For months, some medical-marijuana advocates have complained about state Sen. Jeanne Kohl-Welles' proposal to create a patient registry maintained by the state. What they might not have realized is that is that Kohl-Welles, who embedded the idea in her bill calling for regulation of the medical-pot industry, has been working with computer-privacy experts at UW to come up with a system that keeps patients anonymous.
Alexei Czeskis, a Ph D student in UW's Security and Privacy Research Lab (pictured above), says he and co-researcher Jacob Appelbaum (whose work in electronic anonymity made him a figure in the WikiLeaks debate) designed a system whereby doctors would register their patients without providing names, birthdates, or other personal information. The only identifying data would be a patient's photo, which the state would use to create a registration card that had a unique number. State and law-enforcement officials could then use the photo to match the card with a patient.
The state wouldn't even keep the photos in its system. "The doctor would wait for the computer at the other end to complete the transaction," Czeskis says. "At that point, [the system] destroys the photo."
While all this wasn't laid out in the bill--hence a lot of the conspiracy theories that circulated--the legislation said that the state had to create its system in collaboration with UW's computer wizards.
That's still the case in the new bill, SB 5955 (see pdf). But the ACLU's Alison Holcomb, who was deeply involved in drafting the original bill, says that she and others are concerned because of language in SB 5955 (Section 8) that discusses patients registering themselves. Holcomb says she's not sure how patients can do that without giving away identifying information.
Other states with registries offer no guidance, since they "do all sorts of crazy things," Holcomb says, including having patients mail in personal information with no security measures whatsoever.
Czeskis, however, says he still has hopes that the new bill won't "drive a stake through our previous plan." He wonders whether the bill actually prevents third parties from doing the registering. It would seem not, since there is a clause that refers to a "health care professional" registering a patient.
Still, the two possibilities raise logistical questions, Holcomb says. They're some of the many unknowns that this rushed bill presents. While Kohl-Welles is figuring out how to respond, Czeskis and Appelbaum are still trying to refine their initial design. They've submitted a paper on it to the Conference on Computer and Communications Security to be held in Chicago this October. Even if the paper is not selected for presentation, the UW team will get feedback from peers who review it.
Czeskis says he hopes that will make the design even better. He says he sees it not only as a potential first-of-its-kind in such patient registries, but as a system that could work for hunting licenses or other government databases that raise privacy concerns.