Thursday, October 1, 2009

GHC09: Technical Track: E-voting & privacy with health records

This session started out with a fun talk on electronic voting by Dr. Kathy S Faggiani, though it's unfortunate that she seemed to be preaching to the choir. It's not her fault - it seems only people really interested in security of voting and wary of the existing digital voting machines came to the room.

She did a fun experiment with her son that was inspired by California's Secretary of State, Debra Bown who had stated that she had to de-certify California's electronic voting machines because of all the mistakes they made that a first year computer science student wouldn't do. As her son was in his second year, he went and wrote a voting system... turns out his also wasn't as secure as it should've been :-)

Electronic voting is really tricky, though, as you all know. We, as individuals, want to know that our vote counted - but if we're given a receipt that shows how we voted (or with a number where we can look up later on the internet who our vote was cast for), you would be susceptible to vote coercion. This is also why I do not like absentee voting, and am saddened by the state of California's push to force us to do this by taking away polling places and "reminding" you about three times a year to sign up for permanent absentee voting status.

I've read too many stories about voter fraud and simply cannot trust our society to do the right thing in their own homes. I've already heard stories about ballots being stolen from mail boxes. *sigh*

Faggiani mentioned that Hawaii did "successfully" run an all electronic election, managed by Everyone Counts. While it was deemed a success, the voter turnout in this already low-voter state dropped by 83%. Seems like a disaster to me. Clearly the voting was not as accessible to all of the voting public as they thought it would be - since it was all done by cell phone or Internet.

The next talk was on A Cryptographic Solution for Patient Privacy in Electronic Health Records by Melissa Chase. Another area where we are very concerned with the integrity and privacy of the data, yet she pointed out many successful attacks on this information over the last few years. One very egregious example was a doctor that was blogging about his patient's records without their consent. Who needs hackers when someone is giving away your private data for free? *yikes*

Chase covered problems with different encryption key schemes, including saving the private key on the primary server and escrow systems, and went on to propose a hierarchical encryption scheme which seems promising.

She is a strong advocate of making sure the patient is in control of the data and decides where it can go and which doctor can see the data.

This is a fascinating area of research, very important to all of us, and could revolutionize health care in industrialized nations, but there are still many issues to solve like how to handle emergencies when the patient may not be able to "unlock" their data.