<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Robert,</p>
<p>Thanks for your very detailed and down-to-earth summary of the
situation. Your summary is very enlightening and renders the news
on mainstream media a children's show in comparison. Based on your
statements and what I have read on the news so far, I do appear to
be misinformed and worried about the wrong problems. Your summary
gives me a glimmer of hope in that it makes it seem like one can
still make sense of the situation by asking basic, fundamental
questions and not worrying too much about, or being misguided by,
details and technicalities (I don't know if this was your
intention).<br>
</p>
<p>One question I would like to ask you: given that hospitals are
not BSL-3 facilities and given your stance on protecting health
workers with the right equipment, what is your opinion on how we
are treating the other "essential" workers: teachers, grocery
store workers, delivery people, etc? A worker on NBC news once
said "we are not essential, we are exhausted and expendable",
which seems to resonate well with your statements.<i><br>
</i></p>
<p><i>> At the moment though, to say that we are NOT properly
devoted, constructed or orchestrated to attend to crucial
problems related to Privacy or Security of information,
particularly for the "Information Age", would simply be a gross
understatement!</i></p>
<p><i>> NO "APP of the Month" is going to solve the increasingly
gargantuan problem. After decades of big budget expenditures
toward ensuring the 'Security of information', 'SECURITY" has
remained elusive.</i></p>
<p>That has been my observation and worry too. I just don't see a
well-thought, end-to-end well-constructed solution in this area.
All I see is the advertising company and the rotten apple trying
to exert even greater control over society, in tandem with
governments trying to slip through surveillance systems in the
name of public safety. I am of course no expert in these matters,
but the relevant parties just appear to be moving in the direction
of their own agenda without addressing basic questions and without
giving people the time to reason about and question the
consequences of their actions. I suppose the constant references
to this situation as "war" or "war-like" are just a propagandist
attempt to raise the sense of urgency so that they can move along
without people asking too many questions. It seems to be a remake
of past events, or maybe I am just completely paranoid...</p>
<p>Thank you for summary, once again. I also wonder -- what is the
best way to follow your work and your recent developments in these
matters?</p>
<p>Marc<br>
</p>
<div class="moz-cite-prefix">On 4/27/20 2:31 PM, Robert Mathews
(OSIA) wrote:<br>
</div>
<blockquote type="cite"
cite="mid:7be7342d-ed1a-2de9-5c02-5ed548f2393d@hawaii.edu">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<b>David & Marc:</b> Thank you, for your notes, and the
pointers to resources. I shall have to review the resources to
which you have pointed, as time will permit.<br>
<br>
<b>LiberationTech:</b> If I may, I would like to address a
rudimentary concern WRT to the COVID-19 Pandemic, and to share a
few informational considerations MORE broadly that are
foundationally relevant to the SUBJECT AREA of concern to the
members of this LIST. I solicit your indulgence in advance.<br>
<br>
As a start, with good concern and respect for everyone's time, I
shall aim to condense and concentrate my response appropriately.
Before I move to share the aforementioned considerations, a quick
note on the COVID-19 QR-Code app, now being used in China.<br>
<br>
<div class="moz-cite-prefix">On 4/24/20 1:43 PM, David Stodolsky
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:mailman.4292.1587750215.1807.lt@lists.liberationtech.org"><font
size="-1">[ .... ]</font><br>
<div class="moz-text-html" lang="x-unicode">
<div class="">
<div>A Chinese app allows users to display a Red,Yellow, or
Green QR-code on their phones, but this has no privacy
protection. It does motivate users, however, since the
inability to display the QR-code makes life inconvenient
at best. </div>
</div>
<div>[ .... ]</div>
<br>
<div class="">dss</div>
</div>
</blockquote>
<br>
'Privacy Protection' is one of the many problems of this app.
Integrally, it is an application that is largely UNINTEROPERABLE.
To clarify, Chinese Citizen's COVID-19 related information
were/are not accessible in cities outside the city of primary
registry (Beijing.. Wuhan, etc.). And, naturally, from a
technical point of view, Privacy/Security is 'at least' an
INTEROPERABILITY and Information Systems' INTEGRATION problem
too. To design better apps, in this, or other cases, there MUST
be better understanding of the inter-workings of systems. It is
that point precisely, that will be amplified next. <br>
<br>
In the span of a few short paragraphs, the aim is to appreciate
the "root cause" relationships that tie the foundations of
perennial and ubiquitous Privacy violations and Security breaches
worldwide to those foundations of the now obvious - disastrous
COVID-19 related global public health management outcomes. Very
often, many types of failures that are likely to rise from "the
hoodoos" of defective and deficient policies and processes put
into place, generally do not REVEAL themselves, until it is too
late. In the United States, State and Federal governments have
been involved in preparations to confront a Pandemic for many,
many years. <b>So, why has the failure to confront and contain
the enemy - been so devastating, prominent and shameful? </b>
There is a GOOD DEAL to be learned by mapping and understanding
the similarities between the large-scale failures in our ability
to contain and manage the COVID-19 crisis globally, and how we
fail to properly understand and manage Privacy and Security
universes. I shall begin by providing an analytically critical
piece of information as it relates to COVID-19, to start. Ignoring
the fundamentals - imperils us all. Again, I beg your indulgence.
<br>
<br>
<b>Very elementally, COVID-19 or SARS-CoV2 "is" a Bio-Safety Level
(BSL) 3 organism (respiratory pathogen).</b> This means, in the
United States, if you are an accredited medical researcher with a
professional need to handle SARS-CoV2 to fulfill lawful and
accredited research requirements, you will be required and
directed to do so in a laboratory, which is a certified BSL-3
Containment and Handling facility. BSL-3 has within, very
specific handling and containment protocols, procedures, tools,
services, and command and control systems to protect the people
working within, and more importantly, to withhold/contain and
manage ANY and ALL BSL-3 organisms, from being released to the
outside world. Let us be firmly reminded at this point that any
attempt to capriciously "re-label" and/or "anoint" a DEADLY
PATHOGEN, as <font color="#ff0000"><b>a 'less deadly' pathogen</b><b>,
does NOT MAKE it so! Also, none can turn-back the clock on
ineptitude and incompetence.</b></font><br>
<br>
<b>So far, NOT one major media outlet</b> (among the hundreds we
routinely monitor) in the world has reported, or discussed, these
fine and crucial points.<br>
<br>
For weeks, in the middle of a pandemic, the public-debate in the
U.S. revolved around the stocks and allocations of FLIMSY Personal
Protective Equipment (PPE) "to guard" Frontline medical staff.
Allow me to be very precise about the technicality here. Again,
SARS-CoV2 is a BSL-3 organism. <b>Hospitals are <font
color="#ff0000">NOT BSL-3</font> facilities (they are also not
BSL-2 facilities),</b> nor are their STAFF sufficiently ATTUNED
TO, TRAINED, and properly outfitted/instrumented to handle affects
and consequences related to the presence of a pathogenic organisms
in their midst; in the air, or infecting their patients. <b>The
proper concentration/massing of resources and efforts should
have continually and congruously (wholistically) been advanced
toward protecting the public, and frontline medical workers
everywhere, 'knowing the enemy'; a potent virus. </b>Instead,
and all throughout this time, at least in the United States,
various policy and media elements have MATERIALLY been wasting
time and energy, day-after-day, <b>mundanely and obtusely
"gaggling"</b> on the IRRELEVANT and the INCONSEQUENTIAL; a
historical trend, and present experience, which has been <b>MOST
exasperating for those of us who understand</b> the important
CORPOREAL aspects of this crisis, and the gravity related to
inactioned situations surrounding the crisis!<br>
<br>
To affirm this point another way, I draw your attention to the
GRAND government supported video productions of the 1950's that
attempted to shape the <i>"prophylactic actions"</i> of U.S.
citizens against harms caused by a nuclear blast, in the event
that a nuclear weapon was dropped upon the United States by the
Soviet Union. In this select (1 min) video segment [<a
href="https://www.youtube.com/embed/IKqXu-5jw60?start=456&end=517&version=3"
moz-do-not-send="true">https://www.youtube.com/embed/IKqXu-5jw60?start=456&end=517&version=3</a>],
the narrator highlights that in the event of a proximal nuclear
blast, it was crucial for Americans to <i>"duck and cover" </i>oneself;
that covering oneself, even with a thin sheet of paper, or a cloth
sheet was very important, to not be a victim to severe burns. All
in all, such instructions defied the realities impressioned by
Science, and was largely <b><font color="#ff0000">intended to
mollify the masses,</font> while also imparting a
broad-stroked general impression (varnish) to all that
government entities were thoughtful, well-meaning, and
well-configured to protect the masses.</b> Consider that a
'flash-burn' from a nuclear blast the size and ferocity of a
Hiroshima weapon is able to strip away and char all surfaces
within a 10,000 feet blast radius. So, if you were JUST outside
this radius when an atomic weapon exploded, you may have been able
to cheat "death-by-charring", but c/would have succumbed later to
nuclear radiation/various cancers. In any event, a veil of paper
or cloth is no protection at all in such a case. Those public
service announcements were frightfully disingenuous, and DID
sidestep the vastly obvious!<br>
<br>
Again, fact remains that <b>SARS-CoV2 is a potent contagion and
pathogen, and that it requires 'BSL-3 handling'</b> cannot be
diminished by any national leader's acts of pandering, or tidy
'vote-getting' words of placation. The virus is an opportunist.
Fundamentally therefore, All MEDICAL staff, EVERYWHERE, NEED, and
should be APPROPRIATED the "required grade and range" of tools and
services to protect - when required to confront the likes of
SARS-CoV2, so that our professional medical staff will stand
empowered to protect those of us who become ILL, and the same
staff will also be able to subsequently GO ON to treat others who
would follow us in sickness.<br>
<br>
In the United States, the composition and emplacement of plans and
instruments to confront Pandemics having been a running part of
'National Security' agenda, since at least the early 90's; and in
some cases, much earlier than that. Despite this history of
expending huge sums of monies on planning, organizing, exercising
and reporting, what we have been able to witness recently is
nothing short of a utter disintegration of those plans, services
and orchestrations, failing to both protect, and to reconstitute
functions of society. What we have been witnessing is an entire
failure of systems, and <b>of 'system-of-systems'.</b> Lessons
from societal confrontations with COVID-19 can be instructive on
how we tackle 'Privacy and Security' as large-scale problems if we
pay attention to details. At the moment though, to say that we
are NOT properly devoted, constructed or orchestrated to attend to
crucial problems related to Privacy or Security of information,
particularly for the "Information Age", would simply be a gross
understatement!<br>
<br>
Lastly, there are at least two IMPORTANT, adjacent points to be
noted here WRT COVID-19. They are: <b>1)</b> large-scale
COVID-19 failures have been blatantly visible across nations
(large and small) from the East to the West, cultures, languages,
ethnicity, socio-economic stratification, wide demographic ranges,
etc. And, <b>2),</b> COVID-19 is a <font color="#ff0000"><b>'SINGLE'
enemy, a virus. </b></font> Now, in COVID-19 cases, WE KNOW
(more than less), "what" manifests the "illness", and "how" the
"illness" takes hold and advances. And again, despite the
billions we spent on constructing plans and the means to
"effectively confront pandemics", and for decades, in the face of
"clear and present danger", our modern systems, their capacities
and their capabilities - have been over-run, and have even been
out-stripped of utility in cases. Moreover, beyond the failure of
organizational components and systems, COVID-19 has also shown the
frailties of our command and control enterprises.<br>
<br>
Allow me to stress that, <b>'Privacy' and 'Security'
violations/breaches <font color="#ff0000">are multimodal</font></b>
in their origins, in their types, locations, size, impact, value
etc. NO "APP of the Month" is going to solve the increasingly
gargantuan problem. After decades of big budget expenditures
toward ensuring the 'Security of information', 'SECURITY" has
remained elusive.<br>
<br>
Therefore, unless significantly greater and newer insight and
comprehension of 'privacy' and 'security' elements are uncovered
for the "digital life", we will surely not be able to confront the
rising levels and the various types of threats that are
foreseeable. If conditions do not remarkably improve, and
swiftly, our defenses will be akin to mounting a challenge against
an artillery barrage with a pitch-fork!<br>
<br>
I present my apologies for the delay associated with my response.
The work-load has been prohibitive.<br>
--<br>
<font color="#b3b3b3"><i>Dr. Robert Mathews, D.Phil.<br>
Principal Technologist &<br>
</i><i>Distinguished Senior Research Scholar</i><i><br>
</i><i>Office of Scientific Inquiry & Applications (OSIA)</i><i><br>
</i><i>University of Hawai'i</i></font><br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
</blockquote>
<pre class="moz-signature" cols="72">--
GPG: 9C2A AF1D CC91 0A53 AB0A B6A1 C457 0E01 081F 8F91
<a class="moz-txt-link-freetext" href="https://emailselfdefense.fsf.org/">https://emailselfdefense.fsf.org/</a></pre>
</body>
</html>