 Well, hello, I'm Jonathan Zitron, along with the illustrious and brilliant physician and public health expert, Margaret Bordeaux, together we host from the Berkman Klein Center for Internet and Society at Harvard University, COVID State of Play, where we take up on an occasional basis our own snapshot of what we're seeing and thinking about the state of the global pandemic, what ought to be done about it. And we often, as we do today, have an invited guest or two to help lend an additional perspective on a given topic. And today's topic is around health intelligence, and I'll put it over to Margaret to introduce Tara Wheeler. Thank you so much. Yeah, so I am so excited to introduce Tara Wheeler, who is a Harvard Belfer Cybersecurity Fellow this year, an International Security Fellow at New America and a 2021 US-UK Fulbright Scholar in Cybersecurity. So what a mouthful. Tara, I was actually going to start off by just saying, do you remember when we first met? The first conversation? Yes. Yeah, well, it was a very striking day, because I think it was back in March or early April when things were just starting off with this pandemic. And, you know, I talked to you because I think I was learning that you were going to come to Belfer to be a fellow with with me. And really, I hung up the phone and it was like, that is the most interesting 60 minutes I've I've spent in a very long time. So thinking about cybersecurity and health and health data and whether that the collection of health data might be a problem. And might be an issue in terms of whether other countries and countries that wanted to do the United States harm would be interested in attacking our data systems and our epidemiologic surveillance systems. And, you know, you had a lot of really provocative things to say about about data and data systems and whether they were secure could be made secure. So I hung up the phone with you and then actually later that day, I was just confirming this as I was going back and looking at my calendar, I had one of the sort of saddest phone calls that I've had over the course of this pandemic and pandemic response. And it was from a friend of mine who's a pediatrician in Chelsea, Massachusetts, you called to say, listen, you know, Margaret, I don't know that you're totally clued in here about what's happening in Chelsea. Chelsea is a community, 80% immigrants, a large undocumented population, mostly Hispanic in origin and people, a lot of people working in the informal economy, a lot of service workers. And the other thing to know about Chelsea, of course, was that rents had become very high. And so a lot of people have been packing into smaller and smaller living quarters. And she said, you know, what's happening is very, you know, COVID has really hit Chelsea very hard. She said, you know, I just got off the phone with the social worker from the hospital, who was telling me about two patients of mine, two children, who are in the hospital. I said, oh, God, with COVID. And she said, no, not they don't have COVID. But they're both of their parents had were deported in an ice raid six months ago. And so they were handed over to a neighbor, to be a caregiver, an elderly neighbor, and the elderly neighbor just died of COVID. And now these two children are, you know, essentially and effectively orphaned. And the community is nowhere to put them except for in the hospital. And you know, she was kind of going through how the community was mobilizing. There was a massive mobilization effort in Chelsea by the community really pulled together to try to help, you know, the suffering that ensued from the pandemic. But really what I thought at the time after hanging up with her, I really thought this is how things were going to go. I thought that the state of Massachusetts would sort of swarm into Chelsea with a lot of COVID tests would go door to door and test people for the disease and help people who are found positive to get the supports they needed to be in quarantine, or if they were sick, you know, isolation and get the medical care. And, you know, within a 48 hour window, 72 hour window, maybe at most, you know, we would get our arms around around the outbreak in Chelsea. And of course, that was an incredibly naive idea. And in fact, what happened was no such testing was worth coming. Even if the state had the capability to do that, the tests that they did expect folks to get were really through their clinics, through their medical homes, their doctor's offices. And of course, many people in Chelsea either were uninsured or underinsured, didn't have a medical home, didn't have a clinic. Even if they went to the clinic at the time, the clinics didn't have the tests to give. And the groups that really did have the tests were at the hospitals and the hospitals were using them to admit people who were sick. So even if they'd gone to the hospitals, gotten a test, then the hospitals didn't necessarily report at that time, they didn't actually report that data to the public health departments. The public health department was struggling in that very moment to try to expand its reporting database of reportable diseases. And hospitals, the rules around what hospitals had reported in terms of testing results was very limited. And lots of hospitals didn't bother or didn't want to report the negative tests they had done, for example. So the state really had no real capability to collect data about who was infected, where they had gotten infected, and whether any measures that we were doing were working. And things have improved since that point, to some degree. But still, Massachusetts and the United States does not have that kind of capability, that kind of ability to see who has been impacted, the context in which they've been impacted that has led them to be impacted by any health threat, and whether a public health intervention is working. And as I've kind of sitting here in the dark days of 2020, kind of reflecting over this year, I have reflected, you know, right now, I would say this is the worst, this is the best of times is the worst of times, right? This is the best of times because we really do see this vaccine coming. It's very exciting. But it's the worst of times because we still don't really have a public health system or capability that can respond to this disease with in a way that is makes a that limits the suffering from the fallout of things like lockdowns and social distancing, and school closures and things like that. And so the as I'm kind of looking out in 2021, I'm thinking a lot about this issue of how does this country and the world have what I've sort of started to think of as public health intelligence, a public health intelligence capability, that means the ability again to see who is being impacted, why they're being impacted, and what if what we're doing is working. And that seems to be a basic requirement of a functioning society in 2021. Because I'm sorry that COVID is not going to be the last pandemic, there are going to be a lot of other epidemics, pandemics. There's also going to be a lot of other health threats. We have that can make all of our antibiotics ineffective. You know, we have environmental hazards that are increasing in tempo and devastation. We have pollution that is impacting communities in ways we don't even perceive because we're not collecting the kind of public health data that we would need to be able to detect impact. So there's a whole lot of issues here around how are we going to collect data? And how are we going to be able to make it useful? And that has really made me circle back to that conversation we we had in March. Because, you know, you kind of put the fear in God, the fear of God and me about what can happen with data and how it can be misused. And yet so I find, you know, I'm in this very sort of rock and tight place moment where I'm like, Yeah, I get it. It's it's really dangerous maybe. But, you know, we can't move forward without a better better data. And and so I'm stuck. And so I'm so glad that you have come in to join us because to maybe help me get unstuck or to say no, no, no, you're really you really are stuck. And kind of how we're gonna how we're gonna proceed. That rock in a hard place is real. And I remember that phone call too. If I recall correctly, that was us at just very beginning of all of this, it was right in the middle of March. And you were just starting to be called upon. And day by day, every global health expert in the world was just being slammed day by day. And I was so grateful to have that conversation with you. Because you're right, you're between a rock and a hard place. The problem is, is that more people like you don't see that don't see the rock in a hard place. And that you're not going to choose one or the other, you have to steer a course between them. This is this is not, this is not an easy choice. This is figuring out the course between Scylla and Corbett's right, we're trying to steer that middle course between not getting any data at all. And oh my God, what just happened to all that data? And that's the challenge that we're facing. So I'm going to grump today, like a UNIX beard, about security, about how we're handling it in this country. And that's because a lot of my morning has been on the SolarWinds hack, actually, and about USG, the United States government dealing with how we handle data security in this country and how we've been handling it. So I'm going to grump about it. But I want to recognize right at the moment, that the fact that you were even thinking about it at the time, means that you're someone who's seeing this problem holistically. The big issue with information security is that most people see only a part of it. I see not only that we need to figure out a way to protect people's data, but also, Margaret, I want you to win. I really need you to win because COVID is not going to be the worst pandemic that we see in my lifetime. And I really need you out there because I don't want to go get an MD. I want you to have the MD and I want you to solve this problem. I'll help you with data. Thank God. Thank God you're here to help. Well, here to help want to live. I wonder, I was going to say, I appreciate Margaret in your introduction. I feel like you kind of managed to recapitulate all prior sessions of our webcast, which is great to have a kind of end of year summary, especially as it feels a little bit like maybe we're turning the corner, but you're speaking to really fundamental problems and problems across the board. In this case, I guess we want to focus a little bit on both the need for and the dangers of building the kinds of databases we think you need for an infrastructure of so-called health intelligence. And for that, Tara, I wonder, in the public health context, is it helpful to distinguish between the kinds of data that decision makers need and experts like Margaret need for collective health decisions? Where are there hot spots of COVID and where should we rush resources or have differential application of public health measures that might not require such granular individual data that if compromised would be a problem? So that's on the one hand. And I also think a little bit if we have a chance to speak to our colleague Cynthia Dwork and others who have invented differential privacy as a way of making databases that can be queried for statistical epidemiological purposes, but even if breached, don't compromise reliably individual data. And on the other hand, it sounds like there might also be a need, maybe under the rubric of health intelligence, to actually know what individual needs and problems are at which point you don't want aggregate data. You need to know exactly who has COVID so you can help them, which makes it a little more tight between Scylla and Corriptus on how to secure that kind of stuff. I think it's a great question to ask ourselves, how much data do you really need? And the answer is, as someone who is not a physician, but someone who has expertise in statistics, expected utility and securing data, I know what I can give global health experts that is unlikely to cause a breach. And at the same time, I think we're not being called on enough to do that kind of work. Global health experts were getting called on instantly in the beginning of the pandemic to start working on the health implications of what was happening. I think this next year, kind of my prediction for 2021 is going to be a mop up job for a lot of information security specialists dealing with the cleaning up of the data that was collected in individual locations that was never audited, was never secured properly. And we're going to see a massive increase in the amount of interest in information security in health practices. That does not mean we don't need to create and provide the access to the kind of data that Margaret and other global health specialists need. Because again, this problem isn't going to go away. The problem of needing access to collective amounts of patient data that is anonymized in some way isn't going to go away. It's just going to become more important. And yet I'm not honestly seeing the technical solutions getting implemented right at the moment or any call for them. Let me just sharpen that a little bit. Is it your view that in 2020, there are sometimes elusive things called best practices? And if magically those building databases, having custody of them, securing the networks and everything were to adhere to best practices, a big if. But if they were, we'd more or less be in okay shape. Or do you think that the problem runs deeper that even if everything were done right, it's more or less an inevitability that you're going to end up with data breaches. And we have to look out for that. It is an absolute inevitability that data breaches are going to occur at the highest levels. That does not mean we do not need to abide by best practices. And it certainly doesn't mean that we need to blame the people who have become victims of these data breaches. What it means is that we have to start understanding that systems that operate on a computer and store human data are as flawed as the humans who created them and secured them and set the rules for their access. Health and patient data security is national security at this point. And the reason I say that is because it only takes one time of losing a large database of health records in order to permanently compromise the people who experienced victimization in that data breach. Does that mean we need to not engage in best practices? Absolutely not. What we need to start doing is recognizing not only differential. I love the differential privacy example that you gave, the capacity to query statistically for data that helps decision makers. And at the same time, we have to recognize that it's not a single step process. Either you fully anonymize someone's data and it's safe for all time, or you don't bother to do anything about it. You just try to keep it in one big bucket someplace and put lots of locks and chains around it and the four knocks of data. What I think we're going to start seeing is that those best practices are going to involve a series of gates with a series of anonymizations where it is respectively harder and harder to walk back towards the individual patient's data in order to identify that person. It requires more authorization, more qualifications, more permissions from the patient. And yet at the other end of that, the data that is most accessible accessible to the most number of global health specialists to the institutions that need it, that you're going to see a greater degree of anonymization. It's not one or nothing when it comes to securing a big database like that. You can add multiple gates. You can add security by design and without any doubt, we do need to have that access to that data. But I am seeing people giving up on the concept of the best practices out of just the sense of utility. Yeah, it's funny that I'm asking if best practices were sufficient can so easily because it's out there end up a question about whether they're even necessary. And I meant the more is the sufficient question. But maybe another way of rephrasing it is let's suppose you've got a generally enlightened well-meaning and decently resourced state policymaker trying to do the kind of stuff that Margaret Ruz wasn't done in the early days of the pandemic and may not even be done now with Massachusetts as the example is securing whatever someone like Margaret would recommend for data about people and their health and the transmission of the virus is securing it the kind of thing that a policymaker can do by writing a large enough check to some technology consultants or advisers or something the kind of way that it's like I'm trying to build a building I really need it now going to house people in it I just need to make sure it won't fall over there are people that can do that or is it more somehow profound and fundamental to the process of assembling that data is is there something more that those top policymakers would have to be bearing in mind to do it right I think in the beginning of the pandemic we saw an awful lot of blow-up tents with campcots in them to house victims of covid is what I think and I think that people were forgiving of the fact that we needed to create and and deal with emergency measures in that moment I think over time it's not acceptable to simply write a check and hope that a third-party vendor can rapidly solve a problem you need the defense in depth of people who actually understand how to implement information security and in depth to secure the kind of patient data that you're talking about is it enough for a policymaker to just write a big enough check to secure this data no it is not and it's because no one person no one organization certainly no one third-party vendor can solve this problem completely when I say defense in depth I don't just mean that we are putting enough gates around one source of information I also mean that the kinds of best practices that you that you've mentioned are something that every individual person in a chain of ownership needs to take ownership of I spent a lot of time this morning explaining the solar winds hack to people and I explained it I don't know how how in depth you want me to go you want me to go into this but there's a trust element there I think on the part of people in this this country and around the world when it comes to government securing data and I think that one of the problems we have is that we don't understand the difference between an organization or agency getting hacked and where the flaw in the security actually was was lying the solar winds hack this morning this is for for those of you that are kind of tuned into this what happened basically was that what is speculated right now to be a Russian nation-state attack versus US government agencies and information storing systems occurred through breaching a third-party vendor solar winds it's an IT infrastructure provider the kind of company that Jonathan's talking about right now about writing a big enough check to that company had a a breached software update process where people downloading updates of their software were also downloading a backdoor into the systems that they were installing it on and which has a certain irony they were trying to do it right and stay updated and patched and the very patch was the problem this has a very good analogy to a vaccine just because there's going to be one or two people that have a bad reaction to a vaccine does not mean that we do not need to mass vaccinate right this is that moment where we see that there's a couple of flaws in the system and statistically speaking you cannot have a perfect 100 percent working vaccine that has zero side effects I'm sure Margaret can tell you more about this but what I'm telling you is that this is the equivalent in that moment of something like a vaccine you still need to have everybody doing the right thing in that moment just because one or two people statistically are going to have a bad reaction to it just because several of the agencies that were one that were part of the 300,000 customers of this third party vendor were breached as a result of trying to do the right thing doesn't mean we shouldn't also still do the right and secure thing I actually this is one of those moments where we have this great analogy between me and Margaret's work this is like a vaccine you still have to do it yeah there are going to be some bad side effects and there is no such thing as perfection here only trying to do it better more over time I mean that's really an interesting analogy to emphasize that you wouldn't want people to take the lesson from this it's like well that's it no more patches for me I'm going with the tried and true vulnerabilities rather than the unknown new ones and that's an important lesson of course it might be a disanalogy that the vulnerability is to everybody who is staying patched it's not a kind of idiosyncratic one-off reaction it's at the election of the adversary as they say as to who will pay the price for the vulnerability but this kind of gets to your it's if not inevitable it's you can try to lock every door and engage in every best practice and at some point you're still going to have a problem is there anything if on the list of hackies were to be the hypothetical custodians of again the kind of data Margaret would love to see gathered for the purposes of public health is there anything they could be doing to better I don't know it's almost like there's going to be a flaming tree falling on your house is there a way to waterproof it or something I don't know what metaphor I'm looking for here but what would we do if we were trying to wisely anticipate moments like these this is a law of big numbers situation you don't prepare for your house to get hit by a flaming tree statistically speaking 10 15 people are going to have a flaming tree fall on their house this year what I prepare for is making sure that the lights are turned off when I leave that the doors are locked that I've got proper cameras around the place because I am maximizing for a general low level of threat and keeping my day to day as safe as possible while recognizing that a tree could literally fall on my house at any moment in fact two years ago a big branch from a tree near our house did in fact fall in the middle of the night in the middle of a cold snap woke me and my husband out of a dead sleep what the hell was that you know that there's a smashing sound right and here's what I'm here to tell you I didn't take out an insurance policy the next day for oh crap a branch fell on my house right because it happened to my neighbor what I did was I kept locking the doors I kept not leaving the stove on when I walked out of the house I mean mostly I don't leave the stove when I walk out of the house I don't mostly leave the house right now but the the idea is that we've got to prepare and stay safe for the threats that are real and every day I want people updating because I want people thinking about heart disease and cancer and high blood pressure to again live over in Margaret's world on this one we're not talking about dengue fever in the middle of Illinois right we're talking about something that everybody has to worry about statistically speaking I'm still not going to die of COVID right so I still do push-ups every day I want people thinking about the general level of health that they've got to deal with and and that is the best practice every day it is not fun to do push-ups and you know what I don't like broccoli deal with that I'm just not a fan I don't like spinach and kale ugh but I'll eat apples you know I'm good with tofu you know I will make the best choices I can with my health and that's what I want people thinking about with security yeah so maybe Margaret it makes sense to go back to you if it's fair to ask like what would the ingredients either hypothetically or from what we know from other places that appear to have things a little more together what are the ingredients of a public health intelligence apparatus what are the moving parts that you'd want people to know about so yeah so two things I think are helpful to kind of preface what I'll say the first is over this over our time together Jay-Z I think one of the trends that we've seen is that when data is collected really there's an emphasis on trying to collect as little as possible you know with the hope of preserving privacy and I think one of the really unpleasant things to realize is that in every case that was basically a mistake so you know the Apple Google game framework around digital contact tracing they took out the most important piece which was the location of where people were so with great pride I mean that's that to this day is trumpeted as exactly exactly yeah really needed to understand the environments in which transmission was happening and we you know we needed to work with people to understand you know whether the quality of the the risk that they had that they had actually been exposed that you just simply couldn't capture with that kind of an approach I think the second the second example is from a mistake we've made in the contact tracing program where we kept saying to people oh yeah every time you talk to somebody who's infected they're going to want to tell you all about where they think they got it ignore that cut them off there you know just have them focus on telling you who they've been in contact with since they've had symptoms or a couple days before they had symptoms when actually that we were telling them to ignore the most important thing which was which was where people think they got it from and once we started investigating that we started being able to do cluster analysis and that meant we started to understand oh it's the locker room of the hockey rink that is causing the transmission not on the hockey rink and by the way what was the well-intentioned motive behind don't let people say where they think it was was it that people would get it wrong was it that as long as you write down everything it's probably in there somewhere what what was going on I know it was because we didn't think we needed health intelligence we thought okay we're in here and now all we're going to do is use contact tracing to try to stop the propagation of the of that particular line of transmission not use it as a way of understanding and characterizing where in the context in which people are getting sick and we didn't want to do it because that was also we knew it would be dicey you know like we knew that it would be dicey because somebody would say oh I got it at the illegal club or that's still running or I got it at that wedding or the protest or the protest or you know by the way I was whatever doing a drug deal with somebody and I've exposed them or whatever it was and so the more information though that we got about the more personal granular information about where people had been and who they had been with the more valuable it was from a from a public health perspective and so I think that that's one tension right that I've sort of seen out before as the other thing I think is really important to communicate to cyber people and people outside of the health system. In fact it's important to communicate to doctors is that in this country there is a stove pipe separation between our medical care system and our public health system and the medical care system is where is the well that's your doctor your clinics your hospitals your public health system is a totally different system that is orchestrated is a public sector function it's orchestrated at the local and state level and it is resource poor it's been stripped of resources etc and its connection to the medical care system is very tenuous there's only a couple of only a couple of connections so like one of the connections people might be familiar with is a newborn screen if you have a baby they take a little bit of blood from the heel and they put on a piece of paper and then they send it to the public health department from the medical care hospital right so that's like one example of a program where you know that information is given to public health system they're not that used for yeah so they are using that to detect genetic genetic conditions that medical illnesses and so the public health department then you know runs the analysis says oh that child you know can't can't eat certain foods or else they'll have permanent brain damage and then they go out and they call the doctor and the doctor goes and tells the tells the parent for whatever reason we've housed that in the public health domain but you could imagine that that's a program that just would be run through every hospital they wouldn't necessarily need a public health lab to do that test but those tests are sort of specific and you know they're they're not something the hospital lab would sort of every hospital lab would love to sort of specialize in um so that's kind of a marriage of convenience connection there are others so there are a set of diseases that have always been sort of tracked and diseases with you know communicable potential the plague measles these are things that if you your hospital tests you for if they can't rule it out then they send it to the public health laboratory and so that's the other sort of connection but boosts day to day doctors working in a hospital they don't know anything about the public health department they don't know who is in charge of the public health department they don't know who's in charge of the public health lab and that matters because the public health the sort of where the I think the education around data security is very much more sophisticated in the medical care side and not as much sophisticated on the public and the public health side you know so you have sort of education around the hospitals are very much worried about being hacked and medical data being stolen but the public health folks are maybe not as a tuned tuned to what could happen now part of that is because their information systems are very primitive most of our public health system is being run off of fax machine like Afghanistan you know they're worried they didn't have anywhere to bomb well estate state enemies don't have a lot of targets in the United States and so so that's one thing that's maybe saving us from a big epidemiologic surveillance I see how like the the physical filing cabinet is both secure in a digital kind of way and extremely limited in a digital kind of way exactly so I'm wondering is the picture you're painting that we're then going to ask Tara to take a look at and tell us where its vulnerabilities are is the picture you're painting one of there's a lot of tributaries of information that might kind of come out of the medical standard health care system hospitals urgent care centers apps Google queries who knows what tributaries that go into a river that feeds into now I'm going to Hollywood eyes it some kind of public health fusion center with crisply uniformed people looking at massive screens that have dots appear where like all right we got another COVID in sector 12 you know 4G or whatever it is and then they can snap too but you don't need that many people in that fusion center and they can just issue the orders and say all right I need you to go do something stat is that the kind of vision you're painting for which then you need a sort of Fort Knox where the data lives but you don't need a ton of people legitimately getting access to it all the time just kind of the public health whizzes who can deal with it yeah I so I do think it is you know in my mind's I right there is some there's some system where you know people come into their clinical home their medical home and they're you know they get a test for COVID and that positive test is funneled into across the divide across the medical system into the department of public health and all that is collecting all the positive cases and then information about that patient is accompanied with that positive result including where they might have gone etc etc their public health folks take it they analyze it they de-anonymize it as much as they can and you know compile it to try to understand you know how how it is you know how effective it is and then and then vice versa that the public health system is able to take information about emerging threats or environmental conditions that should impact patient care and funnel that into the doctor's office so that the doctor can say oh I see that you're living in an area where there might be higher levels of lead in in your water let me you know let me try to test you test you for lead and so I think that that's the kind of feedback loop that I think would be really helpful and and in times of crisis critical but I'm just not convinced that you know I just don't know how to do that you know I'm not exactly sure what the ramifications would be I mean people are already reporting very sensitive things to contact tracers at public health departments that are collecting very sensitive data so that is already you know happening to some degree and this would mean more you know more of that and and maybe so much more of it that would become a much more valuable target for for exploitation yeah so Tara given the picture that Margaret's painting and the kind of desiderata of what would make for useful stuff for the public health system to know I don't know what kind of sort of threat surface or attack surface do you see that makes it different if at all from all sorts of government databases that have sensitive data about who's collecting benefits or tax returns or you know you name it the end state of all patient data is either that it is eventually deleted or tried it away over time as as patient data ages out or hospitals go under or records get deleted or it becomes fully public and is in the hands of our enemies that is the end state of every single piece of customer data patient data you can tell what I've been talking about this morning customer data patient data doesn't matter who it is the end state of all data at all is either gone completely or in the hands of somebody you don't want it and when it becomes sensitive data like health data it becomes even more important to realize that is the end of all of the data that we're collecting here the best case scenario is that we expire the data that Margaret's looking for in terms of individual personal access to it as fast as possible sounds like we might the worst case we might be able just on that one point probably thread that needle right I mean we could have basically crisis duration access for a lot of the granular stuff and the rest can be duly aggregated but it sounds like a lot of this is about acute response rather than sort of I need to keep 50 years worth of somebody's tax returns if I'm the IRS this might be the way that we steer through this course because like I said I want to see a robust public health response with the information you need and not one bite more for any upcoming health emergencies right and the best scenario that we have is an active response that deletes data as fast as it is humanly feasible the reason we want to do that is because we know that collecting data over time leads to either its storage use and sale or it's released into the wild unintentionally if we were going to steer a course here and I'm speculating honestly because I've not seen this done very well by very many people if we're going to do this the data needs to expire faster than most people would think reasonable the reason for that let me just so first of all right now I know of somebody and I'm furious about this I know of somebody who received information that someone who was around people that they were around tested positive for COVID and very likely tested positive for COVID and got the results back days after they were tested and also while they were waiting for results was around people that the person I know was around I'm furious I said I know a lady that I want to call right now and tell her all about this and I'm very angry her name is Margaret and I want a public health response to this immediately and there's no one to call right that's the thing I think that we're trying to solve here there's no one to call because there's not this conflicts of trust in a system and expert access to that system and that data in a way that lets us get a robust response while at the same time protecting individual rights and the reason in this moment that I don't I don't want to protect individual rights in this moment I want to know the names of all the damn parties responsible for this situation and that my friend who was at second degree exposed to COVID very likely knowingly by the second degree degree person who tested positive I want to call the law right and believe me I rarely want to call the law I'm an offensive security researcher where we have a tenuous relationship with people who enforce the computer fraud and abuse act at best but the idea that that we can find a way between this very likely look likely looks like affirmative deletion of data confirmation that we've gotten rid of personal information as fast as possible I think that might be the only way we can go about this and I cannot believe I am saying this and somebody on the internet is going to get so mad about this this might be one of the very few reasonable uses of blockchain I've ever heard of I mean blockchain is terrible it's not magic pixie cyber dust people okay but there's a reason to use it in cases where you want to in a distributed fashion affirm that an action was taken at a given point in time and place and that right there might involve the confirmed deletion of medical records not the records themselves oh god no but there might be a reason here and a way that we can use some of the more interesting disruptive technologies we've developed to really help this situation yeah and I'd love to see that happen I'm not sure what blockchain would be doing there that's different from the relevant organization putting a certificate on their website of pain of burgery we deleted the data they're both just assertions oh it's different no no no see that's that's the different there's there is a there's a fundamental technical difference there and it's a mathematical one anybody this is this is a question of a kind of under penalty of perjury well the reason we have penalties for perjury is because people do that yet right I've been in information security and I've seen a lot of fraud a lot of problems a lot of people attesting to things they shouldn't be attesting to I haven't seen in a distributed system like this in contracts and ledgers I haven't seen without some pretty sophisticated technical attacks a way to fake whether or not a contract was or wasn't signed at a given point in time that's something you're going to get I think you might actually have some more technical leaders behind that possibly people even like me who thinks this is a bad idea but we're gonna have to do it anyway yeah I guess I'll have more reading to do I find myself completely confused by this branch of our conversation because you put something on the blockchain all you're doing is saying that you have a private key that hopefully hasn't itself been compromised that lets you flip some bits on the chain which is the same as flipping some bits on your website and I don't know is if you're worried that somebody would hijack the website and say something wrong I don't know we're about to now get into like the college vote and why the electoral vote should be recorded on the blockchain rather than sent by certified registered mail as they are I want to keep having that conversation but not now one thing coming out and clear from this and absolutely let's have that conversation because I am yet to be persuaded that that's a good use of watching but um oh lord I'm not either but expiration is a clear a clarion call and that's a great anchoring point that people might not have in mind they're just like build it and we'll deal with data expiration later but being able to build that in from the start seems like a great idea are there commensurate sort of or complementary things that you would say of similar sort of gravity that you'd want to put alongside expiration as principles for kind of building the kind of medical system is one of the questions in the question and answer queue is saying if you could build this thing from scratch what would the framework look like are there things alongside expiration so so I think expiration is a great idea I mean you know because I think I don't think that collecting less data is actually is a good idea because we need that data in the at least in the short term to really make progress I think the you know this this data will just you know deconstruct in five minutes or so is a very interesting idea you know and certainly one using research I think the thing that I get a lot I have to say a lot of folks that I get into conversations with about data security and health and in particular health crises you have kind of one of two reactions that's kind of schizophrenic and maybe it's a very American thing on one hand folks are like oh my gosh I am not sharing anything with this government that's going to come and you know arrest me in the middle of the night and do bad things to me there's not one thing I am very privacy oriented and then on the other hand is the opposite reaction which is what who cares if the Russians hacked my data like what who cares if China knows what my mammogram said I'm just not that interesting you know or who cares if they know I can or whatever so the sort of which I gather that's a way of asking Tara like what's the all right let's say an adversary and it's not any old adversary it's got to be one with sufficient resources so it is like the government of a major nation state that's into this stuff say what what would we see them doing that would be the most worrisome to us we have seen this information used for blackmail purposes for deep fake purposes for the ability to recreate someone and their consent or identity without their knowledge of it one of the things I've seen and I think Margaret's probably going to have seen a lot of this as well too during the pandemic I have seen from the very beginning as schools started to go online I started to see parents having to sign their kids in every couple of minutes to to online learning systems about halfway through the pandemic that flipped and every kid I know now has all their parents passwords because every parent was like I can't handle this anymore kids starting to sign in instead and so what we're starting to see I think here or just a vector there they are absolutely both the vector and the attack surface but the concept here for identity and access management is that we're starting to see identity is something that you own and operate instead of something that you are and when someone can grab a piece of that identity and attest to it with things like valid medical records social security information financial information combine the OPM leak with the Equifax leak with a healthcare leak with the the recent solar winds leak combine all those things and you've got a real convincing government employee on paper that's what we see and it's it's a combination instead of attrition over time of that data we see this accumulation this creation of data that starts to make it more feasible that you can attest to owning and operating operating properly someone else's identity that's a thing that only gets worse over time it doesn't get better because of the way biometrics work the way we conceive of computer security right now I can't change my face I mean I can but it's expensive and I don't want to I like it I can't change my fingerprints I can't change a great deal of the things that physically make me me and yet using those things to identify me and having a digital record of them that are taken makes it incredibly problematic for me to prove I'm me instead of someone else who has all the same records so that's the concern I think you see many people having with this the more sensitive the person the more important the person the more that's a weapon and those are conceiving those are being conceived of as weapons in a new kind of way we call it disinformation now we don't call it propaganda we call it disinformation because you can get a lot more grant money right now studying disinformation than you can propaganda but these are all ways of attacking people's conception of the world and that's what we see happening and I think people are already distrustful enough that that the state of the world that is being represented to them is actually reality right now we're having a big conversation in this country about whether or not what we see is what's actually happening and I'm here to tell you that everybody watching any individual news channel is deeply convinced that they know the truth and people watching a different media outlet aren't that's incredibly problematic not only for the kinds of health responses we need to see the kind of fear that Margaret was talking about like what do I do when the government gets all my data and and never gets rid of it am I going to even be helped by this or the opposite side of it what you know why should I care if somebody has my information I think that that becomes a different question why should I care if someone has my data becomes a different question in five years when you find out you can't get a job because your credit's wrecked because your medical history has been exported elsewhere and you're no longer able to qualify for security clearance it's there's a there's a longer term game happening here with the the collection and storing and accretion of human beings and their identities and that's it's what's happening but at the same time it makes it more problematic to be sure that what you're seeing in micro ads on Facebook and Twitter and wherever are really what's happening it could be just targeted to you to change your state of the world it you know it stands to reason I would imagine you know even like let's just take this current example if we wanted to have people quarantine for 14 days now it's now into 10 you know you can can you just pack the exposure notification of system of Massachusetts and say you've been exposed we're we're expecting you to go not go show up for work for 10 days and if if you don't comply then you're fine $500 a day you know right now we've taken such a you know very loosey loosey kind of approach to the intervention that people are not you know really enforced into quarantine things like that but but but those things you know a maybe coming down the line here and also with worse you know diseases that we are more scared of like I don't know Ebola or flu that kills you in three days for two days you know kills children etc you know you can imagine that spoiling of data combined with the seriousness and the power of public health law should it be used might be a really bad thing you know I can sort of start to imagine something like that now I think you know it's less likely like I said because we just don't have the systems that in place to be able to do that to be able to be attacked in that way but that that does that does give me pause as I sort of spin out a vision of what would be the ideal public health intelligence kind of capability and what it would look like and kind of the way in which I hear Tara saying that you can end up with a whole greater than some of the parts in a bad way for compromise of personal identity that any given fragment that's compromised may not be such a big deal but if it's becoming part of sort of the gray market dossier that's not so hot and that is kind of a one-way ratchet that is more and more as compromised that's kind of what I'm taking from what Tara is saying I realize as we're rounding the full hour we didn't open with our tradition of sort of the snapshot of a word or three as you described the state of the pandemic right now and I think Margaret since we last convened the vaccines have been approved that had not happened when we were last talking I think and so my recollection is that usually the assessments range from the horrible to the dire can I just ask what your some of the state of play would be right now yeah I mean I guess I'm gonna take the liberty of having two two thoughts so the first is the phrase it was the best of times is the worst of times it seems to seems to be how I would describe things I do think the vaccine is incredible and I I sort of am sad that we had to prove our scientific innovation prowess this way because you know the worst of times where so many people are dying per day in the United States and basically we have it completely run amok you know as we come to the end of this year this is the other kind of reflection I shared with some friends in the other show that I do on questions from quarantine is you know come to the end of the year we're facing a year that I think will be more hopeful but there's a there's a need I think to really pause and and and and say that we that we failed like to admit failure is a very important part of being able to do better in the future and I was saying I love the movie Moneyball and there's a scene in it where the my coach Billy being you know storms into the locker room after his team is lost and they're all you know listening to music and kind of partying and he takes a baseball back bad and he smashes the the radio and says and waits 10 seconds and he's like this is what losing sounds like you know and I do think at the bottom of the year here in this dark winter I think we need to say you know this is what losing looks like you know 300,000 dead and a public health response that is simply inadequate and and unable to really underwrite our our security in the future but anyway yes I I am more hopeful I mean the it the light is there it is a dark tunnel but there is a light and it's it's an incredible one really incredible achievement that these vaccines got it and Tara your sensibility my sensibility is that I'm tired of arguing with people to stay in their houses and that the vaccines are arriving fast and yet the level of disinformation that's occurred over the course of this year has has created so much fatigue in people that I don't know how fast could have been fast enough I think that there is absolutely no doubt that the faster we get people vaccinated the faster we're going to be able to get a handle on this I think we're going to see some we're going to see some incredible clashes between people who who we're in a privileged bubble in this conversation I don't know how many people I talk to on an everyday basis understand that that there is fundamentally nearly half of this country right now that doesn't believe anything we're saying isn't wearing a mask and are going into the hospital still swearing COVID isn't real that's a that's a problem I don't know if we know how to solve but I know that telling the truth as much as possible as fast as possible as competently and simply as possible is what I think we're all trying to do here and the more people we have doing that engaging in that practice the better so if you are somebody out there who knows how to turn technology into a metaphor if you know how to explain that that the the operating system that you're running right now how it's like a solar calculator if you know how to explain that something's like cooking if you know how to explain anything in technology to someone and make them understand the reality and the truth of it you know we need you right now in this moment tell the truth as much as you can as simply and clearly as you can and tell people not just what this is because we know what it is but what it's like and what it's going to do that's that's I think where I find myself on the pandemic also filled with rage genuinely and honestly we've been making these sacrifices all year long and I see so many people that don't and our holiday season is going to be darker and bleaker because of the sacrifices we have been making this long and yet next year I think it's going to be a lot brighter we're going to we're going to let some of that anger go I think hang on I'm just going to squeeze it a squishy ball here at my desk for a while but I think that sense of frustration and anger can be turned into something brighter next year and I'd love to see that well thank you and for what it's worth I know among the the pullers of public sentiment the pollsters they are going to be really interested it seems to find out how much of represented hesitation about vaccines translates to actual hesitation about vaccines whether it's a snapshot of a moment now totally bound up in partisan declaration and advertisement of feelings on either side whether it's I don't trust a vaccine that came about under the current administration or I'm on team don't take it seriously because that's part of what America means to me that if it's that sort of thing it actually may not run so deep once there's something available at the local Walgreens but we'll find out I mean this is going to be running the experiment right now to see how it's going to work out and of course Margaret has a a lot to say perhaps in the next episode on vaccine distribution and allocation with his own issue and set of trade-offs and I confess Margaret I wonder if all of the highly refined here's the ladder of people who will get it at what time it's going to be like came off the truck it's use it or lose it pull out anybody wants to get in the lifeboat get in the lifeboat but we'll see I think there's a lot to talk about there and you know and I would say this as well just to close it out I mean I people in the United States have not reacted that differently than people in any epidemic I've ever studied or been part of you know and it's almost hilarious how you know on script we are and the concerns and the disbelief and the that's all very normal and I have I have a lot more faith that people kind of come around with consistent messaging and and all the nudges and all the incentives and then there are those that do not and I will say one thing my dad always said to me said you know it's the person you can't reach he was a teacher he was talking about the kid you can't teach so the kid you can't teach is actually the person that reaffirms humanity because if you could teach every child then you would then people would no longer be human they'd be completely you know just manipulatable of automatons that you could know what buttons to push and levers to pull and that would be that so there always will be a reserve of people who don't don't want to play by the rules or don't want to do it and you know I try to lessen my anger by thinking those are the people that are affirming humanity humanity so Boy it sounds like you're writing the script for an Apple commercial circa 2012 here's to the crazy ones indeed well it at least is good to know that there appears to be a kind of third act and then an end to this particular program as it were not just COVID state of play but COVID itself and possibly even heartening to know that in the debates or what passed for them in Washington DC say about relief during this that now it's truly about stop gap and we see an end point ahead for which all right let's just get ourselves there rather than we are in an indefinite situation and you know we just gonna keep releasing money and that's as we're on the cusp of maybe something getting past there Terence thank you so much for joining us today it's really great thank you for sharing your knowledge and your rage and Margaret a pleasure as always even amidst the bleakness of the topic and of the the reality of what this pandemic has meant for so many people so thank you so much it's been a real honor thank you so very much and I'm glad to be here with you heroes indeed and we will catch you for the next episode