Entries Tagged "medicine"

Page 3 of 9

Security Implications of Cash

I saw two related stories today. The first is about high-denomination currency. The EU is considering dropping its 500-euro note, on the grounds that only criminals need to move around that much cash. In response, Switzerland said that it is not dropping its 1,000-Swiss franc note. Of course, the US leads the way in small money here; its biggest banknote is $100.

This probably matters. Moving and laundering cash is at least as big a logistical and legal problem as moving and selling drugs. On the other hand, countries make a profit from their cash in circulation: it’s called seigniorage.

The second story is about the risks associated with legal marijuana dispensaries in the US not being able to write checks, have a bank account, and so on. There’s the physical risk of theft and violence, and the logistical nightmare of having to pay a $100K tax bill with marijuana-smelling paper currency.

Posted on February 19, 2016 at 6:34 AMView Comments

Hacking Drug Pumps

When you connect hospital drug pumps to the Internet, they’re hackable. This is only surprising to people who aren’t paying attention.

Rios says when he first told Hospira a year ago that hackers could update the firmware on its pumps, the company “didn’t believe it could be done.” Hospira insisted there was “separation” between the communications module and the circuit board that would make this impossible. Rios says technically there is physical separation between the two. But the serial cable provides a bridge to jump from one to the other.

An attacker wouldn’t need physical access to the pump because the communication modules are connected to hospital networks, which are in turn connected to the Internet.

“From an architecture standpoint, it looks like these two modules are separated,” he says. “But when you open the device up, you can see they’re actually connected with a serial cable, and they”re connected in a way that you can actually change the core software on the pump.”

An attacker wouldn’t need physical access to the pump. The communication modules are connected to hospital networks, which are in turn connected to the Internet. “You can talk to that communication module over the network or over a wireless network,” Rios warns.

Hospira knows this, he says, because this is how it delivers firmware updates to its pumps. Yet despite this, he says, the company insists that “the separation makes it so you can’t hurt someone. So we’re going to develop a proof-of-concept that proves that’s not true.”

One of the biggest conceptual problems we have is that something is believed secure until demonstrated otherwise. We need to reverse that: everything should be believed insecure until demonstrated otherwise.

Posted on June 17, 2015 at 2:02 PMView Comments

The Risk of Unfounded Ebola Fears

Good essay.

Worry about Ebola (or anything) manifests physically as what’s known as a fight, flight, or freeze response. Biological systems ramp up or down to focus the body’s resources on the threat at hand. Heart rate and blood pressure increase, immune function is suppressed (after an initial burst), brain chemistry changes, and the normal functioning of the digestive system is interrupted, among other effects. Like fear itself, these changes are protective in the short term. But when they persist, the changes prompted by chronic stress — defined as stress beyond the normal hassles of life, lasting at least one to two weeks — are associated with increased risk of cardiovascular disease (the leading cause of death in America); increased likelihood and severity of clinical depression (suicide is the 10th leading cause of death in America); depressed memory formation and recall; impaired fertility; reduced bone growth; and gastrointestinal disorders.

Perhaps most insidious of all, by suppressing our immune systems, chronic stress makes us more likely to catch infectious diseases, or suffer more­ — or die­ — from diseases that a healthy immune system would be better able to control. The fear of Ebola may well have an impact on the breadth and severity of how many people get sick, or die, from influenza this flu season. (The CDC reports that, either directly or indirectly, influenza kills between 3,000 and 49,000 people per year.)

There is no question that America’s physical, economic, and social health is far more at risk from the fear of Ebola than from the virus itself.

Posted on January 13, 2015 at 7:10 AMView Comments

The Risk of Unfounded Ebola Fears

Good essay.

Worry about Ebola (or anything) manifests physically as what’s known as a fight, flight, or freeze response. Biological systems ramp up or down to focus the body’s resources on the threat at hand. Heart rate and blood pressure increase, immune function is suppressed (after an initial burst), brain chemistry changes, and the normal functioning of the digestive system is interrupted, among other effects. Like fear itself, these changes are protective in the short term. But when they persist, the changes prompted by chronic stress — defined as stress beyond the normal hassles of life, lasting at least one to two weeks — are associated with increased risk of cardiovascular disease (the leading cause of death in America); increased likelihood and severity of clinical depression (suicide is the 10th leading cause of death in America); depressed memory formation and recall; impaired fertility; reduced bone growth; and gastrointestinal disorders.

Perhaps most insidious of all, by suppressing our immune systems, chronic stress makes us more likely to catch infectious diseases, or suffer more­ — or die­ — from diseases that a healthy immune system would be better able to control. The fear of Ebola may well have an impact on the breadth and severity of how many people get sick, or die, from influenza this flu season. (The CDC reports that, either directly or indirectly, influenza kills between 3,000 and 49,000 people per year.)

There is no question that America’s physical, economic, and social health is far more at risk from the fear of Ebola than from the virus itself.

EDITED TO ADD (10/30): The State of Louisiana is prohibiting researchers who have recently been to Ebola-infected countries from attending a conference on tropical medicine. So now we’re at a point where our fear of Ebola is inhibiting scientific research into treating and curing Ebola.

Posted on October 30, 2014 at 6:40 AMView Comments

Surveillance and the Internet of Things

The Internet has turned into a massive surveillance tool. We’re constantly monitored on the Internet by hundreds of companies — both familiar and unfamiliar. Everything we do there is recorded, collected, and collated — sometimes by corporations wanting to sell us stuff and sometimes by governments wanting to keep an eye on us.

Ephemeral conversation is over. Wholesale surveillance is the norm. Maintaining privacy from these powerful entities is basically impossible, and any illusion of privacy we maintain is based either on ignorance or on our unwillingness to accept what’s really going on.

It’s about to get worse, though. Companies such as Google may know more about your personal interests than your spouse, but so far it’s been limited by the fact that these companies only see computer data. And even though your computer habits are increasingly being linked to your offline behavior, it’s still only behavior that involves computers.

The Internet of Things refers to a world where much more than our computers and cell phones is Internet-enabled. Soon there will be Internet-connected modules on our cars and home appliances. Internet-enabled medical devices will collect real-time health data about us. There’ll be Internet-connected tags on our clothing. In its extreme, everything can be connected to the Internet. It’s really just a matter of time, as these self-powered wireless-enabled computers become smaller and cheaper.

Lots has been written about theInternet of Things” and how it will change society for the better. It’s true that it will make a lot of wonderful things possible, but the “Internet of Things” will also allow for an even greater amount of surveillance than there is today. The Internet of Things gives the governments and corporations that follow our every move something they don’t yet have: eyes and ears.

Soon everything we do, both online and offline, will be recorded and stored forever. The only question remaining is who will have access to all of this information, and under what rules.

We’re seeing an initial glimmer of this from how location sensors on your mobile phone are being used to track you. Of course your cell provider needs to know where you are; it can’t route your phone calls to your phone otherwise. But most of us broadcast our location information to many other companies whose apps we’ve installed on our phone. Google Maps certainly, but also a surprising number of app vendors who collect that information. It can be used to determine where you live, where you work, and who you spend time with.

Another early adopter was Nike, whose Nike+ shoes communicate with your iPod or iPhone and track your exercising. More generally, medical devices are starting to be Internet-enabled, collecting and reporting a variety of health data. Wiring appliances to the Internet is one of the pillars of the smart electric grid. Yes, there are huge potential savings associated with the smart grid, but it will also allow power companies – and anyone they decide to sell the data to — to monitor how people move about their house and how they spend their time.

Drones are another “thing” moving onto the Internet. As their price continues to drop and their capabilities increase, they will become a very powerful surveillance tool. Their cameras are powerful enough to see faces clearly, and there are enough tagged photographs on the Internet to identify many of us. We’re not yet up to a real-time Google Earth equivalent, but it’s not more than a few years away. And drones are just a specific application of CCTV cameras, which have been monitoring us for years, and will increasingly be networked.

Google’s Internet-enabled glasses — Google Glass — are another major step down this path of surveillance. Their ability to record both audio and video will bring ubiquitous surveillance to the next level. Once they’re common, you might never know when you’re being recorded in both audio and video. You might as well assume that everything you do and say will be recorded and saved forever.

In the near term, at least, the sheer volume of data will limit the sorts of conclusions that can be drawn. The invasiveness of these technologies depends on asking the right questions. For example, if a private investigator is watching you in the physical world, she or he might observe odd behavior and investigate further based on that. Such serendipitous observations are harder to achieve when you’re filtering databases based on pre-programmed queries. In other words, it’s easier to ask questions about what you purchased and where you were than to ask what you did with your purchases and why you went where you did. These analytical limitations also mean that companies like Google and Facebook will benefit more from the Internet of Things than individuals — not only because they have access to more data, but also because they have more sophisticated query technology. And as technology continues to improve, the ability to automatically analyze this massive data stream will improve.

In the longer term, the Internet of Things means ubiquitous surveillance. If an object “knows” you have purchased it, and communicates via either Wi-Fi or the mobile network, then whoever or whatever it is communicating with will know where you are. Your car will know who is in it, who is driving, and what traffic laws that driver is following or ignoring. No need to show ID; your identity will already be known. Store clerks could know your name, address, and income level as soon as you walk through the door. Billboards will tailor ads to you, and record how you respond to them. Fast food restaurants will know what you usually order, and exactly how to entice you to order more. Lots of companies will know whom you spend your days — and nights — with. Facebook will know about any new relationship status before you bother to change it on your profile. And all of this information will all be saved, correlated, and studied. Even now, it feels a lot like science fiction.

Will you know any of this? Will your friends? It depends. Lots of these devices have, and will have, privacy settings. But these settings are remarkable not in how much privacy they afford, but in how much they deny. Access will likely be similar to your browsing habits, your files stored on Dropbox, your searches on Google, and your text messages from your phone. All of your data is saved by those companies — and many others — correlated, and then bought and sold without your knowledge or consent. You’d think that your privacy settings would keep random strangers from learning everything about you, but it only keeps random strangers who don’t pay for the privilege — or don’t work for the government and have the ability to demand the data. Power is what matters here: you’ll be able to keep the powerless from invading your privacy, but you’ll have no ability to prevent the powerful from doing it again and again.

This essay originally appeared on the Guardian.

EDITED TO ADD (6/14): Another article on the subject.

Posted on May 21, 2013 at 6:15 AMView Comments

Risks of Networked Systems

Interesting research:

Helbing’s publication illustrates how cascade effects and complex dynamics amplify the vulnerability of networked systems. For example, just a few long-distance connections can largely decrease our ability to mitigate the threats posed by global pandemics. Initially beneficial trends, such as globalization, increasing network densities, higher complexity, and an acceleration of institutional decision processes may ultimately push human-made or human-influenced systems towards systemic instability, Helbing finds. Systemic instability refers to a system, which will get out of control sooner or later, even if everybody involved is well skilled, highly motivated and behaving properly. Crowd disasters are shocking examples illustrating that many deaths may occur even when everybody tries hard not to hurt anyone.

Posted on May 2, 2013 at 1:09 PMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.