You have to read this fascinating report from The New York Times on how new billboards with cameras are “watching” passersby and collecting data on who really looks at the billboard and who does not.

Yesterday, Google launched their newest product, Google Health, a web-based tool that lets you track your medical conditions, history and medications all in one place. Some medical providers can even connect to Google Health, so you can import your complete health history as easily as you can invite all of your MSN contacts to sign up for Gmail.

Scary, right? Of course Google promises that they will keep your information “safe and secure,” but safe and secure from whom? The privacy policy mentions that they will use your personal health data in ways not clearly defined:

Google will use aggregate data to publish trend statistics and associations. For example, Google might publish trend data similar to what is published in Google Trends.

They might. Or they might not. This vague “policy” doesn’t inspire confidence. But it gets worse:

None of this data can be used to personally identify an individual.

We know this isn’t true, as we’ve already seen how ostensibly anonymized data can be used, with some detective work, to reveal identities. And if no one has ever captured and published this particular data before, how can we be certain that individuals can’t be identified with it? More importantly, does lumping my information in with others’ and then publishing it on the web qualify as keeping my health records “safe and secure”? Obviously, Google and I disagree on this point. But we have already transitioned into a world where Gmail mines our emails, and Mint monitors our personal finances, so why not do the same with medical records?

An efficient, secure tool for managing one’s own health information would be an enormous asset. I just don’t think that a web-based, hosted solution is in the individual’s best interest. Convenience doesn’t always have to come at the expense of relinquishing control of our private data.

Also see: NY Times story

I’ve officially submitted my Search Explorer project to Rhizome’s 2009 commissions process! Watch the demo, and if you like what you see, I’d appreciate your vote!

Two weeks later, the judge reversed his own decision, and wikileaks.org came back online. The case raises some interesting questions, starting with, when you’re dealing with a wiki, who do you sue? The “owner” of the wikileaks.org domain is in Australia, the physical servers are in Sweden and Belgium, and the contributors are anonymous and unlogged. So, when the bank Julius Baer wanted to sue someone for leaking internal documents, the only domestically identifiable party was Dynadot, the San Mateo-based registrar of the wikileaks.org domain. (Of course, the bank’s approach backfired, as it only drew more attention to WikiLeaks -- and to Julius Baer’s alleged wrongdoings -- than ever before, which was exactly what they wanted to avoid. I, for one, had never heard of WikiLeaks before I heard about the case in the news.)

WikiLeaks is a case study in something completely new: a collectively authored publication where every contributor is fully anonymous and untraceable. At least one other site I’ve seen, Strictly No Photography, uses a similar model to share protected information (photos, in this case). It will be interesting to watch these models evolve, paying close attention to how various legal structures react to them.