Re:Absurd? Are you taking the piss?
on
P.I.I. In the Sky
·
· Score: 1
Context, people.
The flip side of what I've posted a dozen times elsewhere: Just because something isn't PII, wouldn't mean that it necessarily can't be used as evidence in a trial (especially at the standard for evidence in a civil case).
This is a case about privacy law, not standards of evidence. The two are essentially unrelated.
Where privacy law is concerned, you are wrong. You're making assumptions about how closely information has to lead someone to you to be PII, and those assumptions don't conform to the meaning of the term.
In some contexts, even ZIP code alone can be PII.
Re:I would disagree with the premise.
on
P.I.I. In the Sky
·
· Score: 1
Aaaand the standards for what is PII are even looser. Even something that is insufficient as proof of identity in a civil case could still be PII. This is not a story about someone introducing an IP address as evidence of responsibility for wrongdoing in a trial. It is a case about whether MS violated its privacy policy by collecting IP address information.
This information is present in the summary, and quite evident in TFA. It's also spelled out in the previous article on the matter. It's been repeatedly pointed out in the comment threads of both articles. I can only assume that we've spent so many years arguing about the viability of IP's as evidence at civil trial that we've lost teh ability to understand that it isn't the only legal context in which an IP address could be discussed.
You know what, go read the background of the case. None of the points you're raising have anything to do with the actual material being discussed. It is not about proving that someone is responsible for a given action.
As for your belief that an address sans apartment number wouldn't be PII - not so in the medical industry (as one example). In fact, a ZIP code can often be considered PII.
I reject the author's premise that programmers don't need to care about the definition of PII. It's true that PII is a different issue from technical application security, but that's like saying that because fuel efficiency isn't crash safety auto engineers don't have to worry about fuel efficiency.
(You know you wanted a car analogy.)
It would be correct to say that PII is a business concern rather than a technical one, but I for one don't trust software developers who don't understand their business.
The correct reasoning to resolve this case, IMO, is to consider it implied (or, failing that, give MS a slap on the wrist and require them to make explicit) that the ban on collecting PII doesn't apply to situations where such collection/use is necessary to provide the requested service. That's the basic model HIPAA uses, and for all its flaws I can't imagine anyone arguing that HIPAA were too permissive. Then it no longer matters if an IP address is PII.
However, that has nothng to do with the case at hand. PII doesn't mean "evidence of who was responsible for some action".
Knowing that a particular IP address was used in a particular IP violation (har) does not, in and of itself, prove that the Bill Johnson, to whom that address is assigned, committed the crime. In civil court it's a pretty good start, though - and more to the point, something doesn't have to prove a direct connection to be PII.
What makes the judge's reasoning absurd is, it would apply equally well to things we know are PII. Example:
Knowing that John Smith was robbed at 123 Elm St. doesn't mean that Bob Jones, the resident at 123 Elm St., robbed John Smith. However, 123 Elm St. is considered PII - if a healthcare provider released the information that they shipped xanex to 12 ELm St., they would violate HIPAA because this would strongly imply that Bob Jones has certain medical conditions.
If you admit that it's a matter of probability, then you admit that you don't know. So atheism is a matter of faith.
You might want to look up what "atheism" means, by the way, because your definition of it is even more incorrect than your attempt to apply 'probability' to the question. But from there, it's up to you whether you do your own research, as I'm done debating someone who can't express an allegedly-rational viewpoint in rational terms.
I would assert that "a phenomenon can (or cannot, or will or will not) happen" is, in fact, a hypothesis. "A heavier-than-air machine flying" is a phenomenon; "it is possible for a heavier-than-air machine to fly" is a hypothesis (albeit an ill-defined one for lack of detail, but I think we can both fill in the blanks), and my example above points out what happens when this hypothesis is assumed false.
In any case, hypothesis are not "assumed false", they are tested. Testing is what we do becasue we don't assume. If we can't test a hypothesis (there is no current test of the string theory hypothesis regarding the nature of spacetime), we make no assumption and leave it as an unknown.
You claim a need to assume false because of the chaos that would ensue if we assumed true - which fails to address the agnostic position of not assuming anything.
Those who label themselves "atheist" attack as irrational anyone who allows for belief in a god. Those who hold the view you're claiming have lost control of the label "atheist", if indeed you ever had it.
Read over this thread, and it is very clearly a debate between those who Believe there is no god (calling themselves atheist), and those who believe we do not and cannot know (calling themselves agnostic). Worries about how those labels might have been applied in a different discussion at a different time are moot.
It's interesting that you list Occam's Razor, because outside of pop culture nobody actually interprets it as "proving" anything.
Yes, scientists examine the unknown as the opportunity provides. There are so far no tests of string theory (though there have been some recent claims in that space, which may prove interesting). That does not lead scientists to say string theory is false. Likewise there are no tests of whether God exists, and one of the stronger agnostic positions is that there will never be such a test. To go from there to "there is no God" is a leap of faith.
You talk about "what has been covered and understood"; well, provide evidence that has covered the non-existance of God and the debate will be over.
Your comments about the stories of "acts of God" make me think you're hung up on the idea that to allow for belief in God, one has to believe in the Bible as a literal history. This is entirely incorrect.
(As an aside, I think atheists who dismiss stories of miracles on the grounds that the violate laws of physics perhaps miss the point of what a miracle is supposed to be, but that's neither here nor there.)
Nice deflection, but it is you who is missing the point.
Your doctor probably doesn't personally care about the ideals behind HIPAA. He or she also isn't just trying to screw you if he or she refuses to discuss medical issues over the phone. He or she has no choice in the matter.
Now I don't know what your definition of "work with companies in the industry" is, but you're barking up the wrong tree if you think you're positioned to talk down to me about HIPAA.
The landscape of information controls will become more coherant over time. Whether that means "consistantly more strict" or "consistently less strict" will depend on lobbying from various camps. Do you have any understanding of how young a system HIPAA privacy regulations really are?
Yeah, you better believe every major player in the medical industry is pushing lobbying influence one way or the other. But if you think The Industry speaks to government with one voice, you're being naive; if you think the current bills before congress don't give them more important things than privacy regs to talk about, you're not paying attention; and if you think the government moves so quickly to conform to lobbying demands (or to do anything, for that matter), then I wonder what country you're living in.
The default position is "I don't know". You change from that position when either (1) you have evidence (and if you have any on this matter I'd very much like to hear it), or (2) you are convinced as a matter of faith.
In all areas of science, the default position is "I don't know". Scientists do not default to saying "there is no way to make fusion reactors work" simply because they haven't found one. We do not default to "there is no unification of the natural forces", or "P != NP", or any other negative hypothesis where evidence is lacking. We call them "open problems".
When mankind does try to default to a negative proposition, he often comes off looking a bit silly. ("There is no way for a heavier-than-air machine to fly.")
The only reason atheists claim "no is the default" on the issue of a God is that they personally find "Yes" distasteful. It's a matter of faith. (Or, more cynically, rhetoric. I suppose I shouldn't assume candor.)
"Countries are making the kind of legislation this article talks about and you don't think some rational zealotry is in order?"
Too bad not everyone agrees with you about what position is "rational". Fundamentalists tend to think their religion is the only rational view, whether their religion is atheistic or not.
Zealotry in favor of atheism is no better a government policy than zealotry in favor of Christianity.
"Seriously, people like you need to pick a side."
No, people like you need to stop pushing false dichotamies and pretending that we're all out here to "take sides."
"Religion has damaged society for too long. We're so close to killing it "
LOL. Might want to fact-check that one, chief.
"through cowardice or indecision or existential angst"
As soon as you start asserting your opponents' motives, you might as well forget about reaching useful conclusions.
"would you afford any weight to <insert religious text here>,"
Acceptance or rejection of religious texts is irrelevant to the discussion. Every religious text is rejected by some theistic religion, so clearly it is not merely the domain of atheists to reject religious texts. It is in fact quite possible to reject every religious text and still be agnostic. Your failure to recognize this possibility stems only from your "us-or-them" mentallity - which by the way is the very mentality that does most of the harm you ascribe to religion.
"Nobody really know what violates copyright either, for example."
Yes, there are laws other than HIPAA that are widely open to interpretation (which is a much weaker claim than your original "nobody knows what any law does" assertion). Copyright is not, however, as open to interpretation as HIPAA, as it has a much more robust case history.
Even with that broader case history there's enough uncertainty that companies play "better safe than sorry". When large companies are potentially liable for copyright infringement, their legal teams make them put defensive policies in place - just like doctors do with HIPAA. So, very apt comparison that shows how your doctor is doing exactly what every responsible business does when faced with legal uncertainty.
But what makes copyright an even more interesting example is, there are companies that don't follow that legal strategy. Ask TPB or Napster how that worked out for them.
"How about 'careless driving'? do you know exactly what that is, and when you've crossed it?"
Ok. Show me a business that (1) has the same level of exposure to "careless driving" laws as every hcp has to HIPAA, and (2) doesn't force its employees to behave according to overly-strict standards to ensure compliance with said law.
Good luck.
"Can they prove they are talking to the right pharmacist or specialist or lab technician? Can they prove anyone else isn't listening in? No of course not, so why suddenly are you throwing this in my face? Its not a concern when they talk to anyone else."
Oh, yes it is. The controls are different because the situation is different. (For example, both ends of those communications are trained in - and liable for - HIPAA. Also, there is no magical "right" pharmacist they have to talk to.) But if you think communications among healthcare providers are somehow "not an issue", you need to educate yourself.
"Giving it to a concerned relative who calls in would. However, if the patient PRE-authorizes them, in person in writing, to call you at a specific PRE-authorized number, and if the person who answers identifies themself as YOU, and can recite your birth date and account number, and throw a secret pin number or code word in there too... then what exactly are you worried about?"
Well, so far you've retreated twice to tighter controls than you'd previously talked about, and if we keep repeating this exercise you will keep retreating. If we make you responsible for potential breaches in the same way your doctor is, you'll eventually land on exactly what your doctor is doing.
If I wanted to get PHI about an elderly relative, I could easily get enough information to "trick" a doctor following your advice into giving it to me. The doctor's office would then be potentially liable for a HIPAA violation (while I, interestingly, would not). That is one of the things the legal advisors behind these practices are worried about.
"but at the end of the day, these mistakes still happen."
Oh, I see; you're one of those "any two imperfect systems have equivalent risks" people. Good luck with that.
"While ballooning the costs of actually providing the health care, and costing the patients thousands indirectly too. Losing half a day of work to see a doctor costs me a LOT."
Not as much as the alternative would cost you, but that's beside the point. I don't know what part of "the system is broken; quit blaming your doctor" you don't understand.
Actually, the picture of an agnostic as an atheist who "just isn't so sure" is merely a charicature used by atheists to slander the agnostic position, as has been repeatedly demonstrated in this thread.
"Nobody knows what the full ramifications of any piece of legislation are"
I didn't say "nobody knows what the full ramifications of HIPAA are". I said, nobody knows what violates HIPAA.
If I hop in a car and start driving down the highway, I know damned well what behavior will constitute speeding. If I go into the corner market, I know what would constitute shoplifting. So on the face of it, your attempt to paint HIPAA as no more difficult than any other law is baseless.
"What part of disclosing medical information to the PATIENT could violate the HIPAA?"
Can you prove who you're talking to on the phone? Can you prove who else is listening? You may know your doctor's office's secretary's voice, but I bet he/she doesn't know yours (among the probably-thousands he/she deals with). Maybe you go to a smaller office where that's less of an issue. Good for you. Unless they have their own legal staff that can re-evaluate the situation, they're still stuck going by industry practices for what's "safe". In fact they may well contract with industry groups that insist on it anyway.
And considering that giving medical information to a concerned relative would "violate the HIPAA" as you put it, there's nothing paranoid at all about that concern.
Again, these decisions aren't made by some doctor who's out to get you. They are made by lawyers. They are made defensively to cut down on the legal costs associated with providing healthcare.
"they call the patient back on a pre-authorized number, there would be no issue with HIPAA"
Because every patient has a phone that nobody else could possibly answer? Right.
"This is on par or better than the level of security they have when they send the data to pharmacists"
My doctor had a practice of well over 2000 patients. This wasn't about being greedy - it was about staying afloat. He hated it enough that he followed one of the recent trends: he switched to a "small practice" model where he guarantees high availability to each of the couple hundred patients to which he now limits himself.
Of course, he now has to make the practice profit on something like 1/6 to 1/10 as many patients. So, he charges an annual fee (which is a bit steep, and which insurance won't cover - though an FSA can help). On top of that, insurance rules insist that he charge for office visits (when he learned of this, he lowered the annual fee to compensate).
In my experience, he really is able to provide much better service now. I've been able to see him within a few hours of feeling ill. I don't wait around for a backlog of patients when I go to his office. He even decided to offer a vaccination series at his expense because current insurance practices would leave adults to either buy it themselves or do without.
But better healthcare costs more. The system is broken and a broken system has baseline prices that are too high; no individual provider can change that.
I guess it's easy to blame the health-care provider.
Don't let it bother you that nobody knows exactly what would violate HIPAA, so everyone goes by their legal team's best guess. Or I suppose you think that for your convenience your doctor should ignore legal advice and risk exposing himself to litigation from someone who views the regs differently than you do?
I suppose the providers could just lawyer up even more, buy even more insurance... and guess what, they'll pass the "savings" on to you!
Yes, there should be accepted methods for passing quick information to the patient without an appointment. No, there aren't great ones, and offices seem to vary on when they're willing to use phone and mail. And no, this isn't because your doctor is trying to screw you. Doctors don't like the current system of overbooking and running constantly behind any more than you do.
I don't think you can say that immune systems are identical among genetic twins. At birth, if they were carried by the same mother, probably; beyond that there are other variables. Fundamentally similar, but not identical.
In any case, I'm not sure genetic monoculture is that big a threat here. If you have a sizable population of these dogs living together, I suppose it becomes an issue.
Why the focus on drug dogs? You've really raised two questions there. The broader social question of "why the focus on drugs" may be valid, but it's beside the point. That's the legal/political background of the story. Given that background, the more relevant question - why drug dogs instead of, say, service dogs - is a simple matter of cost/benefit. Service dogs aren't cheap, but this cloning project cost $40k per dog, and that doesn't even include the normal costs of training each dog.
For drug dogs, they say that's cheap compared to normal breeding programs once you adjust for the higher success rate. For service dogs, I'm just gonna go out on a limb here and say they need to let others pioneer the process and get the cost down.
Of course, with a relatively large population like service dogs, the concern of a genetic monoculture is greater.
Somewhere along the line, everyone assumes that technology changes making something easy will automatically cause the legal landscape to fall in line so there are no repercussions when you do it.
The Internet has made it so easy to "act" simultaniously in, and interact simultaniously with the citizens of, every country on Earth, that even a small business potentially does it without even thinking about it; and even if you made the conscious decision not to, that would be hard.
So we say the Internet erases boundaries, but we don't really comprehend what that means. One thing we should realize it doesn't mean: it doesn't mean the whole world is suddenly one big USA.
The approach Belgium is taking here isn't one I want to see take hold, but I can't say I'm surprised to see it tried. A lot of the more "reasonable" approaches we could land on are not, in a lot of ways, "better".
Your conclusions (certainty of quick development of lethal cancer) directly contradict what the researchers are claiming to see in the lab. They provided their citation; where's yours?
The researchers theorize an increased cancer risk as a possibility as well.
Since they've been unable to observe such increased risk in testing so far, I think your claim of a "significant" increase in risk is premature, and your labeling of the substance as a carcinogen is FUD.
They claim some success treating before or after radiation exposure.
The thing is, it is a prevention/cure for acute radiation sickness, which is not the same thing as curing all possible symptoms of radiation damage. If the cell's DNA is damaged, this does not correct it. If you take this and then get hit with radiation that would damage the cell's DNA, this does not prevent it.
"Doesn't it occur to you that Dish has their DVRs manufactured by someone else, and that these guys might have wanted to be that someone?"
Yes, it did occur to me. I specifically addressed that possibility in the post to which you replied. Since you chose to respond without reading, I suppose you think I should address it again?
"someone who can explain the flaws and failures of the last designs, and offer something provably more secure would have an offering very compelling to Dish. Doing so requires demonstrating the ease with which their existing system can be broken."
Hogwash.
1) Hiring experts and buying them expensive equipment doesn't demonstrate "ease".
2) What this guy was trying to do (key extraction) is a known vulnerability. If he had a way to "fix" it, he would only have needed to say so to become quite wealthy. There would be no "need to demonstrate" anything but the efficacy of his fix.
3) If you believe there's even a chance this guy was about to demonstrate a way to prevent someone with money to throw at the problem from performing a key extraction attack, I have a bridge to sell you.
I don't know how it is in the UK, but in the US companies claim IP rights they don't have all the time. Maybe a court would hold that a company's claim of "you need our permission to do X" constitutes reason to believe it's true, but I would certainly hope not.
And those arguments might well win the day in court. They may or may not prevent a criminal trial from being filed. (If they weighed all the facts, circumstances, and case law before the trial, we wouldn't have a trial, would we?) If such prosecution were to occur, and he were to ignore it, he wouldn't get his day in court and those argument would never be made.
I tend to agree with the original sentiment that the user could choose to ignore the charge and hide out of range of the lawsuit - I'm assuming no extradition provision would come into play between the UK and the US here. But if he does, he is certainly taking a risk that he would have to avoid going to the UK in the future.
Slashdot Mirror
Context, people.
The flip side of what I've posted a dozen times elsewhere: Just because something isn't PII, wouldn't mean that it necessarily can't be used as evidence in a trial (especially at the standard for evidence in a civil case).
This is a case about privacy law, not standards of evidence. The two are essentially unrelated.
Where privacy law is concerned, you are wrong. You're making assumptions about how closely information has to lead someone to you to be PII, and those assumptions don't conform to the meaning of the term.
In some contexts, even ZIP code alone can be PII.
Aaaand the standards for what is PII are even looser. Even something that is insufficient as proof of identity in a civil case could still be PII. This is not a story about someone introducing an IP address as evidence of responsibility for wrongdoing in a trial. It is a case about whether MS violated its privacy policy by collecting IP address information.
This information is present in the summary, and quite evident in TFA. It's also spelled out in the previous article on the matter. It's been repeatedly pointed out in the comment threads of both articles. I can only assume that we've spent so many years arguing about the viability of IP's as evidence at civil trial that we've lost teh ability to understand that it isn't the only legal context in which an IP address could be discussed.
You know what, go read the background of the case. None of the points you're raising have anything to do with the actual material being discussed. It is not about proving that someone is responsible for a given action.
As for your belief that an address sans apartment number wouldn't be PII - not so in the medical industry (as one example). In fact, a ZIP code can often be considered PII.
I reject the author's premise that programmers don't need to care about the definition of PII. It's true that PII is a different issue from technical application security, but that's like saying that because fuel efficiency isn't crash safety auto engineers don't have to worry about fuel efficiency.
(You know you wanted a car analogy.)
It would be correct to say that PII is a business concern rather than a technical one, but I for one don't trust software developers who don't understand their business.
The correct reasoning to resolve this case, IMO, is to consider it implied (or, failing that, give MS a slap on the wrist and require them to make explicit) that the ban on collecting PII doesn't apply to situations where such collection/use is necessary to provide the requested service. That's the basic model HIPAA uses, and for all its flaws I can't imagine anyone arguing that HIPAA were too permissive. Then it no longer matters if an IP address is PII.
However, that has nothng to do with the case at hand. PII doesn't mean "evidence of who was responsible for some action".
Knowing that a particular IP address was used in a particular IP violation (har) does not, in and of itself, prove that the Bill Johnson, to whom that address is assigned, committed the crime. In civil court it's a pretty good start, though - and more to the point, something doesn't have to prove a direct connection to be PII.
What makes the judge's reasoning absurd is, it would apply equally well to things we know are PII. Example:
Knowing that John Smith was robbed at 123 Elm St. doesn't mean that Bob Jones, the resident at 123 Elm St., robbed John Smith. However, 123 Elm St. is considered PII - if a healthcare provider released the information that they shipped xanex to 12 ELm St., they would violate HIPAA because this would strongly imply that Bob Jones has certain medical conditions.
If you admit that it's a matter of probability, then you admit that you don't know. So atheism is a matter of faith.
You might want to look up what "atheism" means, by the way, because your definition of it is even more incorrect than your attempt to apply 'probability' to the question. But from there, it's up to you whether you do your own research, as I'm done debating someone who can't express an allegedly-rational viewpoint in rational terms.
I would assert that "a phenomenon can (or cannot, or will or will not) happen" is, in fact, a hypothesis. "A heavier-than-air machine flying" is a phenomenon; "it is possible for a heavier-than-air machine to fly" is a hypothesis (albeit an ill-defined one for lack of detail, but I think we can both fill in the blanks), and my example above points out what happens when this hypothesis is assumed false.
In any case, hypothesis are not "assumed false", they are tested. Testing is what we do becasue we don't assume. If we can't test a hypothesis (there is no current test of the string theory hypothesis regarding the nature of spacetime), we make no assumption and leave it as an unknown.
You claim a need to assume false because of the chaos that would ensue if we assumed true - which fails to address the agnostic position of not assuming anything.
Those who label themselves "atheist" attack as irrational anyone who allows for belief in a god. Those who hold the view you're claiming have lost control of the label "atheist", if indeed you ever had it.
Read over this thread, and it is very clearly a debate between those who Believe there is no god (calling themselves atheist), and those who believe we do not and cannot know (calling themselves agnostic). Worries about how those labels might have been applied in a different discussion at a different time are moot.
It's interesting that you list Occam's Razor, because outside of pop culture nobody actually interprets it as "proving" anything.
Yes, scientists examine the unknown as the opportunity provides. There are so far no tests of string theory (though there have been some recent claims in that space, which may prove interesting). That does not lead scientists to say string theory is false. Likewise there are no tests of whether God exists, and one of the stronger agnostic positions is that there will never be such a test. To go from there to "there is no God" is a leap of faith.
You talk about "what has been covered and understood"; well, provide evidence that has covered the non-existance of God and the debate will be over.
Your comments about the stories of "acts of God" make me think you're hung up on the idea that to allow for belief in God, one has to believe in the Bible as a literal history. This is entirely incorrect.
(As an aside, I think atheists who dismiss stories of miracles on the grounds that the violate laws of physics perhaps miss the point of what a miracle is supposed to be, but that's neither here nor there.)
Nice deflection, but it is you who is missing the point.
Your doctor probably doesn't personally care about the ideals behind HIPAA. He or she also isn't just trying to screw you if he or she refuses to discuss medical issues over the phone. He or she has no choice in the matter.
Now I don't know what your definition of "work with companies in the industry" is, but you're barking up the wrong tree if you think you're positioned to talk down to me about HIPAA.
The landscape of information controls will become more coherant over time. Whether that means "consistantly more strict" or "consistently less strict" will depend on lobbying from various camps. Do you have any understanding of how young a system HIPAA privacy regulations really are?
Yeah, you better believe every major player in the medical industry is pushing lobbying influence one way or the other. But if you think The Industry speaks to government with one voice, you're being naive; if you think the current bills before congress don't give them more important things than privacy regs to talk about, you're not paying attention; and if you think the government moves so quickly to conform to lobbying demands (or to do anything, for that matter), then I wonder what country you're living in.
"No it isn't. Atheism is the default position"
The default position is "I don't know". You change from that position when either (1) you have evidence (and if you have any on this matter I'd very much like to hear it), or (2) you are convinced as a matter of faith.
In all areas of science, the default position is "I don't know". Scientists do not default to saying "there is no way to make fusion reactors work" simply because they haven't found one. We do not default to "there is no unification of the natural forces", or "P != NP", or any other negative hypothesis where evidence is lacking. We call them "open problems".
When mankind does try to default to a negative proposition, he often comes off looking a bit silly. ("There is no way for a heavier-than-air machine to fly.")
The only reason atheists claim "no is the default" on the issue of a God is that they personally find "Yes" distasteful. It's a matter of faith. (Or, more cynically, rhetoric. I suppose I shouldn't assume candor.)
"Countries are making the kind of legislation this article talks about and you don't think some rational zealotry is in order?"
Too bad not everyone agrees with you about what position is "rational". Fundamentalists tend to think their religion is the only rational view, whether their religion is atheistic or not.
Zealotry in favor of atheism is no better a government policy than zealotry in favor of Christianity.
"Seriously, people like you need to pick a side."
No, people like you need to stop pushing false dichotamies and pretending that we're all out here to "take sides."
"Religion has damaged society for too long. We're so close to killing it "
LOL. Might want to fact-check that one, chief.
"through cowardice or indecision or existential angst"
As soon as you start asserting your opponents' motives, you might as well forget about reaching useful conclusions.
"would you afford any weight to <insert religious text here>,"
Acceptance or rejection of religious texts is irrelevant to the discussion. Every religious text is rejected by some theistic religion, so clearly it is not merely the domain of atheists to reject religious texts. It is in fact quite possible to reject every religious text and still be agnostic. Your failure to recognize this possibility stems only from your "us-or-them" mentallity - which by the way is the very mentality that does most of the harm you ascribe to religion.
"Nobody really know what violates copyright either, for example."
Yes, there are laws other than HIPAA that are widely open to interpretation (which is a much weaker claim than your original "nobody knows what any law does" assertion). Copyright is not, however, as open to interpretation as HIPAA, as it has a much more robust case history.
Even with that broader case history there's enough uncertainty that companies play "better safe than sorry". When large companies are potentially liable for copyright infringement, their legal teams make them put defensive policies in place - just like doctors do with HIPAA. So, very apt comparison that shows how your doctor is doing exactly what every responsible business does when faced with legal uncertainty.
But what makes copyright an even more interesting example is, there are companies that don't follow that legal strategy. Ask TPB or Napster how that worked out for them.
"How about 'careless driving'? do you know exactly what that is, and when you've crossed it?"
Ok. Show me a business that (1) has the same level of exposure to "careless driving" laws as every hcp has to HIPAA, and (2) doesn't force its employees to behave according to overly-strict standards to ensure compliance with said law.
Good luck.
"Can they prove they are talking to the right pharmacist or specialist or lab technician? Can they prove anyone else isn't listening in? No of course not, so why suddenly are you throwing this in my face? Its not a concern when they talk to anyone else."
Oh, yes it is. The controls are different because the situation is different. (For example, both ends of those communications are trained in - and liable for - HIPAA. Also, there is no magical "right" pharmacist they have to talk to.) But if you think communications among healthcare providers are somehow "not an issue", you need to educate yourself.
"Giving it to a concerned relative who calls in would. However, if the patient PRE-authorizes them, in person in writing, to call you at a specific PRE-authorized number, and if the person who answers identifies themself as YOU, and can recite your birth date and account number, and throw a secret pin number or code word in there too... then what exactly are you worried about?"
Well, so far you've retreated twice to tighter controls than you'd previously talked about, and if we keep repeating this exercise you will keep retreating. If we make you responsible for potential breaches in the same way your doctor is, you'll eventually land on exactly what your doctor is doing.
If I wanted to get PHI about an elderly relative, I could easily get enough information to "trick" a doctor following your advice into giving it to me. The doctor's office would then be potentially liable for a HIPAA violation (while I, interestingly, would not). That is one of the things the legal advisors behind these practices are worried about.
"but at the end of the day, these mistakes still happen."
Oh, I see; you're one of those "any two imperfect systems have equivalent risks" people. Good luck with that.
"While ballooning the costs of actually providing the health care, and costing the patients thousands indirectly too. Losing half a day of work to see a doctor costs me a LOT."
Not as much as the alternative would cost you, but that's beside the point. I don't know what part of "the system is broken; quit blaming your doctor" you don't understand.
Actually, the picture of an agnostic as an atheist who "just isn't so sure" is merely a charicature used by atheists to slander the agnostic position, as has been repeatedly demonstrated in this thread.
"Nobody knows what the full ramifications of any piece of legislation are"
I didn't say "nobody knows what the full ramifications of HIPAA are". I said, nobody knows what violates HIPAA.
If I hop in a car and start driving down the highway, I know damned well what behavior will constitute speeding. If I go into the corner market, I know what would constitute shoplifting. So on the face of it, your attempt to paint HIPAA as no more difficult than any other law is baseless.
"What part of disclosing medical information to the PATIENT could violate the HIPAA?"
Can you prove who you're talking to on the phone? Can you prove who else is listening? You may know your doctor's office's secretary's voice, but I bet he/she doesn't know yours (among the probably-thousands he/she deals with). Maybe you go to a smaller office where that's less of an issue. Good for you. Unless they have their own legal staff that can re-evaluate the situation, they're still stuck going by industry practices for what's "safe". In fact they may well contract with industry groups that insist on it anyway.
And considering that giving medical information to a concerned relative would "violate the HIPAA" as you put it, there's nothing paranoid at all about that concern.
Again, these decisions aren't made by some doctor who's out to get you. They are made by lawyers. They are made defensively to cut down on the legal costs associated with providing healthcare.
"they call the patient back on a pre-authorized number, there would be no issue with HIPAA"
Because every patient has a phone that nobody else could possibly answer? Right.
"This is on par or better than the level of security they have when they send the data to pharmacists"
Citation needed.
My doctor had a practice of well over 2000 patients. This wasn't about being greedy - it was about staying afloat. He hated it enough that he followed one of the recent trends: he switched to a "small practice" model where he guarantees high availability to each of the couple hundred patients to which he now limits himself.
Of course, he now has to make the practice profit on something like 1/6 to 1/10 as many patients. So, he charges an annual fee (which is a bit steep, and which insurance won't cover - though an FSA can help). On top of that, insurance rules insist that he charge for office visits (when he learned of this, he lowered the annual fee to compensate).
In my experience, he really is able to provide much better service now. I've been able to see him within a few hours of feeling ill. I don't wait around for a backlog of patients when I go to his office. He even decided to offer a vaccination series at his expense because current insurance practices would leave adults to either buy it themselves or do without.
But better healthcare costs more. The system is broken and a broken system has baseline prices that are too high; no individual provider can change that.
I guess it's easy to blame the health-care provider.
Don't let it bother you that nobody knows exactly what would violate HIPAA, so everyone goes by their legal team's best guess. Or I suppose you think that for your convenience your doctor should ignore legal advice and risk exposing himself to litigation from someone who views the regs differently than you do?
I suppose the providers could just lawyer up even more, buy even more insurance... and guess what, they'll pass the "savings" on to you!
Yes, there should be accepted methods for passing quick information to the patient without an appointment. No, there aren't great ones, and offices seem to vary on when they're willing to use phone and mail. And no, this isn't because your doctor is trying to screw you. Doctors don't like the current system of overbooking and running constantly behind any more than you do.
I don't think you can say that immune systems are identical among genetic twins. At birth, if they were carried by the same mother, probably; beyond that there are other variables. Fundamentally similar, but not identical.
In any case, I'm not sure genetic monoculture is that big a threat here. If you have a sizable population of these dogs living together, I suppose it becomes an issue.
Why the focus on drug dogs? You've really raised two questions there. The broader social question of "why the focus on drugs" may be valid, but it's beside the point. That's the legal/political background of the story. Given that background, the more relevant question - why drug dogs instead of, say, service dogs - is a simple matter of cost/benefit. Service dogs aren't cheap, but this cloning project cost $40k per dog, and that doesn't even include the normal costs of training each dog.
For drug dogs, they say that's cheap compared to normal breeding programs once you adjust for the higher success rate. For service dogs, I'm just gonna go out on a limb here and say they need to let others pioneer the process and get the cost down.
Of course, with a relatively large population like service dogs, the concern of a genetic monoculture is greater.
Somewhere along the line, everyone assumes that technology changes making something easy will automatically cause the legal landscape to fall in line so there are no repercussions when you do it.
The Internet has made it so easy to "act" simultaniously in, and interact simultaniously with the citizens of, every country on Earth, that even a small business potentially does it without even thinking about it; and even if you made the conscious decision not to, that would be hard.
So we say the Internet erases boundaries, but we don't really comprehend what that means. One thing we should realize it doesn't mean: it doesn't mean the whole world is suddenly one big USA.
The approach Belgium is taking here isn't one I want to see take hold, but I can't say I'm surprised to see it tried. A lot of the more "reasonable" approaches we could land on are not, in a lot of ways, "better".
Your conclusions (certainty of quick development of lethal cancer) directly contradict what the researchers are claiming to see in the lab. They provided their citation; where's yours?
The researchers theorize an increased cancer risk as a possibility as well.
Since they've been unable to observe such increased risk in testing so far, I think your claim of a "significant" increase in risk is premature, and your labeling of the substance as a carcinogen is FUD.
They claim some success treating before or after radiation exposure.
The thing is, it is a prevention/cure for acute radiation sickness, which is not the same thing as curing all possible symptoms of radiation damage. If the cell's DNA is damaged, this does not correct it. If you take this and then get hit with radiation that would damage the cell's DNA, this does not prevent it.
"Doesn't it occur to you that Dish has their DVRs manufactured by someone else, and that these guys might have wanted to be that someone?"
Yes, it did occur to me. I specifically addressed that possibility in the post to which you replied. Since you chose to respond without reading, I suppose you think I should address it again?
"someone who can explain the flaws and failures of the last designs, and offer something provably more secure would have an offering very compelling to Dish. Doing so requires demonstrating the ease with which their existing system can be broken."
Hogwash.
1) Hiring experts and buying them expensive equipment doesn't demonstrate "ease".
2) What this guy was trying to do (key extraction) is a known vulnerability. If he had a way to "fix" it, he would only have needed to say so to become quite wealthy. There would be no "need to demonstrate" anything but the efficacy of his fix.
3) If you believe there's even a chance this guy was about to demonstrate a way to prevent someone with money to throw at the problem from performing a key extraction attack, I have a bridge to sell you.
I don't know how it is in the UK, but in the US companies claim IP rights they don't have all the time. Maybe a court would hold that a company's claim of "you need our permission to do X" constitutes reason to believe it's true, but I would certainly hope not.
And those arguments might well win the day in court. They may or may not prevent a criminal trial from being filed. (If they weighed all the facts, circumstances, and case law before the trial, we wouldn't have a trial, would we?) If such prosecution were to occur, and he were to ignore it, he wouldn't get his day in court and those argument would never be made.
I tend to agree with the original sentiment that the user could choose to ignore the charge and hide out of range of the lawsuit - I'm assuming no extradition provision would come into play between the UK and the US here. But if he does, he is certainly taking a risk that he would have to avoid going to the UK in the future.