Feeds

Boffins propose brainwave privacy standard

EEG data can predict illness, and app-makers are storing it in the cloud …

Choosing a cloud hosting partner with confidence

Researchers from MIT Media Lab and the Technical University of Denmark have raised the issue of “Privacy for Personal Neuroinformatics”, a field they feel deserves attention because brainwave data is starting to go public.

The four writers' paper on the idea points out that electroencephalography (EEG) has been around for ages and records brain activity using electrodes. Patients generally consent to EEG data being captured, often because it's a useful diagnostic tool. But EEG data can also be used to “diagnose mental diseases, and traces of epilepsy, and decode personality traits,” the paper points out, arguing that current arrangements mean patients don't consent to or contemplate deeper analysis. Nor can patients control the output of their minds: a test for one condition will produce data useful for other purposes.

Most EEG data, the authors point out, is held by medical organisations who are careful about privacy, but research repositories are emerging that aggregate EEG data. Kit and software to capture EEG data are becoming widely available and have made it onto smartphones through efforts such as the Smartphone Brain Scanner on GitHub. The likes of Emotiv even promote “affordable, consumer friendly, high-resolution, multichannel, wireless EEG systems” and offer them as a way to “democratize brain research by enabling access to affordable, user-friendly, high-resolution brain measurement systems.”

The paper stops a long, long, way short of declaring there's any direct risk posed by such offerings. But it does suggest that those who submit to EEG could benefit from privacy standards that make sure their data isn't used to peer into their minds in ways they haven't already contemplated.

Such a standard, it is suggested, should mean EEG patients “control the data access authorizations, request deletion of the data, or move the data to another service provider. Clear boundaries within those services should be set, defining in business, legal, and technical aspects what is under user control and what extracted high-level answers are used for providing the services.”

MIT's OpenPDS is suggested as a useful framework to begin the effort.

Now for the really tough question: has the NSA already made such privacy standards moot? It's not hard to imagine the world's spookhauses being very, very, interested in repositories that give them the chance to understand targets' state of mind. ®

Beginner's guide to SSL certificates

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
US government fines Intel's Wind River over crypto exports
New emphasis on encryption as a weapon?
To Russia With Love: Snowden's pole-dancer girlfriend is living with him in Moscow
While the NSA is tapping your PC, he's tapping ... nevermind
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
Put down that shotgun: Wi-Fi's the way to beat Zombies
CreepyDOL sensors can pick walkers from humans with MAC snack attack
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.