Friday, 24 June 2022

How hateful rhetoric connects to real-world violence

How hateful rhetoric connects to real-world violence

The Supreme Court’s abortion decision—just the beginning of the battle

Posted: 24 Jun 2022 11:57 AM PDT

By Elaine Kamarck

As news of the Supreme Court's decision overturning Roe v. Wade spread through a meeting in Washington D.C. this morning, someone was heard to say, "Game on." And so, it is—on two fronts. The first will be enforcement provisions in state laws and the second will be for control of Congress as the fight moves from state legislatures to Congress.

The first front will be a state-by-state fight between states that fall into two distinct groups. In fifteen states, so-called "trigger" laws will mean that a total or near total abortion ban will go into effect almost immediately.

In other states, governments are gearing up to remove statutory and regulatory impediments to abortions in order to open their doors to hundreds if not thousands of women who will not be able to get abortions in their own states.

Most of the states that seek to ban abortion also seek to ban information that would enable a woman to get an abortion. For instance, states like Texas, Idaho and Oklahoma allow private citizens to sue and recover damages of $10,000 from anyone who helps someone get an abortion. Practically, this means that abortion providers and women's health centers cannot help anyone who is seeking an abortion. But it also means that someone's neighbor or classmate, seeking a quick windfall, could tell on a woman who has provided information about an unwanted pregnancy, sue, and collect money.

The enforcement provisions are likely to constitute the next great battle in the abortion wars. While some states have been working to ban abortions and prohibit people from even talking about it—other states have been building safeguards from prosecution into their law and passing regulations to expand the number of abortion providers to meet what will surely be an out of state influx of patients. Earlier this year, the state of Maryland had already passed legislation to train additional abortion providers. On the day of the Supreme Court decision, the Connecticut Attorney General said that the decision "carves our nation in two."

And on that same day, the Republican Governor of Massachusetts, a pro-choice state, signed an executive order banning state agencies "…from assisting another state's investigation into a person or group for receiving or performing abortions that are legal in Massachusetts or extraditing those patients or providers. The order addresses laws imposed in states that criminalize abortions and other services."

The immediate effect of this bifurcation between states will be to create a different kind of Underground Railroad, which operated in the years before the Civil War to guide slaves out of slave states to free states. Groups are already forming in states that provide abortions to raise money and help provide safe passage to women from states that ban abortions. All of this will need to happen quietly and without fanfare to prevent civil suits in states that allow private citizens to sue those who help women get abortions.

As the new underground railroad expands and figures out how to reach the poorest and least educated women (the biggest challenge) pressure will increase for federal action on abortion since states cannot enforce their laws in another state. In order to find a precedent for this situation we need to go back 172 years to before the Civil War. As the Underground Railroad grew in size and effectiveness Congress was pressured to act. Federal action was necessary in order to allow slave owners from a slave state to go into a free state and search and capture their slaves. The result was the Fugitive Slave Act of 1850 which allowed for the capture of runaway slaves and return to their "owners" in the slave states. It also imposed penalties on people who assisted fugitive slaves and it even went so far as to impose heavy fines on federal marshals who refused to comply or from whom slaves escaped. Although many of the free states refused to enforce the law and passed laws called "personal liberty laws" that were meant to weaken the federal law, the federal law superseded state laws and many slaves were returned right up until the law was finally removed near the end of the Civil War.

The next battle for the pro-life movement will be to seek a federal ban on abortion, moving the fight from state legislatures to Congress. In today's closely divided Congress nothing like this is likely to pass. (Democrats who were clamoring to remove the filibuster will now be happy that they failed.) But the electoral battles will be on. As Bill Galston's piece in these pages illustrates, while public opinion towards abortion is complicated and nuanced, only 33% of the public supports a national abortion ban.

Suddenly the battle for control of Congress may take on a new urgency—especially among Democrats and younger voters who previously had not been very enthusiastic about the upcoming mid-term elections. The reversal of Roe v. Wade so close to the midterms could in fact save the Democrats from what was looking like a disastrous election year.

But even if the impact on this year's elections is minimal, now that the abortion issue is back in the states, it's bound to have continued relevance for electoral politics from the state house to the presidency. Today's actions are just the beginning.

This posting includes an audio/video/photo media file: Download Now

Does Biden’s cybersecurity order go far enough?

Posted: 24 Jun 2022 11:32 AM PDT

By Jean Camp

The Biden Administration's Executive Order on Improving the Nation's Cybersecurity (EO 14028) implements a set of requirements for operations and procurement. At its core is a set of information sharing requirements distributed across nine primary goals. The combination of these objectives offers the potential to create a functional, transparent market for security out of the long-standing morass of unsubstantiated claims, unknown code, and information symmetry (first identified in the crypto snake oil FAQ in 1998). These requirements align with extant incentives for individuals and organizations to invest more intensely in security. EO 14028 offers the potential not only for a more secure American supply chain, but also continued cybersecurity protection and a contribution to growth in smart manufacturing in which the whole is greater than the sum of the parts.

The EO requires the creation and publication of additional information that has long been needed to create a secure supply chain—yet these will only provide the data substrate on which a secure foundation can be built. Translating that data into actionable information for decision support requires integrating human factors in its presentation. With the ability to differentiate their products, developers will have the incentive to invest in more secure, higher quality products.

Data-driven decision-making long has been a challenge, particularly in acquisition. The Executive Order requires information that can be made at or before the moment of purchase and during operation. At the moment of purchase, a software manufacturer should be able to produce attestations of best practices in development environments, provenance of software, and identification of software components. In addition, there is a requirement for the National Institute of Standards and Technology to develop an accessible and acceptable labeling system that communicates the security implications of such attestations for the less technically expert consumer.

Optimists assume that all the related services will emerge in the marketplace, while critics worry that none of the potential supporting innovations will come to exist. There is reason for confidence that industry is building on the data foundation. For example, RSA, the recent international commercial security conference, saw a proliferation of offerings to secure the supply chain, with many vendors directly referencing components of the Executive Order.

The most basic conclusion is that the information required by the Executive Order will enable analysis, but neither provide it nor ensure its quality. The sheer amount of information available requires that such information be evaluated using a combination of human and artificial intelligence, with the presentation of the information to the human analysts being critical. The increase in information availability creates the potential for improvements in current data analytics. Sharing the information opens opportunities for new entrants who could currently be locked out of the market from lack of data,  and lack of competition allows organizations with dangerous practices to thrive.

The existence of analysis and artificial intelligence is no guarantee of protection. For example, SolarWinds offered—and continues to offer—AI-enabled risk analysis of malicious logins. The attackers who used SolarWinds to attack 18,000 of its customers were able to determine that the only variable which the AI checked was the geographic location of the login request. Thus the attackers were clear to login, confident that they would not be identified as malicious. As observers as well as attackers, the insertion of code was a year-long exercise optimized to be ignored. In fact, the suspicious login was noted by FireEye, not discovered by SolarWinds. As we consider the role of AI and models of attackers, note the attackers' interest in FireEye was focused on the tools used to identify attackers (i.e., Red Team tools).

The labeling, code quality information, and requirements for disclosure of incidents with the corresponding ability to track use of vulnerabilities create the data to enable effective risk identification, communication, and mitigation. An entire ecosystem is required for the result to be a secure infrastructure. The prerequisites for a secure ecosystem include the Software Bill of Materials, mandated reporting, and requirements for labels. These are all necessary but not sufficient to create a functioning market that empowers consumers to choose risk-averse options.

The disclosure of incidents will enable a more robust and accurate cyberinsurance market. Knowledge of the nature and rate of incidents will provide risk distributions for insurance and re-insurance companies to increase their cyberinsurance underwriting in a sustainable, actuarially sound manner. Knowledge of correlated risks across the entire landscape of incidents creates the possibility of developing diverse loss portfolios among firms, technologies, and attacks.

The Executive Order addresses the information asymmetries central to the security market: that the high-quality, secure components are indistinguishable from the worst at the time of purchase; which parties can update code during operation is opaque to operators; the vulnerabilities embedded in the code are unknown; and the likelihood that any of these would be used by attackers is unknown. After resolving these components of the current lemons market for security, all the other heuristics that undermine risk-aware decision-making in other domains will exist. But until these are addressed, risk mitigation will be indistinguishable from magic or pure chance for most.

The creation of a software labeling program by the National Institute for Standards and Technology can inform purchasing decisions at the consumer level. The current single label based on the Energy Star model is an excellent first step. Yet this is not a final design. Like other complex products, such as pharmaceuticals and hazardous industrial products, there is a need for warning systems for different contexts and uses. The Energy Star label provides the information needed for purchasers, particularly less technical consumers, just as warning stickers identify risk of accelerants. Also, like physical materials, the existence of simple icons for flammable and radioactive materials does not negate the need for material safety data sheets; a five star ranking does not solve all requirements for risk communication.

The Software Bill of Materials (SBOM) provides the more nuanced data transparency beyond labels. SBOM data lists all the components of a software product, and with this operators can know the previously disclosed vulnerabilities embedded in the code. The Bill of Materials is a data substrate that can be mapped with vulnerabilities, dependencies, and additional data for identification of which parties are authorized to update code. SBOM does not resolve these operational questions as nutritional labels do not address the medical management of allergies; similarly, without the information such management is so difficult as to be infeasible beyond harm mitigation after exposure.  Artificial intelligence will necessarily play a critical role. Given that the information underlying the labels will be complex, lengthy, and subject to inconsistent validation the lessons from privacy policies are appliable here—few people will read the documentation.

The reporting requirements in EO 14028 provide information on the use of vulnerabilities by attackers, providing the baseline historical information required for informed decision-making. Those who complain that the sheer number of potential hazards in the national vulnerability database (as well as the simple bad programming practices that result in abiding vulnerabilities) are identifying a need for decision support, not a fatal flaw. To use the model of materials safety, reading the complete set of materials safety datasheets in a medium enterprise and all the potential interactions would similarly be overwhelming. Yet just as many of the mitigations for hazardous materials are common safe practice, such as not exposing them to open flames, many vulnerabilities can be mitigated by best practice such as disabling unused services, enabling malware scanners, strong passwords ideally with multi-factor authentication, regular back-ups for malware recovery, and blocking malicious servers.

There is a systematic need for accurate, actionable information about the state of software, which requires information about the components. Knowledge of vulnerabilities, lack of mitigation, failure to detect active intrusions, and recovery are critical issues across the network, particularly as ransomware has matured into a sustainable, profitable, service and business model for attackers. Companies lack structed actional information to support decision-making and engage in efficacious self-protection.

Consider that the Fortinet Ransomware survey asked 500 surveyed practitioners to evaluate their posture towards security. About 40% identified basic protections, including network segmentation, business continuity measures, and remediation plans. In contrast, for roughly 35% of practitioners, their current preparation is a policy of immediate payment, and 18% of practitioners reported paying by default unless prohibitively expensive. There was a notable absence of prevention in the form of identification and mitigation of vulnerabilities. Those surveyed simply do not have the necessary transparency and information to identify vulnerabilities on their own networks.

The current marketplace does not provide confidence in the choice to outsource security. Returning to SolarWinds, it is contested if the attackers used the fact that SolarWinds had posted their administrator password on their publicly available website used in developing components of their software, enabling any person with access to the Internet to alter the code; Solarwinds then refused to change the password after the months-long exposure was identified. It is also unknown if the choice to outsource the Managed Service Provider (security) operations and development to Bulgaria, with Russian language skills being identified as an asset for applicants, played a role. In contrast, it is certain that the consumer of any software should be able to make decisions about the code included in the product, the quality of the development environment, the practices, and the history of the provider. The requirements for information provision in FAR, the information on the components in SBOM, reporting requirements for incidents, and easy labeling for non-expert consumers can improve the market as a whole.

The creation of a transparent market for software and provision of information for operators and purchasers leverages the greatest competitive advantage of the United States: the rule of law required to support a trustworthy marketplace. Emerging nations can invest in their citizenry to build technical expertise and exfiltrate intellectual property; yet neither Russia nor China can compete with the United States in rule of law, low levels of corruption, and market transparency. The Biden Administration Executive Order on Improving the Nation's Cybersecurity (EO 14028) is not a map to a more secure supply chain, continued leadership in cybersecurity, and the corresponding increases in national cybersecurity; instead, it creates the survey for its construction.

This posting includes an audio/video/photo media file: Download Now

Roe v. Wade overturned despite public opinion

Posted: 24 Jun 2022 09:17 AM PDT

By William A. Galston

What do Americans think about abortion, and how will they react to the Supreme Court's decision to overturn Roe v. Wade? Although the relationship between attitudes on abortion and on Roe is complex, recent surveys suggest some clear conclusions.

Although some Americans have absolutist views on abortion, most believe that its acceptability depends on circumstances.

Roughly speaking, between 25% and 35% of Americans think that abortion should always be legal, 10% to 15% think it should never be legal, and the remaining 50% to 65% are split between those who think that it should be mostly legal with some exceptions and mostly illegal but with exceptions.

There is broad agreement about the circumstances that warrant abortions and those that do not.

Supermajorities believe that abortions should be permitted when the life or health of the mother is endangered, when the fetus has severe congenital abnormalities with little or no life expectancy, and when pregnancy is the result of rape or incest. Large majorities reject abortions when a married women wants no more children, when an unmarried woman does not want to marry the father, and when a family has low income and cannot afford another child. By contrast, Americans are divided on whether abortions should be permitted when the child would be born with significant but not necessarily life-threatening physical or mental disabilities.

The timing of abortions makes a big difference.  

A recent Gallup survey found that support for broadly available abortions decreased from 67% in the first three months of pregnancy to 36% in the second trimester, and just 20% in the third. In a similar vein, a recent Pew Research Center survey found two-to-one support for legal abortions when the fetus is six weeks old, two-to-one opposition when the fetus is 24 weeks old (roughly the age of viability), and a divided opinion when the fetus is 14 weeks old. The most recent Economist/YouGov poll found that by a plurality of 46% to 37%, Americans support banning abortions after 15 weeks, the linchpin of the Mississippi law that triggered the case the Supreme Court just decided.

The perception of a rising threat to Roe v. Wade appears to have triggered increased support for abortion rights among Democrats.

In its most recent survey, Gallup finds that support for abortion without restrictions increased to a record high, as did the share of Americans who identify as "pro-choice." These shifts are almost entirely the result of changing sentiments among Democrats. For the first time ever recorded, a majority of Americans now regard abortion as "morally acceptable." And 56% of Democrats now regard abortion as a "very important" issue, compared to just 42% of Republicans.

The decision by the Supreme Court to overturn Roe will not enjoy majority support.

When Americans are given the choice between overturning Roe and leaving it as it is, between 55% and 60% choose the latter option. When overturning Roe is described as eliminating a "constitutional right," support for leaving it untouched is even higher. When the choice is characterized as preserving Roe versus returning the matter to the states, the margin in favor of leaving matters as they are shrinks. Even so, when Americans are given the choice between a national standard for abortion and a variety of state laws, they opt for the former. And this means a national standard generally favoring abortion rights. A CBS/YouGov poll found that 58% of Americans would favor a federal law protecting abortion nationwide, while only 33% would support a federal law banning it nationwide—a proposal opposed even by a majority of Republicans.

If Chief Justice John Roberts had gotten his way, opposition to the Court's decision would probably be less heated.

The draft opinion leaked in early May showed that Roberts did not join the five-justice majority in favor of overturning Roe. He favored a middle position accepting the constitutionality of the Mississippi law banning nearly all abortions after 15 weeks while leaving the general framework of Roe intact—a position favored by a plurality of Americans. If the Chief Justice had persuaded one member of the initial anti-Roe majority to join him, many Americans on both sides of the debate would probably have experienced feelings of relief, and the intensity of the opposition would have diminished.

But now that Roe has been entirely overturned, the data presented in this article suggest that many Americans will protest, and some dispirited Democrats who might not otherwise have participated in the midterm elections will be motivated to vote.

Although abortion is not the top concern for most Americans, it is important enough to make a difference at the margin. And in a closely divided electorate, what happens at the margin counts.

This posting includes an audio/video/photo media file: Download Now

To prevent public health crises, we need to update the essential medical product list

Posted: 24 Jun 2022 06:00 AM PDT

By Marta E. WosiƄska, Richard G. Frank

The COVID pandemic has disrupted supply chains across the economy. Disruptions have been particularly acute in the health sphere, with COVID tests, vaccines, and treatments in short supply at various points in the pandemic.  But as the baby formula crisis has reminded us, shortages of critical products impacting health are not just tied to pandemics. In this case, the shortage was caused by a shutdown of a key manufacturing facility, following evidence of bacterial contamination in products made at the facility. This facility produced a large share of specific baby formula types, creating a shortfall that could not be made up by other manufacturers.

Demand and supply shocks like the ones described above can and do happen. But those shocks need not turn into shortages if the supply chain for the product is resilient. It is upon companies and regulators to assess vulnerabilities of specific supply chains, before developing risk mitigation plans, strategically ramping up regulatory oversight, and providing targeted interventions such as requirements or support for redundancy, technology improvements, stockpiling, or sourcing from more reliable (and likely more costly) suppliers.

Developing a list of critically important products is a starting point for such efforts. For that reason, what products are on the list matters. We propose that such a list should be somewhat different than what the Food and Drug Administration (FDA) created in 2021 and should include products such as baby formula, common inactive drug ingredients, and drugs such as antipsychotics.

The 2021 Essential Medicines, Medical Countermeasures and Critical Inputs list was created by the FDA in response to President Trump's August 2020 Executive Order. The order directed the FDA to develop a list in face of "outbreaks of emerging infectious diseases and chemical, biological, radiological, and nuclear (CBRN) threats." President Biden took the supply chain resilience efforts further by issuing a February 2021 Executive Order directing assessments of critical supply chains for vulnerability, taking a somewhat broader view to include "extreme weather events, terrorist attacks, geopolitical and economic competition, and other conditions." For the U.S. Department of Health and Human Services (HHS), the starting point for these assessments was the existing FDA list.

A list of products needed in response to a public health crisis is different than a list of products without which we will have a public health crisis.

But this starting point falls short of the mark, as the baby formula shortage illustrates. The shortage highlights how recent approaches to defining supply chain problems distort solutions and in turn fail to address the scope of the public health ramifications of supply interruptions. The nation will remain unprepared for crises if we narrowly define products essential to health to only those that are used in response to infectious diseases and chemical, biological, radiological, and nuclear threats.

Updating the list is also important because, in addition to baby formula, there are many other products without which a public health crisis would ensue. A 2022 National Academies report provides a useful framework for selecting products for resilience building initiatives. It considers three elements: the expected harm that a given product user might suffer from a shortage, the magnitude of a potential shortage, and the risk that a product may go into shortage. The first two elements are what we would consider for updating the list, with the third criterion assessed through an analysis of vulnerability.

In line with this framework, a list aimed at preventing supply disruptions from becoming public health crises would also likely consider not just individual products like baby formula, but also inactive ingredients used in drugs (also known as excipients). According to the NIH DailyMed, 26,709 drug products include Microcrystalline cellulose and 33,461 include Magnesium Stearate. And these are only two of many inactive ingredients that are used commonly in oral dose product formulations. A severe shortage in the supply of any such common ingredients could potentially affect dozens of millions of patients, so it would be important to understand the risk of such disruptions and engage in risk management if needed.

We also propose that in updating the list, policy makers consider impacts that extend beyond product users. There are a variety of products that—if they become unavailable—would have significant social and public health consequences. Take the case of key psychotropic medications (like antipsychotic agents and mood stabilizers). If the availability of such drugs is interrupted, people with severe mental illnesses would likely become less stable, potentially impacting communities through increases in disturbing behavior, homelessness, suicide, victimization, and, in some cases, violence.

But why add baby formula to this list? After all, Congress is taking steps to assess the resilience of the baby food supply chain and enhancing FDA oversight.  Even with the proposed creation of the FDA Office of Critical Foods, including baby formula on the essential product list would be beneficial because it would connect that office closer to the cross-government supply resilience efforts undertaken in response to the February 2021 Executive Order.

The existing essential product list was created by an executive order, so a follow-on executive order could work well in present day. Congress is also in position to direct the FDA to create such a list. But whatever the mechanism, it is important that the creation of this list does not fall solely to the FDA, but rather be a coordinated cross-agency effort, with input from other agencies and potentially departments.

The Brookings Institution is financed through the support of a diverse array of foundations, corporations, governments, individuals, as well as an endowment. A list of donors can be found in our annual reports published online here. The findings, interpretations, and conclusions in this report are solely those of its author(s) and are not influenced by any donation.

 

This posting includes an audio/video/photo media file: Download Now

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

BREAKING: North Carolina automotive group acquires 7 Upstate dealerships

Breaking news from GSA Business Report Click here to view this message in a browser window. ...