#Microsoft#Surveilance#Privacy#DataProtection#Cybersecurity: "Microsoft is building a feature into Windows that is monitoring and logging a ton of data about you and the way you use your PC. Traditionally, we’d call this “spyware.” The difference is that Microsoft is giving this particular data collection feature its blessing and advertising it as a banner feature of its upcoming wave of Copilot+ PCs.
The fact that the data is processed locally rather than in the cloud is a good first step, but it's also the bare minimum. Based on both the permissive default settings and the ease with which this data can be accessed, Recall’s security safeguards as they currently exist just aren't good enough.
“Some people might not mind parties processing their data in this manner, but many people are uncomfortable with political parties building profiles about them. ORG’s tool helps the public take back some control over their data.”
The European privacy community
has repeatedly pointed at the GDPR‘s sometimes slow and insufficient enforcement. And I won’t argue with that. But I‘d like you to consider that the lack of GDPR literacy and privacy awareness is at least equally problematic. Even the best enforcement mechanisms are useless when people do not know their rights. We need to do more, not only to improve enforcement, but also to better educate people on privacy matters!
— #privacy#DataProtection#GDPR#DigitalLiteracy
Attacco agli ATM riuscito! Un Tasso del 99% di Efficacia Spaventa tutte le Banche Europee
Nello spazio #digitale si sta diffondendo attivamente un nuovo tipo di #malware#ATM. Il suo tasso di successo, secondo i suoi autori, raggiunge il 99%.
Questo #software dannoso, chiamato “EU ATM Malware”, è in grado di #hackerare quasi tutti gli sportelli #bancomat in #Europa e circa il 60% degli sportelli bancomat in tutto il mondo, il che rappresenta una #minaccia significativa per la sicurezza bancaria globale..
Psychology news robots distributing from dozens of sources: https://mastodon.clinicians-exchange.org
.
There has been a lot of talk lately in tech circles and on YouTube about
how to get out of receiving AI-generated suggestions when you do a web
search -- which is now increasingly the default on Google.
While sometimes convenient, AI suggestions have 3 main problems:
a) They are often wrong,
b) They make you scroll way down the page to see the actual websites, &
c) They use all the earth's websites as their database, thereby stealing
everyone's content and rendering visiting the actual content creator
websites mute (unless AI answers wrong).
Here are some ways to turn off the AI in web search:
https://searx.tuxcloud.net/search -- This site is part of a network
of privately hosted sites using the same open-source search software. I
notice that you can not do a site-specific search like in Google or
DuckDuckGo ("site:microsoft.com Outlook questions"). See also https://searx.space/ for a list of other search URLs in the network.
#psychology #counseling #socialwork #psychotherapy
@psychotherapist@a.gup.pe @psychotherapists@a.gup.pe
@psychology@a.gup.pe @socialpsych@a.gup.pe @socialwork@a.gup.pe
@psychiatry@a.gup.pe #mentalhealth #technology #dataprotection #infosec
@infosec@a.gup.pe #doctors #hospitals #google #googlesearch #AI
.
.
NYU Information for Practice puts out 400-500 good quality health-related research posts per week but its too much for many people, so that bot is limited to just subscribers. You can read it or subscribe at @PsychResearchBot@mastodon.clinicians-exchange.org
.
EMAIL DAILY DIGEST OF RSS FEEDS -- SUBSCRIBE:
<http://subscribe-article-digests.clinicians-exchange.org>
.
READ ONLINE: <http://read-the-rss-mega-archive.clinicians-exchange.org>
It's primitive... but it works... mostly...
The UK Data Protection and Digital Information Bill 🗑️ 🥳
Getting this rights-busting legislation binned off at this late stage is not just good timing.
It's down to civil society challenging the dangerous proposals in the Bill every step of the way.
The next government is put on notice.
#AI#GenerativeAI#AITraining#DataProtection#Privacy: "- Merely relying on the disclosure of statistical accuracy of the GenAI model is insufficient, since it could lead to an “Accuracy Paradox”. It refers to the unintended consequences of solely relying on the disclosure of a model’s statistical accuracy, which can lead to a misleading sense of reliability among users. As accuracy metrics improve, users may overly trust the AI outputs without sufficient verification, increasing the risk of accepting erroneous information.
Increasing the accuracy of inputs, models, and outputs often comes with the cost of privacy, especially in GenAI context. This involves not only technical identifiability of the individuals involved, but also societal risks such as more accurate and precise targeting for commercial purposes, social sorting, and group privacy implications.
Overreliance on developers’ and deployers’ accuracy legal compliance is not pragmatic and is overoptimistic, which could ultimately become a burden for users with the tendency of using dark pattern. In this context, GenAI developers and deployers could use such manipulative design to shift the responsibility for data accuracy onto users.
We argue that content moderation as a tool to mitigate inaccuracy and untrustworthiness. As a critical role in ensuring the accuracy, reliability, and trustworthiness of GenAI, content moderation could filter flawed or harmful content, which involves refining detection methods to distinguish and exclude incorrect or misleading information from training data and model outputs.
Accuracy of training data cannot directly translate to the accuracy of output, especially in the context of hallucination. Even though most training data is reliable and trustworthy, the essential issue remains that the recombination of trustworthy data into new answers in a new context may lead to untrustworthiness..."
Because I got asked twice today: No, privacy is not about not using technology at all.
Privacy is about using technology at your terms. It is about not being used by those who make technology.
— #privacy#PrivacyMatters#DataProtection#GDPR
#Samsung#RightToRepair#DataProtection: "In exchange for selling them repair parts, Samsung requires independent repair shops to give Samsung the name, contact information, phone identifier, and customer complaint details of everyone who gets their phone repaired at these shops, according to a contract obtained by 404 Media. Stunningly, it also requires these nominally independent shops to “immediately disassemble” any phones that customers have brought them that have been previously repaired with aftermarket or third-party parts and to “immediately notify” Samsung that the customer has used third-party parts.
"Company shall immediately disassemble all products that are created or assembled out of, comprised of, or that contain any Service Parts not purchased from Samsung,” a section of the agreement reads. “And shall immediately notify Samsung in writing of the details and circumstances of any unauthorized use or misappropriation of any Service Part for any purpose other than pursuant to this Agreement. Samsung may terminate this Agreement if these terms are violated.""
It’s so long, see you never 🤞 for this flawed legislation that would’ve removed controls over our data and handed power to UK government bodies and companies.
ORG and civil society organisations fought the Bill to ensure it wasn’t just nodded into law 🔥
ORG calls on the UK government to SCRAP the controversial #Data Protection and Digital Information Bill now that they've called a #GeneralElection for 4 July.
A Bill that batters our data rights shouldn't be rammed through last minute, bypassing the remaining stages of Parliamentary scrutiny.
Does HIPAA Even Exist for Large Corporations? -- PART 2
Today I got my official reply to my HHS Office of Civil Rights complaint of 5/3/24 against CVS for violating HIPAA regulations. The minor and rather impressive miracle here is that I got a signed letter from an attorney in only 17 days with relevant regulations and interpretations attached. Good so far.
The result was that they are not going to pursue a formal complaint -- instead they are going to "resolve this matter informally through the provision of technical assistance to CVS."
HHS OCR points out that "a covered entity must maintain reasonable and appropriate administrative, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of PHI in violation of the Privacy Rule and to limit its incidental use and disclosure pursuant to otherwise permitted or required use or disclosure.... Further, under the Security Rule, with certain exceptions, the use of encryption is addressable; i.e., not mandatory." [red emphasis mine]
HHS further states under Reasonable Safeguards that "It is not expected that a covered entity’s safeguards guarantee the privacy of protected health information from any and all potential risks. Reasonable safeguards will vary from covered entity to covered entity depending on factors, such as the size of the covered entity and the nature of its business."
If HHS OCR actually in fact offers this technical assistance in a meaningful way, that WOULD satisfy my complaint -- not that anyone is asking me. This was almost certainly a stupid screw-up by someone in CVS Info Tech programming the canned computer "after visit summary" process to send out way too much information in unencrypted format to people who received a COVID booster at a CVS. If CVS STOPS doing this, I'm good.
To recap -- I received an after-visit summary not only listing what COVID booster med I received, but also my DOB, home address, and all the answers to my screening questionnaire including my answers to whether or not I have ever had a seizure, a bleeding disorder, am currently pregnant, am immunocompromised (including from cancer), have a history of myocarditis, and many other questions.
I will waste my time writing HHS OCR back to thank them and to remind them that to the best of my knowledge I never signed a release for disclosure (which apparently has no legal bearing here?), and that in this new age of AI every major tech company is incorporating AI into EVERYTHING. If I had a Gmail account, Google would have all my medical information from this CVS after visit summary email and likely would be utilizing AI to monetize it in some way.
I suppose the good news here for small psychotherapy practices is that if this is close to acceptable practice for even a giant company like CVS, then maybe we have little to worry about when it comes to client privacy. Heck -- why not just email client PHI to them without getting releases first? Why have encrypted client portals for communication?
-- Michael
**Does HIPAA Even Exist for Large Corporations? -- PART 1**
I don't care if anyone knows I just got a COVID vaccine. Most people don't care.
However, CVS Pharmacy just sent me an after-visit report across unencrypted Internet to my email address.
The form included such fields as:
-- My Full Name
-- **DATE OF BIRTH!**
-- My Full Home Address
-- Medication Administered
-- Date and Time of Appointment
-- Name of Pharmacist I saw
-- Name of Doctor at CVS overseeing it all
-- Name and Address of my Primary Care Doctor
Also:
-- All the answers to my *screening questionnaire!* including my yes/no answers to multiple medical conditions such as heart problems, immunocompromise, seizures & other brain problems, and pregnancy.
So many things wrong here. This is almost enough information for identity theft (lacking only SSN). It gives away LOTS of my medical information. If I had a Gmail email address, Google would now have all this information. What if I was a pregnant female in the southern USA where Attorney Generals are starting to track state of pregnancy for later prosecution if women go out-of-state for abortions or have a suspicious (to them) miscarriage?
**How does CVS get away with this when smaller medical offices have to be so careful?**
Michael Reeder, LCPC
#AI #EHR #medicalnotes #progressnotes #healthcare #patientportal #HIPAA #dataprotection #infosec @infosec@a.gup.pe #doctors #hospitals #CVS #COVID #sars-cov-2 #longcovid #severecovid#covidisnotover #pharmacy #vaccine
#AdTech#DataProtection#Privacy#TargetedAds: "In April, attorney Christine Dudley was listening to a book on her iPhone while playing a game on her Android tablet when she started to see in-game ads that reflected the audiobooks she recently checked out of the San Francisco Public Library.
Her audiobook consumption, she explained, had been highly focused the previous month, focused on a specific subgenre that she doesn't believe would come up by chance.
"You don't coincidentally come across mobile ads [for that particular subgenre]," she told The Register. "Those ads made me extremely angry."
Concerns about the privacy of library reading material date back to the early 20th century, explained Dorothea Salo, academic librarian and library-school instructor at the University of Wisconsin-Madison, to The Register.
"There was a time when American libraries weren't sure what their stance on reader privacy should be," said Salo."