Main

March 27, 2020

The to-do list

Thumbnail image for casablanca-dooley-wilson-as-time-goes-by.pngWith so much insecurity and mounting crisis, there's no time now to think about a lot of things that will matter later. But someday there will be. And at that time...

Remember that health workers - doctors, nurses, technicians, ambulance drivers - matter just as much every day as they do during a crisis. Six months after everyone starts feeling safe and starts to forget, remind them how much we owe health workers..

The same goes for other essential services workers, the ones who keep the food stores open, the garbage and recycling being picked up, who harvest the crops, catch the fish, and raise and slaughter the animals and birds, who drive the trucks and supply the stores, and deliver post, takeout, and packages from Amazon et. al, and keep the utilities running, and the people who cook the takeout food, and clean the hospitals and streets. Police. Fire. Pharmacists. Journalists. Doubtless scores of other people doing things I haven't thought of. In developed countries, we forget how our world runs until something breaks, evidenced by Steve Double (Con-St Austell and Newquay), the British MP who said on Monday, "One of the things that the current crisis is teaching us is that many people who we considered to be low-skilled are actually pretty crucial to the smooth running of our country - and are, in fact, recognised as key workers." (Actually, a lot of us knew this.)

Stop taking travel, particularly international travel, for granted. Even when bans and lockdowns are eventually fully lifted, it's likely that pre-boarding and immigration health checks will become as routine as security scanning and showing ID have since 2001. Even if governments don't mandate it the public will demand it: who will sit crammed next to a random stranger unless they can believe it's safe?

Demand better travel conditions. Airlines are likely to find the population is substantially less willing to be crammed in as tightly as we have been.

Along those lines, I'm going to bet that today's children and young people, separated from older relatives by travel bans and lockdowns in this crisis, will think very differently about moving across the country or across the world, where they might be cut off in a future health crisis. Families and friends have been separated before by storms, earthquakes, fires, and floods - but travel links have rarely been down this far for this long - and never so widely. The idea of travel as conditional has been growing through security and notification requirements (I'm thinking of the US's ESTA requirements), but health will bring a whole new version of requiring permission.

Think differently about politicians. For years now it's been fashionable for people to say it doesn't matter who gets in because "they're all the same". You have only to compare US governors' different reactions to this crisis to see how false that is. As someone said on Twitter the other day, when you elect a president you are choosing a crisis manager, not a friend or favorite entertainer.

Remember the importance of government and governance. The US's unfolding disaster owes much of its amplitude to the fact that the federal government has become, as Ed Yong, writing in The Atlantic, calls it, "a ghost town of scientific expertise".

Stop asking "How much 'excess' can we trim from this system?" to asking "What surge capacity do we need, and how can we best ensure it will be available?" This will apply not only to health systems, hospitals, and family practices but to supply chains. The just-in-time fad of the 1990s and the outsourcing habits of the 2000s have left systems predictably brittle and prone to failure. Much of the world - including the US - depends on China to supply protective masks rather than support local production. In this crisis, Chinese manufacturing shut down just before every country in the world began to realize it had a shortage. Our systems are designed for short, sharp local disasters, not expanding global catastrophes where everyone needs the same supplies.

Think collaboratively rather than competitively. In one of his daily briefings this week, New York State governor Andrew Cuomo said forthrightly that sending ventilators to New York now, as its crisis builds, did not mean those ventilators wouldn't be available for other places where the crisis hasn't begun yet. It means New York can send them on when the need begins to drop. More ventilators for New York now is more ventilators for everyone later.

Ensure that large companies whose policies placed their staff at risk during this time are brought to account.

Remember these words from Nancy Pelosi: "And for those who choose prayer over science, I say that science is the answer to our prayers."

Reschedule essential but timing-discretionary medical care you've had to forego during the emergency. Especially, get your kids vaccinated so no one has to fight a preventable illness and an unpreventable one at the same time.

The final job: remember this. Act to build systems so we are better prepared for the next one before you forget. It's only 20 years since Y2K, and what people now claim is that "nothing happened"; the months and person-millennia that went into remediating software to *make* "nothing" happen have faded from view. If we can remember old movies, we can remember this.

Illustrations: Dooley Wilson, singing "As Time Goes by", from Casablanca (1942).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

March 12, 2020

Privacy matters

china-alihealth.jpegSometime last week, Laurie Garrett, the Pulitzer Prize-winning author of The Coming Plague, proposed a thought experiment to her interviewer on MSNBC. She had been describing the lockdown procedures in place in China, and mulling how much more limited actions are available to the US to mitigate the spread. Imagine, she said (or more or less), the police out on the interstate pulling over a truck driver "with his gun rack" and demanding a swab, running a test, and then and there ordering the driver to abandon the truck and putting him in isolation.

Um...even without the gun rack detail...

The 1980s AIDS crisis may have been the first time my generation became aware of the tension between privacy and epidemiology. Understanding what was causing the then-unknown "gay cancer" involved tracing contacts, asking intimate questions, and, once it was better understood, telling patients to contact their former and current sexual partners. At a time when many gay men were still closeted, this often meant painful conversations with wives as well as ex-lovers. (Cue a well-known joke from 1983: "What's the hardest part of having AIDS? Trying to convince your wife you're Haitian.")

The descriptions emerging of how China is working to contain the virus indicate a level of surveillance that - for now - is still unthinkable in the West. In a Huangzhou project, for example, citizens are required to install the Alipay Health Code app on their phones that assigns them a traffic light code based on their recent contacts and movements - which in turn determines which public and private spaces they're allowed to enter. Paul Mozur, who co-wrote that piece for the New York Times with Raymond Zhong and Aaron Krolik, has posted on Twitter video clips of how this works on the ground, while Ryutaro Uchiyama marvels at Singapore's command and open publication of highly detailed data This is a level of control that severely frightened people, even in the West, might accept temporarily or in specific circumstances - we do, after all, accept being data-scanned and physically scanned as part of the price of flying. I have no difficulty imagining we might accept barriers and screening before entering nursing homes or hospital wards, but under what conditions would the citizens of democratic societies accept being stopped randomly on the street and our phones scanned for location and personal contact histories?

The Chinese system has automated just such a system. Quite reasonably, at the Guardian Lily Kuo wonders if the system will be made permanent, essentially hijacking this virus outbreak in order to implement a much deeper system of social control than existed before. Along with all the other risks of this outbreak - deaths, widespread illness, overwhelmed hospitals and medical staff, widespread economic damage, and the mental and emotional stress of isolation, loss, and lockdown - there is a genuine risk that "the new normal" that emerges post-crisis will have vastly more surveillance embedded in it.

Not everyone may think this is bad. On Twitter, Stewart Baker, whose long-held opposition to "warrant-proof" encryption we noted last week, suggested it was time for him to revive his "privacy kills" series. What set him off was a New York Times piece about a Washington-based lab that was not allowed to test swabs they'd collected from flu patients for coronavirus, on the basis that the patients would have to give consent for the change of us. Yes, the constraint sounds stupid and, given the situation, was clearly dangerous. But it would be more reasonable to say that either *this* interpretation or *this* set of rules needs to be changed than to conclude unliterally that "privacy is bad". Making an exemption for epidemics and public health emergencies is a pretty easy fix that doesn't require up-ending all patient confidentiality on a permanent basis. The populations of even the most democratic, individualistic countries are capable of understanding the temporary need for extreme measures in a crisis. Even the famously national ID-shy UK accepted identity papers during wartime (and then rejected them after the war ended (PDF)).

The irony is that lack of privacy kills, too. At The Atlantic, Zeynep Tufecki argues that extreme surveillance and suppression of freedom of expression paradoxically results in what she calls "authoritarian blindness": a system designed to suppress information can't find out what's really going on. At The Bulwark, Robert Tracinski applies Tufecki's analysis to Donald Trump's habit of labeling anything he doesn't like "fake news" and blaming any events he doesn't like on the "deep state" and concludes that this, too, engenders widespread and dangerous distrust. It's just as hard for a government to know what's really happening when the leader doesn't want to know as when the leader doesn't want anyone *else* to know.

At this point in most countries it's early stages, and as both the virus and fear of it spread, people will be willing to consent to any measure that they believe will keep them and their loved ones safe. But, as Access Now agrees, there will come a day when this is past and we begin again to think about other issues. When that day comes, it will be important to remember that privacy is one of the tools needed to protect public health.


Illustrations: Alipay Health Code in action (press photo).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

February 28, 2020

The virtuous patient

US-health-insurance-coverage-state-2018.pngIt's interesting to speculate about whether our collective approach to cybersecurity would be different if the dominant technologies hadn't been developed under the control of US companies. I'm thinking about the coronavirus, which I fear is about to expose every bit of the class, race, and economic inequality of the US in the most catastrophic way.

Here in Britain, the question I'm most commonly asked has become, "Why do Americans oppose universal health care?" This question is particularly relevant as the Democratic primaries bed down into daily headlines and pundits opining on whether "democratic socialist" Bernie Sanders and Elizabeth Warren, who both favor "Medicare for All", are electable. How, UK friends ask, could they not be electable when what they're proposing is so obviously a good thing? How is calling health care a human right "socialist" rather than just "sane"? By that standard, Europe is full of socialist countries that are functioning democracies.

I respond that framing health insurance as an aspirational benefit of a "good job" was a stroke of evil genius that invoked everyone's worst meritocratic instincts while putting employers firmly in the feudal lord driving seat. I find it harder to explain how "socialist" became equated with "evil". "Socialized medicine" apparently began as a harmless description but in the 1960s the American Medical Association exploited it to scare people off. I thought doctors were supposed to first, do no harm?

Of course, a virus doesn't care who's paying for health care - the real crux of the debates - but it also doesn't care if you're rich, poor, upper crust, working class, Republic, Democrat, or a narcissist who thinks expertise is vastly overrated and scientists are just egos with degrees. The consequence of treating health care as an aspirational benefit instead of a human right is that in 2018 27.5 million Americans had no health insurance. As others have noticed, uninsured people cluster in "red" states. Since Donald Trump took office, however, the number of uninsured is slowly regrowing.

Some of the uninsured are undoubtedly people who are homeless, but most are from working families. They work in gas stations and convenience stores, as agency maids and security guards, as Uber drivers, and...in food service. Skeleton staffing levels mean bosses penalize anyone trying to call in sick; low wage levels make sick days an unaffordable "luxury"; without available child care, kids must go to school, sick or well. Every misplaced incentive forces this group to soldier on and to avoid doctors as much as possible. The story of Ozmel Martinez Azcue, who did the socially responsible thing and got himself to a hospital for testing only to be billed for $3,270 (of which his share is $1,400) when he tested negative for coronavirus, is a horror story deterrent. As Carl Gibson writes at the Guardian, "...when you combine a for-profit healthcare system - in which only those wealthy enough to get care actually receive it - with a global pandemic, the only outcome will be unmitigated disaster".

This is a country where 40% of the population can't come up with an emergency $400, for whom no vaccine or test is "affordable". CDC's sensible advice is out of reach for the nearly 10% of the population whose work requires their physical presence; a divide throroughly exposed by 2012's Hurricane Sandy.

Sanity would dictate making testing, treatment, and vaccines completely free for the duration of the crisis in the interests of collective public health. But even that would require a profound shift in how Americans understand health care. It requires Americans to loosen their sense that health insurance is an individual merit badge and exercise a modest amount of trust in government - at a time when the man in charge is generally agreed to be entirely untrustworthy. As Laurie Garrett, the author of 1994's Pulitzer Prize-winning The Coming Plague, warned last month, two years ago Trump trashed the pandemic response teams Barack Obama put in place in 2014, after H1N1 and Ebola made the necessity for them clear.

If the US survives this intact, Trump will take the credit, but the reality will be that the country got lucky this time. Individuals won't, however; a pandemic in these conditions will soon be followed by a wave of bankruptcies, many directly or indirectly a consequence of medical bills - and a lot of them will have had health insurance. Plus, there will be the longer-term, hard-to-quantify damage of the spreading climate of fear, sowing distrust in a society that already has too much of it.

So back to cybersecurity and privacy. The same type of individualistic thinking underlies computer and networking designers who take the view that securing them is the individual problem of each entity that uses them. Individual companies have certainly improved on usability in some cases, but even the discovery of widespread disinformation campaigns has not really led to a public health-style collective response even though pervasive interconnection means the smallest user and device can be the vector for infecting a whole network. In security, as in health care, information asymmetry is such that the most "virtuous patient" struggles to make good choices. If a different country had dominated modern computing, would we, as Americans tend to think, have less, or no, innovation? Or would we have much more resilient systems?


Illustrations: The map of uninsured Americans in 2018, from the US Census Bureau.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.