Somewhere inside a foundation model trained on millions of supposedly de-identified electronic health records, a ghost lingers. Not a literal one, of course, but a data spectre: the clinical history of a patient whose records were stripped of names, addresses, and social security numbers before ever touching an algorithm. The model was never supposed to remember this person. It was supposed to learn medicine. Instead, it learned a patient.

This is the memorisation problem, and it is rapidly becoming one of the most consequential privacy challenges in clinical artificial intelligence. As healthcare systems worldwide rush to deploy foundation models trained on vast troves of electronic health record data, researchers are discovering that de-identification, the process long treated as the gold standard for protecting patient privacy, may not be enough. These models do not merely generalise medical knowledge from the populations they study. In some cases, they memorise individual patient records with enough fidelity that an adversary armed with the right prompts could extract sensitive clinical details about real people.

The implications are profound. A patient with a rare autoimmune disorder, an individual whose HIV status was recorded during a hospital visit, a person who sought treatment for substance use: these are precisely the kinds of patients whose records are most vulnerable to memorisation, because their clinical profiles are, by definition, unusual. And unusualness is exactly what makes data memorable to a machine learning model.

When Models Remember What They Should Forget

In October 2025, a team of researchers led by Sana Tonekaboni, a postdoctoral fellow at the Eric and Wendy Schmidt Center at the Broad Institute of MIT and Harvard, published a paper that would reframe how the clinical AI community thinks about privacy. The study, “An Investigation of Memorization Risk in Healthcare Foundation Models,” was presented at the 2025 Conference on Neural Information Processing Systems (NeurIPS) in San Diego. Co-authored with Lena Stempfle, Adibvafa Fallahpour, Walter Gerych, and Marzyeh Ghassemi, an associate professor at MIT in Electrical Engineering and Computer Science, the paper introduced a suite of black-box evaluation tests designed to probe whether foundation models trained on structured electronic health records were genuinely generalising medical knowledge or simply recalling individual patients.

The distinction matters enormously. A model that generalises has learned, say, that patients over 65 with elevated troponin levels and chest pain are at high risk of myocardial infarction. That knowledge draws on thousands of patient records and reflects a genuine population-level pattern. But a model that memorises has locked onto a singular patient record, and when prompted with the right combination of attributes, it can reproduce details about that specific individual. “Knowledge in these high-capacity models can be a resource for many communities,” Tonekaboni explained, “but adversarial attackers can prompt a model to extract information on training data.”

The framework the team developed includes methods for probing memorisation at both the embedding level, where models encode patient data as numerical representations, and the generative level, where models produce clinical outputs. Crucially, the researchers designed their tests to distinguish between benign generalisation and genuinely harmful memorisation. Not all information leakage is created equal. If a model reveals that a particular patient profile tends to involve elderly males, that reflects population statistics. If it reveals that a specific combination of laboratory values, timestamps, and diagnostic codes corresponds to a single identifiable individual, that constitutes a privacy breach.

The findings were sobering. The researchers demonstrated that the more prior knowledge an attacker possesses about a particular patient, the more likely the model is to leak additional information. Patients with rare conditions proved especially vulnerable, precisely because their clinical signatures are distinctive enough to be picked out from the broader training distribution. And while some categories of leaked information, such as a patient's age or gender, represent relatively low risk, others carry serious consequences. Diagnoses related to HIV, substance use disorders, or mental health conditions were flagged as potentially harmful disclosures that could damage a person's employment prospects, insurance coverage, or social standing.

Ghassemi, the paper's senior author, offered a practical framing of the threat. “We really tried to emphasise practicality here,” she noted. “If an attacker has to know the date and value of a dozen laboratory tests from your record in order to extract information, there is very little risk of harm. If I already have access to that level of protected source data, why would I need to attack a large foundation model for more?” The question cuts to the heart of the adversarial calculus: how much prior knowledge makes an attack feasible, and at what point does memorisation cross from theoretical vulnerability to practical danger?

The Adversary's Toolkit

To understand the scale of the memorisation threat, it helps to look beyond healthcare-specific models to the broader landscape of large language model security research. The foundational work in this space comes from Nicholas Carlini and colleagues, whose research at Google DeepMind and collaborating institutions has systematically demonstrated that language models memorise and can be made to regurgitate their training data.

In a landmark 2021 paper published at USENIX Security, Carlini, along with Florian Tramer, Eric Wallace, and others, showed that an adversary could extract hundreds of verbatim text sequences from GPT-2, including personally identifiable information such as names, phone numbers, and email addresses. The attack required no access to the training data itself, only the ability to query the model. By 2023, the same research group, now including Milad Nasr, Daphne Ippolito, and Christopher Choquette-Choo, had scaled their methods dramatically. Their paper “Scalable Extraction of Training Data from (Production) Language Models” demonstrated that an adversary could extract gigabytes of training data from both open-source models and commercial systems including ChatGPT.

The 2023 work introduced a particularly concerning technique: the divergence attack. By crafting prompts that cause a model to diverge from its normal conversational behaviour, the researchers achieved training data emission rates up to 150 times higher than those observed during typical usage. The attack essentially tricks aligned models into reverting to their pre-alignment behaviour, at which point they begin outputting memorised sequences with alarming fidelity.

What does this mean for clinical AI? The attack surface is substantial. An electronic health record foundation model trained on millions of patient records contains, by design, sensitive clinical information. Even if the records have been de-identified according to HIPAA standards, the model itself may have encoded enough information to reconstruct individual patient profiles when queried with the right combination of clinical attributes. A rare diagnosis combined with a specific age range and a distinctive pattern of laboratory values could function as a fingerprint, allowing an attacker to extract additional details that the de-identification process was supposed to protect.

The level of prior knowledge required for a successful attack varies depending on the model architecture, training methodology, and the patient population in question. Research on general-purpose language models suggests that model size strongly correlates with memorisation: larger models, with their greater capacity to store training data patterns, are more vulnerable to extraction attacks. Given that clinical foundation models are trending towards ever-larger architectures to capture the complexity of medical knowledge, this scaling relationship poses a direct tension between clinical utility and patient privacy.

De-identification Was Never Bulletproof

The memorisation problem does not exist in isolation. It builds upon decades of research demonstrating that de-identification of health data has always been more fragile than regulators and healthcare institutions have assumed.

The seminal work in this field belongs to Latanya Sweeney, now the Daniel Paul Professor of the Practice of Government and Technology at the Harvard Kennedy School. In 1997, while still a graduate student at MIT, Sweeney demonstrated that she could re-identify the medical records of then-Massachusetts Governor William Weld by cross-referencing publicly available voter registration data with de-identified hospital discharge records. The records had been stripped of names, addresses, and social security numbers, but they retained date of birth, gender, and ZIP code. Sweeney showed that just these three attributes were sufficient to uniquely identify an individual.

Her subsequent research revealed that 87 per cent of the United States population could be uniquely identified using only ZIP code, date of birth, and gender, a finding that helped shape the HIPAA Privacy Rule's Safe Harbour de-identification standard. Yet even with these protections in place, re-identification remains possible. A 2018 study demonstrated that patients could be re-identified from HIPAA-compliant de-identified datasets by cross-referencing them with publicly available newspaper articles about hospitalisations.

A 2025 paper published in AI and Ethics highlighted the particular challenge of clinical free text. Structured data fields like diagnosis codes and laboratory values can be systematically scrubbed, but clinical notes contain narrative descriptions that may include identifying details embedded in the prose: references to a patient's occupation, family circumstances, or the name of a referring physician. De-identification tools, including those powered by natural language processing, struggle with the ambiguity and variability of clinical language.

The emergence of foundation models adds a new dimension to this longstanding vulnerability. Traditional re-identification attacks required an adversary to obtain and cross-reference multiple external datasets. Memorisation attacks against AI models require only the ability to query the model itself. The model becomes both the target and the pathway to the data it was trained on, collapsing what was previously a multi-step process into a single interaction. A 2025 study published in PMC on contemporary threats to anonymised healthcare data warned that AI-based techniques can now infer identity from traditionally de-identified sources using data such as electrocardiograms or patterns of gait, data types that were never considered identifiers under existing privacy frameworks.

How AI Threats Compare with Conventional Cybersecurity Risks

The memorisation vulnerability exists within a broader landscape of healthcare cybersecurity threats that are already severe and worsening. Understanding how AI-specific risks compare with conventional attack vectors is essential for calibrating the response.

The numbers from conventional healthcare cybersecurity are staggering. In 2024, 259 million Americans had their protected health information compromised through hacking incidents, a figure driven overwhelmingly by the Change Healthcare ransomware attack. That single breach, perpetrated by the ALPHV/BlackCat ransomware group, affected approximately 190 million individuals after attackers exploited a Citrix remote access service that lacked multi-factor authentication. UnitedHealth Group, Change Healthcare's parent company, reported total cyberattack impacts of 2.457 billion dollars in the first nine months of 2024 alone.

The healthcare sector has become the most targeted industry for ransomware, accounting for 17 per cent of all ransomware attacks across sectors. Complete protected health information packages command prices of up to 1,200 dollars per record on criminal marketplaces, roughly 80 times the value of stolen credit card data. Over 80 per cent of stolen health records in 2024 were taken not from hospitals directly but from third-party vendors, software services, and business associates, highlighting the systemic nature of the vulnerability.

Against this backdrop, AI memorisation attacks represent a qualitatively different kind of threat. Conventional breaches involve exfiltrating stored data, breaking through perimeters, and exploiting network vulnerabilities. Memorisation attacks exploit the model itself as an unwitting data store. There is no firewall to breach, no database to penetrate. The sensitive information is encoded within the model's parameters, distributed across billions of numerical weights in ways that resist simple detection or removal. An attacker needs nothing more than API access to the model, which in many clinical deployment scenarios would be available to any authorised user of the system.

The two categories of threat also differ in their detectability. A ransomware attack produces obvious signs: encrypted systems, operational disruption, ransom demands. A memorisation extraction attack can be conducted through queries that resemble normal clinical usage, making it far harder to detect. Medical identity theft already takes an average of 24 months to discover, compared with four months for financial fraud. Memorisation-based data extraction could extend this detection timeline even further, because the data never technically leaves the system in the conventional sense.

Yet it would be a mistake to treat AI memorisation as the dominant threat. The scale of conventional breaches dwarfs anything that memorisation attacks have demonstrated in practice. The Change Healthcare incident compromised the records of roughly 190 million people in a single event. Memorisation attacks, by contrast, tend to target individual patients or small groups, requiring specific prior knowledge about each target. The threat from memorisation is more surgical than it is sweeping, but for the individuals affected, particularly those with rare conditions or stigmatising diagnoses, the consequences could be devastating.

The Regulatory Patchwork

The regulatory response to AI memorisation risks in healthcare remains fragmented and, in many respects, inadequate. Existing frameworks were designed for a world where privacy threats came from databases, not algorithms.

In the United States, HIPAA remains the foundational framework for protecting health information, but it was enacted in 1996, long before the emergence of clinical AI. The proposed update to the HIPAA Security Rule, published by the Department of Health and Human Services in January 2025, represents the first major revision in over a decade. The proposal eliminates the distinction between “required” and “addressable” security controls, mandates encryption for all electronic protected health information, and introduces multi-factor authentication requirements. Critically, it establishes that data used in AI training, prediction models, and algorithm development by regulated entities falls under HIPAA's protections.

However, the proposed rule does not specifically address memorisation risks. It treats AI systems primarily through the lens of conventional cybersecurity: access controls, encryption, audit logging. These measures are necessary but insufficient for a threat that is embedded within the model's learned representations rather than stored in a conventional database. The public comment period for the proposed rule closed in March 2025 with nearly 5,000 submissions, and the final rule is expected in late 2025 or 2026. Whether it will address the unique characteristics of AI memorisation remains uncertain.

The European Union's approach through the AI Act offers somewhat more specificity. The regulation classifies AI systems used in healthcare as high-risk, subjecting them to requirements for data governance, transparency, human oversight, and post-market monitoring. From August 2026, most obligations will apply, with full compliance for high-risk medical device AI required by August 2027. The Medical Device Coordination Group published guidance document MDCG 2025-6 to clarify how the AI Act interacts with existing medical device regulations under the MDR and IVDR frameworks.

The AI Act's data governance requirements are particularly relevant to memorisation. High-risk AI manufacturers must implement practices appropriate for the intended purpose, including attention to possible biases and privacy risks. The transparency obligations require that systems be designed to allow deployers to interpret outputs and use systems appropriately. These provisions create a regulatory foundation that could, in principle, require memorisation testing before deployment. But the specifics of implementation remain to be worked out through standards and guidance that have not yet been finalised.

At the state level in the United States, a patchwork of legislation is emerging. By 2025, over 250 AI-related bills had been introduced across more than 34 states. Texas enacted the Responsible Artificial Intelligence Governance Act in June 2025, requiring healthcare practitioners to provide patients with written disclosure of AI use in diagnosis or treatment. Colorado and Utah have enacted their own comprehensive AI laws. The result is a fragmented landscape that creates compliance challenges for healthcare organisations operating across jurisdictions whilst providing inconsistent protection for patients.

Technical Safeguards and Their Limits

The technical toolkit for mitigating memorisation risks is growing, though no single approach offers a complete solution.

Differential privacy, the mathematical framework developed by computer scientists including Cynthia Dwork of Harvard University, provides formal guarantees about information leakage during model training. By adding carefully calibrated statistical noise to the training process, differential privacy ensures that the model's outputs reveal almost nothing about any individual training example. Recent research has demonstrated that healthcare AI models can achieve 96.1 per cent accuracy with a privacy budget of epsilon equals 1.9, suggesting that strong privacy and high clinical performance can coexist.

Yet differential privacy has limitations. The privacy-utility trade-off is real: stronger privacy guarantees require more noise, which can degrade model performance on clinical tasks where accuracy directly affects patient outcomes. The United States Census Bureau's experience with differential privacy in the 2020 census provides a cautionary example. Research found that the technique introduced disproportionate discrepancies for rural and non-white populations, raising concerns about equity impacts that would be equally relevant in clinical settings where underrepresented populations already face disparities in care.

Federated learning offers another approach, keeping patient data decentralised across institutions whilst training a shared model. Rather than aggregating raw data on a central server, each participating hospital trains the model locally and shares only model updates. Yet research has shown that these model updates themselves can leak information. Gradient inversion attacks can reconstruct substantial portions of original training data from the mathematical updates exchanged during federated learning. A study titled “Two Models are Better than One: Federated Learning Is Not Private for Google GBoard Next Word Prediction” demonstrated that user sentences could be reconstructed from model updates alone.

Machine unlearning, the targeted removal of specific patient data from a trained model, has emerged as a conceptually appealing response to memorisation. The approach aligns with the General Data Protection Regulation's right to be forgotten, which allows individuals to request deletion of their personal data. Research presented at MICCAI 2025 introduced Forget-MI, a method for unlearning multimodal medical data from trained architectures. A December 2025 testbed called MedForget modelled hospital data as a nested hierarchy, enabling fine-grained unlearning assessment across multiple organisational levels.

But machine unlearning faces fundamental practical barriers. Retraining a model from scratch without specific patient data remains the only guaranteed path to complete unlearning, and for large foundation models, retraining can take weeks and cost millions of dollars. Approximate unlearning methods are faster but cannot guarantee that all traces of a patient's data have been removed. Moreover, if certain demographic groups are more likely to exercise their right to be forgotten, the resulting training data could become skewed, potentially worsening the very biases that clinical AI is supposed to help address. As a Health Affairs analysis noted, machine unlearning “is computationally intensive, scientifically immature, and potentially destabilising to models that must remain reliable across a wide range of clinical inputs.”

Data deduplication, the removal of repeated training examples, provides a simpler but partial mitigation. Research has consistently shown that models are more likely to memorise data that appears multiple times in training sets. Curating and deduplicating training data can reduce memorisation rates, though it cannot eliminate the risk entirely for patients whose clinical profiles are inherently distinctive.

Building an Evaluation Framework That Works

The MIT team's work points towards what a comprehensive evaluation framework for clinical AI memorisation might look like. Their open-source toolkit, validated on a publicly available electronic health record foundation model, provides a starting point for systematic privacy assessment before model deployment.

The framework's key innovation is contextualising memorisation within healthcare. Not all information leakage constitutes a meaningful privacy risk. A model that reveals population-level patterns, such as the typical age distribution of patients with a particular condition, is doing exactly what it was designed to do. The danger arises when a model's outputs can be traced to a specific individual, particularly when the leaked information includes sensitive diagnoses or treatment histories.

Tonekaboni emphasised the importance of practical evaluation. “This work is a step towards ensuring there are practical evaluation steps our community can take before releasing models,” she said. The framework assesses both embedded memorisation, where patient information is encoded in the model's internal representations, and generative memorisation, where the model can be prompted to produce patient-specific outputs. By testing across both dimensions, the framework provides a more complete picture of privacy risk than either approach alone.

For this kind of evaluation to become standard practice, it would need to be integrated into the regulatory approval process for clinical AI systems. Currently, most AI-enabled medical devices in the United States are cleared through the FDA's 510(k) pathway, which requires demonstration of substantial equivalence to a previously approved device but does not mandate independent clinical performance studies or privacy evaluation. A cross-sectional study of 903 FDA-approved AI devices found that clinical performance studies were reported for only approximately half at the time of regulatory approval. Memorisation testing is not part of the approval process at all.

The Coalition for Health AI (CHAI), on whose working group Ghassemi serves, represents one effort to establish industry-wide standards for trustworthy health AI. The NIST AI Risk Management Framework provides a complementary structure, addressing validity, reliability, safety, security, explainability, privacy, and fairness. Integrating memorisation evaluation into these existing frameworks would be more practical than creating entirely new regulatory apparatus, but it requires agreement on what constitutes acceptable levels of memorisation risk, a question that remains open.

Rare Conditions, Outsized Vulnerability

The memorisation problem falls hardest on the patients who can least afford it. Individuals with rare diseases, by definition, have clinical profiles that stand out from the broader population. Their diagnostic codes appear infrequently in training data. Their laboratory value patterns are unusual. Their treatment trajectories are distinctive. All of these characteristics make their records more memorable to a model and more extractable by an adversary.

The same is true for patients with stigmatising diagnoses. HIV status, substance use disorders, psychiatric conditions, and sexually transmitted infections all carry social consequences that extend far beyond the clinical encounter. Disclosure of these conditions can affect employment, housing, insurance, and personal relationships. De-identification was supposed to sever the link between these sensitive details and the individuals they describe. Memorisation threatens to re-forge that link through the model itself.

This disproportionate vulnerability raises equity concerns that mirror broader patterns in healthcare AI. Research has repeatedly shown that AI systems can perpetuate and amplify existing biases against marginalised populations. If memorisation risks are concentrated among patients with rare or stigmatising conditions, the privacy burden falls most heavily on those who are already underserved by the healthcare system.

Addressing this inequity requires targeted protections. Higher levels of differential privacy noise could be applied to training data involving sensitive diagnoses, at the cost of reduced model performance for those specific conditions. Rare disease patient records could be excluded from training sets entirely, though this would eliminate the clinical utility of foundation models for precisely the populations that stand to benefit most from AI-assisted care. Neither option is satisfactory, and the tension between privacy protection and clinical benefit for rare disease patients may prove to be one of the defining challenges of clinical AI governance.

What Genuine Protection Requires

The path from current vulnerability to genuine protection requires action across multiple domains simultaneously. No single technical safeguard, regulatory standard, or evaluation framework will suffice in isolation.

On the technical side, differential privacy during training should become the default rather than the exception for clinical foundation models. Memorisation evaluation, using frameworks like the one developed by Tonekaboni and colleagues, should be mandatory before any model is deployed in a clinical setting. Ongoing monitoring should be built into deployment infrastructure to detect potential memorisation-based extraction attempts in real time. And machine unlearning capabilities, however immature, should be developed and standardised so that patients can exercise meaningful control over the fate of their data within AI systems.

On the regulatory side, HIPAA needs to evolve beyond its current framework to address threats that are embedded within model architectures rather than stored in conventional databases. The EU AI Act's high-risk classification for healthcare AI provides a useful starting point, but implementation guidance must specifically address memorisation risks. Regulatory bodies including the FDA, the European Medicines Agency, and national health authorities need to incorporate memorisation testing into their approval and post-market surveillance processes.

On the institutional side, healthcare organisations deploying clinical AI must treat memorisation as a distinct category of risk requiring its own governance structures, audit procedures, and incident response plans. The conventional cybersecurity toolkit, with its emphasis on perimeter defence, encryption, and access control, is necessary but not sufficient for threats that live inside the model rather than outside the firewall.

The researchers behind the MIT study plan to expand their work to become more interdisciplinary, bringing in clinicians, privacy experts, and legal scholars. That instinct is exactly right. The memorisation problem sits at the intersection of computer science, medicine, law, and ethics, and solving it will require all four disciplines working in concert.

“There's a reason our health data is private,” Tonekaboni observed. “There's no reason for others to know about it.” That principle has guided health privacy law for decades. The question now is whether it can survive the age of foundation models trained on the very data it was designed to protect. The answer will depend on whether the clinical AI community treats memorisation as a fundamental design constraint rather than an afterthought, building privacy into the architecture of these systems from the ground up rather than bolting it on after deployment. The technology to do so exists. Whether the will and the regulatory momentum exist to mandate it remains the open question.

---

References and Sources

1. Tonekaboni, S., Stempfle, L., Fallahpour, A., Gerych, W., and Ghassemi, M. “An Investigation of Memorization Risk in Healthcare Foundation Models.” arXiv:2510.12950, presented at NeurIPS 2025. https://arxiv.org/abs/2510.12950

2. MIT News. “MIT scientists investigate memorization risk in the age of clinical AI.” January 5, 2026. https://news.mit.edu/2026/mit-scientists-investigate-memorization-risk-clinical-ai-0105

3. Carlini, N., Tramer, F., Wallace, E., et al. “Extracting Training Data from Large Language Models.” USENIX Security 2021. https://www.usenix.org/conference/usenixsecurity21/presentation/carlini-extracting

4. Nasr, M., Carlini, N., Hayase, J., et al. “Scalable Extraction of Training Data from (Production) Language Models.” arXiv:2311.17035, 2023. https://arxiv.org/abs/2311.17035

5. Sweeney, L. “Simple Demographics Often Identify People Uniquely.” Carnegie Mellon University, Data Privacy Working Paper 3, 2000. https://dataprivacylab.org/people/sweeney/work/index.html

6. Sweeney, L. “Risks to Patient Privacy: A Re-identification of Patients in Maine and Vermont Statewide Hospital Data.” Technology Science, 2018. https://techscience.org/a/2018100901/

7. PMC. “Addressing contemporary threats in anonymised healthcare data using privacy engineering.” 2025. https://pmc.ncbi.nlm.nih.gov/articles/PMC11885643/

8. Springer Nature. “What is the patient re-identification risk from using de-identified clinical free text data for health research?” AI and Ethics, 2025. https://link.springer.com/article/10.1007/s43681-025-00681-0

9. HIPAA Journal. “Healthcare Data Breach Statistics.” https://www.hipaajournal.com/healthcare-data-breach-statistics/

10. UnitedHealth Group. “UnitedHealth Group Updates on Change Healthcare Cyberattack.” April 22, 2024. https://www.unitedhealthgroup.com/newsroom/2024/2024-04-22-uhg-updates-on-change-healthcare-cyberattack.html

11. HHS. “Changes Proposed to Strengthen HIPAA Security Rule.” January 2025. https://www.hhs.gov/hipaa/for-professionals/special-topics/de-identification/index.html

12. Reed Smith. “The EU AI Act and Medical Devices: Navigating High-Risk Compliance.” 2025. https://www.reedsmith.com/our-insights/blogs/viewpoints/102kq35/the-eu-ai-act-and-medical-devices-navigating-high-risk-compliance/

13. European Commission. “Medical Devices Joint Artificial Intelligence Board, MDCG 2025-6.” 2025. https://health.ec.europa.eu/document/download/b78a17d7-e3cd-4943-851d-e02a2f22bbb4_en

14. Health Affairs Forefront. “Unlearning In Medical AI: A New Frontier For Privacy, Regulation, And Trust.” 2025. https://www.healthaffairs.org/content/forefront/unlearning-medical-ai-new-frontier-privacy-regulation-and-trust

15. MICCAI 2025. “Forget-MI: Machine Unlearning for Forgetting Multimodal Information in Healthcare Settings.” https://arxiv.org/html/2506.23145

16. MedForget. “MedForget: Hierarchy-Aware Multimodal Unlearning Testbed for Medical AI.” December 2025. https://arxiv.org/html/2512.09867v1

17. Nature Medicine. “Medical large language models are vulnerable to data-poisoning attacks.” January 2025. https://www.nature.com/articles/s41591-024-03445-1

18. Becker's Hospital Review. “EHR-trained AI could compromise patient privacy: MIT.” 2026. https://www.beckershospitalreview.com/healthcare-information-technology/ai/ehr-trained-ai-could-compromise-patient-privacy-mit/

19. Cobalt. “Healthcare Data Breach 2025 Statistics.” https://www.cobalt.io/blog/healthcare-data-breach-statistics

20. NIST AI Risk Management Framework. https://www.nist.gov/artificial-intelligence/ai-risk-management-framework

---

Tim Green UK-based Systems Theorist & Independent Technology Writer

Tim explores the intersections of artificial intelligence, decentralised cognition, and posthuman ethics. His work, published at smarterarticles.co.uk, challenges dominant narratives of technological progress while proposing interdisciplinary frameworks for collective intelligence and digital stewardship.

His writing has been featured on Ground News and shared by independent researchers across both academic and technological communities.

ORCID: 0009-0002-0156-9795 Email: tim@smarterarticles.co.uk

In Summary: * After watching one baseball game and two basketball games on TV earlier today, I'll spend Sunday evening with my Radio. Listening now to 1200 WOAI, the flagship station for the San Antonio Spurs, for pregame coverage then the call of tonight's game vs. the Houston Rockets.

Prayers, etc.: * I have a daily prayer regimen I try to follow throughout the day from early morning, as soon as I roll out of bed, until head hits pillow at night. Details of that regimen are linked to my link tree, which is linked to my profile page here.

Starting Ash Wednesday, 2026, I've added this daily prayer as part of the Prayer Crusade Preceding the 2026 SSPX Episcopal Consecrations.

Health Metrics: * bw= 230.49 lbs * bp= 155/92 (63)

Exercise: * morning stretches, balance exercises, kegel pelvic floor exercises, half squats, calf raises, wall push-ups

Diet: * 06:00 – 1 banana * 07:40 – rice cake * 09:50 – garden salad * 10:00 – home made fruit roll-ups (munched on throughout the day) * 12:45 – bowl of cooked meat (liver, tongue, sausage, pork, etc.) and vegetables * 15:30 – 1 fresh apple

Activities, Chores, etc.: * 06:10 – bank accounts activity monitored * 06:25 – read, write, pray, follow news reports from various sources, surf the socials, and nap * 11:00 – watch the World Baseball Classic, Netherlands vs Dominican Republic * 14:00 – watch college basketball, Illinois at Maryland * 16:00 – more college basketball, Iowa at Nebraska * 18:00 – San Antonio Spurs Pregame Coverage * 19:00 – listening to the radio call of tonight's Houston Rockets vs. San Antonio Spurs game

Chess: * 08:55 – moved in all pending CC games

The grounds of St. Clare House are a messy mix of leftover snow, ice, and newly formed mud, as the late winter sunshine begins the transformation of the ground. It’s far too early for other signs of impending spring like snow blossoming flowers or buds on trees and shrubs. Rather it’s a squishy, slippery work in progress. Early today a couple of us cleared the mound of snow and ice from the back porch. There was chopping, scraping, and heaving. It was a pretty good workout.

This landscape makes for a pretty powerful Lentscape. We are most definitely not in Spring. At the same time, the warmer air tells me we’re not precisely in Winter either. We’re somewhere in between. The preparatory and penitential seasons of the liturgical calendar tend to work this way. Definitely not the festival or season we’ve left behind, certainly not the upcoming feast either.

Rather, we experience the melt, the sogginess, the mush, and the necessity of getting rid of what needs to go, and the reality that only patient presence will get us through this transition. This can be hard, especially with the last of the roof-bound ice and snow crashing down, the large, lazy puddles, the mind’s desire to race ahead and begin projects and preparations on a ground that is nowhere close to ready.

To say nothing of the longing to escape into the gardens or the earth-keeping as the news of war, rumors of bigger war, and calamities of growing proportion keep crashing down like that stubborn ice. Even so, we remain caught up in the present moment, with all of the very real and uncertain things that are swirling about. If a part of Lent is preparing to bear witness to the suffering and violence of the crucifixion, and in contrast God’s enduring love, then we have plenty of crucified neighbors, neighborhoods, and far-flung members of the human family who are giving us the opportunity to prepare our hearts and hands for both witness and loving action.

Let us attend during this season of change, some slower than we want, some faster than we can keep up with, to the unique gift of each moment. As we discern what is ours to do in the midst of mud and ice, seeking the well-being of our neighbors and the earth, we have an amazing opportunity to still be mindfully and heartfully attentive when the next sign of new life emerges.

Hello I have been talking to some friends It’s the modern miracle of science to see these faces through the screen

And anyway we were talking about separation of intent from outcome

And I thought of this line from Kamelot ”Soul Society” from ”The Black Halo” album, (which is my favourite even though my favourite song ”The Spell” is from ”Karma”)

How could I be condemned for the things that I've done  If my intentions were good?

and yes this is food for thought of course it is. Of course it is. Intenttions are all we have on the one hand: the outcome is never given, because we can only guess how it will pan out. The point is, that we should make these educated guesses and also ensure that intention and outcome walk hand in hand

But that is beside the point

The point is I once in listened to ”The Spell” (and Karma) on a burned CD which was in my friend’s black saab 9000 turbo with black leather upholstery, we were going to the gas station in the middle of the night to buy snacks for we were playing Heroes of Might and Magic: II, but were out of snacks, and so when I sat there on the passenger’s seat and my friend was speeding and this song came on and never in my life have I ever felt as cool as I did then.

Then years pass and this memory faded until I heard the Karma album many years later and I thought this is the bomb and so I listened to all of these Kamelot albums until I rediscovered Karma and The Spell and then I was a more complete human being with this aforementioned memory sitting like a black diamond on my metaphorical crown.

Did you know Roy Khan the singer (then) of Kamelot is from Norway?

Outside in places the sidewalks are dry and the gravel on there redundant, but it’s mostly wet, because the snow and ice are melting and the meltwater on the salted roads run like tears, and the trees all seem dead for now but everybody knows it’s just a matter of time til there will be green buds all over them!

And of course one day I will wake up to half a meter of dirty snow and sleet and there will be ice, just when you think about planting tomatoes, but even so, it will still be under the spring sun and sky and that’s really comforting

And I have many friends and family and they come too like spring suns and they make my life worth living

And there will grow dandelions in the cracks of the asphalt and there will be once again butterflies outside

And I feel th

So yesterday, I went to a Hatsune Miku convention. And I think I found my people. At first, it was complete sensory overload because of all the bright turquoise cosplays, all various versions of Miku: Minecraft Miku, Furry Miku, and many many normal Mikus. It was insanity and I found myself laughing internally at the people walking by, thinking about how ridiculous and absurd this situation was. Then I watched some vocaloid idol performances, which featured a bunch of cosplayers donning their best Miku outfits and dancing (badly) to Miku vocaloid songs. I wouldn't do much better, but I do think the focus was more on the cosplay aspect than the dancing aspect, which is fair. If you're working a day job to earn money in this economy and then practicing cosplay and Miku dances, I'm not setting a high bar for your performances. I'm just happy you showed up and gave it your all.

More and more, I felt my derisive, ironic mental safeguards fall as I looked at the people around me and realized nobody was doing this for the lulz, or for shits and giggles. They could have been, but nobody was making fun of each other for liking something which is often so looked down on by “normal” people. Their love for Miku was so pure that I couldn't make fun of them anymore.

With that thought in my head, I went to the bathroom, and changed into a shitty Miku costume I bought on Amazon, and watched the performances without talking to a single soul. I should've talked to more people, I know but, the the performances were pretty cool: bands performing vocaloid music (props, that shit is hard as fuck to play and sing live), and people were dancing to Miku songs. I bought an acryllic of an office lady Teto sitting on a rolling desk chair with a cig in her hand, thinking that I was accumulating an alarming amount of anime paneraphilia in my apartment.

I bought the Miku costume and tried it at first because of I just had always wanted to try these things, and I was like, I'd better explore this before I regret it. I knew I wanted to try it, and I hate feeling restricted by societal standards or whatever else. I love to be free. So I did it, praying in my heart to God, “I know this looks and seems extremely sexually deviant, and if it is, show me, and if isn't, I'll know more about myself.” So I did it, and I was pleased to find that I was able to do it, without any feeling of arousal or weird thoughts like that. It was more so like, “This is fun, haha.” And that was pretty much the end of it. A fuckton of people around me being dressed up in the same way helped with that too.

It took me a good while, but I also found my heart opening up to these people. I consider myself such a freak that I probably will never be accepted by normal people. But these people were so pure in the expression of their freak that I felt right at home among them. These kinds of places are great places for the exiles of society to hang out, because the concept of cringe doesn't exist in these spaces. Everything goes as long as nobody's hurting each other. We are all in love with a virtual singer that doesn't, has never, and never will exist, and listening to a bunch of songs that, if you started playing it around most people, they would yell at you to turn that shit off.

So I realized that I want to hang out with these people more and ditch the people in my life I don't think could accept me for the person I am. I didn't feel like I needed to hide my niche interests with these people because we are all niche and happen to like the same thing. It was a wonderful thing.

Then the next day, I went to service at a Korean church, which is a completely different environment. The people here could never accept me for who I am. And that's a fact. Showing someone here a photo of me cosplaying Miku would be equivalent to social suicide. People would be shocked, and probably either disgusted or concerned. This is why I'm trying to go to more in-person events nowadays in a desperate attempt to widen my circle. In-person interaction, meeting with new people is such a magical thing, and opens doors you didn't even know existed.

The sermon today was about how Jesus's revival opens new doors for humanity that didn't exist before. The main points I took away from the sermon was the following

1. Love for God isn't an emotional attraction thing, we cannot love God without knowing Him more. And to know Him means that you need to dive completely into Him, giving Him your all. Knowing Him is not an intellectual act. It is more spiritual in nature.

2. Our ability to live a God-based life where we are in love with Him and is pleasing to us is based on the two factors, which work in tandem together.

   1. God's grace given to us freely through Jesus's death on the cross (not our doing)

   2. Our acceptance, reciprocation, and giving the entirety of yourself up to God (our free will)

I found myself questioning whether God would take away everything I ever liked, like my fascination/obsession with all things virtual (like vocaloid), or an interesting avenue of self-expression I found named cosplay. I found it so hard to wrest those things from my grasp, but then I was reminded of some things once again.

1. There is no meaning apart from God. This is to say, there is no life worth living apart from God. There is this hollowness that follows a life lived without God, that cannot be filled. When you are in God, you will not have the dopamine-induced fever dream life of pleasure you had before, but you can be sure that hole will be filled. It's more boring, but there's more sustainable fun in it. Having ventured down that hole many times, I do want to place my time, energy, resources, everything I have in something that is eternally meaningful, and not just a trifle.

2. I find it difficult to engage with church communities because freaks like me are often rejected from these places. While I need people that accept me for who I am, there is no group of people or person that is perfect, and what matters in the end is God's acceptance and love for you that exists no matter who you are.

So I decided once again to give myself up to God, and cultivate in my heart the things of God. And to do this, I just need to pray and read the Bible. What you consume is often what you cultivate, just like that feeding two wolves Native American parable.

During the season of Lent this year which has already started – March 5th to April 17th. I want to, every single day, read the Bible and pray for a combined period of 30 minutes per day. No matter what happens, I will do that. Starting today.

Photos: Former U.S. Capitol and D.C. Metropolitan Police officers wounded during the 6 Jan. 2021 attack on the Capitol. Top to bottom — Harry Dunn, Michael Fanone, Aquilino Gonell, and Daniel Hodges (A. Kotok). All images are available at the Alamy agency.

A memorial plaque honoring police officers wounded during the 6 Jan. 2021 mob attack on the U.S. Capitol was installed on the building’s west front side on Saturday 7 Mar. at 4:00 am. Olivia George, a Washington Post reporter, witnessed the installation after its authorization three years earlier.

George’s story in the Post notes Congress mandated a commemorative plaque in Mar. 2022, for installation within a year. George says artists created the plaque, but it remained in storage under orders from Speaker of the House Mike Johnson (R-LA), who supervises the Capitol architect, the office responsible for building maintenance.

Harry Dunn, one of the officers hurt in the attack, sued to have the plaque installed, and the Senate in Jan. 2026 gave unanimous consent for the installation. George says, “There was no announcement, no ceremony, no news cameras — just two employees on their routine overnight shift working while most of Washington slept.”

We photo’d Dunn and three other officers wounded in the attack who spoke at a “January 6, Five Years Later” program at the National Press Club. TechNewsLit Explores reported on the program on 8 Jan. Those photos, shown above, are available from the TechNewsLit portfolio at the Alamy agency.

Copyright © Technology News and Literature. All rights reserved.

7 March 2026

Chair, wall, & pipe: a small collage on two notecards (roughly half of one glued on top of another) in pencil, ink, and acrylic. There’s an outdoor chair outside someone’s studio across from my building at Vanguard that sits against a brick wall, from which protrudes a short length of silver piping. The piping extends parallel to the ground such that it appears to be floating by its own power, like a snake hovering its head/trunk—it looks like it’s searching. Its form mirrors the rhythm of the seat of the chair next to it, almost like the two have simultaneously looked away from each other. But they’re bound by the wall they share.

5 March 2026

Passed lots of street preachers on my way to poke around the dollar stores in Wood Green today. On my way home, an angry-looking man (vein bulging from a red bald head) emerged from a building with a bag of birdseed, was a few paces ahead of me almost the entire way back. When we got to Wood Green station, he made a beeline for a man monologuing about Jesus through a handheld microphone and then emptied the entirety of the birdseed in a circle around him. The angry man shouted obscenities as pigeons descended on the feed in a big gray flurry around the preacher, who just kept on preaching.

Como a masculinidade hegemónica produz os corpos que contam

A masculinidade hegemónica não descreve um tipo de homem. Descreve uma máquina. Um regime de produção que decide, em cada contexto, que corpos são reconhecidos como legítimos, que vidas merecem protecção e que existências podem aparecer no espaço público sem risco de violência. Compreender isto — que a masculinidade dominante não é uma identidade mas um aparelho — é o ponto de partida deste caderno.

Este texto abre o segundo caderno do Kuir Cuir. O primeiro percorreu a repressão e a resistência cuir do pós-guerra a Stonewall. Este segundo caderno, Que corpos contam?, propõe uma cuirografia de masculinidade e poder — uma escrita situada, politicamente comprometida, que interroga como a hegemonia masculina fabrica hierarquias entre corpos, entre vidas, entre formas de existir. Os textos que se seguem nasceram de um trabalho académico no âmbito de um mestrado em Estudos Interdisciplinares de Género e Sexualidade, mas precisavam de outra língua e de outra casa. A armadura institucional protegia o argumento e sufocava-o ao mesmo tempo. Este caderno é o gesto de o libertar — não para o simplificar, mas para o devolver ao lugar onde o pensamento respira melhor: nas margens.

Cada texto é acompanhado de uma secção de leituras que situa as referências mobilizadas; no final do caderno, uma bibliografia comentada reúne o conjunto das filiações intelectuais que sustentam esta cuirografia.

Fotografia de Julee Juu (2026) – Uso gratuito sob a Licença da Unsplash

---

A hierarquia e o seu exterior

A teoria das masculinidades, tal como Raewyn Connell a sistematizou na sua obra fundadora Masculinities, descreve a existência de uma hierarquia relacional entre diferentes formas de ser homem. No topo, a masculinidade hegemónica — não necessariamente a mais comum, nem sequer a mais visível, mas a culturalmente dominante: aquela que organiza o consenso sobre o que um homem deve ser, como deve agir, que desejos pode ter e que corpo deve habitar. A hegemonia não se impõe apenas pela força. Funciona por liderança, por persuasão, por aquilo que se apresenta como óbvio e que, por parecer óbvio, deixa de ser questionado. É poder tornado legítimo — ou, como sintetizam Richard Howson e Jeff Hearn, autoridade que resulta da fusão entre poder e legitimidade.

Abaixo da hegemonia, Connell identifica outras posições. As masculinidades cúmplices são aquelas que não encarnam o ideal hegemónico mas beneficiam dele — o dividendo patriarcal, como lhe chama Connell, distribui-se mesmo entre homens que nunca exercem directamente a dominação. A cumplicidade é silenciosa, confortável, quase invisível: é o homem que não agride mas que lucra com um sistema que agride por ele. As masculinidades subordinadas ocupam o polo oposto — são aquelas que a hegemonia empurra para baixo porque ameaçam a sua coerência. A masculinidade gay é o caso paradigmático: ao desligar masculinidade de heterossexualidade, expõe a contingência daquilo que a hegemonia apresenta como natural. E há ainda as masculinidades marginalizadas, estruturadas não apenas por género mas por raça, classe e nacionalidade — masculinidades que, mesmo quando heterossexuais, são excluídas do centro porque os corpos que as habitam são lidos como excesso, risco ou ameaça.

Esta hierarquia não é estática. A hegemonia reconfigura-se, adapta-se, absorve seletivamente aquilo que lhe convém. Masculinidades híbridas, como lhes chamam alguns autores, incorporam práticas cuir, estéticas femininas ou sensibilidades progressistas sem abdicar do privilégio estrutural — uma flexibilidade que fortalece a hegemonia precisamente por a fazer parecer mais aberta do que é. Mas o ponto decisivo, aquele que Connell e os seus leitores mais atentos sublinham, é que a masculinidade hegemónica se define sempre em relação ao seu exterior. A hegemonia precisa de masculinidades subordinadas e marginalizadas para se estabilizar. Sem o abjeto, não há legítimo. Sem a fronteira, não há centro. O exterior não é um resíduo do sistema — é a sua condição de funcionamento.

Isto significa que a exclusão das masculinidades cuir, racializadas ou de classe popular não é uma falha da hegemonia. É o seu modo de operar. A fábrica não produz apenas o homem legítimo — produz, ao mesmo tempo, os corpos que precisam de ser excluídos para que a legitimidade se mantenha. E é esta produção simultânea do centro e das margens que faz da masculinidade hegemónica um regime de poder e não apenas uma preferência cultural.

Da norma à fábrica: o deslocamento ontológico

Dizer que a masculinidade hegemónica é uma norma cultural, um regime simbólico, uma estrutura relacional — tudo isto é verdadeiro, mas ainda não é suficiente. A leitura de Connell descreve com precisão como a hierarquia se organiza, mas tende a manter a análise no plano do discurso, das representações e das práticas culturais. É aqui que este caderno propõe um deslocamento — não para negar a dimensão cultural, mas para a radicalizar.

O realismo agencial de Karen Barad oferece as ferramentas para esse gesto. Para Barad, matéria e significado não existem como esferas separadas que depois se relacionam. Estão inextricavelmente fundidos: aquilo a que chamamos realidade é produzido por práticas material-discursivas que são simultaneamente físicas, institucionais, tecnológicas e normativas. Não há, de um lado, os corpos, e do outro, as normas que os classificam. Há práticas que produzem certos corpos como inteligíveis e outros como abjectos, certas vidas como reconhecíveis e outras como descartáveis. A esta produção, Barad chama materialização — e é um processo contínuo, situado e historicamente contingente.

Aplicar isto à masculinidade hegemónica muda radicalmente o que vemos. A hegemonia deixa de ser apenas um conjunto de ideias sobre o que um homem deve ser. Torna-se um regime de materialização: um aparelho que, através de práticas concretas — exames médicos, documentos legais, formulários administrativos, procedimentos policiais, critérios de elegibilidade, protocolos psiquiátricos —, produz alguns corpos como masculinos legítimos e outros como desviantes, insuficientes ou inexistentes. Estes aparelhos não se limitam a aplicar categorias a corpos que já existem. Participam na produção dos próprios corpos e das próprias categorias. O género não preexiste às práticas que o mobilizam — emerge delas.

Judith Butler já nos tinha mostrado que o género é um efeito performativo. A repetição de normas heteronormativas, a vigilância dos comportamentos, a sanção da dissidência — tudo isto produz a aparência de uma essência natural onde só há história e poder. Corpos inteligíveis e sujeitos reconhecíveis são o resultado dessa repetição, não a sua causa. O contributo de Barad radicaliza este gesto de Butler: não se trata apenas de performatividade discursiva, mas de materialização no sentido forte do termo. As normas de género não apenas regulam ou representam diferenças — participam activamente na produção material dessas diferenças. Quando um protocolo médico exige que uma pessoa trans apresente uma narrativa coerente de disforia para aceder a tratamento hormonal, não está apenas a aplicar uma norma — está a fabricar o sujeito de género que pode existir. Quando um formulário oferece apenas duas opções de sexo, não está apenas a simplificar — está a produzir um mundo em que certas existências não cabem. Quando a polícia lê um corpo racializado como ameaça e um corpo cuir como anomalia, não está apenas a interpretar — está a materializar hierarquias que se inscrevem na carne de quem as vive.

É esta passagem — da regulação à produção, da norma à fábrica — que distingue a leitura que este caderno propõe. A masculinidade hegemónica não representa diferenças: produz corpos como inteligíveis ou abjetos, vidas como reconhecíveis ou descartáveis, existências como legítimas ou impossíveis. E produz tudo isto não através de uma ideologia abstracta, mas através de aparelhos concretos que operam nas instituições, nas tecnologias e nas práticas quotidianas.

A dimensão epistemológica deste regime é igualmente decisiva. Donna Haraway, no seu ensaio fundador sobre conhecimentos situados, mostrou que todo o conhecimento é parcial, localizado, produzido a partir de corpos e posições sociais concretas. Não existe um olhar de lugar nenhum. A pretensão de objectividade universal — aquilo a que Haraway chama o truque divino — é sempre o privilégio de quem pode esconder a sua posição, de quem não precisa de se nomear porque se confunde com o padrão. O olhar que se diz neutro é, quase sempre, o olhar branco, cisgénero, heterossexual, de classe média, nacional — aquele que nunca precisa de justificar a sua perspectiva porque a tomou como sinónimo de verdade.

Isto tem consequências directas para a análise da masculinidade hegemónica. Os dados que temos sobre discriminação, as políticas públicas que dizem combatê-la, os enquadramentos jurídicos que prometem igualdade — tudo isto é produzido a partir de posições situadas. Quando um estudo mede a discriminação com categorias estanques — homossexual, heterossexual, homem, mulher —, está a operar a partir de uma ontologia que já decidiu o que existe e o que não existe, que experiências são legíveis e quais escapam ao enquadramento. Quando uma política pública assume que a igualdade formal resolve a exclusão material, está a olhar a partir de uma posição que nunca sentiu a distância entre a lei e a vida. Reconhecer a localização do olhar não é um exercício académico — é uma condição de honestidade intelectual e de responsabilidade política.

Desmontar a máquina

Integrar estas perspectivas — Connell, Barad, Butler, Haraway — permite compreender que a masculinidade hegemónica é mais do que uma norma cultural ou um regime simbólico. É um regime onto-epistémico-material: produz corpos, organiza saberes e distribui desigualmente o acesso à existência reconhecida. Quando dizemos que certos homens são subordinados ou marginalizados, não estamos apenas a descrever posições numa hierarquia de prestígio. Estamos a nomear os efeitos concretos de uma fábrica que precisa de produzir o abjeto para estabilizar o legítimo, que precisa de fronteiras para se definir, e que opera através de instituições, tecnologias e práticas quotidianas que fazem parecer natural aquilo que é histórico, contingente e politicamente produzido.

E é precisamente aqui que a análise muda de natureza. Se a masculinidade hegemónica fosse apenas uma norma cultural, bastaria mudá-la com educação, representação e boa vontade. Mais inclusão nos media, mais formação nas escolas, mais campanhas de sensibilização — e o problema estaria resolvido. Mas se a hegemonia é um regime material — se produz corpos, se se inscreve em instituições, se molda os próprios instrumentos com que a medimos —, então combatê-la exige outra coisa. Exige desmontar os aparelhos que a fabricam: os protocolos médicos que decidem quem é homem suficiente, os formulários que apagam existências não-binárias, os sistemas policiais que lêem raça e género como ameaça, os critérios de elegibilidade que excluem quem não cabe nas categorias dominantes. Exige interrogar quem produz conhecimento sobre género, a partir de que posição, com que instrumentos e ao serviço de que interesses. Exige recusar a neutralidade como disfarce do privilégio — porque a neutralidade, quando estamos perante um sistema que produz vidas descartáveis, é sempre cumplicidade.

E exige, sobretudo, partir dos corpos que a hegemonia descarta. Não por romantismo nem por altruismo, mas por rigor. Porque é nas margens — nos corpos que a fábrica rejeita — que se vê com mais clareza como a máquina funciona. Quem nunca precisou de provar que é homem não sabe como a masculinidade é produzida. Quem nunca sentiu o olhar policial sobre a sua pele não sabe como a raça se materializa. Quem nunca ficou de fora de um formulário não sabe o que significa ser ontologicamente excluído. O conhecimento que emerge desses corpos não é subjectivo nem anedótico — é situado, material e politicamente indispensável.

Os textos que se seguem neste caderno fazem exactamente esse percurso. Partem dos monstros que a masculinidade hegemónica precisa de criar, passam pela igualdade que o Estado português celebra enquanto vidas cuir ficam de fora, detêm-se num corpo negro e cuir que intensifica a sua dissidência como escudo contra a violência racial, e terminam com a pergunta sobre quem pode conhecer a discriminação — e a partir de que carne. A fábrica da masculinidade é o primeiro passo: nomear a máquina. Os seguintes tratam de a desmontar.

Leituras

Raewyn Connell, Masculinities (1995, 2.ª edição 2005). A obra fundadora da teoria das masculinidades, que introduziu os conceitos de masculinidade hegemónica, subordinada, cúmplice e marginalizada. Connell mostra que a masculinidade não é um atributo individual mas uma estrutura relacional de poder — entre homens e entre homens e mulheres. Sem este livro, o campo não existiria como o conhecemos. Leitura indispensável para qualquer análise crítica de género que recuse essencialismos.

Karen Barad, Meeting the Universe Halfway: Quantum Physics and the Entanglement of Matter and Meaning (2007). Barad propõe o realismo agencial, uma onto-epistemologia que recusa a separação entre matéria e discurso e defende que a realidade é performativa — produzida por práticas material-discursivas e não dada à partida. Uma ferramenta poderosa para compreender que as desigualdades de género não são apenas representadas, são materializadas em aparelhos concretos. Livro denso e exigente, mas que recompensa cada página.

Judith Butler, Problemas de Género: Feminismo e Subversão da Identidade (1990, tradução portuguesa Orfeu Negro, 2023). Butler argumenta que o género é um efeito performativo — produzido pela repetição de normas e não pela expressão de uma essência interior. A sua crítica à naturalização do sexo e do género fundou a teoria cuir e continua a ser uma referência incontornável. A tradução portuguesa permite finalmente ler este texto fundamental na nossa língua.

Donna Haraway, Situated Knowledges: The Science Question in Feminism and the Privilege of Partial Perspective (1988). Neste ensaio seminal, Haraway defende que todo o conhecimento é parcial, localizado e produzido a partir de posições concretas. A objectividade não é a vista de lugar nenhum — é a responsabilidade de assumir de onde se olha. Leitura essencial para quem quer pensar criticamente a produção de saber sobre género e sexualidade, e para quem desconfia — com razão — da neutralidade.

Richard Howson e Jeff Hearn, Hegemony, Hegemonic Masculinity, and Beyond, in Routledge International Handbook of Masculinity Studies (2020). Uma revisão crítica do conceito de masculinidade hegemónica que sublinha a sua natureza relacional, a importância do exterior constitutivo e a articulação entre poder e legitimidade. Leitura útil para quem quer ir além da vulgata sobre masculinidade tóxica e compreender a hegemonia como estrutura, não como insulto.

Pierre Bourdieu, La domination masculine (1998). Bourdieu analisa como a dominação masculina se naturaliza através de esquemas de percepção incorporados, reproduzidos por instituições e práticas quotidianas. A violência simbólica — central nesta obra — actua precisamente por não se apresentar como violência, mas como evidência, consenso ou normalidade. Uma referência clássica que este caderno mobiliza pontualmente, mas cuja análise dos mecanismos de naturalização do poder permanece indispensável.

---

#cuir #kuir #masculinidades #hegemoniamasculina #teoria #interseccionalidade #realismoagencial #barad #connell #butler #haraway #bourdieu #Caderno2 #desdeasmargens

---

O Caderno 2, Que corpos contam? Cuirografia de masculinidade e poder, propõe uma cuirografia de masculinidade e poder — uma escrita cuir que interroga como a masculinidade hegemónica funciona não apenas como norma cultural, mas como regime material que produz, hierarquiza e descarta corpos. A partir de uma articulação entre a teoria das masculinidades, a interseccionalidade, o realismo agencial e as epistemologias feministas, o caderno percorre cinco textos que vão do estrutural ao encarnado: da fábrica que produz o “homem legítimo” aos corpos abjectos que a hegemonia precisa de criar, da igualdade formal portuguesa que deixa vidas cuir de fora ao testemunho situado de um corpo negro e cuir, até à pergunta onto-epistemológica sobre quem pode conhecer a discriminação e a partir de que posição. Este caderno nasce da reescrita política de um trabalho académico — não para o esconder, mas para o libertar da armadura institucional e o devolver ao lugar onde sempre quis estar: nas margens, onde o pensamento corta mais fundo.

Texto 1 — A fábrica da masculinidade

Como a masculinidade hegemónica produz os corpos que contam

A masculinidade hegemónica não descreve um tipo de homem — descreve uma máquina. Este texto abre o caderno com uma declaração de posição: a hegemonia masculina é um regime material que define que corpos contam, que vidas são reconhecidas e que identidades podem existir sem risco de violência.

A publicar brevemente…

Texto 2 — Os monstros da masculinidade

Que corpos abjectos precisa a hegemonia de criar?

A hegemonia não se limita a excluir — precisa de fabricar aquilo que exclui. Este texto analisa as masculinidades cuir — gays, bissexuais e trans — como fronteira constitutiva da masculinidade hegemónica, mostrando como a abjecção é condição de funcionamento e não efeito residual do sistema.

Texto 3 — Portugal, país de direitos (para alguns)

Quem fica de fora quando o Estado celebra a igualdade?

Portugal celebra-se como país de direitos LGBT+. Mas quem é que esses direitos realmente protegem? Este texto confronta a igualdade formal com a exclusão material que persiste nas vidas de pessoas trans migrantes, LGBT+ racializadas e não-binárias precárias.

Texto 4 — A pele negra e a máscara arco-íris

O que um corpo negro e cuir sabe sobre hegemonia e dissidência

A partir do testemunho de Anthony Vincent, este texto lê a intersecção entre racialização, performatividade cuir e violência simbólica num corpo que intensifica a sua dissidência como escudo contra a vigilância racial — e descobre que nenhum campo o reconhece inteiramente.

Texto 5 — Quem sabe o que dói?

O corpo que sabe e o poder que o produz

Quem produz conhecimento sobre discriminação? A partir de que corpo? Este texto fecha o caderno com uma interrogação onto-epistemológica, retomando Vincent como sujeito de um saber que a objectividade dominante não consegue ver — porque conhecer, aqui, é uma questão de carne e não de distância.

Texto 6 — Leituras

Bibliografia comentada do caderno, reunindo as referências mobilizadas ao longo da série e situando politicamente as filiações intelectuais que sustentam esta cuirografia.

ネットで買った二千円の靴を履く。 自分に似合ってはいるが、二千円の靴ってなんだよと毎回思う。 似合ってるから良いけど。

電車は相変わらず何して良いのかわからないので、 他人にバレないようにストレッチをする。

「それ、メモしておいてよ」 といつか誰かに言ったことを思い出したが、その時の、言われた時の顔が 真顔よりも真顔だったので、それ以来言わないようにしている。

今日外に出たのは、昔からの友人に誘われたから。 昔の友達に会いにいくとき、家での準備の途中でふと呼吸を無意識的に確認する事がある。 吸って、吐いて、普通かどうかを確かめる。 特に理由はない。 別にそれで呼吸が乱れていた事はないから。

駅の乗り換えで、ハイビスカスのプリントが入ったパンツを履いた女性が、 「あっち行きたい」と彼氏に言っていた。 女性の指は、思ったよりまっすぐだった。 派手な柄の服を着ているのに、指だけが妙に正確な方向を示していた。 その指の角度が、妙に記憶に残っている。

乗り換えた先の電車で、子どもたちがショート動画を見ていた。 動画が終わる前に、隣の子どもがその動画の説明を全部してしまっていた。 教えている子は、「それも見た」と言った後、すぐに説明を始める。 説明されてる子は、特になんでもない顔をしていた。

歩いていたら交番があった。 警官が退屈そうに立っている。

交番の先にカッパ寿司が見えた。 もし河童が交番に入っていったら、警察官はすぐに上司へ報告しないと思う。 たぶん一時間くらいは、自分だけで何とかしようとする。 報告する前に、河童と一対一で向き合うだろう。 俺ならそうする。

通販で買ったものが届く日ほど、夜の空を見ても、まだ夕方だと思う。 夕方だと判断する範囲が、いつもより広い。 それがたとえ19時だとしても、通販で買った箱を開けてから、それを楽しむ時間を体感で感じようとすると、まだ夕方な気がする。 とはいえ帰りは22時で、もう完全に夜だった。 夕方の範囲は、さすがに終わっていた。 今日は箱は開けずに、明日帰って元気だったら開けると思う。