Science fiction is no longer just fiction – it’s reality – as policymakers look to the Government Accountability Office (GAO) for advice on how to make brain-signal-powered computer chips ethical and safe. According to the watchdog, it’s going to require handing consumers control of their brain signal data and ramping up data privacy.
Brain-computer interfaces (BCIs) are electronic systems implanted in the brain or worn externally that allow people to control devices using brain signals. Measuring the users’ brain signals and decoding the intent of those signals, the device can then control things such as a computer, prosthetic limb, or a wheelchair, according to GAO.
“BCIs may offer quality-of-life improvements for people living with disabilities due to neurological disorders, stroke, or injuries,” said GAO in its Dec. 17 report. “BCIs also have emerging nonmedical uses in the workplace, national defense, and entertainment.”
“With rapid progress in BCI development, policymakers may want to consider how best to support this technology while also ensuring quality medical care and protecting users—both of medical and nonmedical BCIs,” GAO continued.
GAO said that sensitive data, such as emotions, thoughts, and attention could be misused and result in privacy violations, discrimination and damage to users’ reputation.
Existing regulations surrounding the devices are inconsistent, GAO reported, noting that while certain U.S. regulations protect data in healthcare settings, the same protections don’t always apply to consumers outside of healthcare, such as in entertainment.
“Multiple federal agencies fund BCI research and development or help protect users from safety concerns, false or misleading claims, or disclosure of brain signal data and other personal data,” said GAO. “Parts of the regulatory framework may vary based on whether the BCI is implantable or wearable and whether its intended uses are medical or nonmedical.”
Steps that lawmakers can take to improve data privacy revolve around providing consumers with more control over the use of their data. Clarifying user agreements using consumer-friendly language to clearly explain how data is collected, stored, and used, and limiting data collection and sharing by default are a few methods that the Federal watchdog said could help.
More specific regulation related to BCI development includes evaluating policies specific to brain signal data, developing a unified framework that covers both medical and non-medical BCIs, and engaging key stakeholders such as agencies and industry representatives to collaborate and implement options for safeguarding user data, GAO said.
“Experts told us that the lack of a unified framework for data privacy and data protection that covers all BCIs, along with a lack of standards for BCI development could allow companies that develop and sell BCIs to access sensitive brain signal data without users’ understanding and consent,” said GAO.
“Further, they told us that user agreements between developers and end users may be predatory and unclear,” GAO continued. “They expressed concern that agreements may protect companies from legal action and lack consumer-friendly language to clearly state how developers may collect, store, and use the data.”
To improve BCI cybersecurity, GAO suggested using the National Institute of Standards and Technology’s Cybersecurity Framework for guidance, implementing strong encryption methods to protect data during transmission and storage, developing access controls to sensitive data, conducting regular security audits, and increasing user education.
