RISKS-LIST: Risks-Forum Digest Tuesday 9 June 2020 Volume 31 : Issue 97

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.97>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Democracy Live Internet voting: unsurprisingly insecure, and surprisingly
insecure (Specter and Halderman, with Andrew Appel's comments via PGN)
More on Internet e-voting: Swiss Post purchases Scytl (SwissInfo)
Report Details New Cyber Threats to Elections From Covid-19 (Maggie Miller)
IBM ends all facial recognition business as CEO calls out bias and
inequality (TechCrunch)
Cox slows an entire neighborhood's Internet after one person's'excessive
use' (Engadget)
Environmentalists Targeted Exxon Mobil. Then Hackers Targeted Them. (NYTimes) Big brands bring the fight to Big Tech (Politico)
System Security Integration Through Hardware and Firmware (DARPA via
Richard Stein))
2018 War Game Scenario has Gen Z Revolting (Skullcap SaVant via goodfellow)
A Million-Mile Battery From China Could Power Your Electric Car (Bloomberg)
I wrote this law to protect free speech. Now Trump wants to revoke it.
(Ron Wyden via CNN)
Programming 'language': Brain scans reveal coding uses same regions as
speech (Medical Express)
Cisco's Warning: Critical Flaw in IOS Routers Allows 'Complete System
Compromise' (Liam Tung)
False Negative Tests for SARS-CoV-2 Infection -- Challenges and Implications
(NEJM)
Re: Just Stop the Superspreading (Atilla, Wol, Amos Shapir, Rob Slade)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Tue, 9 Jun 2020 10:29:39 PDT
From: "Peter G. Neumann" <neumann@CSL.SRI.COM>
Subject: Democracy Live Internet voting: unsurprisingly insecure, and
surprisingly insecure (Specter and Halderman, with Andrew Appel's
comments via PGN)

A new report by Michael Specter (MIT) and Alex Halderman (U. of Michigan) <https://internetpolicy.mit.edu/wp-content/uploads/2020/06/OmniBallot.pdf> demonstrates that the OmniBallot Internet voting system from Democracy Live <https://democracylive.com/> is fatally insecure. That by itself is not surprising, as *no known technology* could make it secure. What is
surprising is all the /unexpected/ insecurities that Democracy Live crammed into OmniBallot -- and the way that Democracy Live skims so much of the
voter's private information.

https://freedom-to-tinker.com/2020/06/08/democracy-live-internet-voting-unsurprisingly-insecure-and-surprisingly-insecure/

Andrew Appel <appel@princeton.edu> has posted an extremely relevant article
in Freedom-to-Tinker: https://freedom-to-tinker.com/author/appel/

The OmniBallot Internet voting system from Democracy Live finds surprising
new ways to be insecure, in addition to the usual (severe, fatal)
insecurities common to all Internet voting systems.

There's a very clear scientific consensus that ``the Internet should not
be used for the return of marked ballots'' because ``no known technology
guarantees the secrecy, security, and verifiability of a marked ballot
transmitted over the Internet.'' That's from the National Academies 2018
consensus study report <https://doi.org/10.17226/25120>, consistent with
the May 2020 recommendations from the U.S. EAC/NIST/FBI/CISA.
<http://s3.amazonaws.com/ftt-uploads/wp-content/uploads/2020/06/07210015/Final_-Risk_Management_for_Electronic-Ballot_05082020-1.pdf>

[Please read the entire paper and Andrew's commentary. They are very
revealing, and devastating for those persons who believe that Internet
voting can be made secure. Every known attempt seems to have been easily
defeated: Washington DC 2010, Estonia 2014, Australia 2015, Scytl in
Switzerland 2019, Voatz in West Virginia 2020, OmniBallot now. Insiders
at any of four private companies (Democracy Live, Google, Amazon,
Cloudflare), or any hackers who manage to hack into these companies, can
steal votes: Democracy Live doesn't run its own servers. PGN-excerpted]

------------------------------

Date: Tue, 9 Jun 2020 10:11:57 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: More on Internet e-voting: Swiss Post purchases Scytl (SwissInfo)

Swiss Post set to relaunch its e-voting system | Sonia Fenazzi/SwissInfo <https://www.swissinfo.ch/eng/swiss-post-set-to-relaunch-its-e-voting-system/45820842>
The controversial issue of e-voting is back: Swiss Post, which had halted
the development of a project in July 2019, has bought a Spanish-owned system and plans to propose a platform ready for testing by 2021.

Opposition to the plans of Swiss Post remains strong. The purchase was reported on May 17 by the SonntagsBlick newspaper, who wrote that the deal between Swiss Post and Spanish firm Scytl had been settled for an
unspecified amount.

The deal follows the bankruptcy of the Spanish company, with whom Swiss Post had been working on a system until flaws discovered last year sparked a political debate, which ended in the government dropping e-voting plans for
the time being.

Swiss Post spokesperson Oliver Fl=C3=BCeler confirmed to swissinfo.ch that
last summer, despite the opposition, his company decided to continue
developing a system on its own, and ``after several months of negotiations''
it secured the rights to the source code from Scytl.

The aim is now to propose an e-vote system by 2021 that ``takes into account various federal particularities'' and ``responds even better to the high and specific requirements of a Swiss electronic voting system'', Fl=C3=BCeler
said.

He added that Swiss Post takes public concerns about security and the role
of foreign suppliers very seriously, but insisted that it doesn't plan to go
it completely alone.

``In future, Swiss Post will increasingly cooperate with Swiss universities
of applied sciences, other higher education institutions and encryption experts,'' he said. And ``to guarantee maximum security at all times, Swiss Post ``will reissue the new improved source code so that independent
national and international experts can verify any weaknesses''.

Opposition

E-voting was first introduced in Switzerland on a limited basis in 2003, as part of ongoing tests. However, political opposition and skepticism over the safety of such a voting channel has been a constant over the years, and
again with this latest twist, not everyone is happy.

Franz Gr=C3=BCter, a right-wing parliamentarian who also heads a people's initiative calling for a moratorium on e-voting projects in Switzerland, criticised the Swiss Post move and called for a parliamentary inquiry.

``There are good reasons to check whether Swiss Post -- a state-controlled company -- acted correctly and paid a fair price, because the whole thing
seems to lack transparency,'' he said.

The parliamentarian and IT entrepreneur added: ``It's hard to believe that Swiss Post has paid an undisclosed price for a system which we already know doesn't work properly. In other countries, too, Scytl systems have
experienced major problems. Perhaps that's precisely why the company went bankrupt''.

He said Swiss Post should have started from scratch and developed an
entirely new system, ``which could have restored trust and therefore considerably reduced opposition to e-voting'' -- an opposition that is widespread in Swiss political circles. [PGN truncated for RISKS]

------------------------------

Date: Mon, 8 Jun 2020 12:04:29 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Report Details New Cyber Threats to Elections From Covid-19
(Maggie Miller)

Maggie Miller, *The Hill*, 5 Jun 2020 via ACM TechNews, Monday, June 8, 2020

A report compiled by New York University's Brennan Center for Justice
outlines a wide range of cyber threats stemming from voting changes prompted
by Covid-19. Such threats include attempts to target election officials
working on unsecured networks at home, recovering from voter registration system outages, and securing online ballot request systems. Report co-author Lawrence Norden said election officials already dealing with cyber threats
now face additional challenges due to the pandemic. Election-security
upgrades come with funding challenges because of Covid-19 disruptions, and
the Brennan Center calculates $4 billion must be appropriated to make needed changes. Said Norden, "There is no question that what Congress can do, and really has to do very soon, is provide more money to states and localities
so they can invest in election security over the next few months." https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-25818x222c47x066802&

------------------------------

Date: Mon, 8 Jun 2020 18:54:33 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: IBM ends all facial recognition business as CEO calls out bias and
inequality (TechCrunch)

https://techcrunch.com/2020/06/08/ibm-ends-all-facial-recognition-work-as-ceo-calls-out-bias-and-inequality/

------------------------------

Date: Tue, 9 Jun 2020 10:44:34 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Cox slows an entire neighborhood's Internet after one person's
'excessive use' (Engadget)

https://www.engadget.com/cox-slows-entire-neighborhoods-internet-after-one-persons-excessive-use-165844542.html

------------------------------

Date: Tue, 9 Jun 2020 09:53:48 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Environmentalists Targeted Exxon Mobil. Then Hackers Targeted Them.
(NYTimes)

Federal prosecutors in Manhattan are investigating a global hacker-for-hire operation that sent phishing emails to environmental groups, journalists and others.

https://www.nytimes.com/2020/06/09/nyregion/exxon-mobil-hackers-greenpeace.html

------------------------------

Date: Tue, 9 Jun 2020 17:28:19 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Big brands bring the fight to Big Tech (Politico)

https://www.politico.eu/article/how-big-brands-chanel-canon-louis-vuitton-nike-are-taking-on-big-tech-silicon-valley-at-last/

The EU's Digital Services Act proposes platform rules to suppress and
prevent counterfeit IP sales, such as fraudulent-branded women's accessories (handbags, shoes, etc.), that appear for sale on Amazon.com, Facebook,
Alibaba. (https://www.digitaleurope.org/resources/towards-a-more-responsible-and-innovative-internet-digital-services-act-position-paper/)

The platforms now practice voluntary fraud prevention efforts: "Amazon said
the company invested 'over $500 million in 2019 and has more than 8,000 employees protecting [their] store from fraud and abuse.'"

"Despite these efforts, "it's still like comparing Chernobyl with [the Three Mile Island nuclear accident in] Harrisburg,' Pennsylvania, Daniel
Wellington's Sjöstrand said."

Policing (inspecting and certifying) platform supplier bona fides, and the authenticity of brand-name sale items is time-consuming, difficult to
fulfill, slows inventory turnover in warehouses, etc. The platforms have instituted policing for personnel protective equipment during the COVID-19 Pandemic. Why not continue this practice for less vital goods?

The affected consumer brands (Nike, LVMH, Coach, Kate Spade, etc.)
hemorrhage profits from an escalating sales velocity of highly desirable,
and apparently good enough, knock-offs. One business' profit is another business' expense.

Counterfeit consumer item sales liability will be challenging to resolve and enforce internationally.

Counterfeit internet sales is big business for the ethically-challenged and
the criminally-inclined. https://en.wikipedia.org/wiki/Counterfeit_consumer_goods estimates the tab
at US$ 1.77T in 2015 and growing. Millions of jobs at risk, stock prices gutted, salaries and bonuses cut, reputations risked, etc.

------------------------------

Date: Tue, 9 Jun 2020 10:05:53 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: System Security Integration Through Hardware and Firmware (DARPA)

https://www.darpa.mil/program/ssith

"Electronic system security has become an increasingly critical area of
concern for the DoD and more broadly for security of the U.S. as a whole. Current efforts to provide electronic security largely rely on robust
software development and integration. Present responses to hardware vulnerability attacks typically consist of developing and deploying patches
to the software firewall without identifying or addressing the underlying hardware vulnerability. As a result, while a specific attack or
vulnerability instance is defeated, creative programmers can develop new methods to exploit the remaining hardware vulnerability and a continuous
cycle of exploitation, patching, and subsequent exploitations ensues.

"The System Security Integration Through Hardware and Firmware (SSITH)
program seeks to break this cycle of vulnerability exploitation by
developing hardware security architectures and associated design tools to protect systems against classes of hardware vulnerabilities exploited
through software, not just vulnerability instances. Areas of exploration
that are targeted by SSITH include anomalous state detection, meta-data tagging, and churning of the electronic attack surface. The goal of the
program is to develop ideas and design tools that will enable system-on-chip (SoC) designers to safeguard hardware against all known classes of hardware vulnerabilities that can be exploited through software, such as exploitation
of permissions and privilege in the system architectures, memory errors, information leakage, and code injection. To accomplish its goal, SSITH seeks
to encourage collaboration between research teams, commercial teams, and traditional DoD performers to provide robust and flexible solutions
applicable to both DoD and commercial electronic systems."

Constructive to subdue microcode-enabled exploits. Formal methods (FM)
(see https://en.wikipedia.org/wiki/Formal_methods#Applications) have been
applied in some cases.

During the 1980s, I seem to recall the INMOS transputer applied FM to
demonstrate IEEE-754 floating-point verification compliance.

Once implemented, will the IP comprising the tools and their test cases be
immunized against unauthorized access or from theft?

[A paper on formal proofs of security-critical properties of the CHERI
hardware instruction-set architecture being developed under one of the
SSITH projects appeared last month in the IEEE Symposium on Security and
Privacy:

Kyndylan Nienhuis, Alexandre Joannou, Thomas Bauereiss, Anthony Fox,
Michael Roe, Brian Campbell, Matthew Naylor, Robert M. Norton, Simon
W. Moore, Peter G. Neumann, Ian Stark, Robert N. M. Watson, Peter
Sewell, Rigorous Engineering for Hardware Security: Formal Modelling
and Proof in the CHERI Design and Implementation Process, 2020 IEEE
Symposium on Security and Privacy, pp. 1007-1024.
https://oakland20.seclab.cs.ucsb.edu/hotcrp/paper/344?cap=0344aslGK4u9GrOs

PGN]

------------------------------

Date: Mon, Jun 8, 2020 at 7:14 AM
From: Skullcap SaVant <ben.wilkening.s4@gmail.com>
Subject: 2018 War Game Scenario has Gen Z Revolting

(Sent via geoff goodfellow. PGN)

This article is a wonderful piece of sleuthing. This news outlet received
(via FOIA request) documents detailing a war game scenario that was
conducted in 2018 which forecasted a future of revolution by 2025, that
would be conducted by GEN Z. The scenario's trigger points are SPOT ON with
the current unrest in the world, but sped up by 5 years because of the
"unknown unknown" of COVID.

The scenario includes GEN Z educating each other on how to use the dark web
and thus teaching them to be a generation of "Cyber Punks" which know how to hack and cover their tracks. The wargame plays out with corporations being
the most vulnerable, as GEN Z will enact their own form of vigilante justice
by siphoning the digital bank accounts of the largest companies and convert
it to *bitcoin... *only to be redistributed to the masses "Robin Hood"
style.

*Pentagon War Game Includes Scenario for Military Response to Domestic Gen
Z Rebellion*

EXCERPT:

In the face of protests composed largely of young people, the presence of America's military on the streets of major cities has been a controversial <https://www.newsweek.com/gop-senator-urges-trump-deploy-us-military-against-violent-protests-no-quarter-rioters-1507918>
development. But this isn't the first time that Generation Z -- those born after 1996 -- has popped up on the Pentagon's radar.

Documents obtained by The Intercept via the Freedom of Information Act
reveal that a Pentagon war game, called the 2018 Joint Land, Air and Sea Strategic Special Program, or JLASS, offered a scenario in which members of Generation Z, driven by malaise and discontent, launch a ``Zbellion'' in America in the mid-2020s.

The Zbellion plot was a small part of JLASS 2018, which also featured
scenarios involving Islamist militants in Africa, anti-capitalist
extremists, and ISIS successors. The war game was conducted by students and faculty from the U.S. military's war colleges, the training grounds for prospective generals and admirals. While it is explicitly not a national intelligence estimate, the war game, which covers the future through early 2028, is ``intended to reflect a plausible depiction of major trends and influences in the world regions,'' according to the more than 200 pages of documents.

According to the scenario, many members of Gen Z -- psychologically scarred
in their youth by 9/11 and the Great Recession, crushed by college debt,
and disenchanted with their employment options -- have given up on their
hopes for a good life and believe the system is rigged against them. Here's
how the origins of the uprising are described: [...] https://theintercept.com/2020/06/05/pentagon-war-game-gen-z/

------------------------------

Date: Mon, 8 Jun 2020 09:38:21 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: A Million-Mile Battery From China Could Power Your Electric Car
(Bloomberg)

** CATL ready to sell pack that lasts 16 years, chairman says* Milestone
could bring EV ownership costs down, boost demand*

The Chinese behemoth that makes electric-car batteries for Tesla Inc. and Volkswagen AG developed a power pack that lasts more than a million miles --
an industry landmark and a potential boon for automakers trying to sway
drivers to their EV models.

Contemporary Amperex Technology Co. Ltd. is ready to produce a battery that lasts 16 years and 2 million kilometers (1.24 million miles), Chairman Zeng Yuqun said in an interview at company headquarters in Ningde, southeastern China. Warranties on batteries currently used in electric cars cover about 150,000 miles or eight years, according to BloombergNEF.

Extending that lifespan is viewed as a key advance because the pack could
be reused in a second vehicle. That would lower the expense of owning an electric vehicle, a positive for an industry that's seeking to recover
sales momentum lost to the coronavirus outbreak and the slumping oil prices that made gas guzzlers more competitive. [...]

https://www.bloomberg.com/news/articles/2020-06-07/a-million-mile-battery-from-china-could-power-your-electric-car
https://www.msn.com/en-us/finance/companies/a-million-mile-battery-from-china-could-power-your-electric-car/ar-BB15ahq8

[This reminds me of The Man in the White Suit, Alec Guiness and the suit
that never needed washing or ironing, and what it would to the clothing
industry. However, I suppose the Chinese battery would be a very
substantial part of the cost of the car, so that you could throw away the
car at some point, and reuse the battery in your next car purchase. PGN]

------------------------------

Date: Tue, 9 Jun 2020 10:47:57 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Ron Wyden: I wrote this law to protect free speech. Now Trump
wants to revoke it. (CNN)

https://www.cnn.com/2020/06/09/perspectives/ron-wyden-section-230/index.html

------------------------------

Date: Mon, 8 Jun 2020 13:56:22 +0900
From: Dave Farber <farber@gmail.com>
Subject: Programming 'language': Brain scans reveal coding uses same regions
as speech (Medical Express)

https://medicalxpress.com/news/2020-06-language-brain-scans-reveal-coding.html

[See my book chapter on the need for left-right-brain synergy,
relationships to music, and more:
Peter G. Neumann, Psychosocial Implications of Computer Software
Development and Use: Zen and the Art of Computing,
Theory and Practice of Software Technology,
(D. Ferrari, M. Bolognani, and J. Goguen (editors). North-Holland,
Pages 221--232, 1983.
PGN]

------------------------------

Date: Mon, 8 Jun 2020 12:04:29 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Cisco's Warning: Critical Flaw in IOS Routers Allows 'Complete
System Compromise' (Liam Tung)

Liam Tung, ZDNet, 4 Jun 2020 via ACM TechNews, Monday, June 8, 2020

Cisco has released information on four security flaws impacting router equipment that uses its IOS XE and IOS networking software. One flaw
involves the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE, which could allow a non-credentialed remote attacker to execute Cisco IOx application-programming-interface commands without proper authorization. Another flaw is a command-injection bug in Cisco's implementation of the inter-virtual machine (VM) channel of Cisco
IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers
and Cisco 1000 Series Connected Grid Routers. The software inadequately validates signaling packets routed to the Virtual Device Server (VDS), which could allow attackers to send malware to an affected device, hijack VDS, and completely compromise the system. The two remaining bugs involve a vulnerability in Cisco's 800 Series industrial routers, through which
hackers could remotely execute arbitrary code or cause it to crash and
reload. Cisco says it has delivered updates to address the critical flaws affecting its industrial routers. https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-25818x222c4bx066802&

------------------------------

Date: June 8, 2020 at 22:22:54 GMT+9
From: Dewayne Hendricks <dewayne@warpspeed.com>
Subject: False Negative Tests for SARS-CoV-2 Infection -- Challenges and
Implications (NEJM)

[Note: This item comes from friend David Rosenthal. DLH]

False Negative Tests for SARS-CoV-2 Infection -- Challenges and Implications
By Steven Woloshin, M.D., Neeraj Patel, B.A., and Aaron S. Kesselheim, M.D., J.D., M.P.H.
Jun 5 2020
<https://www.nejm.org/doi/full/10.1056/NEJMp2015897>

There is broad consensus that widespread SARS-CoV-2 testing is essential to safely reopening the United States. A big concern has been test
availability, but test accuracy may prove a larger long-term problem.

While debate has focused on the accuracy of antibody tests, which identify prior infection, diagnostic testing, which identifies current infection, has received less attention. But inaccurate diagnostic tests undermine efforts
at containment of the pandemic.

Diagnostic tests (typically involving a nasopharyngeal swab) can be
inaccurate in two ways. A false positive result erroneously labels a person infected, with consequences including unnecessary quarantine and contact tracing. False negative results are more consequential, because infected persons -- who might be asymptomatic -- may not be isolated and can infect others.

Given the need to know how well diagnostic tests rule out infection, it's important to review assessment of test accuracy by the Food and Drug Administration (FDA) and clinical researchers, as well as interpretation of test results in a pandemic.

The FDA has granted Emergency Use Authorizations (EUAs) to commercial test manufacturers and issued guidance on test validation.1 The agency requires measurement of analytic and clinical test performance. Analytic sensitivity indicates the likelihood that the test will be positive for material
containing any virus strains and the minimum concentration the test can
detect. Analytic specificity indicates the likelihood that the test will be negative for material containing pathogens other than the target virus.

Clinical evaluations, assessing performance of a test on patient specimens, vary among manufacturers. The FDA prefers the use of ``natural clinical specimens'' but has permitted the use of ``contrived specimens'' produced by adding viral RNA or inactivated virus to leftover clinical
material. Ordinarily, test-performance studies entail having patients
undergo an index test and a ``reference standard'' test determining their
true state. Clinical sensitivity is the proportion of positive index tests
in patients who in fact have the disease in question. Sensitivity, and its measurement, may vary with the clinical setting. For a sick person, the reference-standard test is likely to be a clinical diagnosis, ideally established by an independent adjudication panel whose members are unaware
of the index-test results. For SARS-CoV-2, it is unclear whether the sensitivity of any FDA-authorized commercial test has been assessed in this way. Under the EUAs, the FDA does allow companies to demonstrate clinical
test performance by establishing the new test's agreement with an authorized reverse-transcriptase-polymerase-chain-reaction (RT-PCR) test in known
positive material from symptomatic people or contrived specimens. Use of
either known positive or contrived samples may lead to overestimates of test sensitivity, since swabs may miss infected material in practice.1

Designing a reference standard for measuring the sensitivity of SARS-CoV-2 tests in asymptomatic people is an unsolved problem that needs urgent
attention to increase confidence in test results for contact-tracing or screening purposes. Simply following people for the subsequent development
of symptoms may be inadequate, since they may remain asymptomatic yet be infectious. Assessment of clinical sensitivity in asymptomatic people had
not been reported for any commercial test as of June 1, 2020.

Two studies from Wuhan Province, China, arouse concern about false negative RT-PCR tests in patients with apparent Covid-19 illness. In a preprint, Yang
et al. described 213 patients hospitalized with Covid-19, of whom 37 were critically ill.2 They collected 205 throat swabs, 490 nasal swabs, and 142 sputum samples (median, 3 per patient) and used an RT-PCR test approved by
the Chinese regulator. In days 1 through 7 after onset of illness, 11% of sputum, 27% of nasal, and 40% of throat samples were deemed falsely
negative. Zhao et al. studied 173 hospitalized patients with acute
respiratory symptoms and a chest CT ``typical'' of Covid-19, or SARS-CoV-2 detected in at least one respiratory specimen. Antibody seroconversion was observed in 93%.3 RT-PCR testing of respiratory samples taken on days 1
through 7 of hospitalization were SARS-CoV-23 positive in at least one
sample from 67% of patients. Neither study reported using an independent
panel, unaware of index-test results, to establish a final diagnosis of Covid-19 illness, which may have biased the researchers toward
overestimating sensitivity.

In a preprint systematic review of five studies (not including the Yang and Zhao studies), involving 957 patients (``under suspicion of Covid-19'' or
with ``confirmed cases''), false negatives ranged from 2 to 29%.4 However,
the certainty of the evidence was considered very low because of the heterogeneity of sensitivity estimates among the studies, lack of blinding
to index-test results in establishing diagnoses, and failure to report key RT-PCR characteristics.4Taken as a whole, the evidence, while limited,
raises concern about frequent false negative RT-PCR results.

If SARS-CoV-2 diagnostic tests were perfect, a positive test would mean that someone carries the virus and a negative test that they do not. With
imperfect tests, a negative result means only that a person is less likely
to be infected. To calculate how likely, one can use Bayes' theorem, which incorporates information about both the person and the accuracy of the test (recently reviewed5). For a negative test, there are two key inputs: pretest probability -- an estimate, before testing, of the person's chance of being infected -- and test sensitivity. Pretest probability might depend on local Covid-19 prevalence, SARS-CoV-2 exposure history, and symptoms. Ideally, clinical sensitivity and specificity of each test would be measured in
various clinically relevant real-life situations (e.g., varied specimen sources, timing, and illness severity).

Assume that an RT-PCR test was perfectly specific (always negative in people not infected with SARS-CoV-2) and that the pretest probability for someone
who, say, was feeling sick after close contact with someone with Covid-19
was 20%. If the test sensitivity were 95% (95% of infected people test positive), the post-test probability of infection with a negative test would
be 1%, which might be low enough to consider someone uninfected and may
provide them assurance in visiting high-risk relatives. The post-test probability would remain below 5% even if the pretest probability were as
high as 50%, a more reasonable estimate for someone with recent exposure and early symptoms in a ``hot spot'' area.

But sensitivity for many available tests appears to be substantially lower:
the studies cited above suggest that 70% is probably a reasonable
estimate. At this sensitivity level, with a pretest probability of 50%, the post-test probability with a negative test would be 23% -- far too high to safely assume someone is uninfected.

------------------------------

From: Attila the Hun <attilathehun1900@tiscali.co.uk>
Date: Mon, 8 Jun 2020 12:46:57 +0100
Subject: Re: Just Stop the Superspreading (Baker, RISKS-31.96)

In Just Stop the Superspreading (Arthur T., RISKS-31.95), Henry
Baker attributes the statement: "If you think education is expensive, try ignorance", to Derek Bok, a President of Harvard University.

Although, in 1978, Ann Landers credited Bok with saying this, in 1998 she
wrote that Bok had contacted her and disclaimed authorship of the quotation.

A source of the statement might well be a 1902 advertisement for a
Conservatory of Music in Ottumwa, Iowa, which included: ``Education is expensive but ignorance is more so.'' Who amended it to the form more
commonly known appears to be unknown.

------------------------------

Date: Mon, 8 Jun 2020 17:50:08 +0100
From: Wol <antlists@youngman.org.uk>
Subject: Re: Just Stop the Superspreading (Baker, RISKS-31.96)

I'll give you that -- the general public -- or rather journalists -- love to talk about the average (the *mean*) but apply where it doesn't make sense.

And this is where your argument falls apart (and I lose patience with
you). If you're going to slag other people off for poor science, DON'T DO IT YOURSELF.

You have just defined all "normal" distributions as the Bell Curve, which itself is NOT a normal distribution. It's rather rare in nature, which is
why it's a bloody nuisance as being the easiest to understand but at the
same time the least relevant to reality.

For (ab)normal distributions, mean/median/mode can vary widely from one another, or may not even exist -- e.g., the pathological, but not unusual, 'Cauchy' distribution ("applications of the Cauchy distribution ... can be found in fields working with exponential growth" [Wikipedia]), which has neither a*mean/expected value*, nor a*variance*, nor a *standard

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)