Wednesday, December 09, 2020

attention deficit misorder

 In The Attention Merchants by Tim Wu, we heard about the cycle of technology and content and advertising that takes each new medium, and drives a race to the bottom in terms of increasing levels of commercials, and decreasing revenue, leading to worse and worse actual content, and eventually, a rapid fall off the cliff edge in terms of actual audience, who then move to the next tech - the book contains a plethora of historical examples from 19th century newspapers, through radio, on via television (see also four arguments for the elimination of television plus for the impact on actual journalism, see Flat Earth News), and finally, today, several generations of social media (MySpace, Facebook, Twitter, Instagam,

So a new factor in this is not just the very poor quality of advertising / infotainment, which is incented to lie about products, but now we have the new players heavily involved in daily spread of misinformation:- governments. Governments (especially populist ones) are one of the main sources of peacetime lies. We expected the Ministry of Information to spread propaganda during wartime, but now we have arrant nonsense distributed directly from the desks of Trump and Johnson, casting doubt on election results, undermining democratic choice during referenda, and destroying confidence in public health measures during a pandemic.

What is to be done? We need platforms that deliver a reliability metric about sources, not just fact check their individual utterances. This would move the prominence of repeat-offenders, lower and lower in every readers' feed - taking away the effectiveness of polarized clickbait.

Time for the EU to regulate?

Identity and Currency - Trust and Implementation

 A discussion recently about national digital identity systems revealed that some stakeholders feel they need to own the implementation and the deployed operational system, as well as the legal authority for the root of foundational identity.

We can discuss separately, the idea of self-sovereign identity, and the use of the social net (parents, friends&family, colleagues, situation etc) to build a fully peer-to-pee digital id system, without any need for central government agency - indeed, you can imagine having this, as well as a more "traditional" system, with birth certificates, passports, national insurance numbers, biometric data etc etc

but for  now, for the latter case: who should build and run the digital id infrastructure?

well, the analogy I want to draw is with currency. The national bank (e.g. Bank of England) underwrites the value of the national currency (coin of the realm, sterling). They also participate in various mechanisms to maintain the relative value of different national currencies (i.e. exchange rate mechanisms or the Gold Standard, etc).

But who mints cons/notes? Could be anyone really. Who makes the machines that do that minting? Whoever wins the contract. Why should digital id infrastructure be any different? For example, british passports contain digital information about the holder and are issued by Her Majesty's passport office, but are physically made by  Gemalto, owned by French firm Thales. In the past, anyone could issue banknotes (up til early 20th century!), but now the physical currency in the UK iis a monopoly, but of course there is a wide range of digital ways to store and transmit value as well, run by credit and debit card companies, and fully virtual currencies are legal in some countries.

So it seems that even a national, government approved or mandated or supported identity system could be outsourced. Indeed, many components of functional id based on some notional national id already are implemented and run (e.g. DVLA for driving licenses) by 3rd parties.

This also argues for why one needs to consider at least some level of federation for digital id systems to allow for moving provider, inter-operating, and even comprehending how  extreme federation such as self-sovereign systems can co-exist with more traditional centralised registeries and the vouchsafing of who you are.

Thursday, November 26, 2020

identity is not property - so how can you "steal" it?

 another poor metaphor (as with security theater, which isn't even poor stand-up), identity theft.

as with music piracy (aka p2p file sharing), you copy, you don't  take. but in this case, the metaphor of theft is even less apt, as identity has some deep roots (e.g. biometric attributes) and some more shallow (notarised documents like birth cerrtificates, passports) and some social contextual attributes (people vouch for you)

mistaken idenity (the mcguffin of many a fine play, film, book, but perhaps not song) is apt

but identity theft just isn't.

Thursday, November 19, 2020

Computational Thinking Considered Harmful.

 I was a big fan of Jeanette Wing's initiative on computational thinking - it came at a time when we were developing the computing at schools initiative and the Raspberry Pi and so on, and fitted in well with our optimism about how anyone could pretty much get to grips with the core ideas of reasoning in the style computer science has developed (not just logic/algorithmic, but also systems and many other sub-disciplines).

I'm now worried that what has happened is to enable people with the capacity to adopt the technology, much as with  nuclear and biological weapons (or going back further, gunpowder, TNT, or even just any projectile weapon, crossbow, longbow, slingshot etc) and now we have asymmetric warfare, but it is really asymmetric warfare by the few against society. Now we have people hacking on democracy, on trust in science, on social cohesion. 

I'm not talking about the PRC or the Kremlin.  I am talking about the unpleasant, sociopathic power-hungry in our midst. People that were put in their box by long fights to improve everyone's lot over since the enlightenment or even since the renaissance  (or whatever equivalent there was in your non European part of  the world).

People who have adopted the ways of thinking about problems in manners that let them scale-out,, rapidly. Crucially, for  which  we  as yet  have no effective defence (computationally thought out  or otherwise).

I think we need a Pugwash or Asilomar, or even a Butlerian Jihad against computational thinking without appropriate checks and balances.

Now this  is a very tricky proposition as it is quite different  from proposing ethical controls of dangerous technologies. It is about modes of thought. This hasn't been something people outside of ancient Mesopotamia or modern totalitarian states a la 1984  have considered. How to modulate computational  thinking so that it is inherently a moral  framework would be, for me, the thing we need urgently to do. 

Sunday, November 15, 2020

when people say Security Theater, just what do they think they mean?

Security Theater is a  terrible metaphor.

In theater, you suspend disbelief, sure, but that's so you believe  the characters are real, and  that the  characters are subject to true motives and actions are  in reaction too circumstances in  the universe of the play.

So when Macbeth falls for his personal initerpretation of the 3 witches predictions, this is true. and when Burnham Wood is come to Dunsinane, the attack/deception works.

Even the  twist at the end of a whodunnit like the venerable Mousetrap, or the   clever Sleuth (or indeed Whodunnit) catch you by surprise. 

If security  operatives employed techniques like this, they  would essentially be carrying out a mix of

a) real security

b) social engineering on the adversary.

No,  what people really mean is like the well-meaning uncle who says he'll entertain a room full of 9 year  old kids full of sugary drinks with a very  bad conjuring show that  they immediately see through. Not tragic or comic, not even really bathetic or pathetic. Just bad.

People go to the theater to be taken out of themselves. What people call security theater is stressful because it is transparently useless and incredibly boring at the same time. 

When you go parachute jumping or scuba diving and check your equipment, it is quite interesting. That's because theatrics only happen if you don't.

Friday, November 13, 2020


back in the day(*) the UCL internet gang (Indra) built a IP over the international X.25 packet switched system, that operated by tunneling IP packets over virtual circuits (VCs) that the various  telcos operated.

to indicate that the VC was carrying IP rather than (say) remote  terminal traffic from the quaintly named PAD (Packet Assembler&Disassembler), they used a fiield in the VC setup, that could carry Call User  Data (arbitrary stuff up to 128 bytes as far as I recall) and this could even have a copy of the IP address and other useful metadata...

so this is the grrandparent of SMS which uses call user data in the old GSM call setup packet to carry text messages.

so SMS begat Whatsapp and Twitter and who knows what more universes of discourse.

So these "features" are a great deal more powerful than mere options.but also less dangerous than fully programmable protocols (like, say, SIP).

They are like "lifting" in programming languages. And as such should be celebrated.

I'm going to call protocols with such an apparently lowly, but actually grand affordance, hyperextensible, as they allow shortcuts to entire new worlds.

* bob braden, peter kirstein et al, probably around 1980.

Sunday, October 25, 2020

On BS Jobs and Non-work-conserving employment - or how the internet might help with the future of work

 Just reading the Graeber book based on this essay On the phenomenon of bullshit jobs, and thinknig about how lockdown revealed how much work was a) unecesssary  b) structured in ways to make it even more unpleasant (e.g. communiting) -

A tell for this is that there's a  workflow, and there are strict office hours - leading to strict commuting time requirements-   this non-work-conserving approach to how "labour" fits in  to "society" is completely inhuman - people work at different paces, and the same person at different rates on different days.  Most tasks that really require a human (leaving aside care work / parenting) are not predictable, so even if we know when they should start, we can't schedule a next task as we don't know when they will end - if  we did, we should  automate them.

The internet doesn't work like that, and that's why it is cheap and efficient, but also forgiving and fllexible.

Society probably once worked like that (I am sure a farmer and a blacksmith interacted in ways that would cope with elasticity). 

We must get rid of time  sheets and the notion of human "resources". You know the saying "Rich people trade their  money  for more time. Poor people trade  their time for money"? Well, that assumes  time, like money, is fungible,  which is obviously BS. Time is running  out.  Time expires. We  are living on borrowed time. Only two of those last things happen with money.  Maybe  we  could design cryptocurrencies that allowed  tracked of the subjective value of our time? Not now, please my Emoticoin is too high for you.

Tuesday, July 28, 2020

Really useful networking efforts, and their opposites.

My  favourite group currently working on internet stuff around the ietf is 
GAIA which is delivering lots of useful information about shared initiatives to provide meaningful and relevant internet access and services (see especially work on affordable community networks, and reducing misinformation, e.g. on covid in the minutes&slides linked above).

In contrast, the race for 5G, and now even 6G is driven, it seems to me, almost entirely by greed and a nlatant disregard for anything remotely sustainable or fairly offered (as per, William Gibson's "the future is already here, it is just unevenly distributed").

For example, we were looking at various mobile apps for covid-19 that might help mitigate the pandemic, and concluded that very few would be in the least bit viable in the developing world.  The GAIA folks are heading a long way to helping with that. Quite frankly, the 6G folks are going the opposite direction.

Wednesday, July 22, 2020

confusion regarding privacy of decentralised ("gapple") based BLE contact tracing apps

various publications report problems with the (e.g. swiss, german, irish) contact tracing apps privacy model confusing OS (what apple&google can and do do with location services and networks) and apps.

I suggest people read the app code (the irish have very kindly open sourced the HSE app for the world. even more helpfully, their leading researchers have actually measured what data is sent by different european contact tracing apps so you can see what is and is not the case about your privacy.

more light and less heat, please:-)

also comments on the efficacy of decentralised apps (do they work) can be countered with the observation that what you care about is the number of people notified that test positive, and that can be done when people notified ask for a test (you could even get the history of RSSI/BLE readings from them without re-identifying the phone random decentraslised id magic at that point, and run stats, which would be more time consuming than centralized log analysis, but would eventually let you re-calibrate your BLE algorithm to maximise effectiveness) - remember, we dont actually care about the distance between phones, we care about the true positive infection detection/notify/isolate rate, and we care about minimising false negative proximity so you don't end up isolating zillions of people and might as well go back to lockdown....).

Thursday, July 09, 2020

update on centralised v. decentralised contact tracing apps....deconstructing who distrusts whom?

one of the reasons oft-cited for the centralised design of the original UK NHSX contact tracing app was
the lack of testing for people, due to the governments decision (failure) to continue/expand/rol out systems (despite offers from quite a few research labs that had large capacity systems ready to roll).

Instead, the assumption was that people would "self report" with symptoms (or diagnosed after a 111 call) - not only might these be unreliable, they might attract abuse (troll like behaviour is fairly common). Hence one goal was that the index case should be trackable and (presumably) potentially blocked /reported if multiple bogus attempts made to claim a) they were infected and therefore b) cause a lot of people in their contactee data to have to self isolate pointlessly for 7+ days.

I'll note here that tests on the contactees dont help set them free, because recently infected people don't typically test positive for virus until they have symptoms (pre-symptomatic) and note, a significant fraction won't ever get symptoms even if infected (asymptomatic, and are still potentially infectious even if apparently well. Indeed - there arre good public health reasons to measure the rate of asymptomatic infectious people as this is part of the risk level in an area.

Thus, as well as wishing to improve any diagnosis menus in an app, and as well as desiring to continuously improve the exposure notification algorithm used to turn BLE measurements into a likelihood of possible infection, we also have the wish to record who (non anonymously) claimed infection, and who (possibly anonymously, but re-linkably in a chain of infections) was a contactee without symptoms, for epidemiological reasons, as well as for notification.

As well as this, it would be useful to know the context (location, e.g. indoors, in vehicle, type of building versus out doors) and whether in only a pairwise encounter, or a group - all this data helps understand the modes that the virus spreads through, to help sharpen advice to the public, and also refine the algorithms.

There's some discussion about why one would combine these two functions in one app (contact notification and public health statistics). There are quite a few nice symptom reporting apps (notably in the UK joinzoe), which do a good job of learning new symptoms' importance, and can map hotspots over time as well) - but the point is that it is not a change to a centralised app to provide the contact graph of infected people - this is the same primary purpose - the "second" application is simply the use of the stored data and doesn't change the app at all. In fact, the notification service is also notably simpler if you don't need to build some magic decentralised rendezvous network. 
I notify service I am diagnosed positive with list of contacts. service notifies each contact they may have been exposed (potentially with human in the loop to detoxify the bad news).

so what are the trust problems here? well by not having testing and not trusting the users to all only honestly report symptoms, the government/UK health service set a tone that the customer is not always right. But the decentralised systems send the message that the public don't trust the national health service in their country, and yet they have to trust that health service if they fall ill, so this is a hidden toxic message too.

don't be too surprised if both systems lead to a rise in distrust of health science, and potentially a boost to the anti-vaxxer movement, just at a time when we may really need to get vaccinated.

the good thing is that when we have a vaccine, unlike with smallpox or polio, we don't need to create (true) herd immunity immediately, but rather need only vaccinate the vulnerable, at least at first. Of course, there may be a novel novel corona virus around the corner which goes back to the mortality risk levels of SARS and MERS but has the incubation time of Covid-19, and then we'd really care that a lot of people were out of the infection loop proactively (not reactively).

For now, reacting as fast as possible is our best bet to get as close to zero cases as possible..

Friday, July 03, 2020

net values gross laws

there are a bunch of laws of the value, or utility of a network - all these assume a set of n nodes (presumably owned each by one user), all effectively connected to all other users. That doesn't mean there is a "full mesh" network (with n^2 links) - just the capability of communication from each to every other node. 

i'm not stuck on any particular "layer" of communications here - for those not familiar with the marvellous seven layer model of communications (or variants) we could be talking about physical or internet or application layer here - if you like, we're talking wires, versus who's in your contact list, versus who you can get to on facebook or zoom or whose blog you can read, etc

Lets leave aside annoying things like NATs (and ADSL and most cellular links) that are asymmetric - there are workarounds for that anyhow. Well, let's not leave that aside, as asymmetry of a communications service is part of why there are different laws. this matters, as constraints on who you can talk to aren't just about censorship. they create "walled gardens" - a phrase I hate as the implication is that all is well in the garden : it isn't - there's no supply of water or seeds or bees or anything to keep the garden alive. it isn't a garden. its a desert. facebook is a desert. or an elephants graveyard, where old things go to die.

metcalfe's law 
so if you have a network of 12 people, its utility is 144
since that's the total number of connections possible - for each of the 12 people, 
they can talk to 12 other people. They may not want to, but they could. I think metcalfe was getting at something more nuanced than this - I think he has been a proponent of super-linear economic growth that underpinned some teechno-evangelism from the left coast. I like it because it captures an essential idea of the Internet inherrent in always on, always reachable, and extensible. Anyone could run a server. anyone could write a server. my interpretation of this model is that it is about affordance of the capability of endless addition of new applications from anyone anywhere anytime, that anyone else can use.

reed's law
so if you have a network of 12 people, its collective potential is 4096
since thats the set of all possible subsets of people that can form.
I think reed took the same interprretation that I have, but is even more enthusiastic, but at the same time, captures the idea that new applications may be of niche interest.  the value of the network in both metcalfe and reed's models is a value that accrues to all the users - providers ('lower levels') cannot explicit this value in the same scale, because that would kill the incentive for people to create all these new apps - the entry cost would be too high, the return too low. there is no tax levy on service that could be set which would do anything else. kill the goose that laid the golden egg. I'd note that there's still a golden egg (see next laws) because more people still means more revenue as each still pay a recurrent fee, and more apps may mean more bandwidth so capacity deployed still always (in the end) will make money.

briscoe's law
with a network of 12 people, your service utility is 29.82 (approx)
briscoe's taking a plausible model which I think is more about revenue  that can be made by a serrvice provider, offereing connectivity to a higher layer. Note it is still super-linear, and I am not completely convinced this makes sense.

jon's complaint (sarnoff's law)
so with a network of 12 people, the provider's service is worth 12 units. sarnoff devised this for broadcast networks. Broadcast systems are massively asymmetric - there's a broadcaster (often using radio/tv/satellite etc) that reaches a lot of people. hHey often get in the business of content creation (or at least sponsorship - e.g. for sports, but nowadays, for internet streaming/download too - Amazon, Netflix join the BBC, Disney etc  - securing their supply chain, etc)

I'm going to try to explain why  these are all not wrong, although, like many models, they may or may not be useful.

I claim that the internet is mostly behaving like Sarnoff's law now. we can't create new services. Not because of network effects (people on old services can't shift to the new one is not a strictly correct barrier - people went from myspace to facebook, from twitter to tiktok, but they had to do so additively. not multiplicatively - having 10 social networks or 10 video conferencing apps is 100 times less valuable than having 1 that reaches all the people that are divided by those barriers. (insert old joke about america and england being two great nations divided by a common language).

the cost of writing a new app, creating a new service is tiny. it immediately would get value if  it was possible to deploy, but long gone are the days of Metcalfe or Reed's idealised Internet. barriers to deployment exist at all levels. the wires are not open, the address books are not all equal. Apps to not afford access to other apps the way email and the web permitted arbitrary extensibility and innovation.

what's more, the stultification of the growth in new systems that can reach anyone and everyone also means that the very bottom of the system, the wires, where there is never any hope of getting more value than n for n users, is getting less. that is a great example of the poisoning of the geese.

...and they aren't laws, they are models...

I'm going to try to explain why  these are all not wrong, although, like many models, they may or may not be useful.

Tuesday, May 26, 2020

Laissez-faire pandemic management - nudge fudge

The UK government has engaged in a series of psychological games with the population, instead of actually taking effective action.

Early on, an attempt to get people to socially distance was offset by the failure to enforce the shutdown of large gatherings at sporting events such as the Cheltenham Festival or football and rock music venues. Eventually, the footie community, as well as hotel chains and theatres, voluntarily closed before the government made it mandatory, presumably out of respect for their staff & customers. This may have cost them dear in some cases, as the insurance companies may decide that since it wasn't legally enforced, cancellation costs may not be covered in many cases. Similar attempts to assume it was someone else's problem - The NHS will get its own PPE and ventilators as if by magic; someone else will decide if people maybe should wear masks in public; perhaps the evidence on what constitutes early onset warning symptoms like loss of taste and smell aren't necessary to list just yet; sure, care homes will have their own safe procedures and equipment, just like hospitals, no? and sending people there from hospitals makes total sense.

Then there was the drift into an increasingly ill-specified lockdown, with many vectors for infection (e.g. London underground&busses, all international airports) completely open - i mean for heavens sakes, if the infection isn't spread by people packed into trains and planes like sardines, when not in their own homes or workplaces, how do they think it got from Wuhan to Wolverhampton? Or Downing Street to Durham?

On that last point, the latest nudge was clearly an underhand means to break lockdown early, without bothering with the unseemly debate between  people that actually care about the loss of life due to a second wave of infection, and the people who care about loss of revenue because of the economic slowdown that lockdown has imposed.

Ironically, the economic damage was mostly caused by the total failure to show any steel will power and take early action, which would have not only saved a lot of lives, but meant we could have been cleanly, honestly, and safely out of lockdown weeks ago.

The government have become the enemy of the people, both for our health and for our wealth. Given their alleged politics, that is quite an achievement.  I'm not a conspiracy theorist. I think it is because we have a system of finding elected representatives that selects for the utterly inadequate.

Thursday, May 14, 2020

Re-identifying your social network from contact trace&test decentralised apps

Obviously, some people are uncomfortable about the app that holds your contact data for the purposes of helping warn people they may have been infected, so have devised decentralised apps to achieve same goal. however, they kind of miss the obvious. 

There's no point in the app unless people act on notifications. acting entails i) isolating ii) getting tested so if negative, can stop isolating as soon as possible. if positive, can get treatment.

If you don't want to act on notifications, don't run the app.

So now what happens when a contactee is tested?

A simple re-identification of people is do-able 
if the case rate is low and largely localized.

So if patient A is first new person on day D tested +ve in city C, and then their set of decentralized possibly infected folks F are notified and  go and get tested, and say this shuts down the outbreak, then the testing agency knows that the set of F people are contacts of A. It doesn't get too much harder to do this probalistically if there's a slightly bigger outbreak with a few As and Fs in a city/locale, based on timing...

If the case is high and not localized, contact tracing and testing has failed, and we are in a second wave. and there are lots more dead people.

So centralised or decentralised, you have to trust the test center people. who (in the NHS case) are basically the same people.

Saturday, May 09, 2020

My home's too smart for me...

We had the builders in. It started when an old cooker broke - having fixed it twice, i though, lets just redo the kitchen. then we thought, why not extend it into the garden a bit so its lighter and so it began.

Firstly, an architect, and party wall agreements.

Then engineer survey says that the 10m eucalyptus tree in our garden means the extension needs 2m foundations.

Then we decide to move utilities to the basement (washing machine etc). then we need ne central heating setup so 1st  room gets new cupboard with that in. then the sitting room (which opens out to the garden or now, the new kitchen-garden room/extension) needs re-doing (new power points every where which is good) - basement also needs some air circulation gear.

So new kitchen/extension has a small new bathroom in the corner, which is cool, and nice tiled floor which is neat, but that has underfloor heating which needs smart controllers. and  the rooms all need new smoke alarm systems. builder puts in a "mesh" net of stufff that runs off nest and so forth...
i  couldn't figure out at all how to actually turn off the underfloor heating - just put it in "holiday" mode, which says its off unless it detects a frost..obviously the smooke alarms have motion sensors  so you can find your way around at night (or smoke)....

fridge is smart too, apparently (if we want, when we're away, if ever again, and deciding to come back early (or late) can remote set everything back from holiday mode...)...

Now water pressure in top of house is too low, so need pumps in the attic....which trigger off water pressure, so if you leave a tap running, you can tell from the racket in the attic...

So then while doing sitting room, decide hey why not open up the old (early 19th century- apparently late georgian according to the chimney sweep) fireplace there, and close the one in an upstairs (1st floor) bedroom. oh, and why not just redecorate the 1st floor loo, and get some nice Portuguese tiles. oh, and lets just refit the 3rd floor bathroom too while we're about it. and the terrace above the kitchen. needs new tiles and parapet to be legal too...

Did I mention that meant all the plumbing and most the electrics in the house had to be redone (re-routed and replaced).

It does look nice, though...

A bit more than my annual salary, it bloody should:-)

Tuesday, May 05, 2020

Arguments for NHSX centralised approach to contact tracing.

1/ The NHSX Bluetooth works - it doesn't require the phone to be always on.

(incorrect assumptions by DP-3T critics claiming it does) and isn't blocked by Apple/Google - it won't kill your battery any more than using a BLE peripheral (e.g. airpods:) it is a  bit of a hack. and may place limits on detecting  some contacts.

2/ The "contact" proxy is pretty much based on what we did in fluphone a decade back so also fairly solid indication of proximity, but may need adaptation (as will all BLE based contact tracing apps whether centralised or decentralised). updates to the parameters in the algorithm can be computed in centralised approach somewhat more easily than decentralised (where you don't have the false -ve/+ve rate info).

3/  The rationale for centralising the data is several fold, which are nigh on impossible with decentralised apps:

a) You can update the algorithm in 2 based on measuring false positive/negative rates (there are other factors in deciding a contact is real too) - you can incorporate factors about the contactees in computing risk of infection, given the measured parameters of  the encounter.
b) The narrative script people use for self-reporting can be updated based on ROC that that achieves
c) You can detect hotspots in infection near real time (e.g. superspreader events).
d) Epidemiologists potentially get to run models on pseudonymised social contact graph < this is where you might baulk but they aren't publishing the data - it will stay put, and models be updated from that - if hackers gain access to this data (how?), then there's a risk some people's graph could be partially re-identified. there's no geo-loc data in the phone or uploaded data so probably rather limited threat - if data is deleted (as claimed) in 30 days, then that threat is also time limited...
4/ There's a human-on-the-loop in the self-diagnosis phase (drawn from pool of people that deal with manual contact tracing) (and obviously also in actual test if that's triggering a notification) they can decide there's no problem, which can revoke the notification to contacts (rather hard to do in decentralised apps). This limits cascades from false positives.
5/ Contacts of contacts (etc) can also in principle be notified (useful in small, fast local outbreaks/clusters - a real problem in this virus) - again, difficult to do in decentralised model meaningfully
I'd welcome hearing how the decentralised app folks will tackle some of these useful
In common to all app based contact tracing is the acceleration over manual tracing, which has a marked impact on reducing the R0 of the pandemic. Contrary to claims that you need 60% of the population to be running the app, actually any number of people will help reduce contact times so reduce R0 - so it starts to be useful at low levels of deployment (as already pointed out, the epidemiologists find it useful at low levels already too since it lets them see SEIR parameters and spot any changes).
There's a lot of misinformation out there (nothing new about that:)

Ref white paper on NHSX app design.
Ref Limits on reduction of R0

Sunday, April 26, 2020

The legend of the book of the film of the record of the poem of the graffiti of the urban myth

"Which came first, the egg or the chicken?" is the perennially annoying question that consultant philosophers use to impress naive clients.

A much more serious question is why people hate the film  of the book, or  love the film, but  hate the book  it came from, or love the film, and hate the book  that came from it.

To solve this problem, I think we need to carry out a large scale analysis based in causal inference  (why not) .  Clearly we have the equivalent of the adaptive clinical trial or the series of unfortunate natural experiments to choose between. We can start with some obvious candidates.

  1. The Godfather
  2. Paddington
  3. The Princess Bride
  4. The Hobbit
  5. 2001 or The Sentinal
For each of these we need to look at all the possible features that could lead  one to prefer a book or a film (length, sentence structure, plot, character, year published, alphabetic position of author directors name, jokes, box office takings, time in best seller charts, influences, sequels, spinoffs, live action, cartoon, comic book, illustrated, etc etc) and build a bayesian model of how one moves from one state of mind (Hobbits are boring) to another (Smaug is cool), or from one opinion (why did no-one ever actually read the princess bride) to another (You keep using that word, etc etc ).

Two dominant theories to date are

  • The Ordering Theory
  • The Gap Theory

Then we will finally know the truth.

Wednesday, April 22, 2020

cat > /dev/kb

I'd like to bring up a very important topic for all my inky-fingered friends (and I am not
referring to my experiments with spilling Quink on the ebony fretboard to see if I can play faster).

The cats. come and sit. on the keyboard. in front of the screen. while you're trying to work.

How can we fix this? 

Well, here's my patented invention that I think is going to work.

You know how the keyboard layout was invented by Benjamin Franklin for President Theodore Roosevelt when he was digging the Panama Canal? It is an oft told tale - the problem was that all the typists producing  reports to send back to Washington DC had to type an inordinate number of lower case 'a's every time just to get the headed paper to look right. For this reason, they moved the keys for 'l', 'n', 'm' and 'p' as far away from the 'a' as they could get them. Back in those days, most people were one or two fingered typists so this slowed them down, so that the 'a' key stopped breaking, leading to incredible misunderstandings between the  rmy, nvy and rfrce ('o' was a lesser,but not insignificnt prblm).

So the new keyboards worked a treat until they started working with a French company who still used the old Aztec name Pznzmz Cxnxl, which led to the second new keyboard, which nous aimions tres biens ces jours. and so on and so forth.

As code breakers amongst you will remember, (or possible Sherlock Holmes stick insect fans) the problem is to do with the popularity of different letters f the alphabet in different tongues. Why the alphabet is in alphabetical order is an interesting question which I'll leave for later  (just noting for now that it isn't, for example, in Arabic, Hebrew, Greek and Cyril Smith's languages, the third letter is 'g', not 'c' - go figure how the Romans got that wrong along with really poor ways of counting). And of course, Scrabble scores - which are in the opposite order to the popularity of letters ( a bit like Nathaniel Hawthorne's novels).

So "how does this solve a problem like a cat?", I hear you ask, Maria.

Easy peasy. we place bigger springs under the unpopular letters and so when the cat sits on the nice warm laptop keyboard, instead of getting a gentle purr like vive from the fan, it gets prodded uncomfortable in random places.

This will also let us revert the keyboard layout to being alphabetic, since it will just be harder to depress the unpopular letters which will slow us down between popular ones.

Of course we could confuse the cat further (as if such a thing were possible or even desirable) by choosing springs from a French or dare I  even suggest, a Chinese (Mandarin, not Catonese (sic), of course) layout of spring constants. By Hooke or by Crooke, we will have to solve the problem that the Chinese layout would require at least 5 springs of different strengths to operate really successfully, but we believe that yhe market for this in china will be as big as that for Dragon Nets.

I will be inviting investors to my alpha-beta-gamma product launches shortly, meanwhile I leave you with the experimental result that  you may wish to try as well, in these distracted days. You can teach your cat a foreign language easily. I have ours completely versed in French - when I say va't en or viens ici, she behaves in exacfly the same way as when I say "get the 'f off that keyboard" or "where are you didums". This does not work with dogs. In fact I know several dogs in the Dordogne that response to "Get off my leg fido" in exactly the same way as if you offer them a biscuit.

Science is a marvellous thing when used carefully.Electromagnets more so - in the new version (delta-key) of the boards above, we replace the springs by electromagnets and now can use this to train humans to type faster, and untrain cats to sit on the keys. Gnu Emacs key bindings will be available shortly.


qwerty or azerty

code breakers and scrabble


While waiting for the coffee to brew,

Monday, April 20, 2020

ethics, policy, regulation and contact tracing apps - babies and bathwater

0. How to get it right: Harvard ethics review/roadmap to pandemic resilience

1. if you are going to criticise the ethics of contact tracing app work, first establish a baseline - find out how manual contact tracing is done, what data is kept, what triggers it, what privacy risks there are. Who does the work? are they trained? is there a log (to avoid duplicating contact notifications by multiple staff and to record the test status of people). How does consent work from the pattient who's just tested positive and is probably stressed? How many false positive and negatives are there (people they falsely remembered they'd met, or encounters they forgot) etc etc- this is the standard an app has to meet at least.
2. know your medical ethics - it is standard that a new technology is introduced provided it is at least as good as existing "treatments" and no worse - see above. If contact apps tracing is also faster, and therefore reduces the number of people the virus spreads to before all possible infected people are found and isolated, then factor this in, as it is part of the care requirements.
3. Don't talk about stuff you don't understand - i've seen vague criticisms of the use of BLE (Bluetooth Low Energy) as it isn't "accurate enough" without a single citation on measurements that support this. There are multiple measurements and techniques that support that it is an ok proxy for encounters between people carrying capable smart phones with the relevant app running. The main criticisms are i) that might only be 60-75% of phones (depending on country/region/demographic) and ii) only around 75-80% of people have any sort of smart phone. See 1/ its additional, and faster/complimentary, not a replacement for manual contact tracing. Also see the care taken by Google/Apple (see prev blog) in terms of taking care of privacy- this is largely better at protecting people than manual tracing can be (there are modest exceptions - exercise for reader, think of one).
4. No-one's claimed you use contact tracing to replace testing (or more ludicrously, to replace the hunt for treatments, or vaccines or the actual provision of PPE for key workers who encounter a lot of potentially infectious people (including care homes, bus drivers, supermarket checkout staff etc). Don't claim people want to re-prioritise resources because they are techno-solutionists without actually finding out their motives and community. The idea of contact tracing apps came from (and is supported by) epidemiologists (e.g. from LSHTM in the UK). Tech people worked from what they asked, not from some bluesky fantasy. This includes the empirical testing of which is preferred proxy for encounters, and the fact that it is predicated on testing. Testing alone doesn't fix things fast enough either (unless you had a 15 minute test cheap enough to run on everyone nearly daily).
5. contact tracing doesn't have to be in more than a few percent of the population to be useful for its original purpose, which is to get more precision about the epidemic parameters to improve models, learn about asymptomatic carriers, infection rates between groups like children-to-adults, and the expiry date on immunity, whether acquired through surviving infection or from eventual vaccine deployment (many vaccines also have limited lifetime though usually better and longer than having had the disease, we still need to know).
6. Mission creep:-  discussed elsewhere - a mix of tech, regulatory and legal frameworks need to be clarified to minimise this risk- including (obviously) sunsetting.  This is not new.  People that work in clinical trials/medical ethics know this stuff - if you are a tech ethicist and you have not read up standard protocols in that space yet, please do so before criticising tech app writers who have. The goal of the privacy preserving/decentralised bluetooth API from Google/Apple is not to mess up earlier more centralised app designs, it is to offer a more ethical way forward and represents the way the tech sector has considered best practice ahead of some of the people criticising them

What's worse than techies who ignore ethics and context? ethicists who ignore the tech and context:

For the avoidance of doubt, Do No Harm.

Comprehensive list of tracer apps, initiatives, design docs etc

Friday, April 10, 2020

Some DP-3T & Apple/Google contact tracer abuse questions...

Contact tracing plus testing is a hope for getting out of lockdown, once we are well past the current peaks in the Covid-19 pandemic . Lots of apps have been proposed, some shipped. Most recently, privacy preserving apps have been designed in response to fears about misuse of the contact data. Apple&Google have specified an open API&Service for bluetooth low energy contact tracing with privacy. It looks like a good fit, technically, to some of the newer app designs. It does (a little) remind me of what adding privacy to WiFi AP scanning did (to prevent revelation of all the places someone had been by eavesdropping the list of prospective APs in their scan), but to a very different end and in a different way - see links to specifications below. Some comments added on NHS proposed app at the end now.

People are concerned about how this might lead to privacy invasive apps in the future, but first, why do we want this now:

Aside, to keep an epidemic in "virtual lockdown" you need to able to trace and isolate cases before they infect further people and restart the epidemic exponential growth ahead of your trace rate capability. This means there's a relationship between the reproduction rate (R0) of the epidemic in normal population behaviour (contacts that might lead to infection) and the fraction of people likely to be able to give fast accurate contact information - with nominal R0 around 2, this is estimated in the range 40%+ of people out and about. If people wear masks and observe social distancing, the baseline R0 might be somewhat lower. With proactive testing (random or periodic) you also trigger things earlier for people testing positive so the effective R0 is then even lower - the goal is to keep it always effectively well below 1. But note the number  40% of UK population (or even just households) is 20M (10M) roughly.

Could you build an app to "round up all the co-conspirators"?
or all people that were at this protest at this time with this person?

1. agency (replace healthcare with bad cops:) coerce person to equivalent of test +ve: sends notifications: 
2. agency coerce people to reveal whether notified or not 

Could latter be required by, say, employers (e.g. good ones like healthcare, or bad ones like xxx)?
How is that new compared to current Real World contact trace/notify done through interviews/phone visit

Firstly, service doesn't give precision time, nor is their geo-location as part of it.

Phones may already potentially separately run geo-location, so not clear this adds a lot apart from additional evidence of co-location, and spatial precision. So if any of the phones in a co-lo event are also reporting position, you "infect" contacts with a possible inference, if someone can coerce ALL possible contacts to reveal presence or lack of notifications...obviously people at protests could turn off service, and later not ask for notifications. Would that then be evidence too? This seems like a pretty complicated and far fetched scenario...Not very good evidence that some people out of 20M might be co-conspirators. Not clear how the coercion scales without becoming somewhat visible.

Explainer/proper use case/reference:
Google/Apple BLE explainer
Tech spec:

Pandemic mission creep "best intention" temptations:-

1. "Self-report" and Test certification verification.

Given the trigger for the upload of crypted contact info is a positive test with authorisation by the health authority, there's a strong temptation to bundle test certificates 
+ve/-ve/timestamp/ virus v antibody, into an app...

This is orthogonal to the contact side. but employers (especially healthcare employers) might require verifiable clear tests for staff (like CRBs for teachers etc). Is
failure to do something about being notified also a breach of some employment agreement? Is commerce going to coerce?

I suspect people who work in jobs that you care will actually want to respond to notifications and  get tested too, so can tell to self isolate/get treated/get better and back to work in safe knowledge, so
incentives are aligned, no?

In the NHS app case, there are two separate triggers for using contact history to send notifications: 1/ is a self report (yellow alert), 2/ is a positive test result (red alert). A colleague suggests that there should be an intermediate trigger where a call to the UK's 111 service that results in suggestion to self-isolate, could be accompanied (like the positive test result) with an authorization code to the app (given over the phone to the subject) so that like the test, this trigger (say amber alert) would be much harder to troll with fake self-diagnoses and might act as a deterrent to such behaviour since the 111 caller would be identifiable. re-linking with the patient is no more risk than it was in the test case, either.

2. Isolation/lockdown location compliance

Since we don't have absolute geoloc at all, is there a way to find if notified people were in contact with a person who was infected and in breach of isolation/lockdown rules, more than current Real World contact tracing would reveal...? This seems not to be made easier by these 
contact tracer approaches. See above. 

Other concerns include false positive rates in self-reporting - this applies whether the data is centralised (NHSX current app design as of 12.4.2020) or decentralised as with the Google/Apple/DP-3T.

We can assume that there will be fairly high levels of people stressed in the current lockdown, and potentially experiencing some symptoms (e.g. coughing at the slighted thing). We're currently heading out of the period of seasonal flu, so people having genuine symptoms, but caused by something less risky, will be in smaller numbers perhaps? Nevertheless, this is going to contribute a significant "false positive" rate. However, given the goal of all this tech (coupled with more wide scale testing) is to be able to leave lockdown, the effect would be to have some larger number of people self-isolating than expected, but a much much smaller number than the current 65M people stuck indoors. It remains to be seen what that rate would be, but even if 5 times the rate of real symptoms, this would (after the current peak is over - say early May) be quite a modest number. And it is "failsafe"

Another threat sometimes claimed to these systems is trolling. This I don't buy. The whole point of the bluetooth scanning algorithm (since we did ours 11 years ago in Fluphone) is that someone would have to stand next to you (less than 2 meters away) for 15 minutes (or so) to trigger adding you as a contact. You'd probably notice people doing that in the supermarket, on the pavement, etc. Fleeting encounters are not triggers. That's part of the design.

The third criticism I've seen of these contact tracer apps is that they need a significant fraction of the population to run them for them to "work" - actually, this is not strictly true - they need a significant fraction of an infected person's social group (friends, family, colleagues) to run the app to help. This is true for the contact tracing side. but all contact tracing is partial - it is an attempt to reduce the reproduction rate of the epidemic below 1 - any contribution to that reduction helps us avoid a second wave.
The app is also useful (as discussed above) for gathering details to build a more precise model of the epidemic, mathematically, so things like pre- and asymptomatic carrier infection is characterised, and the rate of child-to-adult is understood better, and even the expiry of immunity. For that to work, any reasonable number of people running the app will help. Given other apps (eg. Zoe/Kings app, or the Covid-Sound app have seen  thousand of downloads a day, it is clear that reaching a decent target for that purpose is achievable, whereas to get to herd-levels of contact tracing coverage many be harder.

Question: apple are saying they will mandate the use of the new privacy/decentralised bluetooth scanning API for IOS devices to run scanning in background - is this already in place, or is it after they (and google) release the new scanning code? Would a centralised-store app like the NHS one be blocked (either from release through the Apple App store, or further, actually unable to run (in background) on IoS devices right now? Will update this soon as someone upates me:-)

Baseline: how does manually tracing contacts (extracting addresses/phone numbers from a tested person, and subject to imperfect recall, possibly including people they didn't actually see and forgetting ones they did)- how is that better than digital contact tracing in safety&security?

meanwhile, also, some data on manual versus app based tracing impact on reducing R0 - from lancet paper based on data from china

Tuesday, April 07, 2020

covid-19 & interventions - very very speculative

looking at Mark Handley's graphs of many countries evolution of the pandemic, and the interventions, i'm going to engage in some idle speculation - please don't take this seriously or as a prediction - its just thinking out loud...

people see family multiple times a day
people make daily trips home->work/school
people make weekly trips (home->shops or trips to country)
people make monthly trips (business -> other countries)

this pattern of self-similar journeys underlies this study of cinter-ontact intervals and duration.

If you look at clustering starting in Wuhan, and then to rest of china, then to other country, it really looks like that. Rhyhm and randomness in human movements as also explored in this ref paper.

It seems that in a trip you might meet 1-100 people but only infect 1-2 so its quite hard for most people to catch, but somewhat easy for some
(severity is a whole other question, maybe, but maybe its related too)

35% daily increase corresponds to a doubling time of 2.5 days
assume basic R0 is 2-3 -i.e. as above, so each person adds 1-2 people a day
but they aren't necessarily infectious for 3-5 days so you get double every 2-3 days

Social Distancing
22% daily increase corresponds to a doubling time of 3.5 days
distancing works weakly - i.e. your infectious person travels
more carefully in their daily trips but not carefully enough. see this LSHTM paper for more info which looks consistent?

Speculate - if Covid-19 can be spread by touch, this might be
evidence that 2 meter is fine if everyone washes every time they were near where an infected person touched. so maybe combination of masks and washing would be as good as lockdown if 100% observant, but if 50% obvservant, only roughly halves the spreading rate.
13.5% daily increase corresponds to a doubling time of 5.5 days
lockdown week 1 < works, but you've only removed half the people in the first week

8% daily increase corresponds to a doubling time of 9 days
lockdown week 2, remove other half....but still have tail of who was infected 2 weeks back, showing symptoms this week

lockdown week 3?

Saturday, March 21, 2020

epidemics and human contact statistics...

way back when, my colleague Eiko Yoneki built the Fluphone project, which has suddenly become rather relevant again after a decade. Some folks in Singapore have nicely done something similar with good privacy properties! NHSx are on it in the UK, as are lots of other people...

we had earlier studied human contacts - here's a paper by Augustin Chaintreau et al based on work in the Haggle project which involved empirical studied of how the time between and duration of encounters between people is distributed.  Some of the data sets are freely available in the excellent Crawdad repository.

When modeling an epidemic (e.g. to figure out whether it will collapse, sustain, or go pandemic), people start with the SIR model (susceptibility, infectiousness and recovery) - this basically leads to classic S curves over time for the number of people infected (or fraction of the population) - the other important number quotes is R0 - the number of people each infected person passes the disease on to. Recovered people usually have some level of immunity, so they are "removed" from the population, and not typically returned to the pool of susceptible people (at least for some time, depending on disease and person).

Some problems with naive models:
the values for S,I,R are population averages. As is R0. In fact, R0 obviously varies over time, as the number of susceptible people an infected person can meet must typically decrease.

In fact susceptibility for a disease also can be influenced by prior incurred immunity. This can vary with age, gender and other factors, inherently, or because of similar prior infections, or because of vaccination.

As can infectiousness (simple example - if you are asymptomatic carrier of a disease spread only by coughing, then if you don't cough, it is hard to spread it.).

The point of the encounter data above is that that also isn't simple. People have varying levels of popularity ("degree") and centrality (they are on the path between more or less friends (of friends (of friends (of friends)))) to the sixth degree and more. One study of this by Watts et al shows how this leads to multi-scale, resurgent outbreaks. Ground truth needs us to test everyone!

Vaccination programs often target the vulnerable groups (seasonal flu), but sometimes target the whole population, but possibly indirectly - e.g. if you vaccinate enough kids against measles, mumps, chickenpox, polio, smallpox, and it lasts til later life, eventually there's almost no-one in the population left to spread the thing anymore. The vaccine can be made from a weakened version of the disease, which then "teaches" the human immune system in a way that lets it respond appropriately to the full-strength one later. Herd immunity normally refers to having enough of the population vaccinated that the SIR model tells you the disease won't get anywhere far before only meeting immune people.

The contact interval/duration models are power law and clustered. This tells us that they are driven by heavy tailed distributions of popularity (aka rich get richer, in trading terms), but also affinity (e.g. kinship, friendship, work relationships, etc).  For social distancing to work, you need to combine breaking all these kinds of links, social, work, entertainment, even (actually, especially family if you have a tight knit generational spread!). but also you need to target high popularity or high centrality people especially - this has been used by people in a wide range of areas such as offering advice on safe sex to sex workers to reduce HIV spreading, and even smoking and obesity (e.g. see Christakis work there).

The point of this blog (which may contain errors-  please send me corrections if you spot any!) is to try to explain that it is relatively complex to deal with real outbreaks. When we have phase changes in epidemics, and power law coefficients, some small changes can really fix things, other changes have to be very significant to make a difference. We need adaptive, and (as seen here on heterogeneous) responses. Above all, we need continuous, and continuously more accurate, measurement of all of the above to do this adaptation precisely.

Saturday, January 25, 2020

An Architecture for Spread Spectrum Computation

This is an unsuccessful proposal to Facebook about an
an intermediate Instruction Set Architecture for Spread Spectrum Computation. We target nano-services constructed 
from lambdas as a backend from an intermediate system, to allow for fine grain, and elastic, fault tolerant 
computations. Was an extension of an earlier idea by Steve Hand.

We believed it fitted in their research call topics on
Scalable, elastic, reliable distributed;
Programming languages&compilers for platform agnostic; and
Resource provisioning for efficient ML.

I guess it was slightly too ambitious:-)

Blog Archive

About Me

My photo
misery me, there is a floccipaucinihilipilification (*) of chronsynclastic infundibuli in these parts and I must therefore refer you to frank zappa instead, and go home