Tag: security

2021iv12, Monday: Covid theatre.

JSJ1 Comment

We knew everything we needed to know to make people far safer from Covid a year ago. If there’s ever an inquiry, the question will be: why didn’t we take heed? Why did we rely on hygiene theatre for so long?

Short thought: Ever since 9/11 catalysed an upsurge in security – and don’t get me wrong; I don’t challenge the principle at all – there have been voices accusing the Powers That Be of indulging in security theatre.

These aren’t crank voices. These aren’t the security equivalent of anti-vaxxers or the masks=muzzles brigade. These are smart, thoughtful people, who point out that many security measures do very little actually to make us more secure, but do far more to give the impression that the problem is being taken seriously.

Security theatre has at least three major risks – and these are only the ones that occur with a minute or two of thinking, so there are probably far more.

First, it makes people think the problem is solved, when not even symptomatic relief is being supplied. Second, it gives people information about what they need to do that simply isn’t accurate, meaning they’ll focus on false friends instead of actually mitigating risks. And thirdly, in a world of limited resources, there’s an immense opportunity cost of spending time, money and (most important) attention on the wrong things instead of the right things – particularly since inertia (and the fear of looking like you’re “not protecting people”) means it’s incredibly hard to stop doing the theatrical stuff. A bit like crime: even though the only way prison works as a crime reduction strategy is by keeping criminals off the streets, which for many forms of low-grade offending is a short term gain for a long term loss, politicians almost never admit it in public. As HL Mencken put it, for every complex problem there’s an answer that’s clear, simple and wrong.

Now, security theatre isn’t always wrong, or a waste. Sometimes it embeds trust where trust is both genuine, and needed, and in short supply. But mostly, it’s the other way round.

Why talk about security theatre just now? Because according to Zeynep Tufecki, who continues to be one of the smartest, sanest voices on our pandemic predicament, we’ve done the same with Covid. Her most recent newsletter details the nearest thing to a natural experiment in the spreading of Covid: the cruise ship Diamond Princess, which trapped thousands of people in a closed environment as the Bug spread. Passengers were isolated in cabins. Everything was cleaned. No-one had the chance to cough on anyone else once they were symptomatic.

And yet, tragically, more than 700 people were infected and 14 died.

Zeynep’s point is this. The Diamond Princess was hard evidence that Covid spread primarily not through droplets, or through shared surfaces, but through aerosol distribution; on an asymptomatic basis; and via super-spreader clusters rather than evenly. (This was reinforced later by the experience of a choir in the US, where several dozen people got together to sing, in a big space, properly distanced, properly disinfected – and most of them got sick.)

And this was in February 2020. Research followed quickly. And by the middle of last year, at the very latest, it was clear that 2-metre rules and obsessive cleaning were at best tinkering. What mattered was masking, avoiding close contact and crowds, minimising enclosed spaces, making sure ventilation worked. The essential, critical basics.

So taking the UK: why didn’t we do this quicker? Why instead did we load ourselves down with complex legislation that even us lawyers struggled to unpick, changed sometimes at literally a few minutes’ notice; with exact instructions about distancing; with orders and threats rather than encouragement and collaboration; with quantitative measures, not qualitative ones; with a focus on the tinkering, not on the core?

I don’t know. If we ever get an inquiry, I want it to focus on this. I suspect it’s a combination of a refusal to trust people to be their brothers’ and sisters’ keepers, of a tendency to see everything as a zero-sum exercise in winning rather than a humbler matter of what works, and possibly – heaven forfend – an unconscious reluctance to see the Asia-Pac success as something that can be generalised, rather than something specific that was to the region. Something “cultural”. Was there an ethnic bias in there? Something arising from an overblown UK self-image of some uniquely freedom-loving people? Again, I don’t know. But I wouldn’t rule it out.

Anyhow. Zeynep’s piece is worth your time. Its explanatory power is impressive. Its analysis likewise. The final paragraph hits home:

I realize that there is a lot of focus on misinformation that we recognize: the claims of 5G spreading via vaccines, of many deaths following vaccination, claims that vaccines don’t work at all, or even the idea that vaccines might have caused the death of a 99-year old, already visibly infirm, prominent member of the royal family in the United Kingdom. I understand all that and the role of such misinformation. But as I close the misinformation trifecta series about problems beyond the ones that are “over there,” committed by others, I’d like us not to forget what actually happened in more mainstream and arguably more important circles, and is still influencing how we have been responding—and failing to respond—to this pandemic.

Please don’t let that stop you reading the rest.

(If you’d like to read more like this, and would prefer it simply landing in your inbox three or so times a week, please go ahead and subscribe at https://remoteaccessbar.substack.com/.)

2021i21, Thursday: shinjirarenai hodo oishii.

JSJLeave a comment

Translation: delicious beyond belief. My favourite Japanese delivery place has gone national. And a smart and luminous way of adding randomness.

Short thought: Before the Bug, when I worked in London most days, every so often I’d treat myself to Japanese food – thanks to Waso. It was a delivery service which brought amazing bento boxes to your office, in a half-hour time slot. 

Then came the pandemic. It nearly killed Waso as offices shut down. Thank goodness it managed to re-create itself delivering Japanese meals (and indeed other cuisines, too) to people’s homes. I was delighted – but desolated that it only delivered in London. Our Essex fastness was too far out.

Now, at last, they’re starting to deliver nationally. Once a week – but that’s plenty good enough. And I couldn’t be happier. I want to hug its founder, Toshihiro Yoshimura. Unfortunately our freezer is a bit full – but as soon as we can eat it down, I’m bulk ordering.

Ganbatte kureyo, Toshi-san. Your food is wonderful. Your business is too. Consider me delighted that I’m back to being a happy customer.

Someone is right on the internet: quick one, this. And a bit of an old one. But as anyone with even vaguely geekish pretensions will probably know, computers don’t really do random. The best they can manage is pseudorandom: something that looks like a dice roll but really isn’t.

So perhaps it’s not surprising that a company in need of randomness for security reasons will look to something analogue in order to service purposes. And CloudFlare (that’s the outfit that blew the whistle on the Solar Winds fiasco) uses lava lamps.

Yes. Lava lamps. Whole rooms of them.

Go and have a look. It’s just wonderful.

(Thanks to Jason Kottke for spotting it.)

(Don’t forget – if visiting a site doesn’t float your boat, you can get this stuff in your inbox. Subscribe at https://remoteaccessbar.substack.com/.)

2020xii31, Thursday: Some things don’t add up.

JSJLeave a comment

Counting things is important. But not everything that matters can be counted…

Short thought: Back to the Brexit deal, and what is – I admit – probably a wholly specious comparison.

I’ve been puzzled for months, if not years, by the narrow focus among Brexiteers on zeroing out tariffs, and the complete lack of attention to the far greater, and far harder, problem of non-tariff barriers. It’s as though we were marooned in mercantilist times, decades or even centuries ago. I’m no expert on international trade or the law underpinning it, but even I recognise that tariffs are, frankly, the easy bit (indeed, the bit that was solved with the customs union we entered when we joined the EEC, and the common market, 47 years ago). It could be simply that any non-tariff agreement involves giving up some mythical sovereignty (defined, it seems, by the standards of an unusually grabby two-year-old or an elderly orange-faced narcissist: “No-one gets to tell me what to do, and I don’t have to bear the consequences of my decisions”). It could be that many of them, including sadly our leaders, simply don’t understand – although I doubt that. I don’t know – although I know we’ll all be paying for it.

Now for the specious comparison. Tariffs are easy to count and thus to shout about; non-tariff barriers are by their very nature more nebulous and qualitative. Similarly, in competition, we’ve been dealing for years with the fall-out from the narrow US anti-trust focus on consumer prices (measurable) while ignoring the less measurable questions of monopsony-driven market dominance. I’m not saying there’s a connection, of course. Nor am I saying there’s anything genuinely comparable. But I do find it interesting that in both cases looking at stuff that’s easy to count, to the exclusion of other stuff that in the long run probably matters more, has led to significantly harmful outcomes.

Anyone reading this who’s had experience of KPIs or KRIs (whether in terms of personal or institutional performance) can probably think of examples where “if it can’t be measured, it doesn’t matter”, applied thoughtlessly or reductively, has gone horribly, horribly wrong. I know I can. Let me know your thoughts.

Someone is right in the internet: Well. Two someones. First Bruce Schneier, who combines smarts and thoughtfulness like few others on security matters, with the best take on the Solar Winds fiasco that I’ve seen, noting that this should – but tragically won’t – put the final nail in the foolish argument for software backdoors. Second an old friend, Sean Maher, who’s looking at it in the context of government capacity and the decades-long ideological assault on it in the US/UK. Sean’s focus is on the investment implications – but his points are of much broader relevance.

Things I wrote: A while ago, I wobbled. In fact, like so many others in this hellswamp of a year, for a few hours or a day I broke. So many people I know and respect, and several hearts of gold that I didn’t, chipped in with support or shared burdens. So I wrote a follow-up.

(Don’t forget – if visiting a site doesn’t float your boat, you can get this stuff in your inbox. Subscribe at https://remoteaccessbar.substack.com/.)