> “Any governmental assurances to keep your data safe have as much value as a truckload of dead rats in a tampon factory.”
Remember this. I expect every piece of data given out to the government or to private organizations to sit in the databases of every major intelligence agency, and will not be surprise if it's all exposed to the public domain through data aggregation companies in near future.
i don't expect corporate databases to be secure. but, if/when single-payer healthcare is implemented in the US, data leaks and breaches will occur often.
i guess the difference is optical: instead of blaming the evil corporations, we'll blame the evil government.
> also an aspect of a single-payer healthcare plan?
Note: single payer healthcare systems are about who pays, not who provides -- it's even in the name. So here, hospitals and clinics provide healthcare while the government pays those hospitals and clinics. There's no reason for the government to know John Doe's enlarged prostate medication because that's between the doctor and patient.
> if/when single-payer healthcare is implemented in the US, data leaks and breaches will occur often
Can you provide numerous links to stories about Medicare and Medicaid personal data being exposed to the public? And if so, do those breaches outweigh the cost of (in the single payer case) millions of people without healthcare, increased costs, and worse health outcomes?
> the government is paying for it and expects to know exactly what it's paying for
To embellish on this point, if you have a system where the government doesn't know what John Doe's healthcare providers are billing for and blindly cuts a cheque, expect to have lots of John Does having lots of very-expensive procedures.
Only if it's federal single-payer, rather than state-by-state (the latter is quite possible - it's how Canada does it). And assuming the existing law wrt taxes and abortions stays in place, of course, which I doubt if we ever get close to the numbers necessary to pass federal single-payer.
I think the Charlie Gard case proves your first point wrong. The government absolutely will know in such a system, it has to in order to decide how limited medical care resources will be distributed. Every citizen won't be able to receive an unlimited amount of expensive healthcare procedures.
The Gard case has nothing to do with ability to pay. Cost of care wasn't a feature of any of the decisions or of any of the various court cases.
Money is not the problem in the Charlie Gard case.
The case is not between the parents and the government, it's between the parents, the child, and the hospital. The child has received world class medical treatment; the hospital can't just kill the child (as would happen in the US, and happens every day) - the hospital has to go to a court and persuade a judge. The parents have their legal representation (and you can say that they should have been eligible for legal aid), the child has his own legal representation paid for by the state, and his own guardian to represent his best interests.
Does that actually happen in the US every day? The hospital is keeping a kid alive, they decide it's better to kill the kid, so they kill the kid? Am I misreading you or is that what you're saying happens?
It's been my experience (anecdotal as a person in a family of 8 MD's including pediatricians) that the US actually keeps people alive way past the point where it's appropriate to do so - family has the right to force emergency life-saving procedures and hospice-type end-of-life care isn't as common.
Actually, reading the blogs, that's what the parents are trying to do - send the kid to the US in an attempt to save his life, and the UK says that's cruel and he should be allowed to die.
US will provide emergency care (although someone will still get billed for it - if not the patient, then their parents). But that literally means emergency, like life support. If what you require in order to not let the illness progress to the point where you need life support is some expensive surgery, and you don't have insurance that covers that, you're not getting it.
Similarly, for non-life-threatening health issues, you'll get emergency care that treats the immediate symptoms of whatever your problem is (and you'll get billed for them, and be expected to pay), but you get no treatment for the problem itself.
The Gard case didn't have anything to do with limited resources. The parents, doctors, and courts were arguing over what was in Charlie's best interest. There was no argument that his care had become too expensive.
No, it's not. Or at least not necessarily. Here in Norway all doctor offices and public hospitals are independently operated at some level (there are hospital regions though). We are however in the process of introducing a shared journal system which will result in all of these providers sharing information about patients. This information sharing is also something that can be done in fully privatised (aka uncivilised) systems such as in the USA, so it's not really a trait of public healthcare system. But while sharing the information has a lot of benefits, there is as you mentions huge risks with data breaches as data will be sent around. And something we have been discussing here in Norway recently due to a few outsourcing as well as software data access issues. But nothing compare to this case in Sweden.
> i guess the difference is optical: instead of blaming the evil corporations, we'll blame the evil government.
One difference is that corporations can be more easily taken to court. It's more difficult to hold the 'government' accountable without it being political. I don't necessarily know how to remedy that, but it's a different class of problem. Maybe there should be more personal liability for the individuals in these agencies?
We should open that data. Every single human would have a record in a freely accessible, distributed database with (at least) a highres full body shot, name and a date of birth. Maybe add "full DNA sequence" in there when it gets cheap enough.
There are definitely downsides (corporations having access to this will get annoying), but some of us (me and (I think) you) are already living as if this is the case, and this would teach people that this is the world we live in and remove some inefficiencies and let people build things like a global facial-recognition based authentication system.
You were right to use a throwaway. This is a stupid idea. Are you interested in fixing the problem and protecting people's information, or are you only interested in creating more surveillance and data minding opportunities for people?
Radical transparency has massive downsides, yes, but it's not completely black and white. I can see some interesting arguments for it as well as many against it.
Your comment says nothing. I'm glad you can think around a problem and tell me that you're capable of that, but what the Guardian is positing is "you can't steal our data if we give it to you!"
Way to beat them at their own game. It doesn't make it any less asinine.
One guy working in IT at the department in question apparently lost his job for refusing to implement this. He was also the one whom informed SÄPO about this.
The thing that really gets to me is that I have no way of opting out of having my personal details in the governments databases. Compared to a private company which if I don't trust I simply avoid. It can't leak data it doesn't have. But I'm completetly defenseless against my goverment.
And I know of no serious politician (I'm Swedish) that talks about these issues. Which means I can't vote for better policies. Society is so far behind on understanding privacy issues and the impact of these shoddy practices.
...which you can opt out, and contrary to what you might believe, it doesn't send every site you visit to google (it queries a local bloom filter first)
I don't use most Google services, and when I do they're sandboxed, but Google cookies are omnipresent. I have no faith that my incognito efforts are all that incognito.
In the particular case here you could opt out by not having a driver's license. Perhaps not the most practical way of opting out, but this leak only concerned driver's license data.
Yes, but you can't know what a leak will contain until it happens. There's no way someone could have, a year ago, said "oh, I'll avoid getting a licence because in a year there will be a leak"
This is happening more and more recently, because the US is only signing treaties (even unrelated ones) if they require that countries allow governmental data to be outsourced into the US.
This is getting very scary, and I’m starting to feel like we should stop doing any interaction with the US here in Europe.
No one has been reported of using the data, at least so far. The head of security went out and said this publicly, also that the military forces vehicles aren't registered there, just giving away even more information about national security for free. sigh
Some more trivia: the one responsible for the leak didn't even tell the the prime minister for _over a year_. And the security issues weren't even discussed by the team who hired IBM, they got a report from some people (some sort of service desk or something, who have nothing to do with security) that this was a bad idea and that building a cloud in Sweden would be a lot safer, the report they gave "mysteriously disappeared"
I think the US losing all the data for everyone who ever got a security clearance is worse (thankfully mine was before they were stored in a modern system). But this is pretty much beyond stupid. When you outsourced control of your information, assume it will become public.
Yes, but there's value is persuading people that this latest things The Worst - commercial value in terms of selling the story, genuine news value for Swedes if it is in fact the worst breach of Swedish data, and political value in undermining the credibility of the Swedish government. You might like to consider this in the light of Sweden's recent decision to re-introduce military conscription and who the winners and losers from a stronger Swedish defensive posture would be.
No one is fired yet. Failed agency directors are traditionally sent to 'the elephant graveyard' ie doing some nonsense work in a government department.
A fine has been handed out - the case was handled in a court without any fanfare and it must have been the smallest possible amount for a crime against the security of the state - half a month's salary. This can not be overruled.
Due to the verdict, the employment status is now under consideration in a special governmental body - basically the HR department.
If this seems like a banana republic without bananas but with a monarch, it's because it is.
(edit: for some reason, the above blog post URLs weren't showing up for me...)
If I'm reading his blog post correctly, Sweden's transport agency sloppily handled the nation's vehicle registry, which does contain data subject to freedom of information laws, but contains confidential data that is not supposed to be out in the wild:
> Last March, the entire register of vehicles was sent to marketers subscribing to it. This is normal in itself, as the vehicle register is public information, and therefore subject to Freedom-of-Information excerpts. What was not normal were two things: first, that people in the witness protection program and similar programs were included in the register distributed outside the Agency, and second, when this fatal mistake was discovered, a new version without the sensitive identities was not distributed with instructions to destroy the old copy. Instead, the sensitive identities were pointed out and named in a second distribution with a request for all subscribers to remove these records themselves. This took place in open cleartext e-mail.
Since Sweden is 10 million citizens, about the size of a U.S. state, this sounds like a state DMV (Department of Motor Vehicles) accidentally exposing the licensed drivers and registered vehicles database (part of which is public record). But the difference seems to be that Sweden's transport agency also handles aircraft and military vehicles using the same database, hence the exposure of secret military info?
Ignoring the current fuckup, it seems like a bad idea to have one national data system for personal and govt/military vehicles, even if it is efficient for a nation of Sweden's size. The Gizmodo article notes that this database was accessible to all of the Sweden transport agency IT workers to access and download willy-nilly, which is a problem independent of the issue of it being accidentally leaked. In the United States, it's a common scandal for state law enforcement to lookup driver information without proper authorization, but at least it's just civilian driver information for their state, not the Humvees registered to SEAL Team 6: http://www.nbc-2.com/story/25334275/deputy-fired-for-imprope...
>But the difference seems to be that Sweden's transport agency also handles aircraft and military vehicles using the same database, hence the exposure of secret military info?
The "Swedish DMV" is competent also for civil aviation licenses, the risk is that seemingly in the civil pilot license application form there is the information "working in the army as pilot" or something to the same effect.
So it is a bit "stretched", but surely with a database where you can find is someone has a civil airplane pilot license, possibly a helicopter one, his/her employer is the Army or Defense, is in the "right" age range, to find "probable military pilots" doesn't seem like very difficult.
> In Sweden there is a fairly unknown term called qualified protection identities. Or, if you want, personal data, such as false names. These are issued to special personnel within the police, Säpo and Armed Forces. Thus, in practice, secret operators, including employees of the military intelligence service's top secret office for special retrieval.
There is mention of a separate military vehicle registry:
> SVT has taken note of documents from the Armed Forces which show that data from the Swedish Military Vehicle Register were included in the data that the Transport Agency let technicians abroad who were not security-tested take care of. The Armed Forces now confirm on Friday afternoon to SVT News that parts of the registry are included in the data provided.
Good, though - I believe - the military registry (for vehicles) is not much an issue (at least not for individual privacy).
I mean, in normal "civil" register, you look for a license plate and find who owns the car, or viceversa you look for a name and check whether he/she owns a vehicle and find which one(s), in the "military" registry you look for a plate and find out that the owner is either the Army, the Aviation or the Marine (or similar) and that's it.
I guess that the most you can do with the military registry is to get to know how many vehicles per type are registered.
The "qualified protection identities" seem much more troublesome, but - I don't of course know anything about that - common sense tells me that they must be very few people, it seems - at least from the translation - like it is an "exceptional" measure, taken or a case by case basis, like for selected Police officer employed in particularly risky undercover operations and some really-really secret-secret service operators.
> Instead, the sensitive identities were pointed out and named in a second distribution with a request for all subscribers to remove these records themselves. This took place in open cleartext e-mail.
You could diff those lists and you would know which names disappeared, but you wouldn't know WHY. They could have thought of some excuse like: "we mixed in fake, test data" or "we forgot to remove some recently deceased people", not just say "you need to remove those records because they are top secret" :)
Remember this. I expect every piece of data given out to the government or to private organizations to sit in the databases of every major intelligence agency, and will not be surprise if it's all exposed to the public domain through data aggregation companies in near future.