More than a year ago I finished my masters thesis (political science) on health privacy and the electronic patient record. I feel that the foreword of my thesis is still relevant, especially for this weblog which covers both politics and technology.
… in the past no government had the power to keep its citizens under constant surveillance. … With the development of television, and the technical advance which made it possible to receive and transmit simultaneously on the same instrument, private life came to an end.
— “Nineteen Eighty-Four” (Orwell, 1949)
Today, I made a walk through the woods and heathland of the Veluwe, a region in the Netherlands where my father’s family has lived for centuries. The region is known for its beautiful nature and old-fashioned people. Only two generations ago, these people were independent, lived on their own, and knew nothing about extensive regulations, digital networks en electronic databases. In many respects, I belong to this region – living and thinking in ways that many would regard as out-dated.
After the walk, I switched on my computer. I have multiple computers at multiple locations, earned my Microsoft systems engineer certification years ago, and I also explored the world of arcane command line use with Linux. Being in information technology is not just about technical skills. The geek world has its own literature, culture, and politics: from the Hitchhiker’s Guide to the Galaxy to the formation of new identities. The network has replaced the city. Digital property is not bound to space or time. The flow of information can cross boundaries that are taken for granted by the old world. This new culture and technology is guiding the main culture to new roads. Access and availability of information is becoming limitless. The individual thus will have access to a limitless choice of ideas, lifestyles and art. That changes the relation between society and the individual. Society will be less able to guide the individual to some ‘best option’, because the individual wants choice and wants to choose himself. Those who are first to discover the new information networks are more likely to reject the authoritative tendencies of modern society and modern government. The people of the current postmodern technoculture are often not understood by mainstream society, for they are too far ahead of the others. I am a part of that culture, too.
So where does that leave me? On one foot I am standing in a world too old to be compatible with modern culture, and on the other foot I am standing in the world of the artificial, too far ahead of the mass to be compatible with modern culture. But what is, then, modern culture? I like to define it as the nation-state with a fat government. It did not exist a few hundred years back, but now it does and it taxes and regulates the not-so-free citizens as if they were part of a machine. Its properties are bound to space and time. And, as such, it has difficulty coping with the new digital networks that are definitely not bound to space and time. The masses and the governments want to tighten their grip on the new developments. Instead of doing nothing and becoming irrelevant, some of them now try to guide and control the new developments. They limit free speech on the internet and they create massive databases and espionage networks to spy on their own citizens in order to protect and care for their citizens. It is a bit like the Orwellian Big Brother, but in some respects, it is becoming even worse.
I will use medical records, the subject of this thesis, as an example. The electronic patient record (EPR) will improve health care and will make patients less dependent on one hospital or one doctor. It was developed by universities and private organisations, but in the Netherlands, it is now regulated by the government. The digital records make patients independent of space: everywhere in the Kingdom of the Netherlands, their records will be available and medical care can be arranged. No time is needed to transfer the records, and they will be available 24 hours a day, 7 days a week (independent of time).
The sciences of the artificial will penetrate and change our world like never before. New possibilities are emerging, and new risks. Many computer scientists and programmers love the new possibilities, but at the same time urge the public to take measures to secure their privacy and data. The problems begin to emerge when you think about the meaning of ownership of data. Who owns the data? The creator of the data, the owner of the physical storage where it is to be stored, the system administrator who controls the computer storage, the person that is described by the data, or some higher regulating body? It is hard to define, but for sure, when you can control both the storage of, and the access to your data, then nobody can dispute your ownership. For example: you have an encrypted memory stick with some nude photographs of your girlfriend. As long as you do not give the password to others, those photographs are yours. But email them to some friends, and you lose all control. Or store them online – and you might think that you are the only one that has access, but who knows who can have access to your online photographs, your online emails, your online tweets, and the list goes on and on. Who knows who has access to your online medical records – you have to trust the administrators of the database. You have no control over the storage media, nor do you have control over the access mechanisms. Things would be different if all your medical records would be encrypted and only you would have the private key, but such is not the case.
I am using my own email server. I like to store my email on my own server. Maybe I am like that guy in Vernor Vinge’s book Rainbows End that used an old computer, so that he could have control over his own hardware and software. In the end, even his computer was taken over. Digital information is of such nature; it is very hard to protect. Digital information is very easy to replicate, according to Icke (2009), astrophysicist in Leiden. He dislikes the EPR with a passion, because he fears that the information will not be safe, and very hard to delete. He would prefer to carry his medical records on his own memory stick.
So much private, personal information about you in some database that you cannot control may be bad enough, but it is only the beginning. Just imagine if all those different databases, all your email and phone communications, your credit card and banking transactions, your online video, music and book orders, your calendar, all your movements in the public transport or on the road, your fingerprint, the people you have contact with, and finally your medical records are all linked together. Yes, that is right, linked together to get one big picture of all that is you. That is possible with today’s technology and databases in the Netherlands. New, advanced computer programs will be able to make an estimate of your role and activities in the social networks you are part of, and will be able to make better predictions on your behaviour than you yourself would be able to. And all that data is collected on you, without you being in control. That is our situation in the Netherlands, anno domini 2010.
Of course, no institution has the legal authority to combine all those data sources and to access all that information about you. Maybe the secret service, but who knows. One of the nice properties of digitised data is that it can be stored indefinitely, replicated without limits, and sure you feel fine about your data being stored indefinitely, without being in control, without knowing for absolutely sure how that data will be used in the future.
From my masters thesis political science: Health Privacy and Political Attitudes – Concerning the Electronic Patient Record in the Netherlands