Thursday, April 12, 2018

Q Toon: All Your Data Are Belong to Us

While Facebook has been getting a lot of attention from Congress and the mainstream media this week, Grindr has also had to hastily explain to its customers that its same-sex dating app has shared users' HIV statuses (stati?), with two outside analytics firms.
Further analysis also revealed that Grindr is sharing users’ precise GPS position, sexuality, relationship status, ethnicity, and phone ID to other third-party advertising companies. This information – which didn’t include HIV status data – was sometimes being shared in a ‘plain text’ format, which meant it could be easily hacked.

Anyone who uses a computer hooked up to the internet has seen their privacy eroded bit by megabit over the years. Those cookies piling up unseen in the bowels of our computers are, we are told, essential components of our on-line existence. But they result in experiences such as this: I was looking for some sheet music on-line last week, and ever since, the advertising on has been nothing but sheet music.

You no doubt have had the same experience. Well after you bought that clothes dryer at Best Buy, every Dick and Harry seems to be trying to sell you another one.

Facebook took that business even further, enabling Big to glean everything knowable about you because some idle friend of yours on Facebook answered a questionnaire to find out which H.R. Puff'n'stuff character he is, or decided to prove that, why yes, she could indeed think of a word that contains a vowel, so there!

Then, through no fault of your own, your news feed becomes rife with stories about Hillary Clinton wanting to confiscate everyone's clothes dryers.

Now, as for the Grindr breach, the company assures its LGBTQ users that their data was shared responsibly, and that they're in no danger of it (them?) getting out to potential employers, TMZ or Vice President Pence.
Still, [chief security officer Bryce] Case defended Grindr's decision to share the data, arguing that Apptimize and Localytics are simply tools to help apps like Grindr function better, and that the information was not shared to make money or for other nefarious purposes.
Case stressed that the HIV data had only been shared with Apptimize as part of Grindr's standard rollout procedure for new features on the app. In this case, it was part of a new opt-in feature that would allow users to be reminded to get tested for HIV. The company stopped sharing the information with the third party when the feature was rolled out last week, Case said.
Whether or not Grindr's users begin to shy away from the company's outreach efforts, this episode demonstrates the need to update the 22-year-old rules for patient privacy observed by every hospital, doctor, and insurance company in the country.
Grindr data breach is a wake-up call for policymakers to revisit and revise privacy regulations, specifically the Health Insurance Portability and Accountability Act (HIPAA). Since 1996, HIPAA has governed the patient privacy and protection of private medical information. Back then, policymakers did not foresee situations in which sensitive medical data is shared with a platform that is not involved in medical care. Therefore HIPAA only covers medical providers and their business associates and does not pertain to platforms such as Grindr. Had a similar breach happened at a hospital, the Department of Health and Human Services (HHS) would immediately start a thorough investigation, fine the hospital, and ensure that adequate policies are in place to prevent breaches in future.
Under the Corrupt Trump Administration, I doubt that any investigation into Grindr's data breach would not be focused on protecting user's privacy but in shutting the app down, or at least ferreting out gay, bi and trans soldiers in the armed forces. And I shudder to imagine what the congressional hearings would be like.

No comments:

Post a Comment