Privacy Risks in Brain-Computer Interfaces and Recommendations
By Mia Yin | March 16, 2022
1. What is BCI?
BCI is a pathway connecting brain with an external device, most commonly a computer or a robotic limb. BCI is used to collect and process brain’s neurodata, and then the neurodata will be translated into outputs used in the visualizations or used as commands to tell the external interfaces/machines how to control people’s behavior or modulate neural activity. Because the neurodata is generated from people’s nerve system, it is also personal data.
BCIs are currently mostly used in gaming and healthcare. For example, in the gaming industry, BCIs use neurodata to allow players to control their gaming actions by their conscious thoughts. BCIs games provide greater immersion in games.
There are three main categories of BCIs:
a. BCIs that record brain activity;
b. BCIs that modulate brain activity;
c. BCIs that do both, also called bi-directional BCIs/BBCIs
BCIs can be invasive or non-invasive. Invasive BCIs enables the direct communication between the brain and an external device, like a computer. They are inserted in the brain.
Unlike invasive BCIs, noninvasive BCIs are not inserted in the brain. They are equipped outside and can also record neurodata.
2. BCIs risks including BCIs accuracy and mental privacy
BCIs accuracy: BCIs data accuracy is quite important especially in the healthcare industry. Patients who use BCIs depend its accurate translation to express their thoughts to the doctors. Some patients also reply on BCIs to mitigate disorders. For example, patients who suffer from epilepsy rely on BCIs to get mitigations. If BCIs process neurodata incorrectly, patients may have bad health consequences, even death.And also doctors depend on BCIs’ accurate neurodata information to provide the best treatment. The device data and interpretation accuracy need to be verifiable, sufficient and reliable.
Mental privacy: Since BCIs collect and process personal neurodata to get people’s thoughts and conscious or unconscious intentions, BCIs raise new mental privacy risks to the neural networks in addition to the existing privacy risks that are related to people’s personal health data. For example, some wheelchairs are controlled by BCIs. Patients who use such a wheelchair can control the wheelchair to go to a place for food when they are thinking about food. However, these BCIs can also collect information about patient’s food preferences, at what time a patient may feel hungry or thirsty etc. These neurodata can show a lot of personal biological and private information. If the data is shared with other organizations, it may cause many privacy problems, such as disclosing a patient’s medical condition to an employer or other public entities.
3. Technical and policy recommendations
Technical recommendation: BCIs can provide more control for users to collect neurodata. For example, BCIs can ask the user if they want to start the neurodata collector. This feature prevent users switch on the privacy collection unintentionally and give users more control over personal neurodata flows.
Policy recommendation: More transparency should be displayed in the privacy policy. The policy should tell the users about what data BCIs may collect, what purpose will be used for, who controls and has access to the data, how data will be stored etc. Developers and regulators should clearly reflect the particular privacy risks in BCI applications and let users decide whether or not to give the informed consent to use BCIs.
4. Conclusion:
BCI is an advanced computer-based system which collects and process a lot of personal neurodata. Stakeholders must understand how BCI work and what BCI stores and translates. BCI has many privacy risks that may expose personal data to public entities, thus more technical methods and privacy policy need to be improved to protect the private data and ensure the data is secured and not used in any unwanted purposes.
References:
[1] https://fpf.org/blog/bci-commercial-and-government-use-gaming-education-employment-and-more/
[2] https://fpf.org/blog/bcis-data-protection-in-healthcare-data-flows-risks-and-regulations/
[3] https://fpf.org/blog/bci-technical-and-policy-recommendations-to-mitigate-privacy-risks/