PA Webcam Spying Case Resolved

Posted on by

Jake Meyer by Jake Meyer

Everyday for two weeks when high school student Blake Robbins left his school’s campus and went home for the day, the Lower Merion School District covertly followed him home, tracking his position, snapping photographs of him and his family, and recording his activity on his laptop computer.  The school district didn’t send a secret agent to keep tabs on Robbins, but instead had turned his school issued laptop into a remotely controlled surveillance device.  Robbins’ laptop captured over 400 images, screenshots of his activity on his laptop while he typed to friends through an internet messenger service, and photos taken through the laptop’s webcam of Robbins while he slept, pictures of him partially dressed after he got out of the shower, and photos of Robbins’ father and friends.  The laptop transmitted its IP address allowing the school to track its physical location.  The school district had installed this tracking software, TheftTrack, on all of the school issued laptops to be activated to retrieve laptops that had been reported stolen.  Robbins’ original laptop was returned to the school with a broken laptop and the school issued him a loaner laptop.  School district officials knew that he was in possession of the loaner laptop and that it had not been stolen, but activated the monitoring software anyway.  Robbins later learned that the webcam had been activated on his laptop when he was confronted at school by the assistant principal about his possible drug use – it turned out that the webcam had captured him eating Mike and Ike candy.

Blake Robbins and his parents filed a lawsuit against the Lower Marion School District.  The Robbins lawsuit was filed individually as well as on behalf of the class of all similarly situated persons – the students and families of students that had received a laptop with a web camera from the Lower Marion School District.  (The Robbins later moved to have the action certified as a class action and have the Robbins represent the class because joinder of the members of the class would be impractical because of the number of class members.)   The complaint alleged that the school district had “been spying on the activities of Plaintiffs and Class members by [the school district’s] indiscriminate use of and ability to remotely activate the webcams,” and that the “School District has the ability to and has captured images of Plaintiffs and Class members without their permission and authorization, all of which is embarrassing and humiliating.”

Continue reading

The Rules of Cyber War

Posted on by

Jake Meyer by Jake Meyer

There is a war going on and the U.S. is under attack.  These attacks aren’t on our soil, but they hit us at home and have the possibility of causing severe damage to our infrastructure through computers and internet connections.  These attacks threaten to “destroy databases, communications systems and power grids, rob banking systems, darken cities, knock manufacturing and health-care infrastructure off line” and cause other serious damage.  Cyber attacks have been launched against the U.S., because the U.S. has large systems that offer a large payoff if the systems are compromised — it’s probable that recent attacks on U.S defense and economic targets were launched by North Korea, China, and Iran.  Over 100 foreign intelligence agencies have attempted to break into U.S. networks.  But the U.S. isn’t the only target as the use of cyber warfare escalates around the world.  Russia has cyber attacked Estonia and Georgia.  And Stuxnet, a worm created to disrupt Iranian nuclear power plants, has been blamed on either the U.S. and Israel, or Russia.  But cyber warfare isn’t just limited to nations attacking other nations — China has launched coordinated attacks against Google and Gmail.  With all of this conflict on the cyber battlefield, is there any chance of a cyber peace treaty?

The secretary-general of the International Telecommunications Union (an agency of the United Nations), Hamadoun Touré, has called for the creation of a cyber treaty with a built-in legal and regulatory framework and a contingency plan in case of a large-scale attack.  U.S. officials are wary of Touré’s proposal since it would result in “restructuring Internet governance in ways that would boost government controls.”  But the U.S.’s reluctance on such a cyber treaty is not baseless.  There is cause for concern because regulation of the internet by the nation’s governments can result in censorship, limiting the usefulness of the internet.  Russia’s Defense minister has argued that promotion of ideas on the internet, such as democracy should qualify as “aggression” under a Russian-sponsored U.N. initiative introduced to combat cyber attacks, or as Russia prefers — “information war.”  Although a cyber peace treaty could be unlikely for the near future, there could be an agreement between nations on how a cyber war should be fought.

As nations waged bloody wars with each other through the centuries, rules of war were created by nations.  The modern rules of war are embodied in the Geneva Convention, but there is no such similar Geneva Convention for cyber warfare.  It could be time for rules of cyber warfare to be developed.  Professor Neil C. Rowe of the U.S. Naval Post Graduate School has suggested that cyber warfare should have ethics policies.  Rowe gives examples of possible policies such as an agreement to a “no first use” policy, where participating members would agree to only use cyber attacks in response to other cyber attacks, or requiring that the attacks have distinctive signatures that identify who is responsible and their intended target.

So what is the U.S. government doing to defend itself on this new battlefield?  New organizations in the U.S. Department of Defense are being created to deal with these new threats.  The U.S. formed Cyber Command to defend defense networks and to also launch offensive cyber strikes.  Existing government agencies are also cooperating more to defend the variety of systems that are vulnerable to cyber attack.  The National Security Agency, which is tasked with protecting U.S. national security systems and intercepting communications overseas, and the Department of Homeland Security, which has responsibility for protecting vital systems like power grids, financial services and water purification, have agreed to share their intelligence

Solutions have also been proposed to defend the U.S. in the event of a large scale attack.  The Senate Committee on Homeland Security and Governmental Affairs has approved a bill to allow the President “emergency authority to shut down private sector or government networks in the event of a cyber attack capable of causing massive damage or loss of life.”  This bill, S. 3480, has been described as a “kill-switch” for the internet.  There is some concern with such a system because the power to disable whole portions of the internet is an extreme power, and it’s not clear what the precise circumstances would be for the exercise of such a power.  Larry Clinton, president of the Internet Security Alliance, which represents the telecommunications industry, criticized the bill as “empower[ing] the president to essentially turn off the Internet in the case of a ‘cyber-emergency,’ which they didn't define.”

The strengths of the internet are also what make cyber attacks a serious threat to the security of citizens and countries around the world and also make these same threats difficult to regulate.  The internet “enables communication on an unprecedented scale and is woven into billions of lives around the world.  Its openness, its inclusiveness, its relative lack of regulation make it a fertile field for innovation and competition, an engine for much needed economic growth,” says Rod Beckstrom, President and Chief Executive Officer of Internet Corporation for Assigned Names and Numbers (ICANN).  This engine for economic growth that allows vastly improved communication and near instantaneous access to information benefits from its openness and lack of regulation.  Defending against the threat of cyber attacks will require policy makers to walk a fine line between regulation and openness.

Watch out Produce Aisle, Here Comes Dad!

Posted on by

SarahBlennerBy Sarah Blenner, JD, MPH

Diabetes and obesity are serious health problems that are affecting an increasing number of Americans of all different ages.  The Center for Disease Control and Prevention (CDC) recently estimated that, based on existing trends, the prevalence of diabetes could increase from 1 in 10 adults to 1 in 3 adults within the next forty years.  This means that the CDC expects the number of people with diabetes to either double or triple by the year 2050.  While there is no single known cause for either type 1 or type 2 diabetes, there are a variety of widely accepted risk factors associated with both forms.  For example, type 2 diabetes risk factors include, but are not limited to: age, race/ethnicity, body mass index (BMI), activity levels, and family history.  Recent studies suggest that breast size, eyebrow color, and short stature might also be associated with an increased risk for diabetes. 

A recent study conducted on rats has even suggested that if a dad-to-be eats a lot of foods that are high in fat before his child is conceived, then he is more likely to pass the risk of diabetes and obesity on to his daughter.  This study might be the only one of its kind to report that a father can pass along a risk factor associated with diabetes that is not inherently genetic.  Although the study was conducted on rats, the researchers hypothesized that the conclusions of the study might be congruent in human populations, since obesity in men affects sperm function, sperm mobility, and the amount of DNA damaged in sperm.  If in fact the findings of this study are applicable to people, there may be some serious implications for future generations, as thirty-four percent of adults are considered obese, an additional thirty-four percent of adults are considered overweight and the rates of diabetes in the adult population are drastically rising. 

Continue reading

Biohack the Planet! A New Generation of Hackers Sweep Across the Country

Posted on by

Keith Syverson by Keith Syverson

The recent phenomenon of “biohacking” has been quietly gaining momentum.  In February 2010, Lori Andrews blogged about her experience at UCLA’s Outlaw Genetics conference.  Just last week, the international scientific journal Nature published an article titled “Garage Biotech: Life Hackers” describing the growing trend.  The steadily decreasing cost of molecular biology equipment has lead to a movement where amateur scientists, calling themselves biohackers, purchase equipment and set up their own molecular biology labs in their garages.  Proponents of the movement liken it to the open source movement in software.  The idea is that the “democratization of science” will bring fresh new talent to improve scientific instruments and uncover new applications for biotechnology.  At the very least, the name “biohackers” sounds cool.

Biohackers and do-it-yourself biologists come in all forms.  Geneticist Hugh Rienhoff created a home laboratory to study his ailing daughter’s rare genetic condition.  Others, like Rob Carlson, simply became frustrated with the tedious process of annually filling out grant applications to secure funding at his academic lab. The real down-and-dirty biohackers, however, are simply hobbyists with little or no formal training in molecular biology.  For example the article in Nature mentions Meredith Patterson, a computer programmer based in San Francisco California who created glow-in-the-dark yogurt by engineering a yeast strain in a garage lab.  There are growing online communities such as DIYbio where biohackers come together to share protocols and instructions for making cheaper lab equipment.  Other groups, such as the Silicon Valley-based BioCurious, are seeking to furnish a shared lab space where members of the club pay dues in exchange for classes taught by local graduate students and timeshares in the lab.

Continue reading

Unearthed Syphilis Study Demonstrates the Purpose of Ethical Regulations in Human Clinical Trials

Posted on by

Robert Enneser by Robert Ennesser

In 1946, American researchers went to Guatemala and infected 1500 prisoners, orphans, and patients in mental institutions with syphilis and gonorrhea under a U.S.-Guatemalan government partnership.  Today, such experimentation would not occur because of strict research requirements including documenting details of human research and obtaining approval from Institutional Review Boards to move forward with human research.  While ensuring research requirements are met can seem tedious for researchers, Professor Susan Reverby of Wellesley College recently provided a reminder of why those regulations are in place – to ensure the safety of human participants in clinical studies.

Continue reading

Massachusetts Court Could Tell the CIA to Stop Using Flawed Software to Pilot Killer Drones

Posted on by

Jake Meyer by Jake Meyer

The U.S. is increasingly using unmanned aircraft known as drones to fight its wars and kill enemy targets.  These drones are controlled remotely by soldiers thousands of miles away from the action and armed with 100lb missiles — larger drones can be armed with 500lb bombs that are deadly in a radius of over 200 feet.  Concern has been raised about the use of these drones because drones strikes have resulted in civilian casualties.  Civilian casualties are counterproductive to the war effort in Afghanistan where a goal is “winning the hearts and minds” of the local population.  New America Foundation, a public think tank, has reported that 142 drone attacks in Pakistan killed between 1,013 and 1,362 people from 2004 to 2010 and up to a third of the casualties were civilians.  Now a company involved in a contract dispute in a Massachusetts court is alleging that the CIA is using software to guide its drones to targets that was rushed, illegally reverse engineered, and not properly designed for the CIA’s hardware — causing calculations made by the software to be off from 1 to 13 meters (over 40 feet).  The Massachusetts court is currently considering a motion for preliminary injunction and if the court were to grant the injunction, it could possibly force the CIA to stop using the miscalculating software and have more accurate software developed for its drones.

The case involves claims by the Netezza Corporation that Intelligent Integration Systems Inc. (IISI) was under contract to provide a version of IISI’s Geospatial software (an analytical software program that integrates spatial data with non-visual data) to Netezza for a new computer system called TwinFin.  The Massachussetts court dismissed the claims by Netezza in a summary judgment, but counterclaims made by IISI still remain to be ruled on.  IISI’s counterclaims allege that Netezza improperly acquired an IISI trade secret — the Geospatial software — through reverse engineering.  The software licensing agreement contains provisions that explicitly prohibit the reverse engineering of IISI’s Geospatial software and use of its proprietary information.  IISI also alleges that the reverse engineering of the software was to please its client, the CIA, as “Netezza’s own records also show that Netezza was motivated to take this action in order to save face with the CIA.” 

Continue reading

Myriad Offers to “Gift” Its Breast Cancer Patent to Australia: What’s the Logic?

Posted on by

Jake Meyer by Jake Meyer

Myriad Genetics, in mid-August, 2010, sent a letter offering to surrender its Australian BRCA1 breast cancer gene.  The letter said, “Myriad wishes to gift Australian Patent No 686004 (the Patent) to the people of Australia.”  On September 2, 2010, the Commissioner of Patents published notice of Myriad’s offer to surrender the Patent in the Australian Official Journal of Patents, and interested parties that want to be heard before the offer of surrender is accepted must submit a request within a month.

Myriad will surely claim its offer to surrender its patent is based on compassion and consideration for Australian women who have a family history of breast cancer and want genetic testing.  Not enforcing their Australian patent will allow competing labs to open and provide BRCA1 testing—perhaps at a lower cost or at higher quality.  The existence of more labs will give Australian women who wish to be tested the option of obtaining a second opinion before deciding to pursue radical surgeries, such when healthy, asymptomatic women have their breasts or ovaries removed based on a test result that suggests they are at a higher-than-normal risk of developing cancer.

Continue reading

Clinical Trials: Not as Independent As You’d Expect (or Hope)

Posted on by

JenAckerby Jen Acker

Before a new pharmaceutical makes it to market, it undergoes years of clinical trials to test and prove its efficacy and safety.  Data safety monitoring boards (DSMBs) are small committees of individuals tasked with ensuring that throughout the three phases of the clinical trials process, the researchers running the study remain uncertain as to whether the trial drug or the control drug is more effective, and whether participant patients are being harmed by the trial drug.  A recent editorial, however, suggests that DSMBs might not be acting objectively because of undue influence by interested parties:  namely, the pharmaceutical company that manufactured the trial drug.

Drug trials are often conducted double-blind, where neither the doctors and researchers nor patient participants know whether the control drug or the trial drug is being administered.  Trials must not put human subjects at unnecessary risk, a determination made by DSMBs at regular intervals during the course of the trial.  If, at any point, one drug poses a risk of harm, the DSMB decides whether the study should proceed.  If the control drug is shown to be more effective mid-trial, the DSMB might stop the study, and the trial drug will not be approved.  Likewise, if the trial drug is shown to be much more effective than the control, it might be approved for widespread patient use before the study is completed (this is rare).

Continue reading

From Nude Photos to Naked Genomes: Berkeley Gets Poor Marks on Frosh Gene Tests

Posted on by

Lori Andrews by Lori Andrews

What do George W. Bush, Hilary Clinton, Meryl Streep and Wendy Wasserstein have in common?  As incoming freshman to Ivy League universities, they were required to pose nude for photographs.  The goal of the project was to correct students’ posture—and to correlate posture with later life achievement.  From the Ivy League, the practice spread across the country until a female freshman at the University of Washington in Seattle challenged it.  In 1968, the program was abandoned, under criticism it was eugenic.

I attended Yale after the demise of the notorious photo program.  But when I read about U. Cal Berkeley’s recent plans for its incoming freshman, I realized Berkeley officials hadn’t learned the lesson of the posture program.  Rather than requiring nude photos of their students, Berkeley officials were planning to peer at students’ DNA.  Indeed, they were opening the door for sensitive genetic information to be made available about our future leaders–their current students.

The Scope of the Berkeley Program

Last summer, 5,000 incoming students at University of California, Berkeley received a surprise along with the packet of information about their freshman year.  Their admissions packet contained an item that looked like a Q tip and an invitation to swab the inside of their cheeks for genetic testing.  The targeted genes were involved in breaking down lactose, metabolizing alcohol and absorbing folic acid.

The program came under criticism from lawmakers, bioethicists and even the California Department of Public Health.  Now Berkeley has significantly cut back the program.  What lessons should Berkeley officials learn from this experience? 

Lessons to be Learned

1.    In the quest to be avant garde, don’t forget the basics

Berkeley officials seem to have been caught up in the novelty of the program.  “Science is moving so fast right now,” said Alix Schwartz, director of academic planning for the college’s undergraduate division. “If we assigned them a book, it would be out-of-date by the time they read it.”

Think hard about that comment.  Parents are spending up to $40,000 a year to send their children to Berkeley.  In most of their courses, students will be assigned books to read.  It would not be unreasonable for parents to ask, is it really worth $160,000 for my child to get an obsolete education?  Why don’t I just get a quickie genetic profile done on my child an put him or her in a job best on the genotype?

2.    Take responsibility for the well-being of your students

Years ago, psychology professors routinely required their students to be subjects in experiments as part of their course requirements.  Now the Code of Ethics for psychologists forbids this sort of coercion of students.  But Berkeley’s “offer” to students, although presented as voluntary, was itself coercive.  “The consent form for the project is pure marketing,” Jeremy Gruber, the president of the Council for Responsible Genetics told California lawmakers at the August 2010 hearing on the program.  The form listed speculative, unproven benefits of the testing, but none of the risks.

The genetic testing program was replacing the “one book” program to give students a common experience to discuss.  A student entering Berkeley might feel compelled to swab rather than risk ridicule by others or marginalization by not participating.  Or worse yet, by saying “My parents wouldn’t let me send in my DNA.”

And what happens when the students started discussing the results of their tests?  Would those who were poor metabolizers of alcohol be left behind when others went to the local bar?  And, as Boston University public health professor George Annas asked, would those who had genes related to alcohol tolerance feel they could drink to excess? 

3.    Look closely at conflicts of interest

According to the consent form for the project, the students DNA sample would “become the property of the University” until its destruction and the university would “save the data for future teaching purposes and for possible publication of the aggregated data and its analysis.”  Such an approach makes one wonder if the project is being undertaken for the students’ benefit or for that of university researchers.  Indeed, the professor behind the program had formed his own genetic testing company last year.

There was also to be a writing contest where the winning students would have a chance to win further genetic testing from 23andMe, a private company that offers DNA profiling.  But should a public university be endorsing a private company?  “The FDA and Congress are currently investigating this type of testing, described as ‘snake oil’ by a member of the House Energy and Commerce Committee at a recent hearing, also described as ‘not ready for prime time’ by the Centers for Disease Control,” Gruber said at the California hearings.

4.     Check the legality of what you are doing

Berkeley planned to do the genetic testing in one of its university labs and provide the individual results to the students.  But its labs had not complied with state and federal requirements, such as the Clinical Laboratory Improvement Act, which cover any lab that provides a medical result back to a consumer.  These laws are designed to ensure the accuracy of the test results.  The university argued that it was not providing medical information and thus was not covered by the laws.  But that argument was just not credible, given the university’s position that this information could be useful to students in planning preventive measures.

Ultimately, Berkeley backed off of its program when the California Department of Public Health warned that the plan to have students’ DNA samples analyzed at an uncertified lab would violate state law.  Now, instead of offering individual test results to students, it will only post aggregate results.

Berkeley’s Poor Marks

The Berkeley administration deserves poor marks on how they handled the program.  In fact, they seemed to have flunked psychology (with a coercive program), law (not complying with statutes), biology (by not acknowledging the limits of predict
ive value in the tests they were offering), ethics (creating a potential conflict of interest) and history (not applying what had been learned from posture photos debacle).   Perhaps now they’ve learned the lesson that the use of genetic tests needs to be analyzed and contextualized–which, after all, are the hallmarks of any great college education.

A Case of Nurture over Nature

Posted on by

Jake Meyer by Jake Meyer

Neuroscientist James Fallon has been studying behavioral disorders for 20 years at the University of California at Irvine, but he made his biggest discovery in his own backyard.  At a family barbeque, James's 88 year-old mother recommended to him that he find out about his father’s relatives, saying "I think there were some cuckoos back there."  What he found was a 300-year family history that included eight convicted and alleged murderers.  Among his ancestors are a man who was sentenced to death by hanging for murder in 1667 and the infamous Lizzy Borden.  Fallon was understandably concerned.  As part of a family study to determine risk of Alzheimer’s disease, he had already convinced 10 of his family members and relatives to take a brain scan and give a blood sample.  After years of studying the criminal brain, Fallon knew the signs associated with behavioral disorders, so he compared the brain scans.  Only one of the family brain scans showed the pattern of what he calls a psychopath – his own. 

Continue reading