Tag: data protection

Ads are coming to WhatsApp

The move reveals Facebook’s intention to harvest yet more of your personal data for gain.

So, finally, the inevitable has happened. Facebook has completed its mission to turn the world’s greatest private, ad-free communications platform into a massive pipe to suck up the personal data of billions of people and sell it on to advertisers.

This is what we now know as “surveillance capitalism”, as defined in the best-selling book of the same name by Soshana Zuboff. And we also know, thanks to a recent announcement by Facebook at its recent Annual Marketing Summit in the Netherlands, that the ads will look like this:

How WhatsApp ads will look within the app, photographed by head of media at Be Connect digital marketing agency, Olivier Ponteville.

And in case you’re thinking that this whole surveillance capitalism thing is just a conspiracy theory, you should check out last Sunday’s Commencement address by Apple CEO Tim Cook at Stanford University:

Tim Cook, CEO of Apple, addresses Stamford University students on the disasters wrought by irresponsible technology platforms, 16 June 2019

“Too many [in tech] seem to think that good intentions excuse away harmful outcomes,” says Cook [timecode 6:26], “but whether you like it or not, what you build and what you create define who you are. It feels a bit crazy that anyone should have to say this. But if you’ve built a chaos factory, you can’t dodge responsibility for the chaos.”

Or for the ultimately numbing effect it will have on our society. “In a world without digital privacy, even if you have done nothing wrong but think differently, you begin to censor yourself. … The chilling effect of digital surveillance is profound, and it touches everything.”

This is why Apple has just announced a “private log in” feature, that will allow people to register with websites in a way that will prevent those sites from garnering and exploiting their data. And it’s why, here at Hospify, we’ve spent the last few years designing and building an alternative to WhatsApp that allows doctors, nurses and patients to communicate with each other about health matters without their privacy being compromised.

According to a survey recently conducted by EY and announced at the Telegraph Frontline HeathTech Conference in May, 60% of doctors “believe that smartphones will become the main tool to help connect patients and healthcare professionals” within the next few year.

EY survey finds that 60% of doctors “believe that smartphones will become the main tool to help connect patients and healthcare professionals”

It is therefore clearly more important than ever for the 600,000 or so clinicians in the UK currently using tools like WhatsApp and Facebook Messenger to communicate, to switch to using tools like Hospify.

So if you work in health and you haven’t done it already, what are you waiting for! Hospify is free and is available right now in the Android and Apple app stores. It’s a messaging tool that looks and feels like WhatsApp, but it doesn’t serve you ads or monetise your data, it doesn’t even store your data, it’s compliant with GDPR, UK data protection and NHS information governance, and the mobile app is free for anyone to use. Go and check it out today.

July 18, 2019
What’s the matter with WhatsApp?

Given that I run a messaging platform, Hospify, specifically designed to offer people a data-compliant alternative to tools like WhatsApp, Messenger and Telegram when chatting in a health care context, it’s no surprise that I’m often asked: “What’s the matter with WhatsApp?”

So here it is: my cut-out-n-keep guide to the subject, in eight easy lessons.

1. Where it’s at

Under the EU’s General Data Protection Regulation, which got enacted in UK law back in May (just in case you’ve had your head under a rock all year), personally identifiable data held about other people by you as a user of a technology platform should be stored, physically, somewhere in Europe. Meaning that the servers have to be in Europe and only in Europe, not spread all round the planet, like WhatsApp’s are.

Why does this matter in health care? Because users of a health care messaging platform are likely to include doctors and nurses, and doctors and nurses tend to talk about patients. As soon as you mention a patient by name in a text message and add any details about their condition, then you’re holding personally identifiable data about them — and data of the most personal kind.

If you worked in insurance or marketing, you’d have to ask (and get a record of) the patient’s permission before you could send or store that information on the internet. But thankfully GDPR contains an exemption for those who work in health and care: they are allowed to communicate and store details about patients without asking express permission, as long as they’re doing it in the course of delivering their care.

To take advantage of this exemption, though, UK & EU-based health care professionals need to use a communications system that handles data in a way that is otherwise compliant with both GDPR and the information governance rules of their health care employer. WhatsApp is compliant with neither, purely on the basis of the geographical location of its servers.

2. Hand it over

The second problem is to do with accessing the information once it exists. WhatsApp messages are encrypted both in transit as they ping around the internet and at rest on WhatsApp’s servers, where they’re stored. But storing them like this creates big problems. If you’re a doctor and you’ve chatted with another doctor about one of your patients — to get some advice or a second opinion about their condition, for example — then you don’t own that data. Your employer, i.e. the hospital or surgery where you work, owns it instead, even if it’s on your phone. Your employer is therefore ultimately responsible for it, and — by law — has to be able to hand it over to the patient if the patient asks for it, which patients can do by issuing a fairly straightforward subject data access request.

As we’ve seen from cases like the 2017 Westminster knife attack, when WhatsApp refused to hand over the content of the attacker’s messages to the Home Office on the grounds that even it couldn’t de-encrypt them, getting access to WhatsApp messages is tricky. This creates a paradox. In the case of the patient, the law says that the hospital has to hand them over. But if they’re on WhatsApp it cannot hand them over, because without de-encrypting them it can’t work out which ones they are. So because a doctor talked about a patient on WhatsApp, and that patient issued a subject data access request, the hospital is now in data breach twice over: because the messages are being stored on a server outside of Europe (most likely at a WhatsApp server farm on the Eastern seaboard of the US), and because it cannot de-encrypt the messages and hand them over.

3. Snap happy

Another issue one is photos. Have you ever received a picture on WhatsApp? Have a look in your phone’s main photo gallery. The picture will most likely appear there, as well as in WhatsApp itself. This is because nearly everyone’s devices automatically backup such pictures to cloud services that are likely to be geographically-located outside of Europe, and often shared with other members of your family. Even if you switch this feature off, gaffs by Apple and others can mean it gets switched back on without your knowledge.

4. Notify me

Another inadvertent source of data breach is the home screen notification. You can switch notifications off for WhatsApp, but almost no one does — you want to know when you’ve got a new message, after all. The trouble is that the notification contains a snippet of that message, available for anyone within viewing distance of your phone to see. This potentially exposes sensitive patient data to prying eyes, breaks most employers’ “clean screen” policies, and is therefore another reason that WhatsApp doesn’t pass muster when it comes to health care information governance.

5. UnPINned access

It’s also not possible to set a separate PIN code or fingerprint lock on the WhatsApp app itself, which therefore relies solely on your phone’s security lock to keep intruders out. If your phone is stolen or you leave it on the train and you’ve left it unlocked for any reason — increasingly likely now that lots of phones offer to keep themselves unlocked for convenience when they’re connected to wireless devices like keyboards or headphones — then there’s nothing to stop someone getting access to your entire message history.

6. Conspiracy theories

Then there’s the question of what WhatsApp is really doing with your data. Earlier this year Google struck a deal with WhatsApp (which itself is owned by Facebook) to allow WhatsApp users to back up all their chats and photos to their Google Drive accounts without impinging the 15GB free storage limit set on those accounts.

Now, this seems quite an odd thing for Google to agree to, given that Google and Facebook are major league competitors for online advertising spend. Would Google do such a deal out of the goodness of its heart? Call me paranoid, but I don’t believe it would. Presumably it’s getting some kind of value out of storing all that content which, despite being encrypted, would still be rich with all kinds of associated metadata that the search giant could use to improve its profile and advertising of — yes, dear reader — you.

7. Secure doesn’t mean secure

All of which bring us to the thorny issue of security. People think that WhatsApp is really secure because all its messages are encrypted. But it turns out that it’s not that secure at all. A bunch of white-hat hackers called Check Point Research recently found that WhatsApp’s QR-code feature, which allows a user to route his or her account via a laptop or desktop computer for ease of access, contains a vulnerability that allows an attacker to intercept group messages, change the identify of the sender, alter the text of replies to the group, and send private messages that go public to a group when responded to — all of which open the app to abuse and compromise privacy.

8. WhatsApp is changing

Finally, did I mention that WhatsApp is now owned by Facebook? Back in June WhatsApp’s original founders Jan Koum and Brian Acton resigned from the board of the company in protest at Facebook’s plans to introduce marketing and advertising into their chat app — which they’d faithfully promised from the service’s inception would never be allowed. (They were serious, too — their resignations cost them around $1.5bn in forfeited share options; a hefty price to pay for sticking to your principles). What does this mean? It means that Facebook’s coming after the data you expose through WhatsApp in order to allow businesses to target you. And if the data you’re exposing is information about someone else’s health, then that’s a major problem.

To conclude…

Don’t get me wrong. WhatsApp is a great tool that delivers 65 billion messages a day to its 1.5bn users around the world with incredible efficiency. I use it to keep in touch with family and friends, and you probably use it too. But that utility does not make it appropriate for communicating in situations where one user has a legal and social responsibility to safeguard another user’s privacy, and that’s the case in health care.

Which is exactly why we built Hospify — a chat app with the utility of WhatsApp but without the vulnerabilities outlined above, that health care professionals and patients can use without worrying that they are inadvertently going to fall foul of the increasingly stringent data protection laws now in place in the UK and EU.

If you work in health care check it out — the basic service is free because there’s a premium version that people pay for, not because we sell your data!

September 10, 2018
Eating data science for breakfast

I got up nice and early this morning to chair a data science and data protection breakfast in Soho. Nothing like a sprinkling of support vector machines on your granola and a couple of slices of regulation on the side to get you going on a Friday.

The event was organised by data strategists the Ammonite Group, and it was Chatham House rules so I can’t be too specific about who was there or what was said. But a really interesting collection of data scientists from various different industries including publishing, motor, gambling as well as straight up tech were in the house, so it was an interesting discussion.

While each of us was grappling with very different data problems, it was fascinating to discover how united we were by the questions we were asking about the ways in which big data and machine learning models were going to be affected by the arrival of GDPR.

My own company, Hospify — which provides compliant messaging for healthcare — is very much predicated on the existence of this piece of legislation. We’re all about making sure that the kind of things we’ve seen happen to people’s Facebook data as a result of the Cambridge Analytica debacle doesn’t happen to their medical data too.

Handling data in a compliant way is Hospify’s stock-in-trade, but like other businesses we’re looking to wring value from that data for our users by using the latest machine learning tools. The trouble is, the compliance part of the equation makes that very difficult for us to do.

Machine learning technology — which, beneath all the hype about AI amounts to adding a layer of robust feature recognition (and associated transformations) to the compute stack — is arriving just at the moment that the world is waking up to the ways in which the great open data experiment is making us all very vulnerable to whole new kinds of attack.

Cybersecurity, however, is just one of the challenges we face. As we know at Hospify, things can be highly secure and still not be compliant, as compliance deals with a whole raft of requirements from data storage, consumer opt-in, subject data access requests and the right to be forgotten, all of which can be problematic for a business at the best of times, let alone when the data concerned have been passed through a machine-learning model.

And that’s before we even get to the right to explanation. There are already conflicting interpretations about what this even means. If you’ve been turned down for insurance because of a decision that was made by an algorithm, what does having a right to know how that decision was made amount to? Should you be given access to every weight in the matrix of a multilayer neural net, which would not only be hard to deliver but also pretty much meaningless? Or do you just have the right to be told the methodologies involved? And if so, which ones, and to what extent?

On top of this, the amount of data that the digital operations side of any business needs to retain in order to properly do its job is increasing all the time. User profiles, mobile apps, metrics from IoT devices, APIs and analytics of all kinds are moving beyond the realm of the human and into that of the algorithmic just by dint of the sheer volume of information they generate.

Equally, and driven by smaller chips, better batteries, the need to remove data bottlenecks, and the security risks inherent in putting any information in transit, more processing power is moving out of the cloud and back towards the edges of the network. This creates challenges of its own around tracking, implementation and security, and is something that I personally am particularly interested in.

This morning’s conversation ranged across all these topics, and generated useful insights into quite a few of them. As a group we felt that a lot of the demand for “right to explanation” could be satisfied by demonstrating best practice in data collection and pre-processing, and that unpicking actual models might be much less necessary than it initially appears to be.

Where that wouldn’t be sufficient, there were some innovative suggestions for using input-output correlations to give a very human level of insight into decisions around individual cases. Keeping clear separation, when possible, between customer data and transaction data was another top tip; it was also salutary to hear the extent to which the group felt that the third-party data market was already disappearing.

One particularly thorny area concerned the tension between the regulatory need to identify problematic customer behaviour in certain sectors, and the need to exercise the right to be forgotten. Another red flag was raised about the dangers of introducing bias into data sets via hidden correlations in otherwise innocuous-data sources — questionnaires, for example, whose question sets inadvertently encourage particular types of answer, or put off particular categories of person. As a former psychology student, I’m very familiar with this particular species of difficulty, and know well how tough it can be to eradicate it.

Another spectre that loomed over the meeting was the feeling that different pieces of legislation often contradicted one another, making it impossible to be sure that you were complying with everything. We talked a lot about how transparency of process and clear opt-outs/opt-ins for users and consumers would help mitigate the chances of falling foul of many of the new rules, but that in quite a lot of situations best practice wouldn’t really be established until after GDPR was in place and some edge cases had been tested in the courts.

One question we did settle though, before we went out separate ways: whoever had final sign-off on the GDPR, they probably weren’t a data scientist!

April 20, 2018
Move Slow and Fix Things

Hospify — the compliant chat and data company I founded with two surgeons four years ago, in anticipation of the current storm over widespread data abuse

I’ve been meaning to blog about my role as CEO of Hospify for a while now, and the events of the last week or two have convinced me that now’s the time to do it. The exposé of the data abuse conducted by Cambridge Analytica, and its impact on the business models underpinning Facebook in particular but also Google, YouTube and many other digital businesses have underlined the reasons that we founded company in the first place.

I’m often asked what a journalist is doing running a health chat company, and the Cambridge Analytica story allows me to answer that question very neatly. Besides being a writer, I’d always had a strong interest in technology and like many proto-geeks of my generation did a lot of coding as a teenager thanks to the advent of home computers like the ZX81 and BBC Micro.

I got my first career break — an editorial position on Wired UK back in the mid-nineties — by combining these two interests, and although my career has ranged fairly widely since, these two things have always remained close to the heart of everything I’ve done.

After Wired I worked at the BBC for a period, building an early social network based around a TV drama. When that project was killed by the September 11th attacks (long story) I migrated to the Telegraph, where I looked after, by turns, online digital development, online video, and the Telegraph Weekly World Edition newspaper — for which I also built a social network, this time for British Expats.

My proudest moment at the Telegraph Weekly was producing this: a front page that The Atlantic and The Huffington Post deemed “the greatest newspaper front page ever”

My career has, therefore, always been about both content and its expression, “expression” at this particular period in history meaning the internet, the web, social media, and — latterly — mobile, which combines all these things in the almost magical devices that billions of us carry with us everywhere, all the time, and use to mediate all aspects of our lives.

I was at the Telegraph long enough to earn a coveted window seat, and when I looked out of that window what I saw was Google, whose offices were right across the street from mine. Because every time I looked at my computer I saw Google too, it followed that I should spend quite a bit of time in those offices, which I did, generally discussing the finer details of Search Engine Optimisation (SEO), then in its infancy but still of considerable importance to a newspaper group.

While the Telegraph initially did well out of the web, as time went by that success began to wane. This was partly as the result of poor strategic decisions by senior management (don’t get me started), but also because the media as a whole and newspapers in particular were being reconfigured by the exponential expansion of Google, Facebook and others, especially as the world began the shift from the desktop to the phone.

The Block — a valiant attempt to build a social network around a TV drama four years before Facebook (and decent broadband penetration). Set in a 1 kilometre-high tower, the project was shelved by the BBC in the wake of the 9/11 attacks.

Sitting in that window seat between 2009 and 2012, it became ever more apparent to me that content was becoming increasingly commodified and that I should put more focus on the expression side of my equation if I wanted to stay remotely relevant. It also became clear to me that this data pact that consumers — and, indeed, the newspapers, themselves — were making with the new tech giants by handing over detailed information about their personalities and habits in return for “free” online services was deeply problematic, not least because of the effect it was having on the economics of my own industry, which I witnessed in a very literal way as month after month more of the excellent journalists who sat all around me got laid off. But it was a new world, everyone wanted to try it out for size, and the services were so good that no one really seemed to care.

Still, I felt that change was coming one way or another, so when the cutbacks reduced my own team to the point where I felt we could no longer put out a quality product, I left the Telegraph to focus more on online video. When that didn’t work out (another long story) I was contacted by two surgeons, one of whom I’d known since university, and ask to bring my media tech experience to bear on an idea they’d had for improving comms in health.

I didn’t know too much about healthcare as an industry, but my undergrad degree was in experimental psychology and I’d just spent a decade helping my father through an extended battle with chronic lymphatic leukaemia, so the area wasn’t completely alien to me. I did some research and it was soon obvious to me that not only could the kind of consumer messaging and social media tools provided by the likes of Facebook and the companies it had acquired — notably WhatsApp and Instagram — make a huge difference to efficiency in the provision of healthcare, but that here was an area where, however blasé they were in other areas of their lives, people really would care about what happened to their data.

I therefore threw my lot in with the surgeons, Neville Dastur and Charles Nduka. We talked to the Information Commissioner’s Office, looked at the data protection legislation in health, did a lot of market testing, reviewed the General Data Protection Regulation that was due to come down the line from Europe (and is due to arrive on May 25th), and built a service with an innovative, data compliant architecture for handling chat and data that provided both with best practice, transparency and simplicity for users and employers — without being funded by sharing personal information or serving ads.

For much of the three years it took us to do this, most people we spoke to told us we were wasting our time, that the service wasn’t necessary, that people didn’t care, that the big companies would surely beat us to it. But our service went live in the Apple and Android app stores in February, and a few weeks later we’ve seen $50bn wiped off the value of Facebook as the extent of the data misuse enabled by its service has become incontrovertibly obvious to everyone.

In the meantime, Hospify is being all but overwhelmed with enquiries from clinicians, Trusts, unions and chief information officers, app downloads are increasing every day, and several of the big companies that were perceived as such a threat are now instead in the midst of legal, political and cultural firestorms over the chaos that their lax attitudes to handling data have ignited.

Into this mess rides GDPR, which is looking extraordinarily relevant all of a sudden. It’s true, of course, that regulation doesn’t change things on its own. The Equal Pay Act of 1970 years ago demonstrates that. It’s only now that the #metoo movement has amplified the frustration of women sufficiently (thanks to social media for once acting in the way it was supposed to) that we’re seeing companies opening up their books on the gender pay gap, and change is actually starting to happen.

So it goes with data privacy. GDPR on its own could easily be in large part ignored. But when week after week we’re hearing about the awful implications of not taking due care over data, revelations that are coming out as a result of the tireless work of reporters such as the Guardian’s Carole Cadwalladr, who I’m proud to say that I know from my time as journalist (and who deserves to pick up a slew of awards for her efforts), we’re seeing not just regulatory change, but culture change too. And the combination is all but unstoppable.

We are therefore, I believe, about to enter a new era of data compliance. It’s the era we built Hospify for. Yes, it’s taken a while, but good things take time. Unlike Mark Zuckerberg, who extolled his team to move fast and break things until, alas, they ended up breaking democracy, Hospify’s approach is somewhat more measured. “Move slow and fix things” pretty much sums it up. This is not advertising we’re talking about. It’s health. Mistakes have very real consequences, for very real people. You can’t muck about it with it. It really is life and death.

So join us! Change will ultimately only come if you, the user, demand it, and choose the tools that help you to enact it. Be the change you want to see in the world, as we have tried to do. Hospify is just one of many other great tools coming through that put data compliance and privacy at the heart of everything they do. Seek them out, use them, tell your friends about them. Because information might want to be free — to quote the Wired axiom from my old dotcom days — but as is now abundantly clear, someone always ends up paying.

March 18, 2018