Despite the detour here towards biological testing snafus (currently being investigated by US intelligence at the request of Trump to deflect blame on the initial handling of the containment phase) the basic point of looking at Blue Trace is what is called a "stack violation". Pinning a solution on a particular network protocol, when a good Covid-19 app solution should exist outside a specific stack like Bluetooth, (thus requiring a constant connection, bad) because it drains the battery. The other bad thing about bluetooth are it's complexity and relative ease of being hacked due to that complexity. So while it is great to hook up a Personal Area Network, or PAN from iPhone to Airpods, it is really not designed to be a WAN to handle a community. The reliance on a central server is currently an issue in the European architectures, that have forked on this issue.
Instead of "tracing together", can we individually trace based on our personal security profile?
Oh yes we can! This mirrors for many reasons how people trust each other and I am working out exactly how to do this. So while Blue Trace actually worked well, it has some preconditions of how cell phones are surveilled. This can have some long term privacy consequences which are coming out in the requirements analysis. So let's take a bit of a detour to biological weapons research in the 1960's and how it had unintended consequences of a major cultural revolution by the baby boomers, and even more recent research regarding psychological coping with disease and death as well as interesting spins on creativity in writing computer code in Silicon Valley.
In a recap, epidemiologists and policy makers developed a general response plan here in the US, but the idea of biological threat modeling is fairly old (actually historic) and was also tied up in a nasty project where the CIA destroyed a great deal of the files known as MKULTRA. I don't intend to go entirely down the MKULTRA rat hole, it is well known. We will be sending in the rat dog however.
This MKULTRA CIA project actually happened and is not a conspiracy theory. There were significant Congressional hearings, however the full story has only come out this year.
We need to free up the covid-19 response from conspiracy theories, bolding indicates a requirment here) but rat dog will get the functional requirements that the conspiracy theory may help reveal.
Some of this is an individually controlled distributed architecture (still Covid testing lab validated) versus the centralized mechanism currently used by the CDC.
There was a demonstrated failure in the CDC centralized infection control system and communication taking place with health departments across the US. If it was working properly we would have contained the virus via isolation and contact tracing. We will return to the point fairly soon because we can't economically keep up the mitigation phase for ever. The gap is going to be filled in with a new architecture for Public Health, (and it is good to understand the history of Public Health in general and why it is different from medical care). We need to go back to Philadelphia and the Yellow Fever epidemic and how a disease interacts with politics, in this case Dr. Benjamin Rush and his tireless services to bleed people to attempt to fix the Yellow Fever, and how this spawned current disease control measures. Different diseases for which there were no actual cures resulted in different approaches based on the knowledge of medical science at that point in time.
So from that point of view, a conspiracy theory is useful in helping see long term requirements. Not so much the standardized epidemic response stages of what to shut down when. We can clearly see that a coronavirus respiratory pandemic was predicted based on a book on the 1918 Flu and a subsequent plan put into place. There have been no lack of warnings and predictions right up to the point where the country went into lock down.
It is however not entirely necessary to react or not react based on the conspiracy theory itself. The conspiracy theories are a disinformation distraction. Yet we can extract some truth from them when the centrifuge removes the political spin. The political spin is a key part of the epidemic.
The result will be essentially the same. Part of this is about power.
There's a reason for that. It is said from the POV of the local health department official that must follow very logical privacy rules.
We can go way back to the Roman Empire and Cicero to explain how this works.
It is entirely germane to the use case.
It relates to the nature of the concept of "official".
Official and the concept of office involves the nature "of return" where people would return to a spot to make decisions. In this case a "return" to normal. Yet the virus is a change agent, and things don't entirely return to normal, they are changed, hopefully for the better. As such there is a very tragic price to be paid, like a war.
This is the economic side of the theory and architecture. It is not exactly a return for everyone, it is a return for the officials.
Official actions results in ways to do things, that are codified.
There are well understood rules. For example, stay indoors.
The way the data flows, Public Health has no need to deal with individuals in general versus populations. The doctors and hospitals deal with the specific individuals.
So public health has a codified approach to privacy.
That's why they won't name individuals.
The non-official data stream is different. We know who we are, whom we deal with in different personal and business relationships and we know where we have been. Prior to lockdown we were moving around a lot. Sometimes all over the world. And there was no previous testing before getting on a plane, or taking a vacation, renting an AirBnb, or staying at a hotel.
Economically all those relationships became non-liquid, like the stock market in 2008. People no longer knew what was what. So what does the Public Health official say? Treat everyone you meet and come into contact with as if they are infected. That may be possible during a mitigation or suppression phase, it will not work in a recovery phase. An individual does not make official decisions, she makes micro choices every day. That involves a bunch of personal decisions. This flexibility is required of individuals. So that person who got infected and tested positive has a moral duty to inform people in the personal chain they came in contact with, because even the official chain had little testing, and little contact tracing compared to other countries.
If you got infected while you were in Wuhan and realized a week later that you were positive, it's likely you would (if you could) reach out to whom you came in contact.
To some extent it can be ignored, a good solution can meet the requirements without the conspiracy theories, even if in fact politicians in charge of the epidemic response are incapable of escaping from the conspiracy filter bubble. So the result is not the same because the only option is quarantine. It may be the most logical result, but that will eventually have to change.
So while rat dog does his digging out of the rodents, let's see what he came up with.
John Oliver's rat erotica was down in the tunnel. Not very useful.
There are a few social aspects of a secret program that recruited various labs all over the US to test LSD on unwitting subjects to research brain washing among other things. Here is a solid requirement.
Exposure to any clinical biological trial must have informed consent.
Medical trials without informed consent were a feature of MKULTRA. It also had unintended consequences; the 1960's future society makers and designers who mentally travelled to otherwise unexplored personal experiences (that generally had been limited to religious experiences and shamans) tried to integrate their experience into redesigning society.
MKULTRA LSD medical experiments regarding mind control (that put some prisoners on an every day quadruple dosage for months on end) at the same time not only spiked the collective punch of the 1960's counter culture, but also the music of the highest grossing rock band with a legion of followers, as well as the technology and culture of Silicon Valley.
What was originally an experiment without consent migrated to a sometimes voluntary social experiment in the 1960's that subsequently became illegal.
There were a lot of disruptive ideas in the 1960's (sort of summed up in the Whole Earth Catalog) and in 1985 later the Well, an online discussion board heavily invested in futurology.
Rights in digital/cyberspace was documented by John Perry Barlow, (tracing the whole Grateful Dead thread of ideas).
Covid-19 applications must incorporate fundamental human and legal rights which are immutable, and thus highly traceable in a legal and societal sense. In short, GDPR is still applicable.
There is nothing about a Quarantine itself that is unique to 2020 except it works more effectively on our own terms with modern tools.
Extending this to a commerce solution is an extension of NIST requirements, from Department of Commerce. Thus privacy requirements, as interpreted by technological requirements are critical.
Technological requirement in general:
Make it work on a mobile smartphone
Sub-requirement Make it work on IOT devices for those at risk who are not using a smart phone to interact
Protocol choice should be open ended but some protocols may have a PRIVACY requirement that is unique to that protocol
Computer hackers started out as cultural sub group (we can trace that back to the MIT model railroad club and Hacker jargon file) and were victims of legal harassment by the commercial enterprises of a past culture that was not "network savvy" in the 1970's Lot's of water over the dam since the 1970's bit some hacker "culture" still exists in 2020 in terms of hacking a problem like covid-19 and applying the latest technology.
Have an open source version
The FOSS GNU story is also well known. It affects security if open source developers are not sufficient, or libraries used that have security flaws that are not patched. Companies that do not contribute to FOSS may be later stung when they can not then easily upgrade their software.
This may be from either purchased, or actual open source like Apache projects. Examples are to numerous to mention, but consider web application software in Equifax, and Juniper with Heartbleed.
Thus threat modeling is an important requirement as there has been significant harm to the economy. Unlike other situations where a company can survive do a monopoly market position, or even a highly well tuned competitive position, the damage to a company can be severe if the CONSPIRACY THEORY anti-pattern is in effect. The "Deep State" conspiracy anti pattern significant hampered Federal Government covid containment efforts in Jan and Feb of 2020.
While technology from the 1970's is not all that interesting to current developers it is very important for developing a health care/commerce application such as Covid Cleared because requirements must be traceable.
50 years later we are essentially constantly on the network, and that has some risk regarding covid applications since a variety of those, such as the Google-Apple Bluetooth protocol design requires constant connection to do a different function, namely contact tracing. Contract tracing in a privacy preserving design. Opposed to text messages in South Korea (related to the TRANSPARENCY requirement)
This interaction would develop into the EFF, that promotes digital rights, privacy and technical literacy in new technology as well as legal counsel in these related issues where technology, culture, and the law have a less than perfect alignment.
Often the Venn diagram seen by hackers ends up eventually coming true, but being heavily future oriented gets them in trouble, whereas some ideas just become obvious later on. Hackers find out earlier, (and often keep that data hidden for different motivations) things in which they have developed a depth of expertise.
It is often the pioneers that get the arrows in the back, but sometimes it's also the smart investors who make out. Later we find out what economic externalities exist.
In the 1990's came the cypherpunks mailing list (I was one),that explored the grand ideas of distributed non centralized computing like digital currency.
Now we have blockchain, BTC and Ethereum smart contracts.
Of course, like the Internet, there is a certain Wild West stage until the technology and ideas underlying the technology are simply part of everyday life. We can trace this back to the 18th century Enlightenment frameworks that rode along with U.S. westward expansion, fueled by the idea that exploitations of the environment was OK. It would be far later that active conservation was deemed necessary. This is actively (environment versus economic exploitation) a requirement conflict area.
A covid application should not exploit the network as an externality.
Silicon Valley was uncanny in creating story lines around these conflicts, actual distributed computing problems mapped onto a social context.
Although the cypherpunks came later, the fact that one could disrupt and reinvent culture in a yet to be imagined future was already an American tradition going back to 1666 with Kelpius, and later implemented by the American Revolution which forged a unique identity, and simply continued to new spaces, in this case digital spaces.
Some of those test subjects such as Ken Kesey, later went back to get more government acid supplied by the CIA who had bought up the worlds supply from Sandoz, and formed the Merry Pranksters which would be the nucleus of the counter culture and the Grateful Dead acid tests.
When the government experimental supply ended they turned to their chemist friends to make it themselves, which in turn attracted more users. This was truly a dual use (military and civilian) biological experiment.
As engineers experimented with this they helped implement disruptive creative thinking, (along with parallel engineering breakthroughs in microchips) that formed an important and documented part of Silicon Valley computing development that is not very well known.
MKULTRA all came out in the 1970's regarding fears of a "Manchurian Candidate" (which is a great movie) about brainwashing soldiers captured by the North Koreans. We see that propaganda was already a well established tool in the 1930's based on Freudian concepts and modern advertising.
There is a recent book out on the MKULTRA subject, and spoiler alert, it turns out that a specific scientist working for the CIA who developed poisons, etc. wasted a lot of money and tortured and killed people at black sites to find out that essentially mind control did not work. The fears, (and essentially their covert funding) was largely based on the movie script and some people who appeared to be brainwashed.
Of course this isn't the only time that a movie plot got policy makers involved in homeland security. The movie "War Games" got Reagan interested in promoting cybersecurity more than the reported hacking of various military systems that had already occurred.
Now from the biological warfare aspect, they also studied the effect of bacteria spread in the NYC subway, only this was the U.S, Army and on board ships, the Navy.
This article cites the basic problem, also present in the covid-19 use case.
This is the ethical problem of exposing people to risks in terms of biological agents without their consent. The soldier volunteers that participated at Fort Dietrich are somewhat a different story and somewhat the same story because Fort Dietrich is part of the covid research.
Informed Consent as a requirement
How much does the app click wrap contract actually inform you? This is the basic lie. You want to listen to music on your iPhone. Apple asks you to read and acknowledge a 44 page contract on a little screen. So you thoroughly read it and ask your lawyer about any parts you don't understand like a rational person right? Of course not.
You lie and that little lie is the start of something very pernicious about your privacy because, although you agreed to get access to a service, and they presented you with the legalese, you really were not informed.
You were hoping it would just be pro forma and you could ignore the consequences. The point is to listen to music, and not get hung up on the legalese. Just like it was the point of blowing off some steam on spring break at Cabo, again not entirely understanding the consequences, or Mardi Gras.
Note this is a part of what Shoshana Zuboff states is a critical way of wearing down your defenses against electronic abuse.
You want the cool stuff, so you ignore the legal stuff.
Logically that person has been shown a contract but as consent is "informed" it implies some understanding of the consequences.
Kyle is so exited about getting an Apple device 9 years ago that he ignores the part about reading the contract like all of us. The results are tragic comedy.
This is doubly true in the covid-19 pandemic. Different architectures will have different consequences. Uber used to demonstrate "God" mode at launch parties. People at the parties didn't want to talk about, riders who found out they were being tracked were upset. Now tracking the ride is a security feature and "God" mode is supposed to be gone.
Only South Park could have come up with the Human Centipad idea in the terms and conditions and done it with such an amazing lack of good taste, but the point is clear.
By the time that any of the Tech giants make it to the FTC, the damage is already done and the privacy genie can't be put back in the bottle.
So absolutely privacy has to be built in. That means clear requirements.
So how did Bluetrace do this? This is the opensource contact tracing app called Tracing Together.
The FOSS is at "opentrace-community" on GitHub. They did it using a specific form of technology known as bluetooth beaconing. Your health test status is uploaded to their servers and delivered to phones that are running the protocol when you are within a bluetooth distance. Korea did this with text messages because they geolocate every smart phone in the country in real time.
We need to backtrack a bit here in the requirements analysis to reiterate that pandemic response works in a very predictable (that's how planning documents work) set of stages.
1. Containment "Contact trace and isolate"
2. Mitigation "Community spread, so "flatten the curve of hospital resources"
3. Suppression "Shut as much down as possible, stay at home, (especially those at high risk) and don't go out until the RT naught is less than one, indicating that community spread is over.
4. Some combination of the first 3 in different places with hot spots still lingering and other places the virus is under control and not overwhelming healthcare. At stage 4 and ideally stage 1, testing is very important for the data modelers.
The old 19th century approaches from maritime culture were strictly quarantine from geographic area to area, wait out the possible disease until someone was healthy or dead and avoid that element from entering into your environment.
Understand how the disease affects different social classes who may have difficulty being in quarantine on a social (like to blow off steam from intense study by going to Cabo), or the affluent go to the summer home in the Hamptons or Cape Cod, travel to conferences, or the middle class, take a cruise.
Or go to a 1918 War Bonds Parade in Philadelphia, all with different social interactions.
It should now be clear that the different stages of the pandemic map to the risk, and the risk maps to the app and the apps maps the permissions between health authority and the rights of the individual to do their tasks on a micro level, versus the macro level of "stay at home'.
The application of all these tools at the right moment in time is key to the best resolution. The virus is on a timeline.
Having Mardi Gras, bad idea for the French Quarter. Understanding the 1918 Philadelphia war bonds rally versus the results of other cities? Priceless.
Since this exists on the virus time line, communicating good data in regards to who is infected or positive is very important. How that is distributed?
All the data is important, but it is only useful at different points of the epidemic.
To the extent that the appropriate agencies from local to state to federal communicate the right data at the right time, accurately is critical. Typically this might be thought of goals by the various stakeholders.
Each stage has different requirements and different actions as applied in different places.
Since Ski areas with mountains attracted a great deal of well off covid positive visitors , but also have limited healthcare for the year long residents, it made sense to test the entire area of Telluride to find asymptomatic positives. That's a very specific risk profile.
The NBA got tested because they make a lot of money by packing people into basketball courts, a perfect virus opportunity.
Lurie of the Eagles donated a million dollars to Penn virus research, not only a great civic gesture, but also a great investment since that's one more day closer to opening Lincoln Financial Field by having vaccines and serological testing.
Good requirements analysis quickly arrives at the point where the system has either intentional (or worse unintentional) tradeoffs and seeks to avoid those tradeoffs.
So in a nutshell it is not security versus privacy as a tradeoff. Doing a privacy preserving architecture like Google and Apple have attempted definitely takes this into account.
It is not security or privacy, this is a false dichotomy.
It is not security layered on top of software to provide secure code.
It is clearly security in the entire stack from the smallest elements to the upper layers where policy can then be applied.
So the policy to mitigate is different from containment. The focus is on the population at that point and community spread, not in contact tracing.
Containment is about contact tracing the original 5 infected people in a country (or more depending on how many contact tracing teams you have at your disposal) and who they came in contact with.
This is great at the very beginning and end of the pandemic.
Isolate the infected and inform the contacts.
We all know that Patient 31 in South Korea was a very determined super spreader, going out to lunch while having a fever, not voluntarily quarantining, going back and forth to the hospital and going to her church which ended up being a hot spot in Daegu. It's almost apocalyptical zealotry to lead a "normal life".
How does one handle informed consent in the covid-19 architecture?
HIPAA truly makes a joke of informed consent, people have literally no idea where their medical data goes and to whom it is sold.
So being HIPAA compliant is good, but probably not sufficient since the idea of covered entities and business associates does not quite map here.
To flip the script on the virus, we need a new pattern, the empowered individual who can access and selectively make their covid test results work for them economically. Thus two requirements emerge.
Scale this so it works on the user level in a simple way.
Make the entire system function at a Capability Maturity Level of at least 3, "Defined".
There is a huge market in medical data, and while it may not come down to individual patients, the results are highly tracked.
Not always for society's benefit, sometimes simply for profit.
A book just came out pin pointing the epi-center of the Opiod epidemic to a drug store and a pill mill doctor in West VA. All the participants are in prison now, but while it was operational, the known statistics were nothing short of incredible as to why no one acted, or why they acted, but too late. Its not that the DEA did not have the data on the prescriptions, they had to be reported.
The entire industry and regulators had to realign, forced by the States who started incurring extremely high costs and of course loss of life.
A similar process is taking place with the Covid Epidemic. It is already negatively affecting the 50 States economically.
It also is greatly increasing the mortality level. If we look for historical precedent that unknowingly casts a shadow on the situation, consider the not very well known background of the Opium Wars cast in an economic perspective. We helped the British export Opium from India to China, and one should understand the context.
Technology designed to anonymize medical data for research is fairly easy to de-anonymize if not done properly, making medical privacy more difficult due to existing data existing on the Internet.
[Latanya Sweeney]
Can the covid application be reversed engineered to reveal anonymous information?
Doxxing covid positive or even those failing to socially distance is already a thing on social networks by paying attention to tagging.
So clearly technology like Zero Knowledge encryption is interesting for covid-apps.
We fairly need to come to grips with a short history of medical ethics applied to the SARS-CoV2 pandemic and how it intrinsically relates to how we construct our digital identity on line in and in our social interactions.
The app I am developing is primarily to reboot the economy (a later stage) by enabling the sharing of tests in novel ways that are good for society and the end user, and not dystopian where it becomes a convenient social media exploitation of outrage between the positive and negative, (such as the Cabo spring break fraternity doxing) clearly evidenced by the past difficult learned social considerations of the AIDS virus which initially was focused on LGTBQ groups who mustered needed attention to the crisis.
Whatever the social divisions the covid virus may create, the requirements indicate a clear technical problem in transmission between the temporarily infected positives and the as yet to be infected negative.
In addition the serologically tested immune represent some real potential. So by all means we should deeply consider and understand the ethics as we attempt to out engineer the virus's effect on the social systems.
The parts about SARS-CoV2 tracking (that are part of general HHS recommendations on internal patient data tracking) say within a specific hospital, are thought to be too difficult to implement. This gives no TRANSPARENCY and AUDITING to the end user. Hospital data should not fail during a crisis resulting in unnecessary mortality This is the logic behind the IHE ATNA protocol.
HIMSS originally focused on celebrity patients, but realized somewhat later that medical personnel were inherently nebby regarding any local tragedy, such as a football team all going crazy on bath salts.
As a result hospitals began to enforce privacy policies and employ privacy officers. In the 1950's people working in obstetrics wards would sell personal information to baby photographers of baby boomers.
Besides your neighbor (who is a doctor) looking at your medical record, there also was out and out criminal behavior of people selling data like SSN for some side money. Doctors and Nurses need to have access, and they do in general all have access. However that access does not necessarily come with authority, which is being part of the care team. This points up an important requirement.
Authorization must fit the social situation
Google-Apple contact tracing on or off is not yet sufficiently rich in this requirement of a well thought out authorization model. Authorization is hard.
The text message app in South Korea which was reverse engineered to allow users to figure out who was infected without giving protection against stigma or the accidental release of personal information.
We will see this in covid-19 applications and have already seen a high degree of use of Zoom during the epidemic, and good information on the poor security originally designed into the product.
Notably the healthcare system is one of the worst examples when it comes to data security (there are exceptions) overall, and dangerous breaches.
It's one thing to have identity theft and have to go through that, it's entirely different to be killed as a result of a medical data error.
So the original celebrity use case, say for example Tom Hanks tested positive for covid-19, has been replaced by privacy for all based on medical ethics. To the extent this is or is not properly implemented in the healthcare system depends on factors that will be raised later in terms of mitigations, patient identity, and truly getting consent. Some of these factors are only possible by the system losing some preconceptions of their own business models and moving to a post c-19 business model as part of the recovery. Logically they are using c-19 to reify their data paternalism and that of public health for factors that I describe elsewhere. Unfortunately that strategy is putting us into a depression and losing them money in the process since they need to refocus on procedures that they can bill for and not focus on immediate existential survival. It's not going to be entirely the same was we learn to adapt post epidemic. Important lessons will be learned because healthcare learns.
The general idea is that your health information should be restricted to your immediate care team, (those with a need to know) however that ignores the fact that medicine is a "helping profession" technically proficient, but also extremely social. As a result, because of the NPhard problem of assigning AUTHZ permissions (try looking into this on a Window's server)
In a nutshell we hung Nazi's for doing the "same thing" in Auschwitz in terms of informed consent even though the ideas of medical ethics were already well understood in 1930-1945 Germany, and thus developed well understood ethical code. It is not the "same thing" actually, in terms of what they did, but the lack of informed consent is the same thing.
The subway test was of course harmless, (well maybe not) but the U.S. Army had a history of testing various chemical and biological agents on their own "volunteer" soldiers.
As far as the Nazi experiments went (another historical rat hole) the similarity is that they were done without consent, were considered to be torture, and the data they obtained (such as determining survivability in cold water for downed pilots) by torturing camp victims has been well studied.
The health system here in the US has had it's own ethical lapses, forced sterilization based on Eugenics, invented here in the U.S. and later unfortunately applied by Nazis in Germany and elsewhere on a bureaucratic mass scale using the IBM punch card Hollerith machines.
No comments:
Post a Comment