<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<b>David & Marc:</b> Thank you, for your notes, and the
pointers to resources. I shall have to review the resources to
which you have pointed, as time will permit.<br>
<br>
<b>LiberationTech:</b> If I may, I would like to address a
rudimentary concern WRT to the COVID-19 Pandemic, and to share a few
informational considerations MORE broadly that are foundationally
relevant to the SUBJECT AREA of concern to the members of this
LIST. I solicit your indulgence in advance.<br>
<br>
As a start, with good concern and respect for everyone's time, I
shall aim to condense and concentrate my response appropriately.
Before I move to share the aforementioned considerations, a quick
note on the COVID-19 QR-Code app, now being used in China.<br>
<br>
<div class="moz-cite-prefix">On 4/24/20 1:43 PM, David Stodolsky
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:mailman.4292.1587750215.1807.lt@lists.liberationtech.org"><font
size="-1">[ .... ]</font><br>
<div class="moz-text-html" lang="x-unicode">
<div class="">
<div>A Chinese app allows users to display a Red,Yellow, or
Green QR-code on their phones, but this has no privacy
protection. It does motivate users, however, since the
inability to display the QR-code makes life inconvenient at
best. </div>
</div>
<div>[ .... ]</div>
<br>
<div class="">dss</div>
</div>
</blockquote>
<br>
'Privacy Protection' is one of the many problems of this app.
Integrally, it is an application that is largely UNINTEROPERABLE.
To clarify, Chinese Citizen's COVID-19 related information were/are
not accessible in cities outside the city of primary registry
(Beijing.. Wuhan, etc.). And, naturally, from a technical point of
view, Privacy/Security is 'at least' an INTEROPERABILITY and
Information Systems' INTEGRATION problem too. To design better
apps, in this, or other cases, there MUST be better understanding of
the inter-workings of systems. It is that point precisely, that
will be amplified next. <br>
<br>
In the span of a few short paragraphs, the aim is to appreciate the
"root cause" relationships that tie the foundations of perennial and
ubiquitous Privacy violations and Security breaches worldwide to
those foundations of the now obvious - disastrous COVID-19 related
global public health management outcomes. Very often, many types of
failures that are likely to rise from "the hoodoos" of defective and
deficient policies and processes put into place, generally do not
REVEAL themselves, until it is too late. In the United States,
State and Federal governments have been involved in preparations to
confront a Pandemic for many, many years. <b>So, why has the
failure to confront and contain the enemy - been so devastating,
prominent and shameful? </b> There is a GOOD DEAL to be learned by
mapping and understanding the similarities between the large-scale
failures in our ability to contain and manage the COVID-19 crisis
globally, and how we fail to properly understand and manage Privacy
and Security universes. I shall begin by providing an analytically
critical piece of information as it relates to COVID-19, to start.
Ignoring the fundamentals - imperils us all. Again, I beg your
indulgence. <br>
<br>
<b>Very elementally, COVID-19 or SARS-CoV2 "is" a Bio-Safety Level
(BSL) 3 organism (respiratory pathogen).</b> This means, in the
United States, if you are an accredited medical researcher with a
professional need to handle SARS-CoV2 to fulfill lawful and
accredited research requirements, you will be required and directed
to do so in a laboratory, which is a certified BSL-3 Containment and
Handling facility. BSL-3 has within, very specific handling and
containment protocols, procedures, tools, services, and command and
control systems to protect the people working within, and more
importantly, to withhold/contain and manage ANY and ALL BSL-3
organisms, from being released to the outside world. Let us be
firmly reminded at this point that any attempt to capriciously
"re-label" and/or "anoint" a DEADLY PATHOGEN, as <font
color="#ff0000"><b>a 'less deadly' pathogen</b><b>, does NOT MAKE
it so! Also, none can turn-back the clock on ineptitude and
incompetence.</b></font><br>
<br>
<b>So far, NOT one major media outlet</b> (among the hundreds we
routinely monitor) in the world has reported, or discussed, these
fine and crucial points.<br>
<br>
For weeks, in the middle of a pandemic, the public-debate in the
U.S. revolved around the stocks and allocations of FLIMSY Personal
Protective Equipment (PPE) "to guard" Frontline medical staff.
Allow me to be very precise about the technicality here. Again,
SARS-CoV2 is a BSL-3 organism. <b>Hospitals are <font
color="#ff0000">NOT BSL-3</font> facilities (they are also not
BSL-2 facilities),</b> nor are their STAFF sufficiently ATTUNED
TO, TRAINED, and properly outfitted/instrumented to handle affects
and consequences related to the presence of a pathogenic organisms
in their midst; in the air, or infecting their patients. <b>The
proper concentration/massing of resources and efforts should have
continually and congruously (wholistically) been advanced toward
protecting the public, and frontline medical workers everywhere,
'knowing the enemy'; a potent virus. </b>Instead, and all
throughout this time, at least in the United States, various policy
and media elements have MATERIALLY been wasting time and energy,
day-after-day, <b>mundanely and obtusely "gaggling"</b> on the
IRRELEVANT and the INCONSEQUENTIAL; a historical trend, and present
experience, which has been <b>MOST exasperating for those of us who
understand</b> the important CORPOREAL aspects of this crisis, and
the gravity related to inactioned situations surrounding the crisis!<br>
<br>
To affirm this point another way, I draw your attention to the GRAND
government supported video productions of the 1950's that attempted
to shape the <i>"prophylactic actions"</i> of U.S. citizens against
harms caused by a nuclear blast, in the event that a nuclear weapon
was dropped upon the United States by the Soviet Union. In this
select (1 min) video segment [<a
href="https://www.youtube.com/embed/IKqXu-5jw60?start=456&end=517&version=3">https://www.youtube.com/embed/IKqXu-5jw60?start=456&end=517&version=3</a>],
the narrator highlights that in the event of a proximal nuclear
blast, it was crucial for Americans to <i>"duck and cover" </i>oneself;
that covering oneself, even with a thin sheet of paper, or a cloth
sheet was very important, to not be a victim to severe burns. All
in all, such instructions defied the realities impressioned by
Science, and was largely <b><font color="#ff0000">intended to
mollify the masses,</font> while also imparting a broad-stroked
general impression (varnish) to all that government entities were
thoughtful, well-meaning, and well-configured to protect the
masses.</b> Consider that a 'flash-burn' from a nuclear blast the
size and ferocity of a Hiroshima weapon is able to strip away and
char all surfaces within a 10,000 feet blast radius. So, if you
were JUST outside this radius when an atomic weapon exploded, you
may have been able to cheat "death-by-charring", but c/would have
succumbed later to nuclear radiation/various cancers. In any event,
a veil of paper or cloth is no protection at all in such a case.
Those public service announcements were frightfully disingenuous,
and DID sidestep the vastly obvious!<br>
<br>
Again, fact remains that <b>SARS-CoV2 is a potent contagion and
pathogen, and that it requires 'BSL-3 handling'</b> cannot be
diminished by any national leader's acts of pandering, or tidy
'vote-getting' words of placation. The virus is an opportunist.
Fundamentally therefore, All MEDICAL staff, EVERYWHERE, NEED, and
should be APPROPRIATED the "required grade and range" of tools and
services to protect - when required to confront the likes of
SARS-CoV2, so that our professional medical staff will stand
empowered to protect those of us who become ILL, and the same staff
will also be able to subsequently GO ON to treat others who would
follow us in sickness.<br>
<br>
In the United States, the composition and emplacement of plans and
instruments to confront Pandemics having been a running part of
'National Security' agenda, since at least the early 90's; and in
some cases, much earlier than that. Despite this history of
expending huge sums of monies on planning, organizing, exercising
and reporting, what we have been able to witness recently is nothing
short of a utter disintegration of those plans, services and
orchestrations, failing to both protect, and to reconstitute
functions of society. What we have been witnessing is an entire
failure of systems, and <b>of 'system-of-systems'.</b> Lessons
from societal confrontations with COVID-19 can be instructive on how
we tackle 'Privacy and Security' as large-scale problems if we pay
attention to details. At the moment though, to say that we are
NOT properly devoted, constructed or orchestrated to attend to
crucial problems related to Privacy or Security of information,
particularly for the "Information Age", would simply be a gross
understatement!<br>
<br>
Lastly, there are at least two IMPORTANT, adjacent points to be
noted here WRT COVID-19. They are: <b>1)</b> large-scale COVID-19
failures have been blatantly visible across nations (large and
small) from the East to the West, cultures, languages, ethnicity,
socio-economic stratification, wide demographic ranges, etc. And, <b>2),</b>
COVID-19 is a <font color="#ff0000"><b>'SINGLE' enemy, a virus. </b></font>
Now, in COVID-19 cases, WE KNOW (more than less), "what" manifests
the "illness", and "how" the "illness" takes hold and advances. And
again, despite the billions we spent on constructing plans and the
means to "effectively confront pandemics", and for decades, in the
face of "clear and present danger", our modern systems, their
capacities and their capabilities - have been over-run, and have
even been out-stripped of utility in cases. Moreover, beyond the
failure of organizational components and systems, COVID-19 has also
shown the frailties of our command and control enterprises.<br>
<br>
Allow me to stress that, <b>'Privacy' and 'Security'
violations/breaches <font color="#ff0000">are multimodal</font></b>
in their origins, in their types, locations, size, impact, value
etc. NO "APP of the Month" is going to solve the increasingly
gargantuan problem. After decades of big budget expenditures
toward ensuring the 'Security of information', 'SECURITY" has
remained elusive.<br>
<br>
Therefore, unless significantly greater and newer insight and
comprehension of 'privacy' and 'security' elements are uncovered for
the "digital life", we will surely not be able to confront the
rising levels and the various types of threats that are
foreseeable. If conditions do not remarkably improve, and swiftly,
our defenses will be akin to mounting a challenge against an
artillery barrage with a pitch-fork!<br>
<br>
I present my apologies for the delay associated with my response.
The work-load has been prohibitive.<br>
--<br>
<font color="#b3b3b3"><i>Dr. Robert Mathews, D.Phil.<br>
Principal Technologist &<br>
</i><i>Distinguished Senior Research Scholar</i><i><br>
</i><i>Office of Scientific Inquiry & Applications (OSIA)</i><i><br>
</i><i>University of Hawai'i</i></font><br>
</body>
</html>