Category: Privacy

Invasive monitoring for discounted health insurance policies

What is often called “health insurance” in the United States often isn’t actually health insurance, but a kind of imperfect prepayment plan for medical services.

If “insurance” companies were ever again to become actual insurance companies, seeking profit by assessing and pricing risks of payouts, how much producer and consumer surplus might be available through invasive health monitoring? If insurance companies could more comprehensively and invasively monitor their customers’ risk factors by, for instance, requiring monthly blood tests, or requiring shared access to a 23andMe profile, how much economic surplus might be available?

Surely there’s potential producer surplus, because insurance companies would be able to keep more money if they knew certain kinds of healthy customers would require fewer expenditures. Surely there’s potential consumer surplus, because healthy customers would be rewarded with lower prices for their good health. Pricing could even be dynamic, depending on the particular monitoring technology.

Aside from gains in producer and consumer surplus, there would be an even greater benefit. Prices would serve as a kind of check on biased medical research. Medical academics politicking for research money might continue to make wild and untrue claims about different pathologies, but insurance companies would have skin in the game to evaluate medical research.

As far as I know, privacy regulations and price regulations make this idea completely impossible today.

One mystery of the UDID leak has been solved, but other mysteries remain

Yes, we’re all excited for the release of the iPhone 5 this week, which is being widely reported. What hasn’t been so widely reported or understood was a leak of  about a million UDIDs by #AntiSec, a hacking initiative affiliated with Anonymous. As it turns out, the leak was a fabrication. #AntiSec didn’t obtain these UDIDS from the FBI. One mystery is solved, but the whole incident calls attention to a much more serious matter.

First, what’s a UDID? A UDID is a unique alphanumeric identifier issued for every Apple iOS device, including iPhones, iPads, and iPod Touches. Up until recently, Apple has encouraged application developers to obtain the UDIDs of their users. Concurrent with the release of the iPhone 5, Apple will soon ban the use of UDIDs by app developers. That would be good news, if it weren’t a red herring.

Apple collects user data of user locations, and has not been particularly transparent about government requests for information. Even if the #AntiSec leak is a forgery, the existence of such a government database is intensely plausible. The NSA is constructing the country’s largest data storage facility in Bluffdale, Utah, and will have the capacity to store 100 years’ worth of the world’s electronic communications. Courts have ruled that the acquisition of data is not a Fourth Amendment search, and that only the querying of the data later on constitutes a search.

So, how would the NSA acquire data on people? Malte Spitz discusses, in a chilling TED talk, how your smart phone is always able to transmit information about you.

Spitz’s comments should be obvious to iPhone users, who have long had access to the Find My iPhone app.

All this should be chilling to you, but if you’re thinking, “Privacy doesn’t matter because I have nothing to hide,” you are seriously mistaken.