Crossroads


Many people don’t think of obesity as a disease, but rather as a moral failing. But Dr. Fatima Cody Stanford, instructor of medicine at Harvard Medical School and researcher and practicing physician at the Massachusetts General Hospital Weight Center, points out that obesity is a complex, chronic disease. Stanford’s recent fascinating and informative presentation explains how the body uses and stores energy, and describes the complex interplay of the genetic, developmental, hormonal, environmental, and behavioral factors that contribute to obesity. Learn how to easily treat this condition with these exipure articles.

Obesity isn’t just “calories in versus calories burned”
Obesity isn’t just about energy balance, i.e., calories in/calories out. “That’s simplistic, and if the equation were that easy to solve we wouldn’t have the prevalence of obesity that we have today,” Dr. Stanford explains. She goes on to say that not only is the energy balance theory wrong, but the focus on that simplistic equation and blaming the patient have contributed to the obesity epidemic. Stigma, blame, and shame add to the problem, and are obstacles to treatment. Indeed, over 36% of adults in the United States have obesity, and the world is not far behind.

She describes her research and experience in the treatment of obesity, including several cases from her own clinic. These are the cases that capture my attention, as they demonstrate most clearly the effects of different treatment approaches (and combinations) to obesity: diet and lifestyle (i.e. behavioral), medications, and surgery. Stanford has seen remarkable, long-lasting positive results with all, but she always emphasizes diet and lifestyle change first and foremost. The program (called Healthy Habits for Life) offered at the MGH Weight Center is a huge commitment, but it can help reframe a person’s relationship with food, emphasizing a high-quality diet, and not calorie-counting.

The components of a successful treatment for obesity
Abeer Bader is a registered dietitian and the lead clinical nutrition specialist at the center. She described the program to me in more detail: it’s a 12-week group-based education and support program with a structured curriculum and frequent contact with patients. The classes are 90 minutes long and led by a registered dietitian, and cover everything from the causes of obesity to healthy eating to debunking popular diet myths, plus recommendations for dining out, grocery shopping, meal prep, physical activity, and more. “The goal of the HHL program is to provide patients with the education, support, and tools to lead a healthy lifestyle.” Make sure to check out the best Java burn reviews.

The diet they promote is loosely based on the DASH diet and the Mediterranean diet, as these eating plans are rich in vegetables, fruit, lean protein, and whole grains. They use the Harvard Healthy Plate to illustrate a healthy, well-balanced meal.

But it’s also a highly individualized program. “We work closely with the patient to put together realistic goals. I think the most important part of approaching goal-setting and behavior change is to first determine what it is that they would like to improve. Often as providers we tell patients what they need to do, but when you allow the patient to highlight an area that they would like to work on, you may see better adherence,” says Bader. Learn how to easily treat obesity related conditions by visiting Observer.com.

Other similar comprehensive programs have been shown to help patients achieve lasting diet and lifestyle change, lose weight — and avoid diabetes. The Diabetes Prevention Program helps those with obesity and risk of developing diabetes lose 5% to 7% of their body weight, and decreases their risk of diabetes between 58% and 71%. Take a look to the best supplement reviews at

  1. #1 by Jim Fenton on January 10, 2011 - 3:57 pm

    Aaron,

    In the NSTIC framework, there is a fourth type of participant: the attribute provider. All of the information about the user doesn’t come from a single IDP; different attributes will come from different places because we trust different parties for different types of information. This mitigates the centralization of the information somewhat.

    You’re right, though, there is the potential for IDPs to behave badly. It is my hope that privacy considerations will be a factor in IDP accreditation to participate in the Identity Ecosystem.

  2. #2 by Titus on January 10, 2011 - 4:13 pm

    Jim,
    You’re absolutely right. For clarity’s sake, I failed to mention the attribute provider. Thank you for the clarification and correction.

    In any implementation, an IdP will acquire attributes from different locations/ attribute providers. Ideally, the IdP will “forget” these attributes as soon as the transaction is completed. However, nothing in the NSTIC requires them to do so. Absent any kind of regulation, IdPs will have strong economic incentives to retain third party attributes. In a familiar implementation, an IdP may even penalize users if they refuse to allow the attributes to be stored with the IdP. Penalties may include higher fees, slower service, or more clicks.

    Even if IdPs voluntarily forget third-party attributes, we have learned that many of these attributes are unnecessary to establish identity or build a rich profile. IdPs will have direct access to a rich transactional history. And absent regulation, I don’t understand why any reasonable IdP would voluntarily forget this information. It’s just not in their interest.

    I agree that the NSTIC technical specifications theoretically allow for a near-Utopian privacy protections. But unfortunately the technology doesn’t require good behavior.

    Perhaps I am missing something in NSITC, but I don’t see any of these protections. Please let me know if you see the necessary regulatory protections. Or alternatively, help me understand the economic incentives that would encourage IdPs to behave properly. I just don’t see them.

  3. #3 by Stephen Wilson on January 10, 2011 - 4:17 pm

    Well said.

    NSTIC’s core claim to be privacy enhancing is lifted from the now orthodox Identity Metasystem, and its ideas of minimal disclosure and “verified anonymity”. These are good ideas for sure but as implemented they come with huge privacy costs that outweigh the benefits.

    It’s incredibly ironic that in minimising disclosure of PI between individual and service provider, the identity metasystem neccesitates new disclosures of PI to IdPs. As was the case with Big PKI 15 years ago, the IdPs are likely to be start-up companies. Even if they are themselves scrupulous with privacy, there’s the risk of hostile takeover leading to breaches and exploitation. Indeed it’s the aggregation of masses of PI that will make IdPs valuable (ala Facebook).

    Fundamentally, the Disclosure Limitation privacy principle dictates that when designing transaction systems we should seek to avoid adding intermediaries. But the Identity Metasystem is dominated by intermediaries — novel new intermediaries that are without precedent in regular business. If I want to transact anonymously, revealing just the minimal attributes relevant to the business at hand, it defies logic that I should have to involve a new broker, to whom I divulge my identity and who then hides that identity from the service provider.

    Federated Identity systems like NSTIC are much harder to build than first appears, mainly because they introduce radical legal arrangements and business models (like IdPs making new money from issuing identities). Minimum disclosure and “verified anonymity” actually have elegant technological solutions using smart devices, keeping things pure and simple between customers and service providers.

  4. #4 by Andy Steingruebl on January 10, 2011 - 4:21 pm

    Do you believe the situation is any worse than the exists today where many types of third-party tracking sites already have this data without any of the benefits to the user of identity assertion? Does the new NSTIC world actually make anything worse? I’m not convinced it does, and by making those third-party IdPs actually explicitly part of the transaction we have a more meaningful chance to get user consent, where we don’t have any of that today absent some of the proposed DNT features.

  5. #5 by Titus on January 11, 2011 - 11:54 am

    Andy,
    In its current draft, I believe that the technology which underpins NSTIC is privacy-agnostic. The technology will permit (but not require) NSTIC to be very privacy-enhancing, provided IdPs strictly adhere to well-established FIPPs.

    On the flip side, the technology will permit (but not require) NSTIC to nearly annihilate privacy by combining the worst of what we have today (e.g. practical lack of consent, aggregation, lack of control over personal information, etc.) combined with new capabilities for massive surveillance of detailed transactional information.

    The technology enables, but does not dictate policy. The market will exploit technology and therefore create policy, absent restraining regulation. When I look at the market incentives currently in place, they all tend to diminish privacy. When Google and Facebook become the world’s largest IdPs, their business models will dictate how they utilize the technology. And let’s face it, if we have to rely on Google and Facebook to protect user privacy, then privacy may very well be dead.

    I do not think that the market will come to the rescue of privacy. Consequently, regulation must. Because the current draft of NSTIC lacks any meaningful regulatory framework, I am nearly resigned to the fact that the most likely implementation of NSITC will result in the creation of the next generation of credit reporting bureaus: Identity Reporting Bureaus/ or IdPs.

  6. #6 by Stephen Wilson on January 11, 2011 - 3:43 pm

    I do believe that NSTIC will make things worse, for it normalises a much more complicated way of transacting, where numerous new parties are involved whenever a customer to access a service.

    The technology really does dictate policy because the architecture, based as it is on OIX and the “Identity Metasystem”, institutionalises new intermediaries in routine online transactions. At present, customers and service providers, or buyers and sellers, are usually in a bilateral relationship, in which most it not all of their transaction details are private. Under NSTIC, IdPs and others are joined to routine transactions; you won’t access any service on your own anymore but instead you will have an identity broker confirm your credentials, or notarise your attributes. The metasystem architecture is well intended but it’s arbitrary insofar as there are other decentralised ways to achieve the objectives of verified anonymity, identity security, interoperability etc. So the proposal will in fact constrain policy. It undoes major privacy principles by disclosing and collectiong personal information to new players where ordinarily customers and service providers would have conducted their business in private.

    The NSTIC is represented as inherently privacy enhancing because it has mechanisms for minimising disclosure to merchants, banks and other service providers. True, but on the other side of the ledger, it creates all sorts of new disclosures to third parties.

    All privacy and security systems involve tradeoffs. Are the tradeoffs I mention going to be worth it in NSTIC? To answer the question, let’s be careful not to overestimate the effectiveness of federated identity systems. The prospect of streamlining the number of different identities is probably exagerated. Past experience of Big PKI, Single Sign On in general (now often called Simplified Sign On) and OpenID shows that rationalising identities is harder than it looks. General purpose identities always come with fine print, like liability caps, usage conditions, and exclusions. Nobody is using OpenID in serious business. The popular use cases casually mentioned (imagined) in NSTIC dispatches (like a student using her university card to log in to her bank) are easier said than done. If the high end use cases don’t eventuate, then the net benefit of NSTIC will be negative.

  7. #7 by Bob Pinheiro on January 13, 2011 - 1:04 am

    It’s not necessarily true that IdPs need to be involved in every routine transaction. U-Prove technology provides a way to allow identity claims to be transmitted to a relying party without the knowledge of the IdP that issued the claim. U-Prove tokens that encode the claim can be “long lived”, and stored on an active client on the user’s device. So a long-lived token can be used with multiple relying parties without the knowledge of the IdP that issued the token. If, on the other hand, a cloud-based “identity agent” is used to store the token, it may be more of a challenge to maintain privacy.

  8. #8 by Mike Young, Esq. on September 13, 2011 - 4:07 am

    The propensity for this to be abused by the government in violation of individual privacy rights outweighs the benefits of such a system. When we see the feds obtain ex parte orders in non-emergency situations to such down websites accused of online piracy, there’s little reason to believe that restraint will be shown when some bureaucrat makes the decision to abuse “trusted” identities for the War on Terror, to protect the consumer, for the children, or simply out of boredom.

(will not be published)