The Google-SOPA-PIPA-DNS-Copyright-Oil-and-Gas Link

What does copyright infringement have to do with scraping oil from the bottom of a barrel and an acronym soup like SOPA, PIPA, DNS and DNSSEC? The answer lies with Google, not the search engine but the company.

More specifically, the answer lies with Google's Executive Chairman, Eric Schmidt, who said the following at the University of Minnesota last week when asked about legislation (SOPA/PIPA) which would--in the name of protection against copyright infirngement--give the U.S. government the power to mess with the Domain Name System (DNS) that forms the backbone of the Internet:
“There are a whole bunch of issues involved with [SOPA] breaking the Internet and the way it works. The correct solution, which we’ve repeatedly said, is to follow the money...Making it more explicitly illegal to make money from that type of content [pirated movies, software, or other counterfeit goods] is what we recommend.”

Mr. Schmidt is entirely correct, and I love the expression "making it more explicitly illegal to make money from..." because it covers a range of actions that governments and law enforcement agencies can take without interfering with the way the Internet works.

For example, the act of distributing pirated movies would be more explicitly illegal if the pirates were identified, arrested, extradited or extracted, imprisoned, tried, convicted, and given 20-year sentences in maximum security facilities without the possibility of parole. The same goes for the makers of malicious software. Let's put a bunch of them in jail with long sentences and see if that reduces the malware problem.

I just don't see a downside to this hardline approach to making something like software piracy or handbag counterfeiting "more explicitly illegal" except that some people will say it costs too much money. Au contraire, if you do this right it will actually make a lot more money than it costs. Consider the numbers put out by supporters* of the Stop Online Piracy Act: "IP theft costs the U.S. economy more than $100 billion annually and results in the loss of thousands of American jobs" (The Austin Statesman).

If you gave me a budget of one percent of that amount ($1 billion), I would most assuredly, and within a period of 12 months, reduce the cost of that theft by at least 15 percent ($15 billion). In other words, backing the effort to crack down on piracy to the tune of $1 billion in fresh money would pay huge dividends, save thousands of U.S. jobs, and actually create jobs (without messing with DNS).

Why am I so sure of this? My answer is not a lot of hot air, but it is a bit oily, as in petroleum production taxes. Thirty years ago I was criss-crossing America auditing the state oil and gas taxes paid by petroleum companies, firms with names like Koch, Hess, Ashland, Texaco, and Hunt. During that time I learned a lot about the ways in which we humans try to cheat each other.

Consider the sludge that forms at the bottom of a crude oil holding tank such as you see next to wells in oil fields where the wells are not connected to a pipeline. Some of that sludge is recoverable oil and, from time to time, someone goes into the tank to suck it out. How much of the sludge is oil? How much gets pumped out? Where is it taken? How much of it gets there? These are all points in the oil production process where numbers and readings and measurements can be fudged, to the advantage of one party and the disadvantage of another.

Not that every case of missing petroleum tax dollars was a case of cheating. Oil companies were sometimes being cheated by employees and contractors. And every time the production output of a well is understated that also cheats the royalty owner, the person who owns the mineral rights to the land from under which the oil and gas is being extracted.

Operating on a shoe string budget my auditing team raked in millions of previously unpaid taxes within the first 12 months of operation. We used no new laws or fancy gimmicks. We just followed the money, which is what Eric Schmidt is saying when it comes to cracking down on copyright infringement. In oil production areas you don't close down the roads in and out of every county where production is apparently going missing. You go to the top of the organization, the people getting the money, and you figure out how they came by it. You examine the paperwork. You audit the heck out of the operation. If the organization is shady, you shed light. If it is in another country then you remind that country of our mutual interests.

We have already seen positive results when private dollars are used to help enforce public laws, as in the Microsoft and Pfizer funded action against the Rustock botnet. (If you're wondering why a drug company got involved, read the story, it really is a big deal.) So why not an anti-infringement posse formed and funded by the likes of Google, eBay Facebook, and Yahoo! The backers of Protect Innovation could really make a lot of friends in high places, and on the High Street, if they were seen to spearhead a new effort to put cyber-criminals behind bars.

* Note: Here are some of the fine companies and trade groups that back SOPA (I respect and admire many of them, I just think they are wrong about SOPA): National Cable and Telecommunications Association, National Association of Manufacturers, Pharmaceutical Research and Manufacturers of America (PhRMA), Business Software Alliance, Screen Actors Guild (SAG), the U.S Chamber of Commerce, Independent Film & Television Alliance (IFTA), National Association of Theatre Owners (NATO), Motion Picture Association of America, Inc. (MPAA), American Federation of Musicians (AFM), American Federation of Television and Radio Artists (AFTRA), Directors Guild of America (DGA), International Alliance of Theatrical Stage Employees, (IATSE), International Brotherhood of Teamsters (IBT), Comcast/NBCUniversal, National Songwriters Association, the United States Conference of Mayors, National Sheriffs' Association, International Brotherhood of Electrical Workers, International Trademark Association.

Security and Privacy Links: Marketing cybersecurity

As some of you know, I hit the ground running when I landed in San Diego at the beginning of September, happy to be back in California, wrestling with my first love, information security.

Okay, so that prose was a trifle purple--not to be confused with a delicious purple trifle--and information security is not, strictly speaking, my first love.

But hopefully you get the point: I was ready to up my game in the fight against digital malfeasance after three fun years focused on the marketing of marketing software to marketers (three highly successful years, I might add, because the marketing software, Monetate, was clearly headed for best of breed from day one and can now be found on major websites from PETCO to QVC).

There were a number of happy congruencies in this latest development. My marketing skills had been honed, my marketing experience broadened, just in time to sell a fresh message of cybersecurity awareness to a deeply digital world. That message goes like this: "The bad guys are badder than ever, better funded, more organized, but there are simple steps we can all take to make cyberspace a lot safer tomorrow than it is today."

For me, this was just the right time to run into ESET, a Slovakian company with a growing presence in North America and a strong commitment to the public good, as evidenced by a pioneering community initiative called Securing Our eCity. I spend part of my time working on this initiative and the rest on research and publication, in all its forms, including blogging, tweeting, and speaking. Here are just a few of my efforts so far:

On TV:




Bonus Security Video: Malware Delivery Scam:

So San Diego: Dog bowls and sunsets

So what happened to September? Not a single September post on the Stephen Cobb Blog? That's right, I was busy settling into my new job here in San Diego at ESET North America. I'm part of the research team and, as it  says on my business cards, my job title is Security Evangelist. But I did blog in September, seven times on the ESET Threat Blog.

Working a blog with multiple contributors is one of the many things I'm loving about this new position. Another nice thing about the job is San Diego itself. I'm sure that San Diego has "issues" that I will encounter (and blog about, right here). No city is perfect, but sometimes a city can feel like a perfect match. For someone who loves to travel--like me--San Diego is both a great place to come home to, and a great place to travel from. I can look out the window and see cars, trains, boats, and planes. Okay, so sometimes these are noisy cars, trains, boats, and planes; but like all modes of transportation, they create this great sense of possibility, of going places.

San Diego Dog Bowls at Baja Betty'sAnd sunsets. San Diego has amazing sunsets. Friends and relatives are already getting tired of me emailing them my San diego sunset pictures, so I decided to illustrate this post with something else that is very San Diego: water bowls for your dog. Such bowls are a common site outside San Diego stores and restaurants (many of the latter welcome dogs in the outside eating areas, of which there are many). This particular eatery caught my eye because they had thoughtfully provided bowls in a range of sizes to suit different dogs.

So, in San Diego you can walk your dog to the local restaurant, enjoy great food in the open air, plus canine companionship and, let's face it, watch a great sunset nearly every day.

San Diego Sunset

Even Stephen Asks: What's in a name?

Starting in September I will be working for ESET, which has it's North American headquarters in San Diego. But I'm sure I won't be the only Stephen Cobb in San Diego. So when my soon-to-be-employer asked how I wanted my name to appear on my business cards I took a moment to think about it. My equivocation brought to mind a recent blog post by my friend and fellow serial entrepreneur, Lucinda Bromwyn Duncalfe. Some people might know Lucinda as Lucinda Holt or Lucinda Duncalfe-Holt but in this blog post she explains why she recently decided to be Lucinda Bromwyn Duncalfe (which I think has a nice ring to it). I can relate to name changing, not because I'm a married woman and have wrestled with male surname adoption, but because I'm a guy who changed his name for a while, not legally, but in practice.

That's right, for nearly 20 years I liked to be called Steve, even though it clearly says Stephen on my birth certificate (FYI, I was not christened or baptized "Stephen" because I've never been subjected to those rituals, but that's another story).

In packing for the move to San Diego I came across my well-worn paperback copy of William Blake's Songs of Innocence and Experience which I received when I won the King Henry VIII School Prize for English in 1970. Inside was a label that I put in all the books that I took with me to university, first Leeds in England, then McMaster in Canada. The label said: Property of Steve T. Cobb.

I blame Steve McQueen and then my school friend Steve Richardson, my college roommate Steve Donnelly, plus Steve Martin and several other Steves who seemed cooler than Stephens. It was only in the 1980s, when I first moved to California, that I decided to go back to the original Stephen. And that's how my name got recorded as an author at the Library of Congress when I started writing books about computing. Since then I have noticed a proliferation of Stephen Cobbs which frankly surprises me. I grew up in a city of more than 250,000 people and my family were the only Cobbs. Until I was 11 years old there were no other Stephens in the schools I attended.

Another surprise in recent years has been the number of people who see my name written down as Stephen and pronounce it Steffen. This often happens when I check into a hotel. I say "I have a reservation, last name Cobb" and the receptionist says something like "Yes, for one night, Steffen Cobb." I started correcting people by pointing out "My name is Stephen, like in the Bible" assuming people would know the story of Stephen, the first Christian martyr, as described in the New Testament (Acts 6-7).

That strategy really didn't gain much traction and I decided that comparing myself to a saintly martyr seemed a bit presumptuous. So I developed what I thought would be a more amusing way for people to get it right, by referring to what I thought was a well-known Christmas carol: Good King Wenceslas. The opening verse of this carol, which was sung religiously, pun intended, every year in church and school when I was growing up in England, goes as follows:
Good King Wenceslas looked out,
On the feast of Stephen,
When the snow lay round about,
Deep and crisp and even.

I would then point out that if you pronounce Stephen as Steffen, then change "even" so that it rhymes with Steffen, then the outcome of this verse is quite different, and not very religious (the snow being deep and crisp and effin'). Sadly, this got just as many blank faces as the more direct reference to the martyr. I found myself explaining that the day after Christmas is the feast of Saint Stephen, also known as Boxing Day in England, and that King Wenceslas who was actually a Duke, would himself go on to be a saint, revered in both Bohemia, of which he was Duke, and England, which is where I, Stephen, learned to sing the words you see below. Altogether now, let's hear it G G G A G G D...

King Wenceslas, Duke of Bohemia, and Saint

The Apartment With Everything, Now Available Everywhere (Irony Included)

So here's something way more ironic than anything in the Alanis Morissette song of the same name. My wife found a gorgeous apartment to rent in San Diego, for only $1,000 a month (I will explain why she was looking in a moment). The place looked great in the photos and it sounded great in the description on Craigslist:
"2 Bedroom, 2 Bath, fully furnished, modern kitchen and bath, cable TV, Internet wi-fi, electricity, water, local phone included. Nestled in a quiet, almost suburban-like setting, you're just a few minutes away from world-class dining, shopping and the verve of theaters, clubs and nightlife. Great location, great features. All at a location that's exactly right, exactly where you want to be."

All that for $1,000 in San Diego, California? Sounds fantastic, but hardly ironic. So let me add the most interesting thing about this place, something not immediately apparent: it is also for rent in Boston, San Francisco, Seattle, Washington, and many other cities in America. But even that's not ironic, that's just another sick cyber-scam.

Apartment ScamLet me add some more data points. My wife and I have spent many years working in the field of information security--where uncovering online scams and other cyber-crime was part of the job--and we are planning to move to San Diego next month, for my new job as Security Evangelist for ESET, a software company dedicated to fighting cyber-crime. We don't need a furnished apartment, but this place looked inviting (and it could lead one to think rent in downtown San Diego is very affordable).

So here's the irony: The apartment that I wanted to rent in order to facilitate my move to a new job fighting cyber-crime turned out to be a cyber-scam!

I was going to provide links to the scam pages (they were mainly on Craigslist) so you could check them out--they were quite professional with fewer typos than your average scam --but after my wife sent Craigslist a description of the scam they pulled it from all the cities mentioned above.

Of course, there may have been other complaints but my wife actually got the scammer to send her an email, which provided further details of the scam that she passed along to Craigslist. Apparently the scammer claims to be out of the country and seeks to get the prospective renter to send her a deposit, presumably before they find out that the whole thing is a fraud.

Notes: I say "her" only because the name most often associated with these fake apartment listings is Amanda Dawson (although I'm pretty sure that is not the scammer's real name). Also note that I think Alanis Morissette is a very good actor and singer, I just don't like the song  "Ironic" because most of it isn't. I don't know why I have a problem with errors in works of art, but I do. For example, the great big hole in Lord of the Flies--you can't use a short-sighted person's glasses to make fire--spoils that book for me (maybe it's because I've been myopic since I was 11 and tried using my glasses to burn paper on several occasions until my father sat me down and told me the facts of light).

Blood Money: The economics of America's most common deadly genetic disorder

Blood costs money and I know where to get a lot of it, blood that is. Now that might sound callous but it's true and it could save a lot of lives as well as pump more than a billion dollars into the American economy. Please bear with me as I explain, and please pardon the pumping pun.

For several decades now, the supply of fresh human blood in America has been getting tighter, pushing the cost of blood-consuming medical procedures higher and higher. Expanding the nation's blood supply would not only reduce pain and suffering, it would have a positive economic impact. Taking a cold, hard, economic look at anything related to the health and well-being of our fellow beings is bound to bother some people, but the path to sustainable caring-giving within the boundaries of economic reality requires us to acknowledge that things like blood cost money.

While most of the blood supply in America is freely donated, the logistics of blood taking and storage are not free, indeed they are quite expensive. So the cost of a unit of blood is something like $150 or more. Why is that number so vague? Because the cost varies according to supply and demand and those vary by location. In the heartland of America, the supply is high relative to demand but the reverse tends to be true on the coasts. A fairly recent number quoted by a medical facility on the East coast is $175 per unit. That number goes down when supply goes up, but not all the way down since there are fixed costs like testing the blood (there's more detail here).

The extent to which an increase in the supply of blood would reduce the cost to those that need it is hard to determine and I have not yet found any research on that. So let's run with 20% of the $175 number ($35) and find out where the nation can save/make a whole bunch of money. There are probably at least 13 million Americans that have the potential for homozygous or compound heterozygous variations of the HFE gene. In English that means they are at risk of developing toxic levels of iron in their bodies due to "iron overloading" caused by something called hemochromatosis, the most common, potentially-fatal, genetic disorder in America.

The best defense against hemochromatosis is to give blood regularly. Let's say 6 times per year. Suppose that 45% of those 13 million people would become regular blood donors if they found out they had hemochromatosis (that's adjusting down from 100% for those that already know, those that already give blood, and those who have a hard time giving blood). According to my spreadsheet that comes out to $1.25 billion per year, $12.5 billion over the next decade. I can't resist saying that's quite a shot in the arm for our economy.

But that is just the beginning...encouraging more people to give blood in general could have a fantastic prophylactic effect IF blood banks would routinely run an iron panel on donors to screen for iron overload, the most telling sign of possible hemochromatosis. People found to have high iron levels could check in with their doctors and might also elect to get a genetic test to detect hereditary hemochromatosis ($99* from 23andMe). The iron panel is a relatively inexpensive blood test and before 1996 it was fairly routine.

(Don't get me started on the slimy corporate frauds whose greed caused iron to be dropped from the standard blood panel, leading to a significant drop in the rate of hemochromatosis detection and thus a tragically avoidable rise in human suffering.)

The fact is, early detection of hemochromatosis would save our economy billions in avoidable health care costs, disability costs, lost productivity and tax revenues. On top of that, early detection, combined with affordable genetic testing, awareness and counseling, could lead to the eventual disappearance of this condition.

The genetic form of iron overload probably occurred as a natural defense against a diet low in iron and the shift from a nomadic, hunting-based culture to city life made possible by the agrarian-revolution. Now, in a world of iron-rich diets and lifespans that extend past menopause, genetic hemochromatosis has become a life-threatening metabolic disorder. Let's get rid of it and save a lot of money, and a lot of human suffering.
Note:  Due to ignorance, many blood banks throw away blood from hemochromatosis patients or even charge them for “filtering.” This is infuriating, immoral, and should be illegal. The FDA is quite clear that the blood is good, and so is the NIH Clinical Center.

Cobb's Satellite Internet Whitepaper Published by Rural Mobile & Broadband Alliance

Update, December 18, 2019: A recent decision by the FCC has put the spotlight on satellite internet service for rural communities in America (see Viasat gets $87.1M for rural broadband). I researched this topic - from a rural home that depended on satellite service for its internet connection - back in 2011. This article describes, and links to, the whitepaper in which I wrote up my research (PDF, 2 megabytes).

Original article:

I'm happy to announce that a document I've been working on for some time now has been published by RuMBA: the Rural Mobile & Broadband Alliance. Here's the full title:

Satellite Internet Connection for Rural Broadband: Is it a viable alternative to wired and wireless connectivity for America's rural communities?

RuMBA Satellite Internet WhitepaperYou can download the whitepaper here (this a 22-page PDF document just under 2 Megabytes in size).

For those who haven't heard of RuMBA, it's a non-profit organization that was launched in February 2009 by Luisa Handem Piette as an advocacy group "seeking to ensure that rural communities are offered the same access to affordable mobile and broadband services available to urban and suburban areas."

I admit that I first got involved with RuMBA for purely selfish reasons: I live in a rural community that has no access to broadband and I like broadband.

Okay, it's more than that. I need broadband to earn a living. Sure, I could go through some sort of retraining program and earn a living as a farmer or lumberjack or trucker, but to keep doing what I've been doing for the last 25 years, researching, writing and publishing, I need broadband.

(I actually think broadband can help you be a more successful farmer, lumberjack, or trucker, so it's not like those careers wouldn't benefit from better access to broadband as well.)

When I found out about RuMBA, a group of people looking to expand rural access to broadband, I signed up. One of the things I like about RuMBA is that it's not just an organization for consumers of broadband. And it's not just a meeting place for suppliers of broadband. RuMBA is a good mix of consumers and suppliers and experts, and a great place to research this field. I have already learned a great deal from RuMBA members about the possibilities and challenges of bringing broadband to un-served or under-served areas.

Which brings me back to satellite Internet. Attentive readers of this blog will know that I've had a lot of experience using satellite Internet over the last 5 years. Until recently it was the only way to connect to the Internet from the cabin in Upstate New York where I live and work IF you wanted speeds above those of an old-fashioned dialup modem.

In fact, the claim "faster than dialup" has been at the heart of marketing efforts by HughesNet and Wildblue, the two largest satellite Internet providers, for many years. What you don't see when you look into signing up for these services on the web is the phrase "satellite broadband." And there is a good reason for that [spoiler alert--the next sentence reveals the primary conclusion of the above-mentioned whitepaper].

Basically, satellite Internet is not broadband. It is not sold to consumers and small businesses as broadband. But it is getting promoted to government agencies and regulators as broadband. Which raises two questions:

  1. Why did I write a 22 page document to make that point?

  2. What's the problem?

Let me state the problem first: The traditional terrestrial Internet providers, the purveyors of DSL, cable, and fiber, do not want the government to require them to serve rural areas in the way that America requires telephone companies to serve rural areas.

Have you ever wondered how it is that your relatives on the farm way in the middle of nowhere North Dakota have a phone line? The answer lies in federal legislation dating back to the 1930s. That's when America decided "to make available, so far as possible, to all the people of the United States a rapid, efficient, nationwide and worldwide wire and radio communication service with adequate facilities at reasonable charges."

One of the principles established back then can be stated like this: If a company wants to run cable or beam waves across this great land of ours, everyone living on this land should get a slice of the service those cables and waves deliver. For example, a great big rope of fiber runs right through my village here in rural New York. My neighbors have to exercise care with their farm equipment so that they don't damage said cable or the power injectors and related fiber-phernalia. It seems only fair, at least in that old-fashioned 1930s way of American thinking, that a slice of said fiber should serve the community through which it passes. Right now it does not.

And one of the arguments that fiber/cable/DSL companies in America make against a universal broadband service requirement is that the country does not need it because: rural folks can always get broadband via satellite. And of course the satellite companies love that; they even got federal broadband money to build out their subscriber base. The telecommunications industry can say: "See, there's no need for universal service requirement because everyone has access to broadband."

Except they don't. That's because Satellite Internet is not broadband. And just so there could be no doubt about that statement I decided to make available an argument-ending document full of facts and references that anyone can print out and hand out and email, something that substantiates that statement in language anyone can understand. (And that answers question 2 above.)

If you would like a copy, it is free, and I encourage to download it now then please, spread it around.

April 16 Was SSDI Day: Apply for disability now, before it's too late!

That's right, April 16 was SSDI Day in America! Time to encourage any disabled people that you know to apply for disability, before it's too late!

SSDI-DaySSDI stands for Social Security Disability Insurance. If you are paid via W2 then the money to pay for SSDI is taken out of every paycheck. If you are self-employed you pay SSDI with your taxes, and tax returns are due April 15, so I figure April 16 should be SSDI Day.

Did you miss SSDI Day this year? Me too. That's because I just made it up.

But the problem that SSDI Day addresses is real. Millions of Americans who are disabled to the point where they cannot work are denied the disability pay for which they had been paying premiums. That means you can pay the mandatory disability insurance to the government for 25 years, get sick, become disabled, yet fail to get a single penny in disability payments.

How could that happen? Because you have to keep earning to stay qualified for SSDI. If you work less than 5 out of the 10 years leading up to your claim you do not qualify. In a recent unscientific poll of random friends and neighbors I got the strong impression that a lot of Americans don't know this.
This is not just a problem for people of a certain age. Studies show that a 20-year-old worker has a 3-in-10 chance of becoming disabled before reaching retirement age.

That's why I thought it would be a great idea to create a Disability Insurance Awareness Day on the day after you pay your taxes. So, each year, on April 16, you should point out the problems discussed here to anyone you know who is not earning any money because they are too sick to work.

The Problems?

  • Some disability happens quickly but other disability comes on gradually.

  • Many Americans struggle on with their lives despite sickness.

  • Too many Americans fail to observe the 5/10 SSDI rule.

  • They try to get by or depend on friends and relatives.

  • When they finally apply for SSDI they are not eligible.

How do I know this? Because it happened to someone I know: My wife. She became too sick to hold down a regular office job around 2001. She turned to writing to generate income. After taking expenses into account the writing did not generate net income, partly because she was too sick to carry through with the promotion of her books. So she turned to art. She produced some great paintings and photography, but again, ran out of steam before generating any net income from this avenue.

And she got sicker. Concentration was a challenge. Episodes of aphasia complicated communication (technically dysphasia but not dysphagia). Mobility became limited and I would say she is now about 6.0 on the EDSS scale. Clearly she is unable to do anything to earn money. But her claim for disability was denied. Despite spending over 25 years in the workforce and paying into the disability fund, she had not earned enough in the years preceding her application for disability. Ironically it was her efforts to try and make money and avoid becoming a burden on the state that sank her claim.

A Solution?

There are many ways to avoid this problem of being simultaneously unable to work and unable to collect disability, but they all require planning. Hence the need for awareness. Here's some helpful planning advice that I found in "Multiple Sclerosis: Your Legal Rights" By Lanny E. Perkins, Sara Perkins:
If it appears that you do not have enough work credits to qualify for SSDI benefits. perhaps because you took time out for childrearing, for education, or to deal u~th your illness. you may want to consider ways to continue working, at least long enough to meet the disability requirements. This might involve continuing your present job or finding an alternate, for example. part-time work that will allow you to go on earning the relatively small amounts required to accrue coverage credits. In some situations, it may be possible to engage in self-employment, possibly in a home-based business or in conjunction with your spouse, so that you can acquire the needed credits as soon as possible. You must be sure to pay your self-employment taxes to receive the credits!

So, there you have it. Whatever your age, whatever you current financial situation, you should be aware of these things. And one more thing. Do not assume Supplemental Security Income (SSI) will help you out. This is a government program that helps people who have a disability and very few resources. If your spouse has a good job there is very little chance you qualify for SSI.

(Disclaimer: I am not a lawyer or an expert on federal benefits. I believe the above statements about eligibility to be correct, but feel free to correct me in a comment to this post if you think I have something wrong.)

Doctors, Genes, Family Trees, Quora and Hemochromatosis

Have you visited Quora yet? It's a increasingly popular website that bills itself as "a continually improving collection of questions and answers created, edited, and organized by everyone who uses it." On a recent visit to Quora I saw this question:

Q. What are reasons that I should not submit my DNA to a firm like 23andMe?

You can read the question and answers here. This question caught my eye because, as regular readers will know, I did submit my DNA to 23andMe. Personally, I could not think of any reason not to do so. Apparently, not everyone shares my attitude, which is fine, but one person provided an answer that was, IMHO, wide of the mark. Here is what I submitted to Quora in response to Person X:

Me: I see no reason not to submit your DNA to 23andMe. And I have to warn you that the following assertions are, in my experience, somewhere between naïve and dangerously wrong:

"First of all, your doctor is going to notice in your family history if said disease is wreaking havoc on your family tree." - -Person X

Me: My wife's family was decimated by hereditary hemochromatosis over a period of 40 years and scores of doctors failed to notice it. My wife presented classic hemochromatosis symptoms to at least a dozen doctors herself, over a period of 15 years, before one of them connected the dots.

Her case is not just an isolated example. A landmark CDC study showed that hemochromatosis sufferers had symptoms for an average of 9.5 years and saw more than 3 doctors before being correctly diagnosed.

"Secondly, many diseases with a clear genetic linkage present themselves early in life, often when patients are still quite young." -- Person X

Me: This is not entirely untrue, but it is terribly vague. For example, women often do not get the symptoms of hereditary hemochromatosis until menopause, at which point they can have suffered serious organ damage. Indeed, it is unusual for hereditary hemochromatosis to cause symptoms before adulthood.

"You're probably not going to find a big nasty surprise buried in your genes. And even if you do find said nasty surprise, most doctors are not going to start treating you until your body actually starts showing symptoms." -- Person X

Me: There are two serious problems with this statement. First, knowing that you are a genetic carrier can help your doctor catch the symptoms sooner. For example, if you are homozygous for hemochromatosis then a simple blood iron test administered as part of a regular physical can detect elevated iron levels before they do long term damage. Since iron tests were dropped from standard blood panels in the US in 1996 [due to several cases of billing fraud by unenthical labs], many insurance companies won't cover these tests without cause, and a positive gene test is a better cause than waiting for someone to be sick.

Secondly, there are numerous nasty surprises you can find in your genetic data. I count myself lucky that I am not a carrier of Alpha-1 Antitrypsin Deficiency, Bloom's Syndrome, Canavan Disease, Cystic Fibrosis, Familial Dysautonomia, Factor XI Deficiency, Fanconi Anemia (FANCC-related), Familial Hypercholesterolemia Type B, Familial Mediterranean Fever, Gaucher Disease, Glycogen Storage Disease Type 1a, Hemochromatosis, Limb-girdle Muscular Dystrophy, Maple Syrup Urine Disease Type 1B, Mucolipidosis IV, Niemann-Pick Disease Type A, Connexin 26-Related Sensorineural Hearing Loss, Phenylketonuria, Rhizomelic Chondrodysplasia Punctata Type 1 (RCDP1), Sickle Cell Anemia, Tay-Sachs Disease, or Torsion Dystonia.

I am also thankful that, because of 23andMe and my own interest in my health, I know that I am not a carrier. Ignorance is seldom bliss. I don't plan on fathering any children, but if I was a younger man I would want to know about my genetic carrier status before I did. A gene test that reveals you are a carrier of something like hemochromatosis or Gaucher could make a big difference to your decisions about partners and parenthood.


Quora is an interesting website and potentially a very useful resource. I will keep visiting and answering questions when I feel I have something to offer. However, if you go to Quora you need to be careful when evaluating answers. Person X describes herself as a third year medical student, which suggests that medical schools are still teaching the AMA line on direct-to-consumer genetic tests, namely that a. they are pointless, b. consumers can't handle them. That is why the AMA is lobbying the FDA to ban them. I disagree. That's why I am asking people to sign this petition to the FDA.

Fighting Continues on Multiple Fronts: FDA, DTC, Telcos, Hemochromatosis

Sorry things have been a little slow lately here on Cobbsblog. I have been working pretty hard at the day job and on my "word warrior weekends."

Let me quickly explain: I have been blogging and tweeting and Facebooking on multiple fronts for the past few weeks:

1. Petitioning the FDA to ignore the lobbying of doctors who want to end Direct-To-Consumer genetic testing (i.e. the kind of testing that enables you to find out if you have hereditary hemochromatosis even if your doctor doesn't think you do). And I mean petition. Please read and  sign the petition when you have a chance. That would be much appreciated. Bear in mind that this possible FDA action affects everyone in America, not just hemochromatosis patients.

2. Raising the alarm about the efforts of large telecommunications companies (telcos) such as Time Warner Cable to ban community broadband networks. Yes, your urban cable company may be taking some of your monthly payment and using it to pay lobbyists fighting to squash local efforts to install broadband in places where the big telcos have failed to do so. Read more here.

3. Continuing to battle ignorance about hemochromatosis, as evidenced by this report on the Facebook page: "Husband recently diagnosed. Saw a gastro doctor today about a possible liver biopsy. He knew almost nothing about hemochromatosis." And yet he, the doctor, probably makes over $200,000 a year.

I should also explain that's not me with the raised arm in the painting (a free Fighting Hemochromatosis mug to the first person--friends and family excepted--who comments with the name of the original painting and artist).

More updates from the front lines as time permits...

Spring-ing Forward Misses DST point: Mythic origins of Deus Tea overlooked

About this time every year there is a lot of chatter about Daylight Saving Time, clocks, farmers, planting, sunlight, safety, business impact, the environment, and so on. You read these words in blogs and you hear them all over the cable news networks where talking heads explain the annual sixty minute shift in time.

All of which obscures the history behind this practice and its origins in ancient myth and legend. No longer do we tell our children about the epic struggle between the Sun god Ra, the Sea god Poseidon, and Zunga the flying lizard. I mean, how many children today know the story of how Zunga and Ra put aside their own feud to conspire against Poseidon, tricking him into arriving one horus [hour] late to their ritual Sun-day duel?

[caption id="attachment_1218" align="alignright" width="200" caption="Old text-book illustration showing Sumerian stone carving believed to depict Zunga the Flying Lizard"]Zunga the Flying Lizard[/caption]
With all the education cutbacks and test-focused learning in America today it is perhaps no surprise that most of our kids have never even heard of the pageant of Deus Tea [literally: Deus Starticus Tardicum] let alone participated in one of these colorful celebrations.

Even that most American of Spring traditions, the Vernal Equinox [literally The Equinox of Vern] is mentioned merely in passing these days. How many children could, if asked, recount its origins on the shores of the Great Salt Lake--back before Utah was even called the Utah Territory--when the young pioneer Vern Smith used 24 egg-timers and 100 candles to accurately determine the equal length of both day and night?

Well, here at Cobbsblog we plan to do something about this parlous ignorance. At some point between now and the first of April [literally "the first pril" or prilostoria, from the Greek for short sword or possibly story] we will be posting the original DST origin myth in full, in the hopes of keeping this important piece of of shared heritage alive.

In the meantime, we would all do well to take a moment and ask ourselves the question immortalized in the ancient ballad of the Chicago Transit Authority: Does anybody really know what time it is?

AMA to Control Your DNA? Asks FDA to ban direct-to-consumer genetic tests

It's no secret: I dig DNA. I'm into my genes. Deep ancestry excites me. Genetic defects perplex me. And I've spent a fair amount of time looking after someone who is suffering the crippling effects of Celtic Curse, a potentially deadly and surprisingly common genetic condition that went undiagnosed for too long (owing to a combination of medical ignorance and avaricious genetic patenting).

Lately I've been blogging and tweeting about 23andMe, a company to whom you can send your own DNA for analysis. I bought myself a ticket to 23andMe for Christmas and I've been delighted with the service they provide. I'm buying 23andMe for my wife for her birthday in April, but I'm buying it right now, before it becomes illegal.

Get Your Genome Mapped While You Still Can?

That's right, some very powerful people don't want you to have this kind of direct-to-consumer access to your DNA and they're looking to shut it down. Here's how one science writer put it:
the medical establishment is outraged by the idea of people having access to their own genetic information without the supervision of its members, and they want the FDA to stop it.

That's how Dr. Daniel MacArthur characterized the recent American Medical Association statement on the subject of direct-to-consumer genetic tests. Just to be clear, MacArthur, who blogs for Wired Science, has a PhD in Human Genetics. He's not exactly a novice in this field. And he's not not making this up. (Here's the Wired article.)

[Update: You can submit your own comments on this issue online, direct to the FDA, at this site up until midnight February 28.]

The AMA is the largest lobbying group for medical doctors in America and it is openly urging the Food and Drug Administration to recommend that "genetic testing, except under the most limited circumstances, should be carried out under the personal supervision of a qualified health care professional."

In other words, if your doctor doesn't think you need this gene or that gene tested, it does not get tested. And if your genes get tested, the results go to the doctor, not you. Whether you get the results is up to them, not you. After all, you're just a consumer. You might take things the wrong way. According to the AMA: "the involvement of a physician is essential in achieving benefit from test results."

Gatekeeping Has Already Begun

If the FDA decides you have to get a prescription to get your genes mapped, it would not be without precedent. New York State has already tried it, seeking to require residents to obtain their doctor's permission to get their DNA analyzed. I happen to know this because I live in New York and it was just before Christmas when 23andMe sent a little bottle to my village in upstate New York for me to spit into. I would then send them this sample of my saliva so they could perform a DNA analysis.

I was all set to spit when I noticed, on the 23andMe website, something about not spitting in New York. Seriously! I was warned that I could not use the kit to collect a DNA sample in New York. Fortunately, I was just a few days away from a trip to Pennsylvania. So I waited, took the DNA collection kit with me, spat into it in Pennsylvania, then mailed it to 23andMe from Philadelphia. At the time I thought it was bizarre, but I was not too worried. Then I read about the FDA hearings and I started to get very worried about doctors getting between me and my genes.

Why worry? For a start, I can give you a very real example of how this type of medical interference in access to genetic data could lead to needless pain and suffering. Because my wife has hereditary hemochromatosis our daughter is at risk for hemochromatosis, and so are any grandchildren, and so on. We want her to get tested. But what if she requires permission from her doctor and her doctor says no?

The current level of knowledge about hemochromatosis within the medical community as a whole is woefully inadequate. (This is not just a personal opinion. Studies have shown that someone with hemochromatosis has to see, on average, more than 10 doctors before they find one that makes the right diagnosis. And this is NOT some rare condition. Genetic hemochromatosis is the most common genetic killer in America!)

So it is quite possible that a genetic test we regard as critical for a family member may not strike a doctor the same way. The stories I read on the Hemochromatosis Facebook page lead me to think this is not implausible. After living with this knowledge for several years it is quite clear that my wife did not hit a run of bad luck. Her case is typical. And while we remain deeply grateful to the doctor who finally figured out why she was so darn sick, our feelings towards all the others who failed her do not incline us to think there is any benefit in appointing medical doctors as the gatekeepers of human DNA. I have already described how my cardiologist sent me a form letter to let me know I had a thoracic aortic aneurysm, which I didn't actually have. Sensitive? Professional? I think not.

Free to Be Me

If I look at my face in the mirror and see it is covered with spots, that is actionable anatomical data. As an adult I am considered by my peers to be capable of assessing the relative probability that these spots are acne, measles, an allergic reaction, or something unknown. Our society says I am free to access this data (the shape, size, color, number, and distribution of the spots).

I am also free to put this data together with other medical data that I own (such as known allergies and the medical histories of myself and family members). And I am free to act on this data, either by self-medicating based on my own assessment of the spots, or by seeking further advice, perhaps from a family member, or a pharmacist, a nurse, or even a doctor.

To me, my genes are no different from my anatomy. In a very real sense they are my anatomy. I should be trusted with access to them.

UPDATE March 27: We have started a petition to express our position to the FDA. Please sign if you can. Thanks!

The Big Day: Your Genetic Profile is Ready at 23andMe!

Small email, big day. On Friday evening, while I'm watching NBC Nightly News, a short and simple electronic message arrives on my iPhone informing me that my genetic profile, hundreds of new data points about my physical being, is available to me online. Now that is news I can use!

I skip the rest of Brian Williams and head to my office in the basement to fire up a web browser. I'm already registered at www.23andMe, that is part of the process for ordering their DNA analysis, so I log in and wait for the page to load. I am greeted with a simple but very powerful message: "welcome to you."

I check the calendar and see that it has been exactly 6 weeks since I mailed a small vial of my saliva from Philadelphia to California for analysis. The results are well worth the wait, they include data about everything from deep ancestry on my mother's side to my tolerance for caffeine.

And I see right away that all of this data is organized with considerable skill. I know a thing or two about the challenges involved in presenting complex, multi-layered data in an accessible manner (like the data involved in testing, targeting, and personalizing million-visitor consumer websites). Also, as many of my friends know, I have strong opinions about user interface design (I have personally appealed to Steve Jobs to put a proper Delete key on the MacBook keyboard).

But the UI at 23andMe works for me. Within 20 minutes or so I am navigating down to the research report that gave rise to the assessment that there is a probability that I might have a genetically-based learning problem. (Yes, there's some irony there.)

Of course, the first thing I check out, and I'm betting this is the case for most people when they get their 23andMe analysis, is Disease Risk. This is one of the 5 main categories into which 23andMe organizes your genetic data:
  • Disease Risk

  • Carrier Status

  • Drug Response

  • Traits

  • Health Labs

I do a quick scan of the 3 subcategories under Disease Risk. These are: Elevated Risk, Decreased Risk, Average Risk. Obviously the first category is going to get my immediate attention. There are a couple of items atop the Elevated Risk list: Prostate Cancer and Celiac Disease. The list is organized into 5 columns: Name, Confidence, Your Risk, Average Risk, and "Compared to Average." The only two items labeled with the symbol for strong confidence are Prostate Cancer and Celiac Disease. As you can see here, compared to average, it looks like I have a 1.12X risk of Prostate Cancer and 3.10X risk of Celiac Disease.

23andMe screenshotThe 23andMe web page lets me drill down to learn more about these diseases, but I already know that, unpleasant as it might be, a. Celiac is treatable with a gluten free diet and b. cereal has been my breakfast just about every day of my life, with no unpleasant side-effects so far. As for my prostate, it seems to be doing okay so far, based on that uncomfortable episode in my recent annual physical.

Of course, I realize that some people who get their DNA tested are going to see some scary stuff in this list. That is why some doctors think the Federal government should ban direct-to-consumer genetic testing, forcing all such tests to require a prescription and requiring a trained medical professional to deliver the results. Apparently, the fear is that some people won't understand what they are reading and will react badly.

Here's a personal perspective on that argument. You currently need a lot more than a prescription to get the kind of test that revealed my thoracic aortic aneurysm 7 years ago. How did the cardiologist inform me of that aneurysm? With a photocopied form letter that arrived at my house on a Friday after their offices closed for the weekend. How many words of advice and counseling about the implications of that test were included: 0.

So I'm not at all impressed with the argument that doctors should be in charge of the flow of information about my genes. (To expand on the above experience, I went to see the cardiologist after getting that letter and was so traumatized by his description of my condition that I quit a very good job in order to reduce stress, only to find out, 6 months later, that in the opinion of a respected cardiologist at the Mayo Clinic, I did not have, and had never had, a thoracic aortic aneurysm.)

But enough stalling Stephen, everyone wants to know what is behind door number one, the Locked Reports section at the top of the list above. This is how 23andMe handles really serious conditions. You have to make an explicit and informed decision to see the results. When you click to unlock the data, in this case pertaining to my genetic risk factors for Parkinson's, 23andMe provides a lot of information about the disease and how it is related to genetic factors. That means you are well-informed and well-prepared before you proceed.

In my next post I will unlock this information and share the results. Why? Because some people will find it interesting? I think the answer goes deeper and wider than that. The slogan of DEFCON III, the hacker convention I spoke at in 1995, was this: "Why? Because we can." And that's the way I feel about learning more about my genes. I can. Why wouldn't I? You might be thinking "His tune will change if he finds something bad in the results." I don't think that is the case, but we will see.

In the meantime, if you want a detailed blow-by-blow of getting tested by 23andMe there is a good account here, complete with pictures and screenshots. Although the author, Paul Stamatiou, is probably half my age, his motives seem very similar to mine. Paul wrote his account about a year ago. From my experience so far, 23andMe has improved in some of the areas Paul thought were a tad "early stage." And the price of the service has dropped considerably in recent months.

Bear in mind, we are only just scratching the surface here. After diseases, there are genetic traits to uncover, then relatives to discover and ancestral links to uncover (teaser: Ursula and Wodan are involved). The next installment of my genetic exploration will be posted shortly.

Happy New Year! Let the learning begin

To my faithful readers I just want to say: Happy New Year! And if you're a first time reader: Welcome, and Happy New Year to you too, and to your friends and family, and to the whole wide world. Let's make this the year we crank it up to 11, all across the board.

But Stephen, it's February already! Yes, I know, and there's a reason for that: I've been busy. And if you have ever worked for a software startup, like Google when it was in a garage, or The Facebook when it was in a dorm room, you'll know how it goes. There are days, even weeks, when it's all-hands-on-deck and the work is closer to 7x24 than 9-5. Well, January was a bit like that at Monetate, the rapidly expanding SaaS marketing company for which I am Evangelist and possibly Senior Writer (some might say senior writer, just because I do a lot of the writing and I'm the oldest person in the company--although that doesn't stop me tweeting and Facebooking my blog posts into major traffic drivers for the company website).

Anyway back to the happy part of the New Year thing. I actually think 2011 has a lot of potential to be a better year than 2010, although some of that sentiment arises from the fact there was a lot not to like about 2010, from the earthquake in Haiti to the BP oil spill, and many other natural and man-made disasters in between. On the other hand, we humans learned a lot of new things in 2010 that could help us understand the world a little better in 2011. Like how to rescue people from a mile below the ground. And the fact that homo sapiens has more genetic cousins than we previously thought (welcome Denisovans).

Speaking of genetics, and me, I embarked on a voyage of self-discovery in 2010 that should reveal some interesting facts in 2011. As I described in my December 20th post last year, I have submitted a DNA sample to 23andMe, the company that is pioneering direct-to-consumer genetic tests. Any day now I should be getting the results, which include medical and genealogical data.

I plan to share some of that information, and the experience of getting that information, here on the blog. (If it turns out I am a carrier for hemochromatosis I will be writing about that over on Celtic Curse.) So call it an experiment in transparency, or an exploration of the boundaries of personal privacy, I think it's a useful way to help others think about this aspect of themselves and their society.

Stephen Cobb's Privacy MeterAs some of you know, I have written a lot about privacy in the past, including a book and a bunch of articles, lectures, and so on. I recognized a long time ago that some people, myself included, are comfortable sharing quite a lot of information about themselves, but others are not. So one's own feeling about privacy cannot be the basis for privacy policies; a fundamental principle of privacy must be respect for the privacy concerns of people less comfortable with sharing information than oneself.

By sharing my gene test results I am not saying we should all hang out our genes in public. My decision to share parts of my genetic profile is a personal one, but hopefully one that will prove helpful to others.

2011 could be a very interesting year!