Monday 6 April, 2020

Is it any wonder that the UK currently has such a mediocre government?

After all, the main criterion for appointment to the Cabinet was to have been wrong about the most important question that faced the UK since 1946. As a result we have a squad of econd-raters.

How long can we continue to live like this?

Abhijit Banerjee (AB) and Esther Duflo (ED), a married couple, shared this year’s Nobel Prize for economics with Michael Kremer. Here’s part of a transcript of a conversation in which the couple discussed one of the issues — how long can we live like this?

AB: So, what do you propose to do about it?

ED: At this moment, we can listen to what the doctor says or try to make sense of what the doctor says. We know it is bad and we know we do not have a cure, and anybody who says he has a cure is lying. People are working for a cure but it will take time. All we can do is to isolate ourselves. Another thing we can do is to practice good hygiene in particular washing of hands. So if we get in contact with affected people we can prevent a transmission.

AB: It is extremely hard for people to practise such an unnatural lifestyle in the foreseeable future. For how long? People are not working, they are not earning, they are not going out, they are not meeting their loved ones. Is this a realistic enterprise for six months? Do you think that causes some challenges?

ED: It would be unsustainable for two weeks. Almost sure it would be unsustainable for six months. On the top of the uncertainties caused by the virus itself, there are uncertainties caused by the uncertainties. I am now turning the question to you. If you were in charge, of US to begin with, when would you have started this curfew and so many restrictions… you can do this, you cannot do this?

AB: It is a tough call. The model says five months and the model is based on the numbers which people plucked out from the air. Five months for full shutdown strategy. It is frightening to contemplate. A realistic (option) is to pick a shorter window and work around the peak and to make sure the peak is not as bad. Keeping the window significantly short and more focussed. I do not know which way I would have gone if I was in the hot seat because that involves making a choice that I will let some people die. More people will die in the scenario we shut it down later unless we believe that the whole thing is not sustainable. Then of course… That must be the case in many countries, because five months shutting down means people will stop believing there is a centre of policy. There is a trade-off between saving real lives and possibly at an enormous enforcement cost and enormous cost to the economy… Possibly it is easier to save the economy… I do not know.

He doesn’t know. Neither do we.

Bruce Schneier and Ben Evans on Zoom and its weaknesses/problems

Everybody’s piling in on Zoom. Bruce Schneier, one of my favourite security gurus, is particularly fierce. He sees three kinds of problems with the service: (1) bad privacy practices, (2) bad security practices, and (3) bad user configurations.

Privacy first: Zoom spies on its users for personal profit. It seems to have cleaned this up somewhat since everyone started paying attention, but it still does it.

The company collects a laundry list of data about you, including user name, physical address, email address, phone number, job information, Facebook profile information, computer or phone specs, IP address, and any other information you create or upload. And it uses all of this surveillance data for profit, against your interests.

On security, Schneier says that “Zoom’s security is at best sloppy, and malicious at worst”. And its encryption is “awful. First, the company claims that it offers end-to-end encryption, but it doesn’t. It only provides link encryption, which means everything is unencrypted on the company’s servers.” (I wrote about this in my Observer column yesterday.)

And then there’s Zoom’s “bad user configuration. Zoom has a lot of options. The defaults aren’t great, and if you don’t configure your meetings right you’re leaving yourself open to all sort of mischief.”

Even without screen sharing, people are logging in to random Zoom meetings and disrupting them. Turns out that Zoom didn’t make the meeting ID long enough to prevent someone from randomly trying them, looking for meetings. This isn’t new; Checkpoint Research reported this last summer. Instead of making the meeting IDs longer or more complicated — which it should have done — it enabled meeting passwords by default. Of course most of us don’t use passwords, and there are now automatic tools for finding Zoom meetings.

In short: Schneier really doesn’t like Zoom.

Benedict Evans has an interesting and more sympathetic take on it in his (invaluable) weekly newsletter.

Zoom has gone from 10m to 200m daily users in the past few weeks (!), and that comes with pain. On one hand, since it was designed for the enterprise it wasn’t hardened against abuse, so ‘Zoom-bombing’ (eg crashing random open group calls and putting obscene things onto everyone’s screen) is now a thing. On the other hand, it’s now getting a lot more privacy and security scrutiny, and some… issues have come up. These are two sides of the same coin: you have to ask ‘what would malicious people do with our software?’ and the answer might be both human engineering and software engineering. A lot of the flaws people found look like simple product decisions to make installing and using easier – for example, it used the Facebook SDK so you could log-in with Facebook, but that sends some device data to Facebook. But it also claimed it was end-to-end encrypted and isn’t, and some of the traffic goes through Chinese servers, and so one has to assume that the Chinese state could listen in to anything if it wanted to. To its credit, Zoom has responded pretty well to most of these concerns, and some of this can be over-played (it seems pretty silly for a school system to ban it in case the Chinese intelligence agencies are listening to drama class), but I’m not sure the UK cabinet should carry on using this.

Agreed. But then Evans has this interesting thought.

Stepping back, it’s striking that Zoom has made such a big impact despite every tech giant having a big mature product in this space (or even several – how many of these apps does Google have? That would be a good interview question). It’s really not as hard to displace these companies as some would think, if you can find the right wedge. This also reminds me of the founding legend of Dropbox: everyone told Drew Houston ‘there are dozens of these’ and he said ‘yes, but do you use any of them?’ Links: Zoom goes to 200m users, Zoom response to issues

Superyachts: depreciating quarantine machines

This was the headline on a lovely FT piece about the problems of the mega rich in their floating gin-palaces.

Google searches for “I can’t smell” seem to be good predictors of where the virus is

As this pandemic rages, it becomes ever clearer that the UK government is flying blind. This is because we’re not testing enough people for the simple reason that we don’t have the capacity to do it. So we’re in a radically different position to Germany — another large country which seems to be doing much better. And because the UK started so late in the pandemic, it’s now run up against the global shortage of reagents which is reducing capacity to create huge numbers of test kits. Is there anything we could do at the moment to improve our knowledge of where the virus is striking hardest?

An intriguing OpEd in today’s New York Times suggests that there might be. The article is by Seth Stevens-Davidowitz, who some years published an insightful book with the intriguing title Everybody Lies: what the Internet can tell us about who we really are. The point of the book is that people’s Google searches are amazingly revealing, because they will confide anxieties to Google they would not dare express to even their nearest and dearest.

In his NYT article, Seth suggests that analysis of the location of Internet users searching Google for “I can’t smell” could provide valuable information about outbreaks of COVID-19.

To see the potential information lying in plain sight in Google data, consider searches for “I can’t smell.” There is now strong evidence that anosmia, or loss of smell, is a symptom of Covid-19, with some estimates suggesting that 30-60 percent of people with the disease experience this symptom. In the United States, in the week ending this past Saturday, searches for “I can’t smell” were highest in New York, New Jersey, Louisiana, and Michigan — four of the states with the highest prevalence of Covid-19. In fact, searches related to loss of smell during this period almost perfectly matched state-level disease prevalence rates, as the accompanying chart shows.

Other researchers have found that a bevy of symptom-related searches — loss of smell as well as fever and shortness of breath — have tracked outbreaks around the world.

Because these searches correlate so strongly with disease prevalence rates in parts of the world with reasonably good testing, says Stephens-Davidowitz, we can use these searches to try to find places where many positive cases are likely to have been missed.

It’s possible that this correlation won’t be stable over a long time. (There was a surge of excitement a few years ago when it was discovered that Google searches provided earlier advance warning of ordinary flu outbreaks in the US than the CDC could produce; but that turned out to be a fluke.) This particular correlation, though, seems to hold across some parts of the world.

There is already some evidence that clues to this symptom were evident earlier in search data. Joshua Gans, a professor at the Rotman School of Management at the University of Toronto, found that searches for “non sento odori” (“I can’t smell”) were elevated in Italy days before the symptom was reported in the news. Iran also saw an enormous rise in searches related to loss of smell weeks before media reports of the symptom became common.

Anyway, worth trying for the testing-challenged UK.

Quarantine diary — Day 16


This blog is now also available as a once-a-day email. If you think this might work better for you why not subscribe here? (It’s free and there’s a 1-click unsubscribe if you subsequently decide you need to prune your inbox!) One email a day, in your inbox at 07:00 every morning.