{"id":531,"date":"2008-02-29T13:11:21","date_gmt":"2008-02-29T12:11:21","guid":{"rendered":"http:\/\/www.itwriting.com\/blog\/?p=531"},"modified":"2008-02-29T13:11:21","modified_gmt":"2008-02-29T12:11:21","slug":"google-health-phorm-where-next-for-your-private-data","status":"publish","type":"post","link":"https:\/\/www.itwriting.com\/blog\/531-google-health-phorm-where-next-for-your-private-data.html","title":{"rendered":"Google Health, Phorm, where next for your private data?"},"content":{"rendered":"<p>Let&#8217;s look at the fundamentals. Is an advertising company an appropriate place for sensitive personal data like health records? That&#8217;s easy to answer, no matter how many privacy assurances Google gives. Google is a specialist at mining personal data; and whenever I read its <a href=\"http:\/\/www.google.com\/accounts\/TOS?hl=en\">terms and conditions<\/a> it is almost enough to stop me using its services. So <a href=\"http:\/\/googleblog.blogspot.com\/2008\/02\/google-health-first-look.html\">Google Health<\/a>? No thanks. Google, if you want to do this, split the company.<\/p>\n<p>How about this idea: some of the UK&#8217;s largest ISP&#8217;s &#8211; Carphone Warehouse, BT and Virgin Media &#8211; intend to <a href=\"http:\/\/www.phorm.com\/about\/launch_agreement.php\">hand over their users Internet history<\/a> to an advertising company called <a href=\"http:\/\/www.phorm.com\/\">Phorm<\/a>. The Reg <a href=\"http:\/\/www.theregister.co.uk\/2008\/02\/25\/phorm_isp_advertising\/\">has more details<\/a> &#8211; read the comments to get fully spooked. Someone has setup a <a href=\"http:\/\/www.badphorm.co.uk\">protest site<\/a> here. <\/p>\n<p>Phorm says it has <a href=\"http:\/\/www.phorm.com\/user_privacy\/\">strong privacy practices<\/a> that safeguard user data, <a href=\"http:\/\/www.phorm.com\/user_privacy\/EY_Phorm_Exam.pdf\">audited by Ernst and Young<\/a> [PDF]. Safeguards include:<\/p>\n<ul>\n<li>Deleting raw data after 14 days\n<li>Removing numbers longer than 3 digits\n<li>Not storing email addresses or IP numbers\n<li>Not storing form fields (thus no passwords)\n<li>Identifying users only by a random number\n<li>Analysing data only for predetermined keywords<\/li>\n<\/ul>\n<p>Happy now? No. Some of these protections are weak. For example, the <a href=\"http:\/\/www.theregister.co.uk\/2006\/08\/07\/aol_search_logs\/\">AOL search data debacle<\/a> proved that replacing IP numbers with random identifiers is insufficient protection, because users can be identified solely by their activity. This applies even more strongly to an ISP&#8217;s data, which has everything you do on the Internet, not just your search history. Second, it is an opt-out system &#8211; it should be opt-in &#8211; and the opt-out on offer is weak; it merely stops you seeing the targeted ads, rather than preventing your data being sent to Phorm. Third, the data to be mined includes all your non-encrypted Internet activity, such as reading Google Mail, and not just URLs visited. While Phorm says it won&#8217;t read it, any additional use of this data makes it more vulnerable to interception and abuse.<\/p>\n<p>What&#8217;s the answer? Change your ISP, of course; but also SSL, which encrypts your Internet traffic. Passwords themselves are inherently bad enough, without making it worse by sending them in plain text; further, we need to learn that <strong>anything<\/strong> we read or send in plain text over the Internet has been potentially been intercepted. <a href=\"http:\/\/www.infoworld.com\/article\/05\/11\/04\/45OPsecadvise_1.html\">This 2005 article<\/a> spells out what that means. My hunch is that it is little better now. If we encrypt all the traffic that matters to us, then we won&#8217;t care so much that the ISP is selling it on.<\/p>\n<p>[This post replaces an earlier draft].<\/p>\n<p>Update: <a href=\"http:\/\/www.theregister.co.uk\/2008\/02\/29\/phorm_documents\/\">More details at the Reg<\/a> today, complete with diagrams. Performance impact is also a concern.<\/p>\n<div class=\"wlWriterSmartContent\" id=\"scid:0767317B-992E-4b12-91E0-4F059A8CECA8:aba126c4-2460-40eb-baf7-bc58606b5353\" style=\"padding-right: 0px; display: inline; padding-left: 0px; padding-bottom: 0px; margin: 0px; padding-top: 0px\">Technorati tags: <a href=\"http:\/\/technorati.com\/tags\/google\" rel=\"tag\">google<\/a>, <a href=\"http:\/\/technorati.com\/tags\/phorm\" rel=\"tag\">phorm<\/a>, <a href=\"http:\/\/technorati.com\/tags\/privacy\" rel=\"tag\">privacy<\/a>, <a href=\"http:\/\/technorati.com\/tags\/security\" rel=\"tag\">security<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Let&#8217;s look at the fundamentals. Is an advertising company an appropriate place for sensitive personal data like health records? That&#8217;s easy to answer, no matter how many privacy assurances Google gives. Google is a specialist at mining personal data; and whenever I read its terms and conditions it is almost enough to stop me using &hellip; <a href=\"https:\/\/www.itwriting.com\/blog\/531-google-health-phorm-where-next-for-your-private-data.html\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Google Health, Phorm, where next for your private data?<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[44,75],"tags":[],"class_list":["post-531","post","type-post","status-publish","format-standard","hentry","category-internet","category-security"],"_links":{"self":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts\/531","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/comments?post=531"}],"version-history":[{"count":0,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts\/531\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/media?parent=531"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/categories?post=531"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/tags?post=531"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}