They Told Their Therapists Everything. Hackers Leaked It All (2021)
wired.com> Sure, some questioned the purity of Tapio’s motives; Kristian Wahlbeck, director of development at Finland’s oldest mental health nonprofit, says he was “a bit frowned-upon” and “perceived as too business-minded.” And yes, there were occasional stories about Vastaamo doing shady-seeming things, such as using Google ads to try to poach prospective patients from a university clinic, as the newspaper Iltalehti reported. But people kept signing up.
> But the slick exterior concealed deep vulnerabilities. Mikael Koivukangas, head of R&D at a Finnish medtech firm called Onesys Medical, points out that Vastaamo’s system violated one of the “first principles of cybersecurity”: It didn’t anonymize the records. It didn’t even encrypt them. The only thing protecting patients’ confessions and confidences were a couple of firewalls and a server login screen. Anyone with experience in the field, Koivukangas says, could’ve helped Vastaamo design a safer system.
Disappointing, but I'm not surprised.
IMO leaking health records should be fined life-long. Like when you caused an accident where someone lost 50% of their sight those people responsible for the leak (including bad security practise) should pay monthly till the end of the victims life.
Certain leaks cannot be undone and can continue to have consequences for the victims.
Given that generational trauma is a thing, I'm not convinced it should end at the victim's death.
Every year the number of massive data breaches grows. Every day now there's a story about a different leak (today: https://news.ycombinator.com/item?id=32399949)
Meanwhile, we're less than a decade away from AR glasses being commonplace (https://news.ycombinator.com/item?id=32405565)
Storage continues to get cheaper, devices smaller and faster - more capable of facial recognition.
Already, if a person has the motivation and tech aptitude, they can torrent or buy TBs of private records, and cobble together a script to identify passers-by and display a report of their leaked, private details.
We are speeding toward a gargantuan privacy train-wreck.
By design, this free chat bot is probably about as good as Eliza (maybe a little better), can help an individual think through issues, and you can talk to it on an offline PC. Nothing is stored, so there is nothing to hack: https://locserendipity.com/Therapy.html
Rogerian version: https://locserendipity.com/Rogerian.html
Dr. Sbaitzo solved all my problems in the early 90s:
So tell me about your problems
I'm not sure I understand you fully.
Eisenhower!! Your mimeograph machine upsets my stomach!!
I think that's putting it a little too strongly. What do you think?
I guess, judging from what you have written here, you sound as though you might disapprove of your own behavior.
Maybe when nearly everyone's dirt is leaked and public then no one will actually be dirty.
Unfortunately, that almost certainly is not how it will work.
If everyone's dirt is public, indeed that may lessen the stigma of common mistakes: an embarrassing slip of the tongue, tripping over one's shoe laces, etc.
But different people have very different liabilities. Alice's 2009 misdiagnosis of AIDS does not cancel out Bob's 2015 false accusation of murder. Alice will still have trouble on dating apps (because strangers suspect she has AIDS). Bob will still have trouble finding employment (because strangers suspect he is a killer).
The closest to 'no one actually being dirty' it could be is if we just stop caring when tech unfairly destroys a person's life.
Solid points.