I change my mind all the time

Tags: English, Български, политика, politics, мнения, opinions, лични, personal, life, живот
Created on Thu, 21 Oct 2021

I believe you should have the freedom to change your mind as often as you would like, especially when new facts come your way. But also if you would like to experiment with something, even if you think it's bad or wrong. That's part of the reason I now have an instagram.

Yesterday I wrote a blog post in Bulgarian that I deleted less than an hour after publishing. It regarded the situation around the certificates of vaccination becoming a requirement for certain amenities in my home country. It was quite emotional and I decided that it's not worth it to put more fuel in the already fiery situation (although IRL I usually like doing that).

But I also removed it because I realized I disagree with my statements. More accurately - I was pointed out by a friend that my argument may require a bit more thought about some aspects that my monkey brain didn't remember when initially writing the post. I usually don't delete my posts - in fact, I still have about 20 or so that I want to transfer from my old Blogger platform to this self-built one. Even though I disagree with a lot of them now, I like them to be out there to show myself that I change, that opinions I hold can be discarded when better facts appear. I will put below the one from yesterday, making this post probably the first in both English and Bulgarian.

What did I disagree with?

As I said the situation in Bulgaria regarding the coronavirus is bad - barely 20% of the population is vaccinated as of October 2021. The wave that is currently hitting us is very deadly, hospitals are hitting capacity, trust in population is low - e.g. there will be third elections in less than a month for a government, failing to form twice already just this year and the prospects of the next one don't look so great.

In that environment the caretaker-minister for health announced that so called "green certificates" will be required going forward for access to malls, restaurants and other amenities. This measure went into effect merely 2 days later - i.e. today. Naturally a lot of people got shocked and many edge case scenarios were (and are not) clear enough for the population to follow. The minister had an interview in a popular Bulgarian morning show where the hosts asked him if the validators of the certificates will require the app to check it and also if it will require showing them the ID card of the certificate holder.

The minister said that they won't be required to do so. That was my grunt - the certificate is useless without the authentication part.

Security sidenote

Part of the reason I got frustrated maybe because I just transitioned to a new position at work - Security Engineer. I've been in the fields for maybe 3 years now and I spent the last 6 months intensively preparing for a potential internal transfer, which happened.

So that this post has some educational value, let me clear some confusing terms as well:

We have laws in Bulgaria regarding processing of personal data. My post, as I said, was pretty emotional, jumping on the perceived incompetence of the minister that he wasn't informed that without an ID card, the hard work done by the "IT professionals" (my tribe) would be useless. I started defending my tribe that I recently became sort-of officially part of and also surely - I feel some impostor syndrome. I have way too quick reactions without thinking that (most probably) the minister is surrounded by some smart people and lawyers that almost necessarily have raised these concerns with even more details than I can possibly understand.

As my friend pointed out - showing your ID card to random people, multiple times a day can be somewhat dangerous because of potential identity fraud - meaning these people can remember your personal identification number, address or other details.

It's a valid concern. Maybe. Let's remember that alchohol cannot be sold to children (under 18), they usually cannot be allowed to bars and night clubs and as such people who are around the age of 18 and cannot be visually identified, are required to show a proof of age. Not give the ID card for scanning, but just show it.

Let's say that the scope is much larger now however - it's not just for some ammenities and only for people around ages 15-25 (or so) but for a lot of places and for everyone (above 18). This can be massive checks of identity documents which can be argued that could be ethically bad.

I still think that some workarounds can be had - e.g. show your ID card with the thumb covering everything but the name and your picture - this should be almost enough to authenticate you since the certificate shows the name and date of birth. On the Bulgarian ID card it's not easy to cover the personal identification number only (which I can argue is probably the most sensitive piece of data) without covering the date of birth. Also - the validators do not scan and copy your ID card, they look at it. So it would take a really dedicated or eidetic (photographic) memory person to be able to remember your details, together of hundreds of others passing by today.

And the minister talks about the issue briefly in the interview. In his situation, given the constraints of the pressing wave with now more than hundreds of deaths per day, knowing the vaccine is the only long-term out of the situation - that was probably the best decision he (and the administration) could have taken. Of course, maybe it would've been better to be taken months ago and not in the middle of the wave. We can't fix the past. We can blame him if that's what we want - we can say it was untimely and it should've been done earlier. But as the saying goes - "The best time to plant a tree was 20 years ago. The next best time is today".

So I applaud him. And I apologize for my rash judgement.

Still: it was probably too rash. People weren't ready. But then again - how much time should've been given? Give a month warning? Probably would've been better. However it's in our culture to wait until the last possible moment to do something so the month in advance would've been mostly wasted. Also remember that usually two jabs are required (unless with the J&J) and the certificate is not officially valid until 2 weeks later. So if you get your first jab today, wait 6 weeks, get your second and then get the certificate, it would be a month and a half until you will be able to get all the benefits. With the J&J you get it in two weeks. Ironically had officially a few more risks but now Bulgarians are exclusively looking for it despite that, cause we want the pubs more than our "concerns about the safety or testing".

The situation is still somehow interesting to me now from a psychological or societal perspective. I still hold my opinion regarding my last sentence's frustration as to how my nation values the pubs more than our health. How did we end up with such a value system!? How come we applaud and believe in woo healing powers of a cross or an icon but not in medicine? How come all the "vaccine is dangerous" opinions started disappearing from our minds once the malls would be closed unless we got the jabs? Did our fear of death suddenly disappear in the face of the inconvenience we may experience if we can't go to the gym tomorrow? Surely the "vaccine is not safe" is a pretense to something deeper, some trust issues within the nation - there is no way we stop being afraid for our life if youwereally thought that these vaccines are not tested enough etc. only because now we won't be able to go to a concert.

I ain't no psychologist or sociologist. But this vaccine situation has created so many interesting cases within our society. As I've shown in this post, when judging other people, I don't exclude myself - I am part of the society. I am as dumb, irrational and emotional as the next person. I've postpones my own second jab for a couple of weeks this summer, partly because of digging into conspiracies, partly because of my girlfriend at the time (which prompted me to dig into them). I write blog posts rashely without considering all the angles. So I'm trying not to stay too morally high. And I fail sometimes. Mia culpa.

As promised, here is my post from yesterday.

===

КонспЕрация за сЕгурността

Оф, не исках да пиша повече за коронката. Ама не мога, уиндоуса в двата чипа на ръката ми пощурява като чуе зверската некомпетенция на определени хора...

В интервюто по бТВ за Тази Сутрин министърът на здравеопазването се опита да разясни ситуацията със зелените сертификати. Интересният въпрос започва от около 10:40-та минута:

Репортер: "А контролът става само и единствено с това приложение, което отчита дали сертификата е реален?"

мин. Кацаров: "Може и визуално, може и да не е с приложение, аз мога да видя вашия сертификат и визуално... Това не изисква специално умение да провериш дали някой има зелен сертификат"

И после, веднага след това:

Репортер: "Как може да удостоверим дали сертификатът е автентичен и имаме ли право ние да изискваме лична карта, за да удостоверим, че човекът който ни предоставя сертификата и чието име фигурира там е същия?"

мин. Кацаров: "Не, те не са разследващи органи... Те трябва да осигурят, че има такъв сертификат. Държавните контролни органи са тези, които могат да установят дали сертификатът е автентичен, те могат да му изискат. Но това е нарушение и този, който извършва това нарушение ще си понесе последиците. Не е работа на културните институти да установяват това нещо"

Какво означава това?

Всеки може да си генерира и принтира QR код на каквото и да е и да го покаже. Ковид сертификата, по идея, е едно от най-добре разработените по последни стандарти за дигитална сигурност приложения - ето например техническата дефиниция за Швейцарското приложение. QR-кодът е просто бърз механизъм за трансфер на тази информация, която може да се ползва от приложение. По дизайн, сървърите имат само списък от ключове за дигитални подписи, които удостоверяват истинността на данните пренесени от QR кода, а цялата лична информация е кодирана в самия код. Въобще, използват се истински крипто и прайвъси технологии, а факта, че дори веднъж не се споменава блокчейн го прави класи над много други идиотски крипто-неща, които съм виждал в последните години.

Но язък за всичкия труд на стотици специалисти работили по тези идеи, ако министърът на здравеопазването не е информиран, че всичко зависи от последната стъпка - от правилното имплементиране на целия протокол, което включва правилната проверка от реални, джвакащи хора. А тя е ясна - инсталиране на официалното приложение за проверка, сканиране на кода и проверка с личния документ на държателя, че данните съвпадат. Язък за всички сървъри и код писан за приложенията, които ще го проверяват. Взимаш си най-мощната кола на света, но вместо да използваш ключа, за да я запалиш използваш огнехвъргачка.

Дори не ни трябват хакери, които да "разбият" сигурността на сървърите, приложението, Гугъл или Бил Гейтс. Трябва ни министър на здравеопазването.

Не казвам, че трябва някой да злоупотребява или лъже. Министърът на здравеопазването го казва. Защото ако провериш личната карта на човека е "нарушение и този, който извършва това нарушение ще си понесе последиците".

Нека да се опитам да съм обективен - после министърът говори, че ако някой си направи фалшив документ и бъде хванат от "контролните органи" (Това би било... полиция? Не става ясно) ще си носи наказателната отговорност - която може да стигне и до затвор или солени глоби. Разбирам, че има Закон за защита на личните данни. Вероятно това е юридическата спънка, която спира барманът да ти провери, че личната карта и сертификатът са на едно и също лице. И тъй като нямаме парламент да ъпдейтне закона, това е положението. Имаме рънтайм правителство, нямаме дивелопъри (които в момента се интервюират от българския народ и ще бъдат назначени след месец, компетентни или не) и така беклога се трупа.

Иначе, радвам се, че българинът се събужда и забравя за всякакви конспЕрации, чипирания и контрол, щом има шанс да не може да ходи в кварталната кръчма. Е, тва е, баце!

Наздраве!