Neurodata and Neuroprivacy: Data Protection Outdated?
Abstract
There are a number of novel technologies and a broad range of research aimed at the collection and use of data drawn directly from the human brain. Given that this data—neurodata—is data collected from individuals, one area of law which will be of relevance is data protection. The thesis of this paper is that neurodata is a unique form of data and that this will raise questions for the application of data protection law. Issues may arise on two levels. On a legal technical level, it is uncertain whether the definitions and mechanisms used in the data protection framework can be easily applied to neurodata. On a more fundamental level, there may be interests in neurodata, particularly those related to the protection of the mind, the framework was not designed to represent and may be insufficiently equipped, or constructed, to deal with.
Read more »
Hallinan, D., P. Schütz, M. Friedewald and P. de Hert 2014. Neurodata and Neuroprivacy: Data Protection Outdated? Surveillance & Society 12(1): 55-72.
App Stores for the Brain: Privacy & Security in Brain-Computer Interfaces
Abstract — An increasing number of Brain-Computer Interfaces (BCIs) are being developed in medical and nonmedical fields, including marketing, gaming and entertainment industries. BCI enabled technology carries a great potential to improve and enhance the quality of human lives. It provides people suffering from severe neuromuscular disorders with a way to interact with the external environment. It also enables a more personalized user experience in gaming and entertainment.
These BCI applications are, however, not without risk. Established engineering practices set guarantees on performance, reliability and physical safety of BCIs. But no guarantees or standards are currently in place regarding user privacy and security. In this paper, we identify privacy and security issues arising from possible misuse or inappropriate use of BCIs. In particular, we explore how current and emerging non-invasive BCI platforms can be used to extract private information, and we suggest an interdisciplinary approach to mitigating this problem. We then propose a tool to prevent this side-channel extraction of users’ private information. This is a first step towards making BCI-enabled technologies secure and privacy preserving.
Excerpts
IV. PRIVACY AND SECURITY ISSUES IN NEURAL ENGINEERING
B. Neurosecurity
In 2009, Denning et al. [21] recognized that “the use of standard engineering practices, medical trials, and neuroethical evaluations during the design process can create systems that are safe and that follow ethical guidelines; unfortunately, none of these disciplines currently ensure that neural devices are robust against adversarial entities trying to exploit these devices to alter, block, or eavesdrop on neural signals”. Potential security threats that can be mounted against implanted neural devices were identified, and the term “neurosecurity” was introduced as “the protection of the confidentiality, integrity, and availability of neural devices from malicious parties with the goal of preserving the safety of a person’s neural mechanisms, neural computation, and free will” [21].
C. Brain Spyware - BCI-enabled Malicious Application
At the 2012 USENIX Security Symposium, Martinovic et al. [31] presented the first malicious software designed to detect a user’s private information using a BCI. They referred to is as the “brain spyware”. The authors used a commercially available BCI to present users with visual stimuli and record their EEG neural signals. They focused on the P300 response, and analyzed the recorded signals in order to detect users’: (a) 4-digit PINs, (b) bank information, (c) months of birth, (d) locations of residence, and (e) if they recognized the presented set of faces.
While the authors of [31] have focused only on the P300 response, it is not hard to imagine brain spyware applications being developed to extract private information about users’ memories, prejudices and beliefs, but also about their possible neurophysiological disorders. Currently, there does not seem to exist a way to resist these attacks. Moreover, recent results [28] show that attempts at willful deception can themselves be detected from an individual’s neural signals. Going a step further, the same authors [28] show that non-invasive brain stimulators, emitting imperceptible DC electrical currents, can be used to make a user’s responses noticeably slower when attempting to lie.
Thus, there is a growing need to address the potential privacy and security risks arising from the use of BCIs, in both medical and non-medical applications. As a first step, we are exploring which components of the EEG signal can be used to infer private information about a user, and quantifying the amount of exposed information.
V. THREAT MODEL
Consider an example model of an attacker who uses BCIs to extract private information about users. We assume this will involve non-invasive BCI devices, mostly intended for consumer use. Manufacturers of non-invasive EEG-based BCIs generally distribute software development kits and guides with their products, as well as technical support. Their intention is to promote application development, but such “open-development” platforms may compromise user privacy and security, since there is currently no review process, standards and guidelines in place to protect users, nor technical protection to restrict inappropriate or malicious BCI use.
As depicted in Figure 1, a typical BCI system consists of three main components: (R1) an acquisition system, (R2) an application, and (R34) a signal processing system, where the signal processing system consists of (R3) feature extraction and (R4) decoding (translation) algorithm components. The existing BCI open-development platforms typically grant every application developer full control over all four of these components. For the discussion of this paper, we will assume an attacker has an access to all of these resources (R1)–(R4). We next consider how an attacker uses these resources to develop malicious applications.
A. Types of Attackers
In Figure 2, two types of attackers are shown (as described in the caption). We distinguish between these types based on the way an attacker analyzes recorded neural signals. The first type of an attacker extracts users’ private information by hijacking the legitimate components of a BCI system. Such an attacker exploits for malicious purposes those feature extraction and decoding algorithms that are intended for the legitimate BCI applications. The second type of an attacker extracts users’ private information by adding or replacing the legitimate BCI components. Such an attacker implements additional feature extraction and decoding algorithms, and either replaces or supplements the existing BCI components with the additional malicious code. As can be observed from the Figure, the difference between the two attacker types is only in the structure of the “brain malware” component.
B. Methods of Extracting Private Information
We consider scenarios where an attacker interacts with users by presenting them with specific sets of stimuli, and recording their responses to the presented stimuli. In the current literature, there are several well-established methods of presenting stimuli to users:
• Oddball paradigm - a technique where users are asked to react to specific stimuli, referred to as target stimuli, hidden as rare occurrences in a sequence of more common, non-target stimuli [23].
• Guilty knowledge test - a technique based on the hypothesis that a familiar stimulus evokes a different response when viewed in the context of similar, but unfamiliar items [44].
• Priming - a technique that uses an implicit memory effect where one stimulus may have an influence on a person’s response to a later stimulus [39].
We assume an attacker can use any of these methods to facilitate extraction of private information. In addition, an attacker can present malicious stimuli in an overt (conscious) fashion, as well as in a subliminal (unconscious) way, with subliminal stimulation defined as the process of affecting people by visual or audio stimuli of which they are completely unaware [15]. Ways of achieve unawareness typically include reducing a stimulus intensity or duration below the required level of conscious awareness.
C. Examples of “Brain Malware” Information Misuse
Private information about BCIs users, extracted using “brain malware”, may be of interest to multiple parties, those using it for greater good and potential improvement of the quality of humans lives, but also to those using it to increase their own (financial) gains, as well as those using it simply to harm others. One can easily imagine the following examples of concerning BCIs use:
Example 1: As exemplified in Farahaney’s work [22], an access to an individual’s memories and emotional responses might be used by police enforcement and government agencies during criminal investigation, as well as for crime and terrorism prevention.
Example 2: BCI-recorded neural signals may be used in a variety of entertainment and relaxation applications. A person’s emotional response and satisfaction/annoyment level may, for example, be used to provide better (more accurate) music and/or movie recommendations. Similarly, information about a person’s activity and anxiety levels may be used to tailor a more personalized training routine or a relaxation session.
Example 3: Personal information, extracted from neural signals, could also be used for targeted advertisement, where in addition to (or instead of) information about a person’s activities on the Internet, an advertiser/retailer would have a realtime access to a person’s level of interest, satisfaction, or frustration with the presented material.
Example 4: On the other end of the spectrum, however, the extracted information about a person’s memories, prejudices, beliefs or possible disorders could be used to manipulate a person or coerce her/him into doing something.
Example 5: Finally, the extracted neural information could also be used to cause physical or emotional harm to a person. Examples of such actions have already been observed in the literature. Denning et al. [21], presented the case of individuals who placed flashing animations on epilepsy support webpages, eliciting seizures in some patients with photosensitive epilepsy.
VI. THE NEED FOR A COORDINATED PREVENTION APPROACH
Issues arising from misuse or inappropriate use of BCI technology most likely do not pose a critical concern yet, considering their limited use outside of research communities. However, existing and emerging privacy and security threats may be viewed as an attack on human rights to privacy and dignity [13]. Thus, they deserve immediate attention and careful consideration. We suggest that methods to prevent and mitigate BCI-enabled privacy and security threats must be developed now, in the early design phase. Doing so will allows us to keep up with Privacy-by-Design [1] values, as well as with general values of privacy-enhancing technologies.
We view the development of prevention and mitigation tools as an interdisciplinary effort, involving neuroscientists, neural engineers, ethicists, as well as legal, security and privacy experts. The first step of this interdisciplinary approach should be an open discussion, aimed at answering the following questions: (i) Who all should be allowed an access to individuals’ neural signals? (ii) Which components of these neural signals should those entities have an access to? (iii) How noisy, distorted or distilled should these components be made before making them available? (iv) Which purposes are the entities allowed to use the neural signals for? and (v) What are the risks associated with the misuse of the provided components, i.e., what amount of private information can be extracted from the provided components?
We expect the answers to questions (i)–(v) will lead to a “triangle” approach towards enhancing privacy and security of BCI technology. On one vertex of the triangle, we expect to have legal experts and ethicists, defining a set of laws and policies to govern legal use of neural signals. As an example of possible legal intervention, the law could examine should the BCI platforms indeed be immunized for the apps they sell, or is some other balance between manufacturers and application developers more appropriate for BCI technologies.
On the second vertex, we expect to have a group of neuroscientists and engineers, in charge of developing and establishing a set of industry and research standards, methods, processes and practices for secure and privacy-preserving BCI systems. One such practice may, for example, require there to exist a centralized authority in charge of reviewing and validating every BCI application before allowing its use in general population. Finally, at the third vertex we expect BCI systems manufacturers and application developers, developing, implementing and using engineering practice, methods and tools, in order to prevent and mitigate specific classes of security and privacy attacks. Clearly the IEEE, and its standards process, could have a role here.
Read more »
BONACI, T., CALO, R., & CHIZECK, H. J. (2014). App stores for the brain: Privacy & Security in Brain-Computer Interfaces. 1-7.
Will brain science be used by the government to access the most private of spaces — our minds — against our wills? Such scientific tools would have tremendous privacy implications if the government suddenly used brain science to more effectively read minds during police interrogations, criminal trials, and even routine traffic stops. Pundits and scholars alike have thus explored the constitutional protections that citizens, defendants, and witnesses would require to be safe from such mind searching.
Future-oriented thinking about where brain science may lead us can make for great entertainment and can also be useful for forward-thinking policy development. But only to a point. In this Article, I reconsider these concerns about the use of brain science to infer mental functioning. The primary message of this Article is straightforward: “Don’t panic!” Current constitutional protections are sufficiently nimble to allow for protection against involuntary government machine-aided neuroimaging mind reading. The chief challenge emerging from advances in brain science is not the insidious collection of brain data, but how brain data is (mis)used and (mis)interpreted in legal and policy settings by the government and private actors alike.
The Article proceeds in five parts. Part I reviews the use of neuroscientific information in legal settings generally, discussing both the recent rise of neurolaw as well as an often overlooked history of brain science and law that stretches back decades. Part II evaluates concerns about mental privacy and argues for distinguishing between the inferences to be drawn from the data and the methods by which the data is collected. Part III assesses current neuroscience techniques for lie detection and mind reading. Part IV then evaluates the relevant legal protections available in the criminal justice system. I argue that the weight of scholarly opinion is correct: The Fourth Amendment and Fifth Amendment likely both provide protections against involuntary use of machine-aided neuroimaging mind reading evidence. Part V explores other possible machine-aided neuroimaging mind reading contexts where these protections might not apply in the same way. The Article then briefly concludes.
Read more »
Shen, Francis X., Neuroscience, Mental Privacy, and the Law (March 23, 2013). 36 Harvard Journal of Law and Public Policy 653-713 (2013)
We view techniques for peering inside the human mind as a violation of the 4th and 5th Amendments, as well as a fundamental affront to human dignity. Until relatively recently, even a person’s private written papers were seen as reflecting their innermost thoughts, and were regarded as immune to seizure by the government—even with a warrant. As Jeffrey Rosen has pointed out (see pp. 27-31), English law for centuries did not permit the government to access private papers in civil or criminal cases, warrant or not. Behind this rule was a belief that using a person’s papers as evidence against him was akin to forcing him to testify against himself. That position was still widely held when our Founders wrote the Constitution, and was upheld by the U.S. Supreme Court as late as 1886.
Although we have fallen far from that position, we must not let our civilization’s privacy principles degrade so far that attempting to peer inside a person’s own head against their will ever becomes regarded as acceptable.
Jay Stanley - Senior Policy Analyst, ACLU Speech, Privacy and Technology Project
Researchers Find 'Mind-Control' Gaming Headsets Can Leak Users' Secrets
Friday August 17, @09:29AM - from the and-whatever-you-do,-don't-touch-the-reverse-button dept.
"At the Usenix security conference in Seattle last week, a group of researchers from the University of California at Berkeley, Oxford University and the University of Geneva presented a study that hints at the darker side of a future where we control computers with our minds rather than a mouse. In a study of 28 subjects wearing brain-machine interface headsets built by companies like Neurosky and Emotiv and marketed to consumers for gaming and attention exercises, the researchers found they were able to extract hints directly from the electrical signals of the test subjects' brains that partially revealed private information like the location of their homes, faces they recognized and even sequences of numbers they recognized. For the moment, the experimental theft of users' private information from brain signals is more science fiction than a real security vulnerability, since it requires tricking the victim into thinking about the target information at a certain time, and still doesn't work reliably. (Though much better than random chance.) But as BMI gets more sophisticated and mainstream, the researchers say their study should serve as a warning about privacy issues around the technology of such interfaces."
Read more »
Related :
Hacking the brain for fun and profit
Researchers Hack Brainwaves to Reveal PINs, Other Personal Data
I have recently become aware of the news that a company has patented regional brain responses to “appeal” and “engagement”.
Through the scarcity of the material presented, it is really hard to get an idea of what the patent really entails. But from the sound of it, we are suggested that the patent is about the responses of particular brain regions, and that their responses predict consumer engagement and product/information appeal. If this is the case, it is very disturbing!
What’s more disturbing, is the note about what brain regions we are looking at. The regions implied are the temporal and frontal gyri of the brain. OK, so WHICH frontal gyrus are we talking about? The superior frontal gyrus, the medial frontal gyrus, the inferior frontal gyrus? If the patent says only “frontal gyrus”, we’re talking pretty much the entire frontal cortex! It’s exactly the same thing with the temporal gyrus: do they mean superior, inferior, lateral? If this is the state of patenting, I’m on my way to the patent office to submit a patent for all activations in the brain’s gyrus (patent 1) and the brain’s sulcus (patent 2)…
As neuroscience advances and brain scans become more sophisticated, the Boston Globe points out that some privacy advocates are concerned about brain privacy. Could employees be scanned for violent or depressive impulses ? Could soldiers be screened for homosexuality ? It sounds like a Philip K. Dick vision of the future, but some predict this will be a bigger ethical issue than genetics.
2019 - President Signs NINA (Neuro Information Nondiscrimination Act)
" A few weeks ago I participated in a day long discussion at the Institute for the Future in Palo Alto around the topic of When Everything is Programmable. Lots of very interesting scenarios and viewpoints were shared. For my part, I stuck to the theme of our emerging neurosociety. Towards the end of the day each of us were asked to write up a 10 year scenario focused on our area of expertise. Jake Dunagan, IFTF's Director of Technology Horizons Program and fellow neurofuturist joined me in sketching out this scenario which touches on a whole set of emerging issues. This is not meant to be comprehensive, more so a quick sketch we put together in 45 minutes.
September 13, 2019 President Signs NINA (Neuro Information Nondiscrimination Act)
Inspired by the GINA (Genetic Information Nondiscrimination Act) legislation passed in 2008, NINA might include areas such as:
-Explicit right to cognitive liberty, brain privacy
-Bans discrimination in hiring based on neuroimaging profile
-Bans all local, state 'drug vaccine' programs
-Bans 'neuroprofiling' for travel and attendance at public events
-Subsidizes accelerated learning with neuroenablement technologies
-Legalizes use of neuroenablers
-Bans denial of health coverage based on neuroprofile
-Bans cosmetic memory erasure
The scenario is being accelerated by the development of more sophisticated imaging technologies, neuroinformatic analysis algorithms, neurofeedback technologies, research into neuroplasticity, drug vaccine, neuropharma and neurodevice R&D.
The reason this scenario was seen as important to sketch out was that right now we have a whole host of technologies that are emerging without an effective policy infrastructure. There will be severe unintended consequences as technologies accelerate across a wide variety of enabling disciplines and national governments may eventually need to step in to protect their populations and their basic human rights. "
From Zack Lynch, author of The Neuro Revolution: How Brain Science Is Changing Our World (St. Martin's Press, July 2009).