Brain-Computer Interfaces & Data Protection: Understanding the Technology and Data Flows

FILTER
January 18, 2022
Daniel Berrick
Policy Counsel for Artificial Intelligence
About Daniel
Blogs by Daniel

This post is the first in a four-part series on Brain-Computer Interfaces (BCIs), providing an overview of the technology, use cases, privacy risks, and proposed recommendations for promoting privacy and mitigating risks associated with BCIs.

Click here for FPF and IBM’s full report: Privacy and the Connected Mind. Additionally, FPF-curated resources, including policy & regulatory documents, academic papers, thought pieces, and technical analyses regarding brain-computer interfaces are here.

I. Introduction – What are BCIs and Where are They Used?

Today, Brain-Computer Interfaces (BCIs) are primarily used in the health-care context for purposes including rehabilitation, diagnosis, symptom management, and accessibility. While BCI technologies are not yet widely adopted in the consumer space, there is increasing interest and proliferation of new direct-to-consumer neurotechnologies from gaming to education. It is important to understand how these technologies use data to provide services to individuals and institutions, as well as how the emergence of such technologies across sectors can create privacy risks. As organizations work to build BCIs while mitigating privacy risks,  it is paramount for policymakers, consumers, and other stakeholders to understand the state of the technology today and associated neurodata and its flows.

  • BCIs are computer-based systems that directly record, process, or analyze brain-specific neurodata and translate these data into outputs that can be used as visualizations or aggregates for interpretation and reporting purposes and/or as commands to control external interfaces, influence behaviors or modulate neural activity.
  • BCIs can be broadly divided into three categories: 1) those that record brain activity; 2) those that modulate brain activity; and 3) those that do both, also called bi-directional BCIs (BBCIs). 
  • BCIs can be invasive or non-invasive and employ a number of techniques for collecting neurodata and modulating neural signals.
  • Neurodata is data generated by the nervous system, which consists of the electrical activities between neurons or proxies of this activity.
  • Personal neurodata is neurodata that is reasonably linkable to an individual.

BCIs that record brain activity are more commonly used in the healthcare, gaming, and military contexts. Modulating BCIs are typically found in the healthcare context, such as when used to treat Parkinson’s disease and other movement disorders by using deep brain stimulation. BCIs cannot at present or in the near future “read a person’s complete thoughts,” serve as an accurate lie detector, or pump information directly into the brain.

II. BCIs Can Be Invasive or Non-Invasive. Both Employ a Number of Techniques for Recording Neurodata and Modulating Neural Signals

Invasive BCIs are installed directly into—or on top of—the wearer’s brain through a surgical procedure. Today, invasive BCIs are used in the health context for a variety of purposes, such as improving patients’ motor skills. Invasive BCI implants can involve a number of different types of implants. An electrode array called a Utah Array is installed into the brain and relies on a series of small metal spikes set within a small square implant to record or modulate brain signals. Other prominent examples of invasive BCIs rely on electrocorticography (ECoG), where electrodes are attached to the brain’s exposed surface to measure the cerebral cortex’s electrical activity. ECoG is most widely used to help medical providers locate the brain area that is the center of epileptic seizures

Unlike invasive BCIs, non-invasive BCIs do not require surgery. Instead, non-invasive BCIs rely on external electrodes and other sensors to collect and modulate neural signals. One of the most prominent examples of a non-invasive BCI technology is an electroencephalogram (EEG)—a method for recording the brain’s electrical activity, with electrodes placed on the scalp’s surface to measure neurons’ activity. EEG-based BCIs are common in gaming where collected brain signals are used to control in-game characters and select in-game items. Another noteworthy non-invasive method is near-infrared spectroscopy (fNIRS), which measures proxies of brain activity via changes in blood flow to certain regions, specifically changes in oxygenated and deoxygenated hemoglobin concentration using near-infrared light. fNIRS is especially prominent in wellness and medical BCIs, such as those used to control prosthetic limbs.

Other non-invasive techniques go beyond simply recording neurodata by also modulating the brain. For example, transcranial direct current stimulation (tDCS) and transcranial magnetic stimulation (TMS) are both used to modulate neuroactivity. Non-invasive neurotechnologies should not be equated to non-harmful technologies—just because a device is not directly implanted to sit on or within the brain does not mean that it does not pose unique health and other privacy and data use risks.

Both invasive and non-invasive BCIs are generally characterized by four components:

  • Signal Acquisition and Digitization: Involves sensors (e.g. EEG, fMRI, ect.) measuring neural signals. The device amplifies to levels that enable processing and sometimes filters collected signals to remove unwanted data elements, such as noise and artifacts. These signals are digitized and transferred to a computer.
  • Feature Extraction: As part of signal processing, applicable signals are separated from extraneous data elements, including artifacts and other undesirable elements.
  • Feature Translation: Signals are transformed into usable outputs.
  • Device Output: Translated signals can be used as visualizations for research or care, or they can be used as directed instructions, including feedforward commands utilized to operate external BCI components (e.g. external software or hardware like a robotic arm) or feedback commands which may provide afferent (conducted inward) information to the user or may directly modulate on-going neural signals.
screen shot 2022 01 11 at 3.42.45 pm

III. Recorded Neurodata Becomes Personal Neurodata When it is Reasonably Linkable to an Individual

Neurodata is data generated by the nervous system, which consists of the electrical activities between neurons or proxies of this activity. Neurodata can be both directly recorded from the brain—in the case of BCIs—or indirectly recorded from an individual’s spinal cord, muscles, or peripheral nerves.

At times, neurodata can be personally identifiable when reasonably linkable to an individual or when combined with other identifying data associated with an individual, such as when part of a particular user profile. The recording and processing of personal neurodata can produce information related to an individual’s biology and cognitive state that is directly tied to that user’s record, use, or account. Additionally, the processing of personal neurodata can lead to inferences about an individual’s moods, intentions, and various physiological characteristics, such as arousal. Machine learning (ML) sometimes plays a role as a tool for helping determine if a neurodata pattern matches a general identifier or particular class or physiological state. Although identifying an individual based solely on their recorded personal neurodata is difficult, such identification has been shown to be possible with relatively minimal data (less than 30 seconds-worth of electrical activity) within a lab setting. Some experts believe that such identification is feasible more broadly in the near term. 

Personal neurodata can reveal seemingly innocuous data; record behavioral interactive activity; include health information associated with an individual; or potentially provide insight into an individual’s feelings or intentions. BCIs may eventually progress into new arenas, recording increasingly sensitive personal neurodata, leading to intimate inferences about individuals. Those applications may seek to include transcribing a wide-range of a wearer’s thoughts into text, serving as an accurate lie detector, and even implanting information directly into the brain. However, these speculative uses are still in the early research phases and could be decades from fruition, or perhaps never emerge.

IV. Conclusion

As BCIs evolve and are more commercially available across numerous sectors, it is paramount to understand the unique risks such technologies pose. Although our report, and this blog series, primarily focus on the privacy concerns—including questions about the transparency, control, security, and accuracy of data— around the existing and emerging BCI capabilities, these technologies also raise important technical considerations and ethical implications, related to, for example fairness, justice, human rights, and personal dignity. We will highlight where additional ethical and technical concerns emerge in various use cases and applications of BCIs throughout this series. 

Read the next blog in the series: Brain-Computer Interfaces & Data Protection in Healthcare: Data Flows, Risks, and Regulations

Published: Last Updated: October 26, 2022
Tags: ,

Explore

Issues

authors

dates

Posts by Daniel

check,mark,on,abstract,blue,backgroud.,quality,control,,guarantee,,checklist,
Newly Updated Guidance: FPF Releases Updates to the Generative AI Internal Policy Considerations Resource to Provide New Key Lessons For Practitioners
Read More
post image
FPF Submits Comments to the OMB on Responsible Procurement of Artificial Intelligence in Government
Read More
digital,binary,code,matrix,background, ,3d,rendering,of,a
Identifying Privacy Risks and Implementing Best Practices for Body-Related Data in Immersive Technologies
Read More
View More