My Concerns with Google Deepmind’s UK Health initiative

There is a new world order forming around the exponential power of data and algorithms. The power of algorithms to shape the fate of the world has recently been demonstrated by the Cambridge Analytica in their role of helping to steer public opinion during the US presidential elections. The insights drawn from having informational superiority in a situation provide powerful means for arbitrage. One key aspect of machine learning algorithms is that training is transferable. It is this ability for insights and inferences to be transferred that gives me concern when a nation talks of handing over the health records for its entire population, especially when this entity is geared to using such insights as a unique position of leverage within advertising.

As a trained medic and as someone who worked almost a year in information governance function, I know the organizational challenges of a modern healthcare system. There is a strong temptation to optimize these processes through powerful technologies such as AI. However, my experience in building and securing big data platforms, and having an awareness of the market value of personal data, I have major concerns.

Personally, I would strongly prefer that Google not have access to my personal health data. Although Google has an exemplary record with regards to security over the past 20 years, this may not always be the case. Furthermore, subsidiaries or partners may not be so stringent, and a spate of recent scandals with Yahoo, LinkedIn give me even further concerns.

No company wants to experience the very bad press of a breach of security, but unless there is very strong regulatory framework which would force organisations that allowed data to be stolen to pay heavy penalties, data loss would not be considered as an existential risk for the company. However, the risk for an individual whose data has been compromised may be catastrophic. This seems unbalanced.

The security and privacy challenges surrounding applying machine learning to data sets is highly complex, and blockchain adds a further level of uncertainty I have a strong interest in both of these areas, and am a Co-Founder of the OpenEth.org and Obol.io projects. I observe that there is an important component missing with regards to making machine learning comply to ethics. Algorithms need data for training upon, and that data is at risk whilst it is being proliferated for such purposes. Machine learning models have proprietary feature sets that are trade secrets. However, governments and NGOs have a vested interest in vetting and auditing these models to ensure that they are being used appropriately, and are not contributing to algorithmic biases. There is no good existing solution for this critical problem.

As for securing blockchain, from my ongoing research in cryptography and protocol analysis, the security implications of having data publicly accessible in a blockchain or sidechain are significant. Even if a security layer was found to secure or even properly obfuscate this data, questions of scaling and consensus would still remain. From recent job adverts, Deepmind seems to have an interest in the space of smart contracts, but verifying the legal validity of smart contracts (or providing an Oracle Side Chain to verify them by proxy) remains an unsolved problem.

Any time that data is ever subject to potential exposure, that process must come with guarantees. Given the realities of these unresolved security issues, providing this data for the machine learning capabilities of a private company would be, in my view, against the interests of patients, certainly without their explicit consent and opt-in. Targeted health insurance would likely lead to perverse incentives and a race to the bottom to avoid providing affordable care for these in high-risk categories or with pre-existing conditions. Furthermore, it would secure the hegemonic power of those with the most data and superlative algorithms, providing a further concentration when the most ideal future path for our society is in decentralization instead.