Medical records snagged in NSA dragnet
July 7, 2014 in Medical Technology
The latest revelations from Edward Snowden’s document leaks show that not much is beyond the grasp of the National Security Agency – not even electronic medical records.
[See also: What is Snowden's impact on health IT?]
That’s the finding of a story published this past weekend in the Washington Post: “In NSA-intercepted data, those not targeted far outnumber the foreigners who are.”
The Post‘s Barton Gellman, Julie Tate and Ashkan Soltani show just how widespread the NSA’s data interception has been – affecting far more than the agency’s ostensible terrorist targets.
[See also: Medical identity theft most potent kind]
“Nine of 10 account holders found in a large cache of intercepted conversations, which former NSA contractor Edward Snowden provided in full to The Post, were not the intended surveillance targets but were caught in a net the agency had cast for somebody else,” the reporters write.
They reviewed some 160,000 intercepted e-mails and IMs, along with 7,900 other documents from 11,000 online accounts.
Among the documents vacuumed up in the NSA’s surveillance sweep were personal files such as academic transcripts, resumes, family photos and, in at least one instance, “medical records sent from one family member to another” via email.
These files, even as they’re admitted to be “useless” by security analysts, were “nonetheless retained” by the agency, according to the story.
That, of course, left the door wide open for Snowden to access the documents and give them to reporters such as Gellman et al.
That basic lack of data security only compounds the problem, argues Conor Friedersdorf on the website of The Atlantic this morning:
“The NSA collects and stores the full content of extremely sensitive photographs, emails, chat transcripts, and other documents that belong to Americans, itself a violation of the Constitution,” he writes, “but even if you disagree that it’s illegal, there’s no disputing the fact that the NSA has been proven incapable of safeguarding that data.”