Our Blog

Cyber Mindfulness in an Age of Convenience Clicking

Cyber Mindfulness in an Age of Convenience Clicking

In this age of digitization, cyber mindfulness has become increasingly important. More and more people fall victim to convenience clicking, accepting terms and conditions on websites simply because the consumer demands to have the service delivered to them instantaneously. We as a society have become accustomed to this sort of behavior in areas like online shopping for example we can order any given product online and it will arrive the next day. Internet users make over 2 trillion Google searches per year, or approximately 63,000 every second. Although we have the power at our fingertips to access near-endless amounts of data and information, we should simultaneously consider the sacrifice (in terms of data) we make to conveniently access these.

As beneficial as this may be, it comes at a price. With every website you visit, every product you purchase, we as consumers are sacrificing our data. Many of us do this without a second thought, yet our personal data is an invaluable resource. While we are empowered to access the information, we are not empowered to hinder our information from being accessed and used without knowing the true extent to which it will be used. To contextualize this, Facebook creates vasts amounts of data on its users to create a detailed profile, which is then used to target things like advertising. However, this issue of data privacy and convenience clicking goes beyond social media and the online space. 

A recent report exposed that this concept of convenience clicking reaches beyond the internet. Many DNA testing and analysis service that sells direct-to-consumer home DNA-testing kits as 23andMe and Ancestry.com have in fact been found to be collecting genetic, health, and behavioral data. While these services are sold under the premise of uncovering the consumers’ ancestry and exploring potential predispositions to specific health conditions, it has been uncovered that a portion of revenue for companies like 23andMe is derived from selling this data to third party companies. It has also been discovered that 23andMe also uses this genetic data to run studies of their own. Although the customer agrees to these terms upon purchase, the issue is that most consumers are not empowered to read through and understand the fine print, be it a lack of time or a barrier in the language. Since the Facebook scandal involving the sale of data to Cambridge Analytica, 23andMe has seen a slowdown in sales of its genetic testing kits. It is speculated that this is the result of two aspects. First, 23andMe has historically not been fully transparent with its customers in regards to their data-sharing practices, and second, the simple fact that the company may put customer’s genetic data at risk. 

The lack of transparency was first uncovered when 23andMe announced a partnership with a pharmaceutical company. While the option is provided at the outset of purchase to consent or withdraw from “23andMe Research”, it lacked a comprehensive explanation of what this entails. Consenting would allow the company to use the de-identified data for so-called scientific research, as well as “external research partners and in scientific publications”. While many consumers are willing to contribute their data to assist in progressing scientific discoveries, a greater hesitation exists when this involves providing the data to a for-profit company. The lack of transparency in the data sharing policies increases the uncertainty for consumers and poses the risk that their data could be shared with whichever company 23andMe chooses to partner with. 

Although the uncertainty in data sharing policy can already put consumers’ data at risk, the security measures increase the risk. Although measures are in place, the possibility of a breach can not be eliminated. A similar DNA testing service, MyHeritage, was the target of an attack in 2018, exposing data from over 92 million users. According to a Harvard Business School report, this could result in the potential selling of genetic information to “health insurance companies to use to evaluate patient eligibility or individual insurance premiums”. 

So, how can we as consumers be cyber-mindful? Researchers at the University of Dayton, Ohio, constructed a model to guide cyber mindfulness. This model consists of three components: Awareness, Agency, and Action. The awareness step is the ability to identify cyber threats through a process of continuous learning to build an understanding of how to address these threats. Agency is defined as an attitude for recognizing one’s personal ability to defend against shared risk. And finally, action summarizes behavioral habits that align with this understanding. Essentially, cyber mindfulness intends to build awareness and shape attitudes that are translated into effective and measurable actions that make a difference in protecting information assets. To be cyber mindful does not mean that you need to become a cybersecurity expert, but rather to be aware of the potential threats that could take advantage of your data, and understand how to avoid them. 

One researcher at the University of Virginia found that mindfulness training is 38 percent more effective in preventing hacks than traditional anti-phishing training. While these are techniques used in preventing hacks, the general idea can be equally implemented in other areas of internet activity and should be even more seriously considered when the content relates to your health data privacy. 



    DNA Testing and Your Privacy

    Over the last few decades, research advances have made it possible for individuals to gain access to data related to their genetic material. Many companies, including Bowhead, have ventured into the direct-to-consumer (DTC) genetic testing market. Is your genetic material really safe?

    The DTC genetic tests involve a sample of your saliva, which is tested to extract your DNA. Your DNA provides a map of your biology, from your disease susceptibilities to your personal traits and ancestral origins. Although these tests are usually requested because you are seeking more information about yourself, insecure genetic data can be used as a vehicle for others to learn about you. There are serious privacy concerns with some genetic testing platforms. 

    In 2018, a major California cold case referred to as the “Golden State Killer” was solved when a man was arrested for the crimes. It was then revealed that the man was found after law enforcement used DTC genetic information to build a family tree of those who might have been related to the suspect. A third cousin of the Golden State Killer’s family had used a DTC genetic test and law enforcement was able to piece together the possible identity of the suspect, which was then confirmed through DNA. There is no denying that it is a great outcome, but it raises many privacy concerns.

    The Golden State Killer (GSK) case shows just how much information comes from a simple genetic test. The killer never used genetic testing but was identified through a distant relative. This means that by using genetic testing, you are submitting not only your health information but that of your family and ancestors. Although solving crimes like the GSK is a valuable benefit, we must also think of how this same information could be used nefariously by hackers or others seeking to exploit this information.

    Companies that make DTC genetic tests are gatekeepers of your genetic information. It isn’t as though you can just go and have your genes tested at the local pharmacy. You are dependent on the companies to protect your information and not to abuse the power they hold. Some companies provide Terms of Services that require you to agree to allow your information to be sold for research purposes or to allow government access. Being mindful of the terms you are agreeing to and the company that you choose to conduct this test is important for you to advocate for yourself and your privacy. 

    At Bowhead, we want to ease your concerns by providing a DTC genetic test through blockchain encrypted data. With Genome Buddy, you own your health data. Your genetic data will only be shared for research purposes with your consent. We provide a private and safe way to learn about your health and ancestry. 

    [1] https://www.nytimes.com/2018/04/27/health/dna-privacy-golden-state-killer-genealogy.html 

    [2] http://cyberlaw.stanford.edu/blog/2019/11/“it’s-not-personal”-—-dna-privacy-and-direct-consumer-genetic-testing 

    Cyber Mindfulness and Power Dynamics

    Does this sound familiar? You download a new app on your mobile device, you’re eager to use it. A screen pops up that requires you to click “I Agree”. Without even opening the Terms of Service, you quickly agree and proceed to use the service. By clicking “I Agree”, you are binding yourself to those terms. What does this mean?

    Many people don’t realize that by clicking “I Agree”, you are signing a legal contract which the company can then enforce against you. In law, it is no excuse to say that you didn’t read the contract because by clicking “I Agree”, you are explicitly saying that you did read the contract. 

    In many Terms of Service, Agreements are clauses that are substantially unfair to you as a consumer, but you often have no say Some of these terms include trading your privacy for the use of the service including access to your microphone, camera, location, phone contacts, etc. There is no bargaining, no compromise. Tech terms are a take it or leave it a game. You can choose to use the service and agree to the terms. If you don’t agree, then you don’t have access to the tech. 

    When it comes to tech giants like Facebook, Google, or Apple, it almost seems like a human right to have access to their platforms. A person who chooses not to agree to Facebook’s terms is cut off from the platform where 1.73 billion people keep in touch with family, friends, organizations, support groups and get their main source of news information. A person who chooses not to agree to Google terms may be unable to access to the main source of encyclopedic, medical, and general information that connects us with our most valuable community resources. They would also not have access to the world’s largest video platform, YouTube.

    As a consumer, you can be aware of this problem. Instead of being forced not to use the platform, consumers can motivate changes in laws that force tech companies to adapt their terms to protect the consumer. For example, the State of California enacted the California Consumer Protection Act (CCPA) which provides consumers with various privacy protections. These include the right to delete, the right to know, and the right to opt-out of the sale of their personal information. It also provides the consumer with a right to sue the company that violates their rights. Laws like these fight against the “take it or leave it” power imbalances of tech contracts and more of these laws are needed to protect consumers worldwide.

    How can you help? Be mindful of what you are trading off when you blindly agree to the terms. Advocate for yourself and your privacy. Educate yourself on how you can protect your own privacy. Choose platforms that value your privacy and empower you to choose how your own data is handled. At Bowhead, we protect your data through de-identification and blockchain encryption. You decide what is done with your data. You are in control of your data.



    [1] https://www.statista.com/statistics/346167/facebook-global-dau/ 

    [2] California Consumer Privacy Act (CCPA), https://oag.ca.gov/privacy/ccpa