Tag Archives: covid19

Бейби-бум или спад заради COVID19 – първи сигнали едва догодина

Post Syndicated from Боян Юруков original https://yurukov.net/blog/2020/rajdaniq2020/

Във връзка с разнопосочните съобщения за бейби бум в някои родилни и очакваното общо намаление на раждаемостта в развития свят като ефект от несигурността покрай тази криза, искам само да припомня, че всяко твърдение в една или друга посока е просто спекулация.

Колкото и да е странно, нямаме надеждна система за следене на ражданията и който и да е източник на данни в рамките на годината е ненадежден. В това число включвам справките на НЦОЗА от НЗОК и злощастния регистър за ражданията. Единствено може да разчитаме на статистиката на НСИ, която ще получим през април. До тогава всичко са мисловни упражнения и сензационни заглавия.

Отделно, ако разчитаме на мисловни упражнения и познания по биология, следва да предвидим, че какъвто и да е ефект от кризата ще се види едва през през първата половина на 2021, когато изтичат 9 месеца от ограничителните мерки и сериозните последствия за голяма част от бизнеса.

Ако гледаме исторически, през октомври и ноември всъщност има спад в ражданията преди пик през декември. Това виждаме следейки средните стойности за последните 20 години. Отбелязал съм и границите на минималните и максималните стойности. Съдейки по няколко отделения и дори един месец е много подвеждащо. Най-малкото ситуацията с болниците сега предполага, че случаи се пренасочват между болници и недостига на медицински персонал води до концентрация на такива.

The post Бейби-бум или спад заради COVID19 – първи сигнали едва догодина first appeared on Блогът на Юруков.

COVID19 – защото не знаем и това е нормално

Post Syndicated from Боян Юруков original https://yurukov.net/blog/2020/covid19-ne-znaem/

Написах този текст в началото на юли, но си остана така в чернова. Пет месеца по-късно го отворих отново и видях, че всичко важи с пълна сила – конспирациите, мерките, адекватността на властите, но най-вече липсата на знание за вируса и причините за по-строги мерки. Научаваме повече, но ще трябват години докато разберем с какво се борим, а лекарите придобият опит да се справят с болестта. Обявените ваксини в последните седмици няма да помогнат много това да се промени поне още година независимо какви сензации четем по медиите.


Вирусите са сложно нещо. Не е нужно човек да е микробиолог или имунолог, за да го разбере. Нови вируси и щамове на известни се появяват постоянно, но малко грабват вниманието на обществото, както SARS-COV-2 в последните месеци.

Първо се каза, че бил като грип, но не съвсем, тъй като децата го карат леко. После изплуваха съобщения колко повече случаи на пневмония има. После, че всъщност има доста без симптоми. Излезе от Китай и тръгна паника. Казаха да не носим маски. После да носим. Да си мием ръцете и да не ходим никъде. Затвориха всички. Три месеца по-късно при пик в някои държави продължава отварянето на всичко (Бележка 28 ноември 2020: става въпрос за отварянето през лятото). Смъртните случаи растат, а месеци наред няма лек или ваксина. Някои политици бързат с обещанията. Други се опитват да издействат патент само за тяхната държава. Трети отричат, че има проблем и всичко е конспирация. През цялото време препоръките, мерките, ограниченията, данните и всички аспекти от информационният поток се променят постоянно, а поведението и говоренето на обществени личности и експерти не внася яснота.

Защо? Защото не знаем.

Не само ние, обществото. Лекарите и учените не знаят. Знаят повече, отколкото преди три или шест месеца, но все още не знаят достатъчно. Това пречи да се намерят ефективни лечения и мерки. Като смесим в кашата политика с глобалните потоци на доставки и свързаните икономики и става хаос.

Вземете нещо толкова просто като носенето на маски. Месеци наред се повтаряше да не носим, че не било ефективно и не помагало. После изведнъж се смени препоръката. Не се промениха изследванията или изводите за ефективността им. Промени се нещо друго – производството. В рамките на няколко седмици хиляди компании увеличиха капацитета си или промениха дейността си, за да произвеждат маски. Съветът да не използваме маски беше, за да останат малкото количества за лекари, здравни работници, полицаи и други критични за обществото длъжности. Липсата на предпазни средства сред тях беше и все още е пословична в цял свят. Рискът от това беше несравнимо по-голям от хора разкарващи се без маски. Тук не се промени какво знаехме за маските, а практическите измерения на кризата.

Не знаем много и за вируса. Едва наскоро се намериха сведения, че всъщност COVID-19 е болест на цялата кръвоносна система и белодробните проблеми са само едно изразяване на това. Предполага се, че дори каралите я безсимптомно може да имат проблеми години наред и дори да загубят бързо имунитет и да се разболеят след години отново. Но не знаем, защото не е минало достатъчно време. Няма машина или тест, който да каже какъв негативен ефект ще има определен щам върху популация, в какъв период от време и с какви измерения. Не може и да има.

Нека дам три примера. Вземете морбили. Това е една добре известна болест убивала стотици хиляди всяка година в Европа от незапомнени времена. Всъщност, знаем доста добре от кога е – приблизително преди 1500 години е прескочила от кравите на хората по подобие на коронавируса сега. Особеността на вируса на морбили е, че е изключително заразен – 9 от 10 в контакт с болен биват заразявани. Особено тежко го карат най-малките деца като едно на няколко стотин умират. При възрастните смъртността е по-ниска, така че средно в общество с добра здравна система смъртността е около 1 на 1000.

Интересното в случая е, че освен починалите, още 1 на около 700 заразени деца ще проявят тежки неврологични отклонения пет до десет години по-късно. Също така, независимо, че вирусът се изследват сериозно от поне 200 години, едва миналата година получихме убедителни доказателства, че след дори леко преболедуване болестта причинява временно „изтриване“ на паметта на имунната система. С други думи, най-просто казано тялото ви „забравя“ в голяма степен това, което е преболедувало или срещу което е било имунизирано.

Или вземете т.н. немско морбили или рубеола. На външни белези е подобен на обсъжданото преди малко, което е накарало хората да ги нарекат с подобни имена в някои държави. В действителност са съвсем различни вируси – подобно на корона вируса и инфлуенцата. Рубеолата обаче се кара леко от децата. Дори преди ваксината е било препоръчително да се кара рано. Проблемът идва, когато се зарази бременна жена – в 90% от случаите или губи детето, или се ражда с тежки недъзи.

Или пък вземете заушката. Отново детска болест, която макар неприятна, се кара сравнително леко от децата. Има риск да доведе до възпаление на мозъка, но в наши дни доста биха махнали с ръка „еми то и от други неща се получават“, както виждаме с ефектите от сегашната пандемия. Проблемът е, че при определен процент от момчетата, заушката води до възпаление на тестисите, недостатъчното им развитие в юношеството и стерилитет.

Виждаме, че дори за болести известни от столетия откриваме нови важни неща. Други като рубеолата, ако се бяха появили в наши дни, щяхме да забележим пагубният им ефект едва 3 до 6 месеца след като беше покорила земното кълбо. В случая на заушката – години.

Представете си, че коронавируса имаше такъв ефект – да доведе до недъзи у новородените. Колко време мислите, че щеше да отнеме докато беше забелязан такава тенденция сред първите заразени родилки в Китай. Помните ли колко време отне, докато хванат проблема със Зика в Южна Америка? Хайде сега си представете Зика, но пренасяна по въздушно-капков път и всеки болен да заразява двама или трима от 10, с които е влязъл в контакт.

За щастие няма сведения за никое от изброените страшни състояния или ефекти. Няма и индикации, че ще получим. Важното е да се разбере обаче, че ги нямаме към този момент и то конкретно тези. (Бележка 28 ноември 2020: важи както през юли, така и сега) Ако четете сведенията на лекари изправени на първа линия с болестта в инфекциозните, ще разберете, че не е като нищо, което някой някога е виждал и все още се учат. В лабораториите е същото.

Тази неизвестност е истинската причина учени и лекари да препоръчват месеци наред строги мерки и ограничения. Налагането и спазването им е отговорното действие от научна гледна точка. До каква степен и какъв ще е ефектът върху икономиката е политическото решение. Балансът между двете е ключов, особено предвид нуждата да не се спират доставки на критично важни лекарства и храни, както и да не се влошава състоянието на болни или да се хвърлят в глад и бедност други. Някои държави се справиха с това, отчасти заради прагматичен подход и държавническо мислене, отчасти заради добра организация на институциите и добра дисциплина при мерките.

Ние не сме сред тях. Вирусът си остава и ще бъде тук за дълго. Незнанието – също. Нереалистичното очакване за бързи отговори от учените – тоже. Въпросът е дали ще си играем на хазарт чувствайки се безсмъртни и залагайки на сигурна смърт на най-възрастните и болните и неизвестни последствия за всички останали… или ще сринем икономиката и живота на също толкова хора. Има решение по средата, но изглежда няма един облечен с власт, който да го вземе и приложи.

The post COVID19 – защото не знаем и това е нормално first appeared on Блогът на Юруков.

8% намаление на абортите… може би

Post Syndicated from Боян Юруков original https://yurukov.net/blog/2020/namelenie-aborti/

Пускам тези числа с големи уговорки за източника на информация. Макар доста политици и самото Министерство на здравеопазването да го цитират редовно, доста е под изискванията ми за качество. В случая обаче това са единствените данни, които имаме. Повече за проблемите със здравната статистика писах през май.

Та с тази уговорка, според НЦОЗА за първата половината на 2020-та има 8.3% намаление на вероятността една жена да има аборт в България спрямо същия период на 2019-та. При абортите по желание намалението е с 1158 случая или 16.3%, но тези по медицински показания са скочили с 429 случая или 47.5%. Спонтанните са намалели с 6.4%. При всички числа приемам 2.36% намаление на жените в страната в разглежданите възрастови групи, каквато беше разликта между 2018-2019 г.

Дори контролирайки за спад в населението, очаквано е да има намаление в броя абортите. Виждаме го всяка година. Темата обаче е редовна спирка и източник на сензации за националисти, кафяви медии, религиозни секти и други шарлатани и затова рядко чуваме тези числа. Такова голямо намаление обаче има две обяснения, които най-вероятно поравно допринасят за виждания ефект.

На първо място неизменнен фактор е COVID19. Промените в работата на болничните заведения са повлияли както на решението да се прави аборт, така и дали и как се отчита. Самата криза накара много да избягват търсене на здравна помощ. В огромна степен това е сериозен проблем, негативното ехо от който ще виждаме години напред и трудно ще се различни от трайните здравни последици от преболедуването на коронавируса – особено при сърдечното здраве. При аборите навярно някои жени или не са се решили, или са нямали достъп до възможността за аборт. Последното също може да създаде здравни проблеми, тъй като предполага и липса на достъп до АГ помощ и наложителни интервенции.

Това не означава, че същия брой жени не са направили аборт. Силното ограничаване на работата на болниците може да е накарало много жени да търсят „алтернативни“ решения, които поставят живота и здравето им в риск. Няма адекватна статистика за нелегалните аборти, още повече по тримесечия. Общите оценки през годините са за не повече от 20% от официлния брой, но не може да кажем колко са били конкретно през последните 6 месеца.

Това, което виждаме, обаче е значително увеличние на тези по медицински показания. Това отново може да се препише като ефект от кризата, тъй като доста АГ специалисти са писали аборти по желание като спешни интервенции, за да заобколят наложените ограничения преди няколко месеца. Така докато между 2018 и 2019-та виждаме намаление от около 4% в наложителните аборти, сега виждаме почти 50% увеличние.

Тук отново засягаме проблемите в отчитането, липсата на контрол, непостоянство на методологията и ниското качество на данните на НЦОЗА и Министерството на здравеопазването като цяло. Това е и второто обяснение за сериозният спад в абортите. Голямото намаление на спонтанните аборти, например, в улика именно за това.

Разбира се, това не означава, че нямаление няма въобще – напротив. Означава просто, че не може да си вадим генерални изводи само въз основа на тези числа. Всичко, което описах дотук са предположения на база работата ми с подобна информация, опита ми от данните специално на НЦОЗА и разговори с хора в системата. За жалост, не само, че няма изгледи да се подобри здравната статистика, но и се разтурва това, което преди е работило добре, като например раковия регистър.

Ниското качество на данните, разбира се, няма да попречи на знайни и незнайни стожери на нацията, традициите и религията да рисуват апокалиптични карти и да настояват за правото на обществото да диктува какво може и не може една жена да прави с тялото си. Всъщност, както винаги голяма част от твърденията им ще бъде измислица и дори няма да си направят труда да четат малкото налична статистика, тък като ги оборва.

The post 8% намаление на абортите… може би first appeared on Блогът на Юруков.

Friday Squid Blogging: Squid Proteins for a Better Face Mask

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/07/friday_squid_bl_739.html

Researchers are synthesizing squid proteins to create a face mask that better survives cleaning. (And you thought there was no connection between squid and COVID-19.) The military thinks this might have applications for self-healing robots.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

The Security Value of Inefficiency

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/07/the_security_va.html

For decades, we have prized efficiency in our economy. We strive for it. We reward it. In normal times, that’s a good thing. Running just at the margins is efficient. A single just-in-time global supply chain is efficient. Consolidation is efficient. And that’s all profitable. Inefficiency, on the other hand, is waste. Extra inventory is inefficient. Overcapacity is inefficient. Using many small suppliers is inefficient. Inefficiency is unprofitable.

But inefficiency is essential security, as the COVID-19 pandemic is teaching us. All of the overcapacity that has been squeezed out of our healthcare system; we now wish we had it. All of the redundancy in our food production that has been consolidated away; we want that, too. We need our old, local supply chains — not the single global ones that are so fragile in this crisis. And we want our local restaurants and businesses to survive, not just the national chains.

We have lost much inefficiency to the market in the past few decades. Investors have become very good at noticing any fat in every system and swooping down to monetize those redundant assets. The winner-take-all mentality that has permeated so many industries squeezes any inefficiencies out of the system.

This drive for efficiency leads to brittle systems that function properly when everything is normal but break under stress. And when they break, everyone suffers. The less fortunate suffer and die. The more fortunate are merely hurt, and perhaps lose their freedoms or their future. But even the extremely fortunate suffer — maybe not in the short term, but in the long term from the constriction of the rest of society.

Efficient systems have limited ability to deal with system-wide economic shocks. Those shocks are coming with increased frequency. They’re caused by global pandemics, yes, but also by climate change, by financial crises, by political crises. If we want to be secure against these crises and more, we need to add inefficiency back into our systems.

I don’t simply mean that we need to make our food production, or healthcare system, or supply chains sloppy and wasteful. We need a certain kind of inefficiency, and it depends on the system in question. Sometimes we need redundancy. Sometimes we need diversity. Sometimes we need overcapacity.

The market isn’t going to supply any of these things, least of all in a strategic capacity that will result in resilience. What’s necessary to make any of this work is regulation.

First, we need to enforce antitrust laws. Our meat supply chain is brittle because there are limited numbers of massive meatpacking plants — now disease factories — rather than lots of smaller slaughterhouses. Our retail supply chain is brittle because a few national companies and websites dominate. We need multiple companies offering alternatives to a single product or service. We need more competition, more niche players. We need more local companies, more domestic corporate players, and diversity in our international suppliers. Competition provides all of that, while monopolies suck that out of the system.

The second thing we need is specific regulations that require certain inefficiencies. This isn’t anything new. Every safety system we have is, to some extent, an inefficiency. This is true for fire escapes on buildings, lifeboats on cruise ships, and multiple ways to deploy the landing gear on aircraft. Not having any of those things would make the underlying systems more efficient, but also less safe. It’s also true for the internet itself, originally designed with extensive redundancy as a Cold War security measure.

With those two things in place, the market can work its magic to provide for these strategic inefficiencies as cheaply and as effectively as possible. As long as there are competitors who are vying with each other, and there aren’t competitors who can reduce the inefficiencies and undercut the competition, these inefficiencies just become part of the price of whatever we’re buying.

The government is the entity that steps in and enforces a level playing field instead of a race to the bottom. Smart regulation addresses the long-term need for security, and ensures it’s not continuously sacrificed to short-term considerations.

We have largely been content to ignore the long term and let Wall Street run our economy as efficiently as it can. That’s no longer sustainable. We need inefficiency — the right kind in the right way — to ensure our security. No, it’s not free. But it’s worth the cost.

This essay previously appeared in Quartz.

COVID-19 Risks of Flying

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/06/covid_risks_of_.html

I fly a lot. Over the past five years, my average speed has been 32 miles an hour. That all changed mid-March. It’s been 105 days since I’ve been on an airplane — longer than any other time in my adult life — and I have no future flights scheduled. This is all a prelude to saying that I have been paying a lot of attention to the COVID-related risks of flying.

We know a lot more about how COVID-19 spreads than we did in March. The “less than six feet, more than ten minutes” model has given way to a much more sophisticated model involving airflow, the level of virus in the room, and the viral load in the person who might be infected.

Regarding airplanes specifically: on the whole, they seem safer than many other group activities. Of all the research about contact tracing results I have read, I have seen no stories of a sick person on an airplane infecting other passengers. There are no superspreader events involving airplanes. (That did happen with SARS.) It seems that the airflow inside the cabin really helps.

Airlines are trying to make things better: blocking middle seats, serving less food and drink, trying to get people to wear masks. (This video is worth watching.) I’ve started to see airlines requiring masks and banning those who won’t, and not just strongly encouraging them. (If mask wearing is treated the same as the seat belt wearing, it will make a huge difference.) Finally, there are a lot of dumb things that airlines are doing.

This article interviewed 511 epidemiologists, and the general consensus was that flying is riskier than getting a haircut but less risky than eating in a restaurant. I think that most of the risk is pre-flight, in the airport: crowds at the security checkpoints, gates, and so on. And that those are manageable with mask wearing and situational awareness. So while I am not flying yet, I might be willing to soon. (It doesn’t help that I get a -1 on my COVID saving throw for type A blood, and another -1 for male pattern baldness. On the other hand, I think I get a +3 Constitution bonus. Maybe, instead of sky marshals we can have high-level clerics on the planes.)

And everyone: wear a mask, and wash your hands.

EDITED TO ADD (6/27): Airlines are starting to crowd their flights again.

Thermal Imaging as Security Theater

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/05/thermal_imaging.html

Seems like thermal imaging is the security theater technology of today.

These features are so tempting that thermal cameras are being installed at an increasing pace. They’re used in airports and other public transportation centers to screen travelers, increasingly used by companies to screen employees and by businesses to screen customers, and even used in health care facilities to screen patients. Despite their prevalence, thermal cameras have many fatal limitations when used to screen for the coronavirus.

  • They are not intended for medical purposes.
  • Their accuracy can be reduced by their distance from the people being inspected.
  • They are “an imprecise method for scanning crowds” now put into a context where precision is critical.
  • They will create false positives, leaving people stigmatized, harassed, unfairly quarantined, and denied rightful opportunities to work, travel, shop, or seek medical help.
  • They will create false negatives, which, perhaps most significantly for public health purposes, “could miss many of the up to one-quarter or more people infected with the virus who do not exhibit symptoms,” as the New York Times recently put it. Thus they will abjectly fail at the core task of slowing or preventing the further spread of the virus.

Criminals and the Normalization of Masks

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/05/criminals_and_t.html

I was wondering about this:

Masks that have made criminals stand apart long before bandanna-wearing robbers knocked over stagecoaches in the Old West and ski-masked bandits held up banks now allow them to blend in like concerned accountants, nurses and store clerks trying to avoid a deadly virus.

“Criminals, they’re smart and this is a perfect opportunity for them to conceal themselves and blend right in,” said Richard Bell, police chief in the tiny Pennsylvania community of Frackville. He said he knows of seven recent armed robberies in the region where every suspect wore a mask.

[…]

Just how many criminals are taking advantage of the pandemic to commit crimes is impossible to estimate, but law enforcement officials have no doubt the numbers are climbing. Reports are starting to pop up across the United States and in other parts of the world of crimes pulled off in no small part because so many of us are now wearing masks.

In March, two men walked into Aqueduct Racetrack in New York wearing the same kind of surgical masks as many racing fans there and, at gunpoint, robbed three workers of a quarter-million dollars they were moving from gaming machines to a safe. Other robberies involving suspects wearing surgical masks have occurred in North Carolina, and Washington, D.C, and elsewhere in recent weeks.

The article is all anecdote and no real data. But this is probably a trend.

Friday Squid Blogging: Cocaine Smuggled in Squid

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/05/friday_squid_bl_727.html

Makes sense; there’s room inside a squid’s body cavity:

Latin American drug lords have sent bumper shipments of cocaine to Europe in recent weeks, including one in a cargo of squid, even though the coronavirus epidemic has stifled legitimate transatlantic trade, senior anti-narcotics officials say.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Me on COVID-19 Contact Tracing Apps

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/05/me_on_covad-19_.html

I was quoted in BuzzFeed:

“My problem with contact tracing apps is that they have absolutely no value,” Bruce Schneier, a privacy expert and fellow at the Berkman Klein Center for Internet & Society at Harvard University, told BuzzFeed News. “I’m not even talking about the privacy concerns, I mean the efficacy. Does anybody think this will do something useful? … This is just something governments want to do for the hell of it. To me, it’s just techies doing techie things because they don’t know what else to do.”

I haven’t blogged about this because I thought it was obvious. But from the tweets and emails I have received, it seems not.

This is a classic identification problem, and efficacy depends on two things: false positives and false negatives.

  • False positives: Any app will have a precise definition of a contact: let’s say it’s less than six feet for more than ten minutes. The false positive rate is the percentage of contacts that don’t result in transmissions. This will be because of several reasons. One, the app’s location and proximity systems — based on GPS and Bluetooth — just aren’t accurate enough to capture every contact. Two, the app won’t be aware of any extenuating circumstances, like walls or partitions. And three, not every contact results in transmission; the disease has some transmission rate that’s less than 100% (and I don’t know what that is).
  • False negatives: This is the rate the app fails to register a contact when an infection occurs. This also will be because of several reasons. One, errors in the app’s location and proximity systems. Two, transmissions that occur from people who don’t have the app (even Singapore didn’t get above a 20% adoption rate for the app). And three, not every transmission is a result of that precisely defined contact — the virus sometimes travels further.

Assume you take the app out grocery shopping with you and it subsequently alerts you of a contact. What should you do? It’s not accurate enough for you to quarantine yourself for two weeks. And without ubiquitous, cheap, fast, and accurate testing, you can’t confirm the app’s diagnosis. So the alert is useless.

Similarly, assume you take the app out grocery shopping and it doesn’t alert you of any contact. Are you in the clear? No, you’re not. You actually have no idea if you’ve been infected.

The end result is an app that doesn’t work. People will post their bad experiences on social media, and people will read those posts and realize that the app is not to be trusted. That loss of trust is even worse than having no app at all.

It has nothing to do with privacy concerns. The idea that contact tracing can be done with an app, and not human health professionals, is just plain dumb.

EDITED TO ADD: This Brookings essay makes much the same point.

Automatic Instacart Bots

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/04/automatic_insta.html

Instacart is taking legal action against bots that automatically place orders:

Before it closed, to use Cartdash users first selected what items they want from Instacart as normal. Once that was done, they had to provide Cartdash with their Instacart email address, password, mobile number, tip amount, and whether they prefer the first available delivery slot or are more flexible. The tool then checked that their login credentials were correct, logged in, and refreshed the checkout page over and over again until a new delivery window appeared. It then placed the order, Koch explained.

I think I am writing a new book about hacking in general, and want to discuss this. First, does this count as a hack? I feel like it is, since it’s a way to subvert the Instacart ordering system.

When asked if this tool may give people an unfair advantage over those who don’t use the tool, Koch said, “at this point, it’s a matter of awareness, not technical ability, since people who can use Instacart can use Cartdash.” When pushed on how, realistically, not every user of Instacart is going to know about Cartdash, even after it may receive more attention, and the people using Cartdash will still have an advantage over people who aren’t using automated tools, Koch again said, “it’s a matter of awareness, not technical ability.”

Second, should Instacart take action against this? On the one hand, it isn’t “fair” in that Cartdash users get an advantage in finding a delivery slot. But it’s not really any different than programs that “snipe” on eBay and other bidding platforms.

Third, does Instacart even stand a chance in the long run. As various AI technologies give us more agents and bots, this is going to increasingly become the new normal. I think we need to figure out a fair allocation mechanism that doesn’t rely on the precise timing of submissions.

Global Surveillance in the Wake of COVID-19

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/04/global_surveill.html

OneZero is tracking thirty countries around the world who are implementing surveillance programs in the wake of COVID-19:

The most common form of surveillance implemented to battle the pandemic is the use of smartphone location data, which can track population-level movement down to enforcing individual quarantines. Some governments are making apps that offer coronavirus health information, while also sharing location information with authorities for a period of time. For instance, in early March, the Iranian government released an app that it pitched as a self-diagnostic tool. While the tool’s efficacy was likely low, given reports of asymptomatic carriers of the virus, the app saved location data of millions of Iranians, according to a Vice report.

One of the most alarming measures being implemented is in Argentina, where those who are caught breaking quarantine are being forced to download an app that tracks their location. In Hong Kong, those arriving in the airport are given electronic tracking bracelets that must be synced to their home location through their smartphone’s GPS signal.

Chinese COVID-19 Disinformation Campaign

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/04/chinese_covid-1.html

The New York Times is reporting on state-sponsored disinformation campaigns coming out of China:

Since that wave of panic, United States intelligence agencies have assessed that Chinese operatives helped push the messages across platforms, according to six American officials, who spoke on the condition of anonymity to publicly discuss intelligence matters. The amplification techniques are alarming to officials because the disinformation showed up as texts on many Americans’ cellphones, a tactic that several of the officials said they had not seen before.

California Needlessly Reduces Privacy During COVID-19 Pandemic

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/04/california_need.html

This one isn’t even related to contact tracing:

On March 17, 2020, the federal government relaxed a number of telehealth-related regulatory requirements due to COVID-19. On April 3, 2020, California Governor Gavin Newsom issued Executive Order N-43-20 (the Order), which relaxes various telehealth reporting requirements, penalties, and enforcements otherwise imposed under state laws, including those associated with unauthorized access and disclosure of personal information through telehealth mediums.

Lots of details at the link.

Contact Tracing COVID-19 Infections via Smartphone Apps

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/04/contact_tracing.html

Google and Apple have announced a joint project to create a privacy-preserving COVID-19 contact tracing app. (Details, such as we have them, are here.) It’s similar to the app being developed at MIT, and similar to others being described and developed elsewhere. It’s nice seeing the privacy protections; they’re well thought out.

I was going to write a long essay about the security and privacy concerns, but Ross Anderson beat me to it. (Note that some of his comments are UK-specific.)

First, it isn’t anonymous. Covid-19 is a notifiable disease so a doctor who diagnoses you must inform the public health authorities, and if they have the bandwidth they call you and ask who you’ve been in contact with. They then call your contacts in turn. It’s not about consent or anonymity, so much as being persuasive and having a good bedside manner.

I’m relaxed about doing all this under emergency public-health powers, since this will make it harder for intrusive systems to persist after the pandemic than if they have some privacy theater that can be used to argue that the whizzy new medi-panopticon is legal enough to be kept running.

Second, contact tracers have access to all sorts of other data such as public transport ticketing and credit-card records. This is how a contact tracer in Singapore is able to phone you and tell you that the taxi driver who took you yesterday from Orchard Road to Raffles has reported sick, so please put on a mask right now and go straight home. This must be controlled; Taiwan lets public-health staff access such material in emergencies only.

Third, you can’t wait for diagnoses. In the UK, you only get a test if you’re a VIP or if you get admitted to hospital. Even so the results take 1-3 days to come back. While the VIPs share their status on twitter or facebook, the other diagnosed patients are often too sick to operate their phones.

Fourth, the public health authorities need geographical data for purposes other than contact tracing – such as to tell the army where to build more field hospitals, and to plan shipments of scarce personal protective equipment. There are already apps that do symptom tracking but more would be better. So the UK app will ask for the first three characters of your postcode, which is about enough to locate which hospital you’d end up in.

Fifth, although the cryptographers – and now Google and Apple – are discussing more anonymous variants of the Singapore app, that’s not the problem. Anyone who’s worked on abuse will instantly realise that a voluntary app operated by anonymous actors is wide open to trolling. The performance art people will tie a phone to a dog and let it run around the park; the Russians will use the app to run service-denial attacks and spread panic; and little Johnny will self-report symptoms to get the whole school sent home.

I recommend reading his essay in full. Also worth reading are this EFF essay, and this ACLU white paper.

To me, the real problems aren’t around privacy and security. The efficacy of any app-based contact tracing is still unproven. A “contact” from the point of view of an app isn’t the same as an epidemiological contact. And the ratio of infections to contacts is high. We would have to deal with the false positives (being close to someone else, but separated by a partition or other barrier) and the false negatives (not being close to someone else, but contracting the disease through a mutually touched object). And without cheap, fast, and accurate testing, the information from any of these apps isn’t very useful. So I agree with Ross that this is primarily an exercise in that false syllogism: Something must be done. This is something. Therefore, we must do it. It’s techies proposing tech solutions to what is primarily a social problem.

EDITED TO ADD: Susan Landau on contact tracing apps and how they’re being oversold. And Farzad Mostashari, former coordinator for health IT at the Department of Health and Human Services, on contact tracing apps.

As long as 1) every contact does not result in an infection, and 2) a large percentage of people with the disease are asymptomatic and don’t realize they have it, I can’t see how this sort of app is valuable. If we had cheap, fast, and accurate testing for everyone on demand…maybe. But I still don’t think so.

EDITED TO ADD (4/15): More details from Apple and Google.

Cybersecurity During COVID-19

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/04/cybersecurity_d.html

Three weeks ago (could it possibly be that long already?), I wrote about the increased risks of working remotely during the COVID-19 pandemic.

One, employees are working from their home networks and sometimes from their home computers. These systems are more likely to be out of date, unpatched, and unprotected. They are more vulnerable to attack simply because they are less secure.

Two, sensitive organizational data will likely migrate outside of the network. Employees working from home are going to save data on their own computers, where they aren’t protected by the organization’s security systems. This makes the data more likely to be hacked and stolen.

Three, employees are more likely to access their organizational networks insecurely. If the organization is lucky, they will have already set up a VPN for remote access. If not, they’re either trying to get one quickly or not bothering at all. Handing people VPN software to install and use with zero training is a recipe for security mistakes, but not using a VPN is even worse.

Four, employees are being asked to use new and unfamiliar tools like Zoom to replace face-to-face meetings. Again, these hastily set-up systems are likely to be insecure.

Five, the general chaos of “doing things differently” is an opening for attack. Tricks like business email compromise, where an employee gets a fake email from a senior executive asking him to transfer money to some account, will be more successful when the employee can’t walk down the hall to confirm the email’s validity — and when everyone is distracted and so many other things are being done differently.

NASA is reporting an increase in cyberattacks. From an agency memo:

A new wave of cyber-attacks is targeting Federal Agency Personnel, required to telework from home, during the Novel Coronavirus (COVID-19) outbreak. During the past few weeks, NASA’s Security Operations Center (SOC) mitigation tools have prevented success of these attempts. Here are some examples of what’s been observed in the past few days:

  • Doubling of email phishing attempts
  • Exponential increase in malware attacks on NASA systems
  • Double the number of mitigation-blocking of NASA systems trying to access malicious sites (often unknowingly) due to users accessing the Internet

Here’s another article that makes basically the same points I did:

But the rapid shift to remote working will inevitably create or exacerbate gaps in security. Employees using unfamiliar software will get settings wrong and leave themselves open to breaches. Staff forced to use their own ageing laptops from home will find their data to be less secure than those using modern equipment.

That’s a big problem because the security issues are not going away. For the last couple of months coronavirus-themed malware and phishing scams have been on the rise. Business email compromise scams — where crooks impersonate a CEO or other senior staff member and then try to trick workers into sending money to their accounts — could be made easier if staff primarily rely on email to communicate while at home.

EDITED TO ADD: This post has been translated into Portuguese.

EDITED TO ADD (4/13): A three-part series about home-office cybersecurity.

Privacy vs. Surveillance in the Age of COVID-19

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/03/privacy_vs_surv.html

The trade-offs are changing:

As countries around the world race to contain the pandemic, many are deploying digital surveillance tools as a means to exert social control, even turning security agency technologies on their own civilians. Health and law enforcement authorities are understandably eager to employ every tool at their disposal to try to hinder the virus ­ even as the surveillance efforts threaten to alter the precarious balance between public safety and personal privacy on a global scale.

Yet ratcheting up surveillance to combat the pandemic now could permanently open the doors to more invasive forms of snooping later.

I think the effects of COVID-19 will be more drastic than the effects of the terrorist attacks of 9/11: not only with respect to surveillance, but across many aspects of our society. And while many things that would never be acceptable during normal time are reasonable things to do right now, we need to makes sure we can ratchet them back once the current pandemic is over.

Cindy Cohn at EFF wrote:

We know that this virus requires us to take steps that would be unthinkable in normal times. Staying inside, limiting public gatherings, and cooperating with medically needed attempts to track the virus are, when approached properly, reasonable and responsible things to do. But we must be as vigilant as we are thoughtful. We must be sure that measures taken in the name of responding to COVID-19 are, in the language of international human rights law, “necessary and proportionate” to the needs of society in fighting the virus. Above all, we must make sure that these measures end and that the data collected for these purposes is not re-purposed for either governmental or commercial ends.

I worry that in our haste and fear, we will fail to do any of that.

More from EFF.