HIV Dating App Company Threatens Press With HIV Infection For Reporting On Personal Info Leak

from the high-five dept

It's not uncommon to see threats towards the press occur when someone has been embarrassed. Whether it's an idiotic presidential campaign mad over a rape allegation or an attorney general pissed off at reporters who are attempting to, you know, report, these things happen. Perhaps even more common are threats against the press when they report on security exploits, such as when Sony demanded the end of the publication of documents the press got after one of the many, many times Sony has been hacked.

But I've never seen a company threaten to infect a member of the press with HIV before. This strange tale starts with an app called Hzone, which is a dating application for singles that are HIV positive. And, hey, why not? The HIV-infected need love, too. But running a site like that would seem to come with a particularly dire need for security, which should not result in the user database for the app being publicly exposed to the internet, as it was a few weeks ago.

Today's story is strange, but true. It's brought to you by DataBreaches.net and security researcher Chris Vickery. Vickery discovered that the Hzone application was leaking user data, and properly disclosed the security issue to the company. However, those initial disclosures were met with silence, so Vickery enlisted the help of DataBreaches.net.

So, as too often seems to happen with these cases, a researcher found a security flaw and brought it to the company's attention, only to be completely ignored. Then the researcher goes to a press outlet, DataBreaches.net in this case. Even as Vickery continued to let the company know about the leak, the database remained exposed. And this is a database, I feel compelled to remind you, filled with the personal information of HIV infected persons. The issue wasn't fixed until mid-December, some three weeks or more since the issue was initially reported. At about that same time, DataBreaches informed Hzone that it would be reporting on the leak.

And that's when this tale takes a strange and disgusting turn.

Finally, when DataBreaches.net informed Hzone that the details of the security issues would be written about, the company responded by threatening the website's admin (Dissent) with infection.

"Why do you want to do this? What's your purpose? We are just a business for HIV people. If you want money from us, I believe you will be disappointed. And, I believe your illegal and stupid behavior will be notified by our HIV users and you and your concerns will be revenged by all of us. I suppose you and your family members don't want to get HIV from us? If you do, go ahead."

Ah, the old "We'll just infect you and your family with HIV, haha!" tactic to silence reporters. This is a company that, again, caters directly to the community of the HIV infected, exposed that community's personal information, and then used HIV infection as a cheap threat on a reporter simply for reporting on the leak. Why would anyone want anything to do with these people any longer? And, while barely apologizing, Hzone appears to be more interested in doing CYA than true security.

Hzone later apologized for the threat, but it still took them some time to fix their flawed database. The company accused DataBreaches.net and Vickery of altering data, which led to speculation that the company didn't fully understand how to secure user information. An example of this is one email where the company states that only a single IP address accessed the exposed information, which is false considering Vickery used multiple computers and IP addresses.

On top of that, Hzone responded to a question by DataBreaches as to whether or not the company bothered to inform its users that their personal information had been compromised.

"No, we didn't notify them. If you will not publish them out, nobody else would do that, right? And I believe you will not publish them out, right?"

Oops.

Filed Under: apps, hiv, leaks, press

DailyDirt: The Progress Of Treating HIV

from the urls-we-dig-up dept

The US Center for Disease Control reported on its first case of AIDS (though it wasn't called AIDS at the time) in 1981. Some HIV-positive patients have since gained access to anti-viral drugs that hold off the fatal complications for many more years than it was previously thought possible. There are over 34 million people in the world who are HIV-positive, and there are some optimistic reports that the treatments are becoming more effective. Here are just a few fascinating stories on the development of HIV treatments.

• A baby born in Mississippi with HIV has been "functionally cured" after receiving an aggressive regimen of anti-retroviral drugs.. a discovery that occurred when the treatment was inadvertently stopped after 18 months. There have been some scattered reports of other babies who have been cleared of HIV, but this is the first case that will be rigorously studied with highly sensitive genetic tests. [url]
• A generation of HIV-positive youngsters are beginning to live into adulthood, but the long-term effects of HIV (and the medicines to treat it) are completely unexplored territory. Studying these kids for many decades could determine optimal medical regimes and shape how society handles patients who need indefinite treatment. [url]
• The "Berlin Patient" (aka Timothy Ray Brown) is the first known person to defeat HIV. After a bone marrow transplant to treat (unrelated) leukemia, Brown recovered, and doctors found that his HIV levels were at undetectable amounts.. and remained so without anti-viral drugs. [url]
• Some people have a genetic mutation that prevents HIV from infecting their white blood cells, making them immune to the virus. The specific mutation was identified in 1996, but the discovery hasn't (yet) lead to a universal vaccine. [url]

If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.

Filed Under: aids, berlin patient, cure, disease, health, hiv, immunity, medicine, treatment

DailyDirt: Cures For Everything..?

from the urls-we-dig-up dept

Medical technology has come a long way from leeches and barbers. But there are still a lot of horrible diseases without cures. Here are just a few projects working on some important cures.

• There's a gene therapy approach to treating a form of leukemia that seems effective so far on three patients. Interestingly, the researchers used a modified version of HIV to inject the gene therapy treatment.... [url]
• Antiviral drugs seem pretty hard to find, but it looks like one has been found that's effective against at least 15 different viruses. Including the common cold! DRACOs (Double-stranded RNA Activated Caspase Oligomerizers) FTW! [url]
• Polio has a cure, and it's *almost* completely eradicated. However, it still exists, and wiping it out isn't going to be easy. [url]
• To find more interesting stuff on health-related topics, check out what's currently in the StumbleUpon archives. [url]  

By the way, StumbleUpon can recommend some good Techdirt articles, too.

Filed Under: antiviral drugs, cancer, cures, dracos, gene therapy, hiv, polio

Eight HIV/AIDS Treatment Patents Challenged

from the errors-in-the-patent-system dept

Questionable drug patents that put lives at risk are finally starting to get more scrutiny. The Public Patent Foundation (better known as PUBPAT) is now challenging the validity of eight patents held by Abbott Labs around the HIV/AIDS drug ritonavir (branded Norvir). As PUBPAT notes, there's plenty of prior art that should have prevented these patents from ever being granted. The patents in question are 5,541,206, 5,635,523, 5,648,497, 5,674,882, 6,037,157, 6,703,403, 7,148,359, and 7,364,752. PUBPAT also notes that Abbott has faced controversy over its monopoly pricing in the past, such as when it raised the price of the drug from $1.71 per day to $8.57 per day. Having a monopoly lets you do that sort of thing...

Filed Under: aids, hiv, norvir, patents, ritonavir
Companies: abbott labs

USPTO: Using Three Knowledge Bases To Diagnose Is Patentable

from the three-databases-makes-a-difference dept

Back in June, we wrote about the rather horrifying situation that Dr. Bob Shafer found himself in, facing a patent lawsuit over a fantastic resource of HIV-related data that he had been putting together for years, and which the community of HIV researchers have used for years. Shafer's employer, Stanford University, was threatened by a company, Advanced Biological Laboratories, claiming that the database violated its patents (6,188,988 and 6,081,786) on using databases for diagnostic decisions -- even though HIVdb predated either patent. There was some back and forth, and Stanford settled the dispute (much to Shafer's dismay) and a separate lawsuit commenced against Shafer himself, after he refused to abide by the terms of the original settlement.

Joe Mullin has an update on the situation and the one bit of good news is that the lawsuit itself has been settled, and Shafer really just needs to post a link to ABL's "response" to his claims.

But the more disturbing part is that the USPTO has upheld the '988 patent in question, despite over 200 pages of prior art submitted by Shafer and his lawyers. Why?

Even though doctors had used databases to help choose therapies to treat various ailments for decades before the first relevant patent application at issue was filed in 1998, Hughes said the '988 patent should be allowed. Her reasoning: the prior art references didn't distinguish a system with exactly three "knowledge bases." And that distinction alone--having three "knowledge bases"--is a patentable advance, Hughes decided.

Yes, you read that right. Even though people have used such knowledge bases for decision making for quite some time, the fact that we're talking about three knowledge bases suddenly makes it patentable. Because without patents, no one would have ever thought to use exactly three knowledge bases. Shafer and others are already pushing back on that and hoping to still invalidate the patent. Mullin notes that Ted Shortliffe, president of the American Medical Informatics Association, has joined Shafer in pointing out how ridiculous the idea that "three" knowledge bases makes some sort of meaningful difference:

This is a trivial distinction without a practical difference since multiple knowledge bases could be merged into a single entity and have long been separated into multiple representations largely for computational convenience and clarity.

Honestly, can someone explain how the USPTO is employing people who think that having three knowledge bases turns using knowledge bases for diagnostic purposes into a patentable invention?

Filed Under: bob shafer, hiv, knowledgebases, patents

Another Example Of Patents Putting Lives At Risk

from the very-sad dept

This one's a bit old, but I finally got around to reading Joe Mullin's fascinating, but troubling, account which pits a Stanford professor and doctor against a French company, Advanced Biological Laboratories, that claims to own patents on (effectively) using computer data to help doctors make diagnostic decisions. If you want to see the specific patents, they are 6,188,988 and 6,081,786. At issue, is the fact that Dr. Bob Shafer has been working for years (actually, since before either patent was filed) on putting together HIVdb, an exceptionally useful database on HIV details that many researchers rely on to help figure out potential treatments to HIV. Except... of course, ABL claims that it infringes on those patents.

Since Dr. Shafer works for Stanford, ABL threatened Stanford, who brought in some lawyers who pointed out that the patents had very little chance of surviving any sort of review -- but Stanford, apparently anxious to avoid a long, drawn-out or costly lawsuit, agreed to settle the dispute, promising to put a warning note on HIVdb that using the system for commercial purposes might require a license from ABL. Shafer, who didn't know such a settlement was in the works, was quite upset to find out about it -- and refused to put the warning message on the site (eventually he put an edited version, hidden deep within the site, including his own opinion about how silly it was).

Shafer also has hired his own lawyer and is pushing forward to invalidate ABL's patents. He's also been learning more and more about how such patents are all too often used against their stated purpose, and how, rather than encouraging innovation, they're being used to stifle it and (more importantly) to put lives at risk. Shafer and his colleagues are reasonably horrified that Stanford gave in, noting that it only encourages such behavior, and enables ABL and others to pull the same sort of stunt against others.

Given that Shafer refused to live up to the terms of the deal that he had never agreed to in the first place, ABL moved forward and sued Shafer directly, and that case is now ongoing -- even as Shafer hopes to invalidate the patent through the Patent Office itself. The whole thing is yet another story of how patents are being used to stifle innovation -- and sometimes put lives at risk. It's tragic that we've been seeing so many such stories lately. Update: It's been pointed out that some of you might want to look at the great website Shafer has put together, at HarmfulPatents.org if you want to learn more.

Filed Under: bob shafer, healthcare, hiv, hivdb, patents, research
Companies: advanced biological laboratories, stanford university