AIDs testing and privacy
'Punksters There was an interesting piece on a new AIDs self-test kit this morning that focused on privacy. The idea is that an AIDs self-test kit is made widely available via your local pharmacy. You use the kit's materials to draw a drop of blood, which you place on an enclosed test slide. You then seal the slide, attach a barcoded sticker, and mail in the enclosed mailer to a lab. After a few weeks, you call a 1-800 number, punch in your code (from the sticker) and you get a recording telling you if the test was negative. From this point on the piece (CBS this morning) was elaborating on whether or not a machine should be used to pass on this news, or should a "real" person be involved. Interesting... Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced communication is indistinguishable from noise." --Steve Witham "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you.... AT&T" --James Speth
After a few weeks, you call a 1-800 number, punch in your code (from the sticker) and you get a recording telling you if the test was negative.
Of course, with ANI, calling an 800 number is not an anonymous act, unless you one of the few that know you need to do it from a payphone. --Paul
Brian Williams wrote:
There was an interesting piece on a new AIDs self-test kit this morning that focused on privacy.
The idea is that an AIDs self-test kit is made widely available ... From this point on the piece (CBS this morning) was elaborating on whether or not a machine should be used to pass on this news, or should a "real" person be involved.
A report I saw on this said the concern about the "human voice" giving the news, especially if positive for HIV, was psychological. That is, that HIV-positive folks would not like hearing this from a recording, and might do something serious to themselves. I applaud the "unconditionally untraceable" nature of the test (pay cash for the kit, call from a payphone). Ideas like this are _good_ for society, and for us. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
Brian Williams:
After a few weeks, you call a 1-800 number, punch in your code (from the sticker) and you get a recording telling you if the test was negative.
Besides the ANI, the other weakness in this scheme is that the lab gets a sample of your DNA. Are destruction of these samples performed and audited? Still, it's much better than nothing. Now, how about doing other medical tests like this so that insurance companies don't find out? For example, genetic tests. Challenge: is a crypto protocol possible with the following properties: the doctor writes and signs the prescription, and it is not transferable, but the patient doesn't need to show ID to the pharmacist to fill the prescription? I don't want pharmacists, and whoever else they share the info with (insurance companies? investigators? potential blackmailers?), keeping track of what drugs I take. Jim Hart hart@chaos.bsu.edu
Jim Hart writes:
I don't want pharmacists, and whoever else they share the info with (insurance companies? investigators? potential blackmailers?), keeping track of what drugs I take.
Ah, but they already know. And so do the credit reporting companies. I just got a "Congratulations, you have been pre-approved for a Nonsmoker's Credit Card from Citicorpse" letter. Actually, I'm kidding. But not by much. The amount of cross-linking is astounding, but not once you think about the infrasructure set up to compile the credit dossiers, the collusion with the government on these dossiers (I've posted before about Witness Security and false identities the credit reporting Big Three agree to falsify), etc. Unlinkable credentials is the way to go, but there's no "constituency" for this...Americans, and others, are oblivious to these issues. Personally, I see no chance of changing this. This is why I put my bets on crypto anarchy, which allows opting out of parts of the system, rather than trying to change the ponderous course of the ship of state. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
On Wed, 7 Sep 1994, Timothy C. May wrote: [...]
Actually, I'm kidding. But not by much. The amount of cross-linking is astounding, but not once you think about the infrasructure set up to compile the credit dossiers, the collusion with the government on these dossiers (I've posted before about Witness Security and false identities the credit reporting Big Three agree to falsify), etc. [...]
There are two pieces in the current comp.risks digest (16.39) about cross-linking of US databases. References are to a cover story in Business Week. Highlights are hospitals selling name/address info on families with newborns and one state having sold it's drivers' licence register... -- Rolf ---------------------------------------------------------------------- Rolf Michelsen "Nostalgia isn't what it Email: rolf.michelsen@delab.sintef.no used to be..." Phone: +47 73 59 87 33 ----------------------------------------------------------------------
There are two pieces in the current comp.risks digest (16.39) about cross-linking of US databases. References are to a cover story in Business Week. Highlights are hospitals selling name/address info on families with newborns and one state having sold it's drivers' licence register...
-- Rolf
And don't forget that hospitals and doctors will be forwarding patient records to the National Health Recovery Act headquarters outside Washington, right near the CIA, NSA, NRO, Central Imagery Office, FBI, and, of course, the Big Three credit agencies. I'm less worried that a pharmacist will add me to some database he keeps than that my doctor will be instructed to compile a dossier to government standards and then zip it off over the Infobahn to the authorities. Buying "a la carte" insurance for specific conditions and not others is surely a "cypherpunkish" free choice, and neatly sidesteps the problems of having to pay for others in the current way. (For example, someone with no tendency toward Foobar's Disease can elect to exclude this coverage.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
Jim Hart says:
Challenge: is a crypto protocol possible with the following properties: the doctor writes and signs the prescription, and it is not transferable, but the patient doesn't need to show ID to the pharmacist to fill the prescription? I don't want pharmacists, and whoever else they share the info with (insurance companies? investigators? potential blackmailers?), keeping track of what drugs I take.
It cannot be done. There is no way to prove that you didn't transfer some cryptographic credential. The only way to know that you are you is to check your credentials against unforgeable physical characteristics. All such characteristics can be used to identify you. On the other hand, I'll point out that a pharmacist has never asked me for ID. Perry
Jim Hart <hart@chaos.bsu.edu> writes:
Challenge: is a crypto protocol possible with the following properties: the doctor writes and signs the prescription, and it is not transferable, but the patient doesn't need to show ID to the pharmacist to fill the prescription? I don't want pharmacists, and whoever else they share the info with (insurance companies? investigators? potential blackmailers?), keeping track of what drugs I take.
Let me point out that nothing stops you from filling the prescription and then giving the drugs to someone else, so it would seem that a doctor who would be willing to cooperate in any such protocol should also be willing to make the prescription out to a pseudonym. Chaum's "blinded credential" system is intended to solve exactly this kind of problem, but it requires an extensive infrastructure. There has to be an agency where you physically identify yourself. It doesn't have to know anything about you other than some physical ID like fingerprints. You and it cooperate to create pseudonyms of various classes, for example, a "go to the doctor" pseudonym, and a "go to the pharmacy" pseudonym. These pseudonyms have a certain mathematical relationship which allows you to re-blind credentials written to one pseudonym to apply to any other. But the agency uses your physical ID to make sure you only get one pseudonym of each kind. So, when the doctor gives you a prescription, that is a credential applied to your "go to the doctor" pseudonym. (You can of course also reveal your real name to the doctor if you want.) Then you show it at the pharmacy using your "go to the pharmacy" pseudonym. The credential can only be shown on this one pseudonym at the pharamacy, but it is unlinkable to the one you got at the doctor's. (It would be possible to encode information in the credential about which doctor wrote it, which would help track abuse, although that would obviously make it easier to link up your pharmacy and doctor visits.) Hal
participants (7)
-
Brian D Williams -
Hal -
Jim Hart -
Perry E. Metzger -
pstemari@bismark.cbis.com -
Rolf Michelsen -
tcmay@netcom.com