I am rereading George Orwell’s 1984. The first time I read it was in the 1960s. Reading it again I wonder if he shouldn’t have titled it 2014. The book is closer to reality now than it ever was. No, we don’t have a dictator named Big Brother looming over us. But the ubiquitous electronic surveillance that the book describes has come to pass. In Britain there is one video surveillance camera for every 11 people. In the United States the National Security Agency (NSA) has been reauthorized by a secret FISA court to continue recording “meta-data” on all cell phone calls within the country. It has been revealed that the NSA has been recording all voice calls (including those of Americans traveling or living abroad) in at least one foreign country and has plans to expand the program. On the corporate front, Google scans my Gmail and search history and presents me with targeted ads. I voluntarily disclose personal information on Facebook and Twitter. The IRS knows all about my finances. My medical records are all digitized and stored in computer servers. My photos and documents are somewhere in “The Cloud” which sounds better than the reality: on some hard drive on some web server in a location unknown to me, tended by strangers. My life has been encoded into ones and zeros stored on computers scattered across the globe, and everyone wants a piece of the action. We have all allowed this situation to develop haplessly, many even welcoming these changes as a necessary response to the attacks of 9/11/2001. The government was able to take advantage of the fear engendered by these attacks to chip away at our Fourth Amendment rights to protection from unwarranted search and seizure of property. As Orwell says, from the point of view of our masters, IGNORANCE IS STRENGTH.
The Heartbleed Bug is a reminder of our vulnerability. He who lives by the sword dies by the sword. Software is powerful but it is also fragile. We have put all our information into one basket, and, to mix metaphors, Heartbleed revealed it is a leaky basket indeed. There are bad guys out there who want our data. My website gets attacked daily with brute force attempts to log in by guessing my password. I know this because my security software automatically notifies me and blocks the attacking site. My site has been successfully hacked in the past. It is a constant battle keeping one step ahead of the attackers. If you run the program Wireshark which inspects data packets arriving to your computer from the Internet, you can see that brute force password attacks are happening all the time. And if this happens to a minor target like my website, then more important sites are even more heavily bombarded. With results. Witness the Target credit card breach.
Now that all our private medical data has been or is being transferred to electronic form due to government mandates in the US, how safe is it from attack? I think you know the answer. Unlike Heartbleed which was a vulnerability in an open source implementation of the SSL protocol, medical electronic health record (EHR) systems provided by EPIC, Allscripts, Cerner, and others are proprietary systems, with closed-source software, not open to review by outside experts. The Heartbleed code, being open source, was readily reviewable by anyone, and despite this the flaw in the code was not picked up for two years. Are there flaws in the coding of EHR systems? As all software has bugs, the answer is undoubtedly yes. Could a large medical information breach happen akin to the Target credit card breach? Certainly.
It is frightening to consider the economic value of the medical information that these various private EHR companies are sitting on. Wouldn’t a potential employer want to know about your history of depression? Wouldn’t the drug companies love to know what’s in these database files? Targeted drug ads, anyone? After being sent home from the hospital following a myocardial infarction, will my Google search page include ads for the latest anti-platelet drug? There are plenty of companies who would pay a lot of money for this kind of information. Could your EHR company sell your data? Not legally, at least not now. But the data could be stolen and sold. And, given how the US has become more and more ruled by corporate interests, I wouldn’t be surprised if the selling of your private medical information does become legal some day. You did read that EULA thoroughly before clicking on the OK button when you signed into your doctor’s office, didn’t you?
In the 1960s television series, The Prisoner, Patrick McGoohan proclaims “I am not a number, I am a free man!” Like the book 1984, quite prophetic. Even the tiny video cameras of the 1998 movie “The Truman Show” have come true with cell phone cameras everywhere. We are a nation of voyeurs and exhibitionists, watching our reality shows and posting everything about ourselves on Facebook. Giving up our privacy is partly self-inflicted but also the result of data collection by Big Brother in the form of government and big business. In 1949, when 1984 was published, the technology didn’t exist to implement the invasion of privacy he envisioned. In 2014 that technology is here and the genie is out of the bottle.