Hacker News new | more | comments | ask | show | jobs | submit login
HIV status of over 14,000 people leaked online, Singapore authorities say (cnn.com)
83 points by doppp 25 days ago | hide | past | web | favorite | 75 comments



It never ceases to amaze me how the weakness of a secure system is always the people. It's common to see companies invest in "encrypted databases" and "on premises data storage" in the name of security while not spending the time and money to ensure the users can only see the information they need to see. Nobody should ever be able to just download the entire table like that.

Typically in this use case, you'd think the system would be set up such that users can only query full individual records if they work on the case itself OR limited (retracted) records for the entire population.

That's how we handle our customer database. If you work as a customer service agent, you can pull the entire record of a single customer but not more than 1 at a time and rate limited. For out data analytics team, you have access to all the records without the personal information (users are given a random unique userID. no names, addresses, emails, or phone numbers). The rationale is simple, we don't want anyone to be able to simply download our customer database and spam them.

In this case, the consequences are much worse for the people affected.


> Nobody should ever be able to just download the entire table like that.

Easily said, but even the NSA couldn't protect from an insider obtaining tons of internal documents. Nor could google prevent the theft of LIDAR sensor trade secrets.


Didn't not Couldn't.

These access issues [commonly] aren't bugs, they're laziness. Shared volumes to speed up collaboration, no granular permissions, or relying on threat of access audit to keep people in line. In most of these networks, mechanisms exist that could have limited access to those that need it.

And part of that is the technological culture of how we've been taught to share files. We still commonly rely on third parties to handle big transfers.


Often it’s a conscious tradeoff between convenience and security. Google can afford the best off the shelf data loss prevention tools as well as the budget to develop their own. The problem with having your code/assets locked up like Fort Knox is that it becomes a nightmare for your employees. Even if you just have passive systems that prompt investigations about questionable usage people tend to bristle at being spied on, particularly if you remind them of that fact.


Any Australians who might not have opted out of our government centralised health record system starting up, just a heads up that you've only got three more days to do so.


Even despite the risk and probably inevitable leaks, I think a system like this is invaluable for epidemiological research. I'm not opting out. (Besides, the Red Cross has leaked a fair portion of my medical information anyway)


Yep, this is a perfect example of how even if you "trust your government" your private data can still end up splattered all over the web.


I'm not an expert and I know that a healthcare system requires the handling of personal data. While this data might end up aggregated at some level, I'm not entirely sure that a registry like this is required to exist in the first place.

For me it looks far too sensitive to have it as one central database. (... all assuming that it wasn't compiled by those who leaked it.)

edit: "sensible" doesn't actually mean what I thought it does. Replaced it with "sensitive".


Keep in mind that Singapore is a police state where homosexuality is illegal and HIV positive foreigners are subject to immediate deportation.


> While this data might end up aggregated at some level, I'm not entirely sure that a registry like this is required to exist in the first place.

Yeah, and the crazies in the German government really want to create a centralized digital registry for health data. Cases like this show what a very bad idea this is.


In a Wild Wild West sense, you are ultimately in charge of your data and your outcomes. Because it doesn't matter what kind of laws supposedly constrain your insurance company or your accountancy; nobody can unring a bell, and it's human nature for information to spread.

martin_a 24 days ago [flagged]

As a German I have to say that registers for people are a great idea!

We have had very positive experiences with labeling people. While we had to do this in an analog way the last time, the label itself really helped a lot with "dealing" with people who were a problem.

I think if we would make registers like these again, modern technology would really help us to be even more efficient the next time.

Don't see what could go wrong, especially when political leaders change etc.

/s


> As a German I have to say that registers for people are a great idea! We have had very positive experiences with labeling people. While we had to do this in an analog way the last time, the label itself really helped a lot with "dealing" with people who were a problem.

Sarcasm aside, Bavaria passed a law this past year which allows police to use DNA evidence to infer physical characteristics about a suspect's appearance. The same law also allows police to arrest people they suspect may commit a crime in the near future.

So, this principle is still alive and well in Germany.


I know. It's one of the reasons I left Bavaria to get a job somewhere else.


Whenever someone moves to Germany, they have to get registered. One of the question is about the religion (for tax purposes). I'm surprised Germany still uses this kind of registry.


Note that the registry for this is not central but managed by the towns instead. So it's very decentralized and data in this aggregated form doesn't exist. An often used trick by towns is to pretend some person didn't move away from the town, thus not decreasing the number of people who live there, thus increasing the number of various funds that are paid based on how many citizens the town has. So those registries often aren't 100% accurate.


Curious - how does one's religion affects one's taxes?


It's not so much about the religion itself, but whether you are "active" member of a confession.

If you are, you will pay a "church tax" like 1% of your income. If you are not, you don't have to pay that tax.

So it's more about tax collection and distribution than about anything else.


So in tax terms atheism makes sense?


Yes. It is, I believe, 3% of income tax, i. e. about 1% of income for most people.


>>One of the question is about the religion (for tax purposes). I'm surprised Germany still uses this kind of registry.

Forward thinking? Never know when they might need a list of people by religion, ethnicity, invalid status. Better to have and not use, than to need and not have it...or something :)


Nah, it's really just about taxes.

I think it's 1% of your income or something like that which is collected by the state for the church. (That itself is often discussed in Germany, as state and church should obviously not be mixed...)

But you can "leave" the church, it costs something like 40 Euro for the administrative action and that's it. No discussion whatsoever and you can keep your money. :-D


> Nah, it's really just about taxes.

Well, right now it is. The original registry OP is referring to was probably not started to identify and exterminate people who were Jewish, but started for some more innocent reason and then abused when the wrong party assumed power.


I'm not totally into this right now but I think there were no such registrations in the beginning.

But as the Nazis had more and more influence laws ("Nürnberger Gesetze") were passed which required Jewish people to mark their shops and register themselves as Jewish etc. pp.

Also denunciations and more from neighbors happened, after Jews were declared "enemies" of the state, so everything came together.

edit: But potential misuse of any kind of registers by whomever is obviously the strongest point against those registers after all. Right-wing parties are always eager to have such things for obvious reasons.


Even though they didn't have modern technology they abolutely did rely on technological help.

It was a pretty dark chapter. Not only for Germany and Europe in general, but also for the IBM Corporation[1]

[1] https://en.wikipedia.org/wiki/IBM_and_the_Holocaust


[flagged]


You started this trollish tangent and posted like a dozen comments in it, which is effectively trolling whether you meant to or not. Could you please not do that on HN?

https://news.ycombinator.com/newsguidelines.html


Wow. Someone who is HIV positive is not an criminal and todays medication allows you to reduce the risk of transmission to 0%.


[flagged]


What does unplanned pregnancy have to do with HIV status?


Should we brand these people with serial numbers too? Maybe we should also enroll them in a registry and track their movements.


That argument means nothing to a radical anti-privacy person like me (e.g. prohibit any data to be concealed, except the means to authenticate oneself).

That particular problem is a great example, where I don't see any harm in revealing that information, as opposed to keeping it secret, which might cause actual harm in conjunction with the human factor.


Ignoring for a second the problems with allowing potential partners to see such data: What about if your employer sees it? Your colleagues? Your friends? Why should any of them have access to that information?


Why not?


Isn't it obvious? It could result in them being ostracised unfairly.


So can a funny nose, a manner of speech and hundreds of other things. Why is that information special?


It's not special. If a funny nose was a non-visible condition, then I would be advocating against mandatory public funny nose databases too. But, that happens to be a visible condition so there's not much we can do to protect those people.

On the other hand, HIV is a non-visible condition which people could choose not to reveal if they don't want. Why should we take away that right, just because people with funny noses don't get the same luxury?


> Why should we take away that right, just because people with funny noses don't get the same luxury?

> keeping it secret, which might cause actual harm in conjunction with the human factor

Looped.


So we have two situations which both might cause harm. We have the situation where there is no mandatory public HIV reporting, which could cause harm in that it potentially allows more transmission of HIV. Then we have the situation where there is mandatory public HIV reporting, which could cause harm in that it could lead to people with HIV being ostracized. Why do you think the latter has more utility than the former? There have already been many good counterarguments in this thread but I will reiterate a few of them:

- Not every person with HIV is negligent, and to target people based on their circumstance rather than their actions could end up punishing more non-negligent individuals than negligent ones.

- People making risky decisions regarding their sexual partners or use of contraception are already not likely to check such a database even if it existed.

- Whereas the risk of transmitting HIV is exclusive to sexual partners, the risks of being publicly identified as HIV positive are far more widespread -- it could impact your career, your social status, etc.


So far I have not seen any proof of harm caused by publishing HIV information. The talks about ostracizing are purely hypothetical at this point.

Here's a 1 death + 1 sentence example of the harm having this information not easily available: https://www.nydailynews.com/news/crime/man-kills-hiv-positiv...

Interestingly, I found this while searching for people killed for having HIV, which was suggested as a real threat by some other person in this thread to counter my point. I looked for "killed HIV" with DuckDuckGo.


OK, I'll give you the benefit of the doubt and assume that individuals in the HIV database wouldn't be ostracized in practice, whether now or at any point in the future. Still, they would have to live in fear of potentially being ostracized. Remember we are talking about potentially innocent, responsible people here who just happen to be HIV positive. Is the utility of making those people live in fear worth the potential of a reduction in HIV infections? Note that you haven't actually proven that such a database would actually reduce HIV infections, either.


I don't think, that unsubstantiated fears should have that kind of effect on the society's policies.


But unsubstantiated benefits should? Furthermore I think you should take a sample of how some HIV+ individuals feel about this issue before calling these fears unsubstantiated. I suspect you will find unanimous agreement with what I'm saying.


radical anti privacy eh?

> prohibit any data to be concealed

Allright. Here's some questions then. Credit card number, expiry and code please? Also your age, sex, gender, name of any pets, road/city where you grew up in, name of your best childhood friend.

> That particular problem is a great example, where I don't see any harm in revealing that information, as opposed to keeping it secret

Really? You do not see an issue with releasing very private (_medical records) information in the open?

People have gotten killed over having HIV, and now you want to release a list of people who suffer from it?


Actually, in this subthread the answer is in the post you are quoting. In fact, in the quote itself. It has to be a policy.


Others asked the first question 2+ times in that same subthread. Please, read that part.

How often does that happen vs getting HIV because somebody did not tell about being infected?


> That particular problem is a great example, where I don't see any harm in revealing that information

Surely you're aware of at least one genocide that was greatly aided by detailed demographic data?


Out of deference to the Holocaust, the US government doesn't keep demographic information on religion. As you say, the theory goes that a record of who belongs to what religion might be used to commit genocide.

But this theory isn't applied to anything else. The same government collects detailed information on everyone's race, despite the fact that race is a much more common target than religion is.


There's no reason to assume, that in the absence of that data there would be no genocide on some other arbitrary basis.


No.


[flagged]


People who have HIV have a right to privacy just like every other human being. It is their responsibility to inform their potential partners. If they don't do that, then they should face consequences but let's not for a second imagine that they're all evil faceless goons who go around and using their privacy as "help" to infect other people.


[flagged]


That's an argument for publicising every issue that might damage others if drunk, negligent or careless.

Hepatitis, short temper, gun ownership, knife ownership, herpes, syphilis etc. In fact why not everyone's medical records, just in case?

If not, why do those infected with this virus deserve special public demonisation?

For the avoidance of doubt, I think this would be a terrible idea.


Right. One just has to weight risks on publishing vs keeping private on every such issue, and expose ones with the highest shift to the later.


I'm not sure how "HIV+ positive people must be tracked" follows from "HIV+ people can make mistakes".

By that logic, everyone's movements and personal details should be tracked by the police/government/some third-party because there's a risk, someday, of someone sexually assaulting (or committing any other crime against) someone else.


I am a radical anti-privacy person, so I am all for a variant of that, where the 3rd party is everyone.

"That logic" assumes there's little harm in having that data public. Unlike police tracking, which has proven to be a terrible idea.


Please tell us your name, address, and a link to a nude photo.


Most of that is a public information, that you can look up.

Can't give you a link to a nude photo, as I don't have one.

But surely you must understand, no privacy can only work when it is universal. Its a simple prisoner's dilemma.


@> no privacy can only work when it is universal.

Great, so you agree there shouldn’t be a HIV database, until everyone’s nudes, income, and porn searches are online.

I can life with that, actually.


> Most of that is a public information, that you can look up.

So, Victor, is that why you're hiding behind a pseudonym and avoiding questions?


And when two drunk people hook up the first thing they do is check a leak of hiv data? Is that after exchanging photo ID?


Don't be ridiculous.

Brand everyone with QR codes that can be scanned to show a quick list of things like HIV, mental health issues, wrong political beliefs.

I'm pretty sure there's ways to design QR codes, so we could come up with a way to embed a brand of a few of the "worst" traits so you can see before you scan.


Would be fine if you'd also keep and make public the audit logs.


[flagged]


I think you're seeing some cultural difference here. That is, assuming this is actually the sort of thing you do in real life.


I honestly have no idea what do drunk people do, that leads to random intercourses. It is an "educated guess", that in many if not the most cases the participants know each other.

And looking people up on the Internet is a common thing nowadays.


> I honestly have no idea what do drunk people do, that leads to random intercourses.

Suggesting public policy that affects a group whose activities and motivations I'm ignorant about is quite the gamble.


Maybe it would be a good idea for you to actually understand the problem domain you're inventing solutions for before you start thinking up far-reaching methods to mitigate a problem using a method that is unlikely to be used the way you intend it to. Especially if said methods have the potential to impact actual people's lives in a very negative way.


According to the cdc:

General criminal statutes, such as reckless endangerment and attempted murder, can be used to criminalize behaviors that can potentially expose another to HIV and or an STD.

I know that the cdc is not Singapore but likely the same.


I initially had the same thought. Really only potential partners need to know, a negligible fraction of the public, who the patient should tell first.


History doomed to repetition, on this front. It is important to read about what has or hasn't worked, and why.


https://westhunt.wordpress.com/2014/09/28/forty-days/

> One of the many interesting aspects of how the US dealt with the AIDS epidemic is what we didn’t do – in particular, quarantine. Probably you need a decent test before quarantine is practical, but we had ELISA by 1985 and a better Western Blot test by 1987.

> There was popular support for a quarantine.

> But the public health experts generally opined that such a quarantine would not work.

> Of course, they were wrong. Cuba instituted a rigorous quarantine. They mandated antiviral treatment for pregnant women and mandated C-sections for those that were HIV-positive. People positive for any venereal disease were tested for HIV as well. HIV-infected people must provide the names of all sexual partners for the past sic months.

> Compulsory quarantining was relaxed in 1994, but all those testing positive have to go to a sanatorium for 8 weeks of thorough education on the disease. People who leave after 8 weeks and engage in unsafe sex undergo permanent quarantine.

> Cuba did pretty well: the per-capita death toll was 35 times lower than in the US.

> Cuba had some advantages: the epidemic hit them at least five years later than it did the US (first observed Cuban case in 1986, first noticed cases in the US in 1981). That meant they were readier when they encountered the virus. You’d think that because of the epidemic’s late start in Cuba, there would have been a shorter interval without the effective protease inhibitors (which arrived in 1995 in the US) – but they don’t seem to have arrived in Cuba until 2001, so the interval was about the same.

> If we had adopted the same strategy as Cuba, it would not have been as effective, largely because of that time lag. However, it surely would have prevented at least half of the ~600,000 AIDS deaths in the US. Probably well over half.

https://jamanetwork.com/journals/jama/fullarticle/197754

> In 1986, 1 year after documenting its first case of AIDS, Cuba instituted the world's only mandatory quarantine policy for people with human immunodeficiency virus (HIV) infection. The Cuban Ministry of Health began widespread HIV testing, focused on but not limited to members of groups considered to be at high risk due to their travel or sexual histories. In 1986 alone, the ministry invested $3 million in testing equipment.1 By 1993, 12 million tests had been conducted in a country with 11 million citizens.2 Cubans with HIV infection were confined in newly constructed sanatoriums across the island and were questioned by health workers about past sexual partners for contact tracing and testing. Critics of Cuba's quarantine policy charged that it violated human rights,3 while supporters applauded Cuba's commitment to HIV control.4 In 1994, the quarantine was officially lifted. However, by 2003, half of all HIV-positive Cubans still lived in the sanatoriums.5

> Cuba's early response to HIV was unique in the world, but so were the circumstances of its quarantine. First, as an island and a Communist country, Cuba was geographically, politically, and socially isolated from North American and Western European countries that reported high HIV infection rates. Second, Cuba's Communist political culture did not recognize individual rights as an impediment to its public health measures.6 Third, compared with other resource-poor nations, Cuba had a well-developed health care system that assigned a primary care physician to all citizens and conducted routine surveillance for infectious disease, and in which universal HIV testing and contact tracing was theoretically feasible.5,7 In addition, the Cuban government prioritized HIV care and by the 1990s devoted $15 million to $20 million annually to providing antiretroviral drug therapy, intensive medical care, high-quality food, and housing to quarantined patients.8


People have rights, even when they are sick. There is absolutely no evidence to believe HIV possitive patients go around infecting others intentionally. Transmission happens during latency, when infected people do not yet show symptoms, and do not know they are infected.

A person that knows of their infection is just as likely to be a danger as a shopper on their way home with a large new steak knife. To suggest otherwise is just mindless paranoia, with possibly a homophobic twist. It’s the sort of thinking that created this mess in the first place, considering civilized societies don’t even collect such a database of HIV+ citizens.


> There is absolutely no evidence to believe HIV possitive patients go around infecting others intentionally.

You should worry a little more about overreaching. There's lots of evidence of this.

https://evolutionistx.wordpress.com/2015/06/26/aids-and-cali...

> "It was at this time that rumors began on Castro Street in San Francisco about a strange guy at the Eighth and Howard bathhouse, a blond with a French accent. [Gaetan Dugas] He would have sex with you, then turn up the lights in the cubicle, and point out his Kaposi's sarcoma legions.

> "I've got gay cancer," he'd say. "I'm going to die, and so are you." "

then later...

> "I can recall about that same time seeing a patient who was a young Ph.D. scientist from the Peninsula [south of San Francisco], a very good-looking man with Kaposi's sarcoma who I was caring for. He had AIDS. He was sitting in my clinic on Parnassus. He was kind of impatient. I said, "I'm sorry I'm running late; I can tell you’re impatient. What's wrong?" He said, "I wish you'd hurry up; I'm going to the bathhouses."

> being the typical doctor, it just never occurred to me that he was still out there having sex. He had Kaposi's sarcoma -- AIDS, this horrible new, fatal disease. My line to him was, "Somebody must think you’re smart, because they gave you a Ph.D. How come you’re still going to the bathhouses?" He said, "There’s nothing wrong with that. I probably caught it there, and so my view is, it's there and I'm going to have sex." I said, "Are you telling the people that you're having sex with that you're HIV-positive" -- it wasn’t even called HIV then -- "that you have AIDS?" He said, "No. I figure that they ought to be smart enough to understand that there's AIDS out here, and that they can catch it. It's their responsibility as much as mine."

https://en.wikipedia.org/wiki/Simon_Mol

> In 2005 he organized a conference with Black ambassadors in Poland to protest the claims in an article in Wiedza i Życie by Adam Leszczyński about AIDS problems in Africa, which quoted research stating that a majority of African women were unable to persuade their HIV positive husbands to wear condoms, and so later caught HIV themselves. Mol accused Leszczyński of prejudice because of this article.

> In February 2006, one of his partners requested that he take an HIV test. Mol refused and published a post on his blog explaining why:

>> Character assassination isn't a new phenomenon. However, it appears here the game respects no rules. It wouldn't be superfluous to state that there is an ingrained, harsh and disturbing dislike for Africans here. The accusation of being HIV positive is the latest weapon that as an African your enemy can raise against you. This ideologically inspired weapon, is strengthened by the day with disturbing literature about Africa from supposed-experts on Africa, some of whom openly boast of traveling across Africa in two weeks and return home to write volumes. What some of these hastily compiled volumes have succeeded in breeding, is a social and psychological conviction that every African walking the street here is supposedly HIV positive, and woe betide anyone who dares to unravel the myth being put in place.

> According to the police inspector who was investigating his case, a witness stated that Mol refused to wear condoms during sex. An anonymous witness in one case said that he accused a girl who demanded he should wear them of being racist because she thought he must be infected with HIV just because he was black. After sexual intercourse he used to say to his female partners that his sperm was sacred.

> he was diagnosed with HIV back in 1999 while living in a refugee shelter, but Polish law does not force an HIV carrier to reveal his or her disease status.

> After police published Mol's photo and an alert before the start of court proceedings, Warsaw HIV testing centers were "invaded by young women".

> He died from HIV-related complications on 10 October 2008.


You can obviously _always_ find extreme outliers for anything.


Sure. The extreme outlier here is the guy who has sex with you and then draws your attention to his lesions while saying "I'm going to die, and so are you".

The non-extreme non-outlier is the guy who has sex with you without saying anything.


> It’s the sort of thinking that created this mess in the first place, considering civilized societies don’t even collect such a database of HIV+ citizens.

The purpose of the database may very well be to allow the authorities to contact people with HIV when someone creates a new medicine against HIV, and so forth.


The purpose of the database is almost certainly to understand, when a new patient presents with HIV, where they got it from. Trying to answer this question is standard in the US as well.


That’s the job of doctors, not “authorities”. Does a Singapore also have databases of all MS patients on file? Or Huntington’s? Because those patients are far more desperate to learn about new treatments than HIV patients, who actually have rather good options today.




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: