on Data.gov. Given the size of our full data catalog, the entire Department of Commerce is working hard to increase this public inventory.
Finally, we expect to continue to improve the mobile experience on this section of the website in the near future. Bucking previous tradition of how massive technology deployments were done in the past, the Department of Commerce is launching this improved data portal as part of a developing tradition of rapid, technology iterations.
Departments listed at Data.commerce.gov include:
Bureau of Industry and Security
Bureau of Economic Analysis
Economic Development Administration
Economics and Statistics Administration
International Trade Administration
Minority Business Development Agency
National Oceanic and Atmospheric Administration
National Institute of Standards and Technology
National Telecommunications and Information Administration
National Technical Information Service
U.S Patent and Trademark Office
See also: GPO: Designer of Government Websites.
May 1 Named National Day of PACER Protest, by George H. Pike Information Today NewsBreaks (April 21, 2015).
Advocates for free access to legal information on the internet have proposed May 1 as the National Day of PACER Protest to encourage the federal courts to remove cost barriers to a wealth of information from the nation’s courts. PACER (Public Access to Court Electronic Records) is a service of the Administrative Office of the United States Courts’ Public Access and Records Management Division. It allows access to most of the documents that are part of litigation filed in the federal trial and appeals courts. This access, however, comes at a cost and has a user interface that one critic describes as “an inexplicable unusable disaster.”