I know the EFF focuses specifically on informational issues, but stirring outrage over one abuse of a captive market when such abuses are by design is a disservice to general sanity.
It's ridiculous how many times I've seen this happen before.
The fact is that uninsured people has a devastating effect on the economy. It prevents movement of labour, affects productivity, promotion to higher socio-economic levels, prevents people starting businesses, affects crime and countless other social effects. You need to force people who don't think they need it to have it.
Your points about uninsured are valid, but it's much more complicated than just saying 'hey, you guys should insure everyone'. So I generally try and observe from the sidelines.
Does your boss decide what your health insurance will be?
Are health insurance companies in Australia publicly traded for profit corporations?
There's other questions I have but I wont ask because I feel that people may take them as attacks. (I don't mean to attack)
>it was driven from the needs of the government not the needs of the health care industry.
The white paper that became thd affordable care act was written by Liz Fowler who was a VP at one of the largest health insurance companies. After the ADA was passed she became a lobbyist for a major pharmaceutical company.
There are plenty of non-buggy software projects in captive markets. It's not an excuse. This is not a political problem, it's an engineering one.
Kind of like those toilet paper dispensers in public bathrooms that require a key to open and make it as difficult as possible to unroll a few sheets of what feels like sandpaper. Georgia Pacific has no reason to care about the person sitting there, powerless, on the toilet. Terrible user experience!
I think the really big penalties come into play when medical information is 'personally identifiable'. Since this data is going to Google, Facebook, and Twitter (really?!) with 3rd party cookies, or even without, it would be hard to argue this data is not personally identifiable.
It's not like they didn't know they weren't sending this data out. Or perhaps the highly advanced debugging prowess of "Chrome Inspector" is beyond their pay grade.
Edit: Oh it's not even just Referral leak it's actually it the request in some cases, so blatantly intentional. :-(
Be careful about throwing the term intentional around. There is nothing to suggest this is the case. It's just a shocking breakdown in security/testing processes and/or a bug. We see security/privacy issues everyday. They are almost never intentional.
Somebody had to specifically code the application to concatenate into the string:
> smoker=1&parent=&pregnant=1&mec=&zip=85601&state=AZ&income=35000
https://4037109.fls.doubleclick.net/activityi;src=4037109;ty...?
Unfortunately, a quick Google search doesn't explain what the oref parameter does but from the name I'm assuming it's something like "original referrer".
You don't need malice to explain this – it's entirely plausible to imagine that some people wanted to track user activities and they had a staggering lapse in HIPAA auditing due to the rush of getting the site out and stabilized.
https://www.healthcare.gov/see-plans/85601/results/?county=04019&age=40&smoker=1&parent=&pregnant=1&mec=&zip=85601&state=AZ&income=35000&step=4
There's plenty to be legitimately upset about here, but your comment ("specifically code the application to concatenate") seems to imply the code has something outrageous like "&pregant="+currentUser.pregnant+"&smoker="+currentUser.smoker somewhere, without you giving any evidence that's the case.
Medicare spokesman Aaron Albright said outside vendors "are prohibited from using information from these tools on HealthCare.gov for their companies' purposes." The government uses them to measure the performance of HealthCare.gov so consumers get "a simpler, more streamlined and intuitive experience," he added.
http://apnews.myway.com/article/20150120/us--health_overhaul...
I hope I live to see the day that the laws are twisted and shredded such that all corporate-government data about every person is available for purchase. I'd love to have that detailed record of everything I've said, thought, places I've been, etc since ~Y2K. How cool would that be?
I've heard it said that future cultural anthropologists of the future will absolutely love mining the rich personal data coming out of this period of time.
Former Anthropologist here.
While culturally speaking it will be interesting, up to a certain point in human history there has always been physical things left behind by cultures to denote their existence.
As our whole lives have become digital, once the servers are gone, the pseudo physical evidence will vanish. One of my professors told me in passing in the early aughts that, "This generation (meaning the Y generation) will barely leave a trace of its existence in 200 years."
He inferred that once technology has evolved past our current rate of burn, the mechanisms by which we preserve our memories will be forever wiped out. He made a note of saying, "When was the last time you used something physical to create, retain or share your memories?" When was the last time you printed a photograph? Listened to a music album? Once the devices by which we save our memories become obsolete, so does our existence.
It caught me off guard, and was. . one of those times where you stop and wonder what people will dig up in 2-300 years from now and discover about our civilization? Will it all just be zero's and one's on a server somewhere?
There will be hard drives left around by individual consumers, I suppose, but the vast majority of all those that exist today are likely to be deliberately destroyed. We're so good at copying and replicating data these days that we no longer rely on hard drives for data permanence over long periods.
Perhaps, but I tend to believe the data, as we depend more and more on the 'cloud' won't be tied to physical mediums (or particular physical mediums) and instead be towed along as technology and the mediums improve.
100 terabytes of information now will likely be absurdly easy to store 100 years from now, and we don't lose what we have now because data centers will just upgrade and move the data to better storage platforms as they are invented and deployed.
Athropology of the future may not include digging up hard drives in garbage dumps. Instead you just run the latest google search.
Why do you think most megalithic structures were made of concrete? The Ancients intended them to last a lifetime.
It's one thing to send session length, general location, usage stuff like that to see where, for example, awareness campaigns might be needed. But really:
smoker=1&parent=&pregnant=1&mec=&zip=85601&state=AZ&income=35000
[...] citizens "are prohibited by law from stealing other people's belongings"
To the other point about this information not being appropriate for the purposes Albright mentioned: Isn't this exactly the information that a health insurance company wants to know for outreach? If I know that all the pregnant women in Tuscon are signing up but none from Pheonix, I suddenly know where to put my next billboard or field office.
If this was a private sector company, nobody would be surprised at collecting this data. It would also be a different story if the data was being stored and analyzed in house or even if the doubleclick request happened on the server side instead of the client.
I agree with the general sentiment that this is a privacy violation, but that's because of the way that the data is collected and who processes it, not the collection and use of the data generally.
HealthCare.gov uses a variety of Web measurement software tools. We use them to collect the information listed in the “Types of information collected” section above. The tools collect information automatically and continuously. No personally identifiable information is collected by these tools. https://www.healthcare.gov/privacy/
Note the last sentence is in bold on the actual web page.
A Department of Health and Human Services organ called the Centers for Medicare & Medicaid Services is responsible for the site. An enterprising HN reader might want to skim through the CMS (very long) privacy impact assessment to see if there are any other incorrect claims about Healthcare.gov: http://www.hhs.gov/pia/cms-pia-summary-fy12q4.pdf
It will be interesting to see if anyone gets fired as a result of this particular privacy screwup. The buck should stop somewhere, right?
Is there any way to split this up so each person is responsible for a section? you'd miss a lot by missing context... but if the section readers bullet pointed everything, that could be combined into a larger context.
Or, in HN speak, we could crowdsource a real-world Map/Reduce job to support big data in the citizen-scientist.
I guess this is the final nail in the coffin for the 'many eyes' theory though.
At least it will make a good t-shirt;
"Query String Parameters Are Not Private"
"Friends Don't Let Friends Store PHI in Query Parameters"
It's certainly possible that a given individual is meaningfully responsible for a problem and that they are incompetent, but it isn't necessarily the case. If the actual problem is organizational, a scapegoat just papers over it, it won't fix anything.
My point is a broader one: When you have committees and subcommittees and working groups and HHS IT people and CMS IT people and task forces and contractors and subcontractors and new replacement contractors (Accenture) and undersecretaries and sub-sub contractors and assistant secretaries and White House aides and political consultants and PR firms and deputy chiefs of staff and deputy undersecretaries all participating to some extent in the $1B+ process that is the supremely functional Healthcare.gov site we all know and love, the buck can be passed endlessly.
But in all that morass of a process, someone was or should have been responsible for ensuring that standard privacy practices were followed. To her credit, Kathleen Sebelius resigned last year (though not immediately) as a result of what the NYT called the "disastrous rollout" of Helathcare.gov. It is worth looking at whether there is any accountability in the form of dismissals or resignations with this privacy snafu.
If there is not, we should draw our own conclusions.
To my point, Sebelius resigning didn't do anything to prevent this (apparent) mistake.
DoubleClick is a subsidiary of Google which develops and provides Internet ad serving services
> I've been working on healthcare.gov for the last few months
(I wrapped up my involvement several months ago, but others helping out with this open enrollment period.)
Am I correct in thinking that the cheery use of passive voice means you're under quite a serious NDA?
"...consequences such as when Target notified a woman's family that she was pregnant before she even told them. "
I've heard this story referenced time and again with respect to motivating people to care about privacy and tracking. I'm all for privacy, but I feel like: (a) we should have more recent anecdotes about the consequences of tracking than a story from 2012, (b) the mechanism that Target used to infer this is far less intrusive (not making it OK) than what we see here, and (c) its really not strong enough an example.
Not that speculation is the way to go, but what about the possibility of someone being turned down for life insurance due to this information?
[1] https://www.eff.org/deeplinks/2013/12/nsa-turns-cookies-and-...
https://www.irctc.co.in/eticketing/loginHome.jsf
536 Global Rank (50 in India): http://www.alexa.com/siteinfo/www.irctc.co.in
http://builtwith.com/detailed/healthcare.gov
The only non-ad tool they added was the Twitter Platform to their homepage. Lots of data leakage points though.
We avoid this entirely (also hosting medical data), though it's been a bit of extra work to do so.
I'm sure Chartbeat, Mathtag, Mixpanel, Google, etc. are reasonably careful about their security, and of course they would suffer as well if one of the servers/scripts was compromised and the breach was made public.
But in short -- healthcare.org's security relies on the idea that none of these many 3rd parties will ever have a CDN server compromised, for example. Or (in other situations) have the NSA demand access.
It just takes one -- and then an "improved" script could be delivered to only clients visiting a single targeted site, or even specific targeted clients. The normal customer just sees the lock icon and can verify that there's a secure connection to the main host; but there are actually many other connections going on to other hosts, and any of them may provide a script that can access any sensitive data on the page.
- 0 Facebook, 3 Google, 0 Twitter
- 0 Advertising
- 6 Analytics: 1 ClickTale, 4 MixPanel, 1 Chartbeat
- 0 Social
- 6 Content: 3 Google, 3 Optimizely