by Mary Aiken
I remember when, in the early 2000s, my friends abandoned the purchase of the latest fashion accessory or beauty treatment in favor of the ultimate makeover: the deluxe “full-body scan.” This was the start of a new wave of medical technology that allowed further exploration of the previously unknown. We were suddenly able to see—in great detail—what lies within us. And even better, we could be watching. Live.
From my perspective, many a good dinner conversation has been ruined by an enthusiastic blow-by-blow, or polyp-by-polyp, description by someone on the receiving end (literally) of a live stream colonoscopy. Never before have we been able to see inside ourselves so clearly! The procedure itself is all well and good—and has surely saved thousands of lives. But professional associations have warned that the scans lead to rounds of tests of innocuous lumps while missing common cancers.
Dr. Harvey Eisenberg was a cardiovascular radiologist who took an aggressive approach to wellness by performing comprehensive full-body scans on the “worried well” at his Health View Center for Preventive Medicine in Newport Beach, California. His motto was “You don’t know what’s inside until you look,” and his “preventive” scans created quite a media sensation. Forget the colon; Dr. Eisenberg wanted a look at every organ, every bone, and all tissue. His approach struck many as cutting-edge medicine. He was celebrated on The Oprah Winfrey Show, and consulted, and endorsed by the likes of William Shatner and Whoopi Goldberg. Between 1997 and 2000, more than fifteen thousand individuals were scanned from neck to pelvis at the Health View Center in hopes of discovering and preventing any nascent illness. Studying the results, radiologists looked for early signs of heart disease, cancer, arterial plaque, lung nodules, inflamed prostate, and spinal vertebrae degeneration.
Guess what happened?
An evolving pathology was found in every case.
Every single one.
Think about that.
Dr. Eisenberg claimed that he’d never seen a normal scan. “It’s a daily event for us to uncover unsuspected life threatening disease,” he said, “that is either stoppable, curable, or reversible.”
The radiation exposure during whole-body CT scanning is low, but still a concern. When asked about this, Dr. Eisenberg said, “Yes, there’s an increased risk, but you don’t get something for nothing.”
A potentially bigger problem than radiation awaited the patients of Dr. Eisenberg. The bottom line: If every physical problem or evolving pathology inside our bodies were discovered and treated, would it save more people than it killed?
Iatrogenesis is a Greek term derived from iatro, or “healer,” and genesis, meaning “brought forth,” which refers to an illness “brought forth by the healer.” It can take many forms: an unfortunate drug side effect or interaction, a surgical instrument malfunction, physician negligence, medical error, pathogens in the treatment room, or simply bad luck. An early study in 2000 reported that it was the third most common cause of death in the United States, after heart disease and cancer.
You heard that right. The third most common cause of death. Having an unnecessary surgery or medical treatment of any kind means taking a big gamble with your life. Before long, the U.S. Food and Drug Administration began issuing warnings about the potential risks of the scans, and health insurance providers not only refused to cover them but advised against them. When last heard of, Dr. Eisenberg and his full-body scanner were operating out of a van in Irvine, California.
Nobody wants to die before his or her time. And it turns out that worrying that you might be dying, and acting on that worry, can become a self-fulfilling prophecy. The full-body-scan boom went bust. And the worried well moved on—mostly online.
A Case for Death by Cyberchondria
We have to thank John James, a toxicologist at NASA who lost his son to what he believes was a careless medical mistake in a Texas hospital in 2002, for shedding light on the growing number of deaths from the iatrogenic effect. An estimate of between 44,000 and 98,000 deaths annually in the United States as a result of medical error in hospitals was reported in 1999, when the Institute of Medicine issued its now famous report, To Err Is Human. A decade later, the Department of Health and Human Services reported that about 15,000 hospitalized Medicare beneficiaries per month experienced an event that contributed to their deaths—that is, failures in hospital care. This results in an estimated 180,000 patient deaths annually. In 2013, with the help of James and the advocacy group he started, Patient Safety America, a stunning jump in deaths was reported: between 210,000 and 440,000 hospital patients in the United States die each year as a result of a preventable mistake.
By his reports, these deaths increased fourfold between 1999 and 2013. If anything, given the improvements in medical technologies in those fifteen years, the death rate should have decreased. Is patient care getting so much worse? Were the previous studies done poorly?
What is the difference?
James has been a tireless campaigner on the subject of healthcare for nearly fifteen years. His latest book, The Truth About Big Medicine, discusses the flaws of the American healthcare industry, reveals unsafe medical practices, proposes ways to correct injustices, and includes discussions of imaging, medical devices, pharmaceuticals, hospital procedures, and medical negligence.
While these dangers inherent in the American healthcare system may be responsible for a rise in the iatrogenic death rate, I would argue that another sort of effect may have intervened. The 1999 figure reflects a time prior to the prevalence of Internet medical search, and the escalation reported in 2013 more closely reflects the times we are living in now, when as many as 60 percent of Americans search for health information—35 percent of those search for diagnostic information, and just over half proceed to make an appointment to see a physician. It cannot be coincidental. This may be a pipeline: Online health-related search leads to escalation in anxiety, which leads to unnecessary medical visits and unnecessary medical procedures, which in turn leads to an increase in iatrogenic deaths.
A new study conducted by patient-safety researchers at Johns Hopkins University School of Medicine and published in May 2016 reemphasizes the seriousness of this issue. The findings show that medical errors in hospitals and other health-care facilities are “incredibly common and may now be the third-leading cause of death in the United States—claiming 251,000 lives every year, more than respiratory disease, accidents, stroke and Alzheimer’s.”
If I take a few steps back, what I’m observing is a deadly cocktail: increased media coverage of health and medical stories that drives anxiety, TV commercials pushing pharmaceuticals that target health uncertainty, more medical testing to protect doctors from medical malpractice lawsuits, and then you can add in the cyber effect, online search.
This is something Yahoo, Bing, and Google surely know about and have been grappling with for some time. Just a few years ago, when you did a search and used a medical or physiological term, a disclaimer popped up, saying that this was “not a diagnosis.” This box disappeared, and then returned in the form of a probability statement. More recently, search sites have experimented with connecting medical searchers with actual doctors. I would like to think this is a positive step, in terms of an informed approach, and not just another way to monetize the miseries of the worried well.
While we can’t know with certainty how many lives could have been spared over the past ten to fifteen years, we should ask this question: What would it take to create safer and more intelligent search protocols for medical queries? What would it take to rethink media coverage and TV commercials so they didn’t fuel health anxiety? And what about reforming medical malpractice protocols to discourage unnecessary testing?
The Internet offers so many advantages, yet with the emergence of cyberchondria and other technology-facilitated problems appearing on the horizon, we have to hope there’s a way for medical ethics to be translated online.
The Google motto “Don’t be evil” reminds me of a line often attributed to the Hippocratic oath, pri
mum non nocere. This moral code for physicians translates as “First, do no harm.” It is something advertisers, media, online search engines, health websites, and the legal community may want to embrace.
Conclusion
Imagination is a beautiful thing, but it can be fierce and unruly. We would be smart to be respectful of its power. The fearmongering and hysteria over the Ebola virus in 2014 is proof of how health anxiety, and health scares, can cause more problems than the illness itself. In a terrible cyber twist, the scammers who sent out fake emails from the World Health Organization, using subject lines like “Ebola Survival Guide” and “Ebola Outbreak Now WORSE Than We’re Being Told,” managed to dupe thousands into surrendering control of their computers. Of course technology can have positive effects on healthcare and disease outbreaks. Recently, rival researchers studying the mosquito-borne Zika virus found a way to collaborate via Twitter.
Knowing everything about your body, your medical health, and the drugs you are taking is now de rigueur. But there’s a lot of evidence to support my view that you can know too much. This finds agreement in Japan, where a doctor will rarely, if ever, tell patients that they have cancer. And under no circumstances are they told their condition is hopeless. It is commonly believed that patients who are told they are terminal tend to die sooner than those who aren’t.
But in the West, instead of less information, we have more and still more—now made possible by search technologies. It wouldn’t surprise me if there was a cultural change of heart about this eventually. In recent years I’ve heard stories from women with breast cancer and other serious diagnoses who decided not to share this information with friends and extended family, lest their own young children find out and go online to search outcomes. Even if there is no transparency about how medical-search algorithms work, we know where it leads. The young and the vulnerable, now exposed to a range of morbid and serious content that they cannot process or understand, are the ones we need to protect most.
Here’s my own motto: caveat inquisitor.
“Let the searcher beware.”
CHAPTER 8
What Lies Beneath: The Deep Web
Pirates and buccaneers have been romantic fixtures in children’s literature and Hollywood movies over the past century. They are often depicted as courageous figures—swashbuckling thieves who roam the high seas with expert skill, defying governmental authority and living by their own “code of honor.” In the language of storytelling, this code signals a sense of morality and makes the pirates human and almost admirable—the bad-but-good guys we can love.
Formal or informal codes of conduct actually exist for all groups, whether they are a family of primates or an underworld gang. Rules make everything work better. That’s why it’s called “organized” crime.
Most of us do not commit felonies in real life, or want to, but it can be fun to imagine living the lawless life of a pirate, navigating uncharted tropical waters and meting out our own brand of high-seas justice in the clash of a sword fight. Lawlessness mimics freedom, and the vicarious experience of watching it in a movie can be exhilarating. The golden age of piracy (about 1680–1730), as portrayed in the Pirates of the Caribbean films—with all those beautiful shots of blue water and desert islands, not to mention Captain Jack Sparrow played by Johnny Depp—is irresistible entertainment. It’s easy to see why the very word pirate does not register as pejorative.
Where am I going with this?
The Deep Web is surely like the Caribbean of the seventeenth and eighteenth centuries, a vast uncharted sea that cybercriminals navigate skillfully, taking advantage of the current lack of governance and authority—or adequate legal constructs to stop them. And like the golden age of piracy, we are living in a time of upheaval and geopolitical changes both in real-world and cyber contexts, which can encourage a free-for-all of opportunism and a rise in lawlessness.
On the high seas of the Internet, secret hiding places for cybercriminals abound—safe harbors, concealed caves, and digital coves where they can sail in, drop anchor, and buy and barter for tools, weapons, and other contraband. For those needing accomplices, the bawdy pubs and tavern inns of the Colonial period have been replaced with covert forums, chat rooms, and criminal-networking sites, all of which are plentiful on the labyrinthine Deep Web. While you can find cybercriminals anywhere on the Internet, they have a much easier time operating in the murky waters of the darkest and deepest parts.
And just as the legitimate digital markets like Zappos and eBay have become more sophisticated about merchandising and sales, the online black market has grown increasingly efficient. I was a contributor to the Europol cybercrime threat assessment report in 2014, which described the emerging but hard-to-believe phenomenon of crime as a service online. Almost any kind of criminal activity—extortion, scams, hits, and prostitution—can be ordered up online now, thanks to well-run websites with shopping carts, concierge hospitality, and surprisingly great customer service.
This window of opportunity for cybercrime won’t last forever. It can’t. But until more laws to govern the open waters of the Internet are implemented and jurisdictions begin to coordinate across virtual borders—the way they do for sea and aviation laws—we will continue to live in a golden age of digital piracy, resulting in a lawlessness that impacts all of us.
Tip of the Iceberg
If you aren’t exactly sure what the Deep Web is, you aren’t alone. This part of the Internet is commonly discussed in law-enforcement and cyber-security circles, and is a source of fascination for the tech industry and media, but like so many aspects of the cyber environment, it has a feeling of being a “tech experts only” subject, as if it’s too complicated for anybody else to fathom. When I’m on the road, whether I am speaking at conferences or discussing my work with people outside digital forensics, I am always stunned by how few people really understand this hidden part of the Internet or how it works.
The field called cyber-security is vast and pretty complicated. Nonexperts are puzzled—and left with only one sticky mantra in their heads: Change your password. Well, that turns out to be great advice. But how is anyone supposed to remember all of those codes, not to mention the new ones?
I like to say that your memory may be weak, but your passwords need to be strong. That means that you should avoid taking the easiest route of simply changing one character of your password, like adjusting the ending from a “7” to an “8.” Human beings are predisposed to gravitate to variations on a theme, due to the way human memory works. The ability to recall often is by association. Therefore, what seems clever and easy for you won’t be enough to stump an identity thief. Let’s not forget, one of the most impossible codes of all time, the Enigma code, was broken due to a similar mistake. Its Nazi operators got lazy. Instead of resetting the dials randomly of the Enigma machine every day, some operators changed a dial by only one notch, creating an easy pattern to crack.
Failed morals and antisocial personality traits aren’t the only things that give cybercriminals an advantage over their victims. These con artists are expert observers of human behavior, especially cyberbehavior—they know how to exploit the natural human tendency to trust others, and how to manipulate people so they give up confidential information, or what is called a socially engineered attack. When it comes to identity theft or cyber fraud, it is much easier to fool a person into giving you a password than it is to try to hack it (unless the password is really weak). This sort of social engineering is a crucial component of cybercriminal tactics, and usually involves persuading people to run their “free” virus-laden malware or dangerous software by peddling a lot of frightening scenarios (which is why it’s called scareware). Fear sells.
The quagmire of cyber-security is made only more complicated by all the interested parties trying to solve our problems. There’s an industry of professional and amateur specialists promoting anti-malware, anti-spyware, and antivirus software—while flooding our in-boxes with a steady stream of cyb
er-security tips, delivered on every platform from blogs to YouTube. Due to the constantly evolving technology and information overload, the subject is now more mind-numbing than scary. Many people prefer to buy malware protection and just hope for the best.
But is that enough? You don’t have to look far to find somebody who has been a victim of a cybercrime—whether it’s credit card fraud, cellphone hacking, data hacking, data destruction, or cyber-extortion. Identity theft is now the number one consumer complaint at the U.S. Federal Trade Commission, and the U.S. intelligence community ranks cyber threats as one of the top global security concerns, along with terrorism, espionage, and WMDs.
So where are these cybercriminals hanging out?
The Deep Web. At one of my first meetings with CBS executives and the creative team of CSI to discuss my work in forensic cyberpsychology with law enforcement agencies worldwide, this mysterious place was one of the first things I had to explain. The Deep Web is often a misused term.
So what is it?
Simply put, the Deep Web refers to the unindexed part of the Internet. It accounts for 96 to 99 percent of content on the Internet, vastly larger than the Surface Web, where regular traffic is occurring. Most of this content is pretty dry stuff, a combination of spam and storage—U.S. government databases, medical libraries, university records, classified cellphone and email histories. And, just like the Surface Web, it is a place where content can be shared.
What makes it different? The content on the Deep Web can be shared without identity or location disclosure, without your computer’s IP address and other common traces. The sites are not indexed and therefore not searchable if you’re using a Surface Web browser like Chrome or Safari or Firefox. For software that protects your identity, an add-on browser like Tor is one of the most common ways in. The name Tor is an acronym for “the onion router” because of the layers of identity-obscuring rerouting.