Archiv

Scenario: Sensitive Health Data

Stefan Ullrich,  Constanze Kurz

Chris was in desperate need of money, and answered on online ad for a call center. It was an interesting job, and she didn’t even have to drive to work, she could do the work from home using her own computer. The company paid her a flat-rate for Internet and telephone that she could use privately as well.

She had to work nights, but that was okay. She was a single mother of a 13-year-old boy and an 8-year-old girl. She slept while the kids were in school. Her job was to answer calls that people made in the middle of the night to their health insurance carrier.

She often amazed at the questions that people had at these hours of the night. The insurance company, Free & Easy Insurance, had given her a password so that she could access policy data in order to answer questions or issue tickets to solve people’s problems.

4 am was the worst hour, usually nothing happened and she had to amuse herself to keep awake. On an impulse she searched for the name of her ex-husband, Ralph. She was a little shaken to see that she indeed got a hit – he had a family policy with Free & Easy. She way dying to know more about his new family, and especially Priscilla, who had gotten herself pregnant by him and destroyed Chris’ own family.

Chris hesitated for a moment, and then clicked on “Details”. Just as she started to read, a call came in. She quickly printed out the page on Ralph’s new family and then answered the call.

The next afternoon her best friend, Susan,  came over for dinner. After the kids were excused Chris told her about her discovery. Priscilla had had a miscarriage last year and the baby she had with Ralph was apparently quite sick. Served them right! Susan was shocked at first, but as they talked about it, they started to wonder what kinds of data they could access. Susan stayed on as Chris started her shift, and together they looked around at what they could see.

In particular, they could not only see information such as name, address, birthday and account information – they also had complete access to the medical history of the insured people. Susan – who was out of work, but had some basic computing skills – had an idea. She had of course heard about the extortionists who had downloaded information from foreign banks and earned a lot of money selling them to governments. Maybe they could get some data on politicians or famous people and sell them to a newspaper so they could finally go somewhere warm on vacation together.

Chris was a bit nervous – she didn’t want to lose her job, which didn’t pay much, but kept food on the table. But it was kind of exciting. They were careful to only save the interesting data they found on a memory stick, not on the computer, in case there was any trouble and someone would investigate the computer. They had just gathered a good bit of information on some local politicians and a movie star and a singer, when the news broke that someone else had had the same idea and was blackmailing Free & Easy for return of data.

Chris and Susan decided to abandon the project and smashed the memory stick with a hammer and threw it in the garbage.

Questions

  • Who are the actors in this scenario? There may be unnamed actors, and not all named actors are truly involved in the case.
  • What are the ethical problems (not the legal problems) involved in this scenario?
  • Since Chris and Susan destroyed the data before attempting anything, has any real harm been done?
  • Is there a problem with Chris’ children having access to her computer?
  • Are there any side issues that need to be addressed?

Published in Informatik-Spektrum 33(6), 2010, S. 668–669.

Translated by Debora Weber-Wulff.

German version

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>