The Chinese Student Will See You Now
This is episode 11 of The French Tech Comedy Season 2.
Episode 10: (Zebra-) Crossing The Rubicon
Previously in The French Tech Comedy: In Season 2 of The French Tech Comedy, we follow characters like Japanese oncologist and bioinformatics engineer Takafumi Nagato, who is leading the lab of Bioinformatics for personalised CAR-T-therapies in a Tokyo clinic, and his patient, Chinese giant TenBa’s founder Ken Ba, a zillionaire from Shanghai. Yuki, Taka’s sister, is a French-speaking geisha, meaning “artist” in Japanese, in touch with the French Tech. She just got married to a French engineer who was working in Taka’s lab, Nono, and has secretly donated her healthy T-cells to Taka’s patient who, after his second cancer relapse, decided to try an innovative treatment called “liquid biopsy”. Indeed, Ba is becoming an expert in genomic precision medicine. In his case it is a matter of life or death. Among Yuki’s friends in the French Tech branch is Frederic Mougin, a biologist, founder of the startup Gene-i-us:
“We are developing a patient-centric tool for patients to collect, share & monetize their medical, genomics, lifestyle, IoT data with academics & pharma industry.”
Yuki had promised she would introduce Mougin to people working with Facebook Singapore; among them: Nono. What biz plan can Gene-i-usimplement, in order to work with Facebook? Mougin is using a lot of buzz words, but when it turns out Ba’s cancer mutation has entered the stock exchange market, thanks to the efforts of a pharmaceutical company, his oncologist, Taka, fears a Ba Gate. More than ever, the privacy of genetic data is instrumental in the process of developing precision medicine. Singapore is the Chinese Mecca of I.P. and patents. A cryptocurrency, that is seen by financial specialists as a security, is used as a way to reward (healthy and sick) patients in exchange of their DNA data. Yuki is wondering if this kind of money will revolutionise the whole financial and pharmaceutical market as we know it, or will all digital currencies end up behaving like any other tradable financial asset? After all, a security is a tradable financial asset. Ba, Taka’s cancer patient, is trying to gain insight into the situation… While spending a few days in Malaysia both for business and vacation, TenBa’s founder gets to meet with a total stranger who in fact he only knows too well: Simone, Malaysian Chinese actress Michelle Yeoh’s niece. Between Ba and Simone, things are complicated. But it is only the beginning… Simone is trying to make an algorithmic cryptocurrency that could mimmic biological processes within the human body. Meanwhile, Manga artist Koba writes about the blurring frontier between curing and enhancing in the genomic precision medicine era, and the consequences in society. At school, Simone needs to present her Science Fair project alone. Overanxious auntie Michellehad bribed a student from Simone’s class. She wanted her niece’s science fair presentation to be filmed, live. A few days later, she sent a link to a video to a friend of hers, Chinese giant TenBa’s founder Ken Ba, a zillionaire from Shanghai. She’d compiled a 10 minutes extract for him to see, and a question:
“ — What do you think?” Ba said the video was very interesting and offered to have lunch in Ipoh, Michelle’s home town, next weekend, and discuss things. Simone, meanwhile, is stuck in Bangkok, where Ba has sent her a T-shirt as a thank-you gift, she’s not sure why. Also, as a hacker having served time in a Beijing prison, she is suffering from post-traumatic stress.
— — — — — — — — — — —
Tamir Subramanian, PhD, surgeon, oncologist and geneticist, at Charitee Hospital, NY, is a famous physician in the US. He is the author of NY bestseller Your.Medical.Data. Today in Singapore, he is a keynote speaker at Facebook’s “The Patient Will See You Now” Breakfast. In the conference room nearby, a Facebook Open Day Q&A session for students from Singapore high schools has just started. Simone is attending. She’d been told there would be some Facebook engineers presenting, talking about how a typical workday unfolds… Students from her class are here as well: Rachel, Justin, among few others.
A security and privacy engineer is talking about her tasks:
“ — I work with Facebook here in Singapore, but I’m also an open web standard author, technology speaker, and open source contributor. Some of my contributions include HTTPS Everywhere, Lets Encrypt, Secure drop to name a few. Let us discuss privacy on today’s internet, net neutrality and how can we all protect ourselves on today’s web. My first experience programming was for a research job, I was writing MATLAB, and that was fun. So, I took a class that was taught in scheme about programming language design and that was all training I had. I didn’t start working full-time as a programmer until, after dropping out of grad school. I did a Google Summer of Code type internship program because I don’t think I would be, very good at programming because I hadn’t grown up doing it and everyone else I knew had been programming for ten years. So, yeah, that was how I started. I work on privacy and security because … yeah, it’s the feeling that someone needs to do this. People’s passwords are being leaked or, dating apps tracking people around, their physical locations, you know, all that stuff we hear about every day. It’s just hard not to think, well someone needs to work on this okay, look this is a significant problem. So, seem an obvious thing to do. Earlier, I helped internet companies to have better security and privacy protections. So, the thought was that if people could somehow use PGP to encrypt their emails end to end then that would be an extra layer of protection from their accounts getting hacked right. So this was supposed to be a very user-friendly feature such that anyone could just login to their mail box, download a browser extension and then start using PGP and so forth. So, yeah I worked on that up for about a year. Also, I worked on a kind of whistleblowing platform, in association with the freedom of the press foundation: sources could use Tor browser to send documents to journalists anonymously. And I went to a few hackathons, actually Noise Bridge was a good one. Recently, I worked on a plug-in for engine X at the Electronic Frontier Foundation. And now, I’m happy to take questions.”
“ — According to you, concerning privacy on today’s internet, how good or bad it is?”
“ — Hmm, it’s hard to say, it’s hard to, it’s hard because I don’t know everything that’s on the internet. I think it’s very tough to say whether things have gotten better since the Snowden revelations. For instance, because indeed there’s been a lot in the news about how people should care more about privacy and maybe more news about companies getting hacked and so forth, but it’s hard to measure if there are substantial changes. A few metrics that I do know about are the amount of SSL or TLS adoption on the web. So, that’s usually that’s one way to calculate, that is, from the percentage of HTTPS page loads and Firefox, which is public information and that has in the last year or two exceeded 50 percent. So, I think HTTPS becoming the norm and the default for websites is an, a significant privacy improvement and it’s steadily rising. So maybe it will get to an all HTTPS Internet in the near-future. On other fronts, I don’t think we’re doing as well. So, for instance, Email Encryption, well, so email encryption like start TLS transit encryption that’s gone up, slightly. But on other things like PGP, I don’t think a significantly higher number of people are using PGP compared to a year ago or two years ago, three years ago, four years ago, so that maybe that’s just a losing battle. We have to give up this old vision that someday everyone would be able to use PGP etc.”
“ — Still, 50% of the traffic on the Internet is not encrypted?”
“ — Oh, I mean, it’s yeah, I mean it’s, it’s more than 50% now. But, yeah it just crossed the 50% line, somewhat recently, I think a year or two ago, maybe a year ago. Yeah, so you’re right. That means, 40 something percent of the Internet traffic out there is still unencrypted. I think a lot of that was last time I checked, a lot of that was Netflix, but Netflix turned on HTTPS somewhat recently, so maybe now it’s over 60 percent, okay. Yeah.”
“ — Understanding company’s privacy policies can be tricky. And I’m not even talking about direct to consumer genetics here. How do we deal with this?”
“ — Yeah, that’s a great point. I think in general companies, companies want to give themselves more leeway with their privacy policy. So that if they start as a new data collection program or integrate some new analytic service, they don’t have to email every one of their users with a policy update. So they try to relax and their privacy policies which also give them, a broad amount of permission to do anything. So, I mean I think as users you can, I think a lot of these companies they have PR departments that care what people are saying. So, if you see a privacy policy that’s very broad or has something concerning in it, it might be worth contacting the company. Or posting about it on social media: why are you able to track my location at all times, or something like that. That gets their attention.”
“ — But 90% of the people will just click accept, and just move on.”
“ — People do that with employment agreements too, by the way. So, yeah I recently started paying attention to arbitration agreements. So basically, a lot of employers in the United States will have a clause on boarding agreement, where it says, You waive the right to sue the company in a public court and instead if you have any complaints about the company you have to agree to mediation. They would resolve it privately outside of Courts, which is very cost-efficient and often good for the company but it’s bad for employees, so yeah.”
“ — The recent developments seem to be junking the long-term principle that all web traffic must be treated equally. What happens next?”
“ — That’s a tough question. I think I don’t know. I think tech companies, and service providers can do a large part of activism by showing people what the risks are very concretely.”
“ — I feel that Internet Service Providers (ISP) will create slow lanes, fast lanes and also total speed or block content at certain regions.”
“ — Right, yeah. I saw people do that with net neutrality, they slowed down, or they showed a loading indicator on their websites, yeah.”
“ — Where are we heading? Is it all ISP’s rule the internet or is there hope?”
“ — It’s hard to say. What’s supposed to be special with things like net neutrality, I think, there’s still hope because with net neutrality what was repealed was the FCC regulation of it. The Federal Communications Commission (FCC) is an independent agency of the United States government created by statute to regulate interstate communications by radio, television, wire, satellite, and cable. But, there’s also other types of regulation, market regulation. Things that could come, could balance out the lack of regulation from the government, hopefully. But maybe that’s optimistic. It’s hard to predict what will happen.”
“ — I think, we should not give up on this, and we should keep fighting.”
“ — Yeah, and I think the real thing that should be avoided is nihilism because people get very fed up. They’re, oh, there’s nothing we can do that will influence the government or make privacy better. So we should just give up, and I think that’s the wrong approach, because, then you don’t have any chance of doing anything if people don’t care.”
“ — Let’s say that Comcast bans Tor. Well, then, given that so many people want to use Tor, if another Internet Service Provider like monkey brand or sonic decides that they allow Tor, then, they’ll get a large amount of traffic, where it’s a large number of customers. So that’s a market force that can ensure balance and fairness among these different players, correct?”
“ — Yeah, sure, but then again, no one’s done economic calculations on this so who knows.”
“ — Is big data for big benefits or is it creating privacy problems?”
“ — Uh, I mean, yeah, definitely the large large-scale collection of data, in general, is a problem because, data that isn’t personally identifiable or unique in the singular, can become a unique profile when aggregated. I know companies have tried building differential privacy protections into some of their data collection.”
“ — Okay, cool. I think there’s role for computer engineers to play in creating awareness but there is a big gap between programmers and security engineers.”
“ — Yeah, I agree with you. Yeah, I think in an ideal world every programmer would also be a very privacy conscious and aware of these issues. Perhaps, this is an issue with education because everyone who does computer science, takes an algorithms class but not everyone has a security class whereas that was a requirement for all new software engineers. I think that would go a long way.”
“ — But I took a few security courses in my master’s program. All it said, it was a bit of cryptography on our back, lots of outdated stuff.”
“ — Yeah.”
“ — If he or she wants to be a privacy engineer, where do they start?”
“ — Oh, that’s a great question. Assuming that you have some programming knowledge, which means you can write a script in any language of your choice Python, bash, node whatever. Once you have that ability, I think the next best thing to do is just to start doing audits, security audits. So, many companies have bug crowd or hacker one account set up, and so, they incentivise financially people who look through their services and try to find bugs. That’s actually how I got started doing security audits: I just saw someone who was willing to pay me to do an audit of their web, web app. And, in doing that, I learned probably 50 percent of what I know now, about security testing. So, I think, to have hands-on experience and as a real-world setting is by far the most important thing for privacy engineering.”
“ — For general internet users, how do they protect themselves?”
“ — Don’t enter information on HTTP websites. Yeah, I mean, I think that’s the obvious one that, every software engineer knows but normal people don’t necessarily know the difference between HTTPS and HTTP. And that’s probably something browsers are trying to fix. And, yeah, phishing is a hard problem too. People should set up two-factor authentication on all their services, preferably with a YubiKey, because that also prevents phishing, if it’s you to a universal two-factor service and so forth, yeah. I’m not sure what else there is, I mean use a password manager. Don’t use the same password on all sites.”
“ — On a similar note people should turn off autofill because you might have seen there’s this browser bug, where you can make invisible fields and have that autofill and then JavaScript can read the fields.”
“ — Take home message is HTTPS everywhere, fingerprinting protection, tracking protection, and add block and flash blocking. If instead of having that you have to download chrome, you have to turn off flash explicitly, turn off wide wand plug-in integration, download HTTPS everywhere, download a script blocker, download unlock origin and disconnect, download a privacy badger. You need to get rid of all of that. So we try to make it very usable and manageable for normal people, yeah.” (1)
“ — Are you working on a Privacy Badger for the market of Direct-To-Consumer genetics? Do you think the health care market — genomic precision medicine — will require a special Privacy Badger?”
“ — Yes and no. Privacy Badger is useful when you are not sure about the websites you are visiting. So, if the DTC market is something that will take place between your physician, the lab, and yourself, it should be ok.”
Simone was a bit disappointed. She’d expected Facebook engineers would tell how they pick projects to work on, how they team up, what are they allowed to try? She expected they were allowed to try lots of things. But some of her teachers were there and obviously, they had done a nice job preparing the questions… Great, but she didn’t get to ask her questions.
Out of curiosity, she tried to see what was going on in the adjacent conference room. A Facebook engineer was discussing with an American physician, and she found the conversation to be quite interesting. The engineer said he had been working with Facebook Tokyo as a developer, but was now set to manage several projects here, in Singapore, for Nintendo and Facebook. He was talking with a French accent. She thought about her nightmare that other night, the French student. What if… Oh, forget it. What French guy could possibly be called Pi? The rockstar physician was all about patients taking charge of their own health, but the engineer didn’t seem to buy it. Were the people trained to do so? Did they have the tools and the knowledge not to fall prey to greedy “genomic health” companies trying to fob off wacky science on desperate patients? Also, the physician was saying that China was forging ahead, and that the US were falling behind.
“ — Good for them, let them take the fall. When it comes to health care, innovation needs to be massively adopted. This is where it will become useful, and profitable. Drive profit. To me, correct me if I’m wrong, genomic precision medicine is not yet reproducible, repeatable for the masses. The Angelina Jolie story remains an isolated case. Not everyone will undergo surgery to just do some kind of prevention. Now, I agree with you. The high level of reproducibility could very well be reached in China, or in the US, or both. Scalability. It’s not a beauty contest, as far as I know, right? There are beauty queens in all countries, but only one Miss Universe. Like, a disease has no borders or frontiers. The question is just: when. When will the major reboot of health care take place? Nobody knows exactly, that’s the tricky part, I’m afraid…”
The doctor answered with another question.
“ — What would it take to reboot health care in the US?”
“ — Education,” said Nono.
“ — I’m sorry?…”
“ — You cannot reboot health care in a country where more than 50% of the population are scientifically illiterate. And that’s the case in the US, right? I think if the Beijing authorities decide to feed all of the online knowledge to their students, well, this can be highly disruptive. Also in health care, but I’m no expert. So I’m guessing the algorithm here would be: to reboot health care, you need to reboot education.”
Meanwhile, Chinese President Xi Jinping was giving new directives in education. And this was now official. Meaning, it had to be obeyed.
Nono was grinning now. He had just found out about those directives on Weibo. He could speak and read Chinese; the US physician couldn’t.
“ — So Sub, I guess it’s The Chinese Student Will See You Now,” he said to Tamir Subramanian, with that signature grin on his face.
Simone stayed until the end of the session, and waited for the French engineer to be available.
“ — Hi my name’s Simone, actually I came for the other session, the one for the high school students, taking place in the next room. And …”
“ — And you ended up here cuz it was kind of boring next door, right? With your teachers having prepared all the queries in advance and all…”
“ — Hm, uh, I guess, yes, something like that… Are you a French student?”
“ — I studied in an engineering school in Parisian suburbia and came to Japan as soon as I got my diploma, yes. But technically, I’m not a student anymore.”
“ — Oh, but you look like you are like 23. Did you study medicine?”
“ — haha Nope. Computer engineering. But I’ve been working with an oncologist in Tokyo, actually we are still in touch.”
“ — Oh, that’s great.”
Simone was looking at her feet.
“ — Are you an A.I specialist?”
“ — No. Most engineers here at Facebook can find their way in any computer coding language, niche knowledge is… well, rare. So there’s nothing special about me, I work like 99% of the rest of the engineers. We are trying lots of things, working in groups, picking and suggesting projects whenever we feel we need to. I’m building tools, online tools, that is, for people who are streaming their video game sessions. They get those tools that are tailored to their needs for free, in return, they must use the Facebook platform. Our biz model is built around advertising, pretty much like Google.”
“ — Oh, I see.” Simone was still looking at her feet. She didn’t expect she’d get to ask her own questions, she was thrilled, embarrassed and a bit terrified at the same time. And who was this Pi, in her dreams? She’d heard the name of the guy was Nono. Although she wasn’t sure this was French.
“ — Is Nono your real name?”
“ — Actually, I’m Noël, it means Christmas in French. But in Japan, everybody calls me Nono, and ever since…”
Nono was still grinning.
“ — You move like a cat,” she said.
“ — Haha, nobody ever told me that,” said Nono.
“ — I’m sorry. I’m just being shy. Actually, there is something I wanted to ask today.”
“ — This is your chance. Fire away.”
“ — You know that this CRISPR-Cas9 that’s all the rage, the gene editing tool they’ve invented, so to speak, is actually a way the bacteria have to protect themselves against viruses. And by copying this mechanism, we can edit the human genome. That is, maybe. Maybe it will work one day, and we’ll be able to cure, or enhance, people. Also, the media are all about cryptocurrencies and how whole varieties of those are bound to be invented, and so on and so forth. Well, I was wondering if we could use the underpinnings of the epigenetic mechanism, to build a cryptocurrency. Who knows, one day, maybe we will be methylating money? I’m referring to the methylation process of DNA occurring in biology, and the blockchain. I guess we would have to use this combination in MethylCoin… Oh, but I can see I’m bothering you…”
“ — Not at all. I’ve just booked you into the cafeteria for today’s lunch. Aaaand security just said you’re clear to go. C’mon, let’s go! It’s Saturday, so you are free, right? How about having lunch now? You can explain your project, and then we’ll see what we can do about it. So you want to use the algorithm that was built by nature for human DNA methylation for a new cryptocurrency, right?”
“ — Yes.”
Nono was thinking about a tool he needed to build for a prospect that could use just that: a new cryptocurrency.
(1) Source: https://www.mappingthejourney.com/single-post/2018/01/18/episode-14-interview-with-yan-zhu-privacy-engineer/
Catherine Coste
MITx 7.00x, 7.QBWx, 7.28x1–2 certified
Teacher and Member of the Walking Gallery of Health Care, founded by US activist Regina Holliday
Table of Contents:
Episode 1 of Season 2: Your DNA Will See (and Mutate) Your Credit Card Now
Episode 2 of Season 2: The Bitcoin That Pulled the Double Helix Apart
Episode 3 of Season 2: Kabuki Theatre and Desktop Epigenetics
Episode 4 of Season 2: Tenjin and TenGene
Episode 5 of Season 2: TenGene, Gene-i-us and a thousand planets in between
Episode 6 of Season 2: The Re:Creators Fault Line and the Epigenetic of Worldwide Middle Class
Episode 7: The Methylation of Money
Episode 8: “Biology has gone digital. Time to learn about it.”
Episode 9: Year of The Earth Dog
For Season 1 of The French Tech Comedy (all episodes), see here.
