Monthly Archives: December 2010

Food, Security

Health Risk of Low-Fat Milk

3 Comments

Body Earth has an excellent blog post on the Health Risks of Low-Fat Milk

For years my family only drank low-fat milk. It’s supposed to help us keep our weight down and reduce the risk of heart disease, right? Wrong. In fact, reduced-fat milk can harm our health. We now steer clear of the stuff whenever possible.

[…]

We always drink whole milk and cream now (never ultra-pasteurized) from cows that eat grass. Whole milk is a wonderful food that comes with the fat needed to use the fat-soluble vitamins (A, D, E, and K) it contains.

Definitely worth reading. I always stuck with whole milk and avoided low-fat milk because the data that said whole milk was fattening seemed inconclusive to me. Obviously it had not been a problem in the past, so what had suddenly changed it to a high-risk food? Moreover, I recognized that fat is necessary for brain development and other healthy body requirements. Whole milk, with just 3.5% fat, seemed like a great and time-tested option.

I also have noticed that arguments for low-fat are severely lacking. Whole Food’s puts this example forward as evidence of something remarkable:

A recent study conducted by the New York Department of Health and Mental Hygiene has shown the dramatic impact that milk choices can have on intake of calories and fat. Over a 4-year period (2006-2009), the New York City Department of Education shifted it milk purchases over from whole milk and chocolate milk made from whole-milk or low-fat milk to fat-free milk (whether unflavored or chocolate). In other words, students in 5 city boroughs (Manhattan, Queens, Brooklyn, Staten Island, and the Bronx) were only able to purchase fat-free milks in school by the end of this 5 year period. As a result, the New York Department of Education ended up purchasing and serving 4.6 billion fewer calories from milk products and 422 million less grams of fat!

Dramatic impact to what? What does their meaningless statistic prove? They banned whole milk and then did basic math on the difference between milk types. This is like saying they switched from selling 2 pencils per student to selling 1 pencil per student, for 1,000 students, and…amazingly ended up selling 1,000 fewer pencils! They do not say anything about the health or behavior of those in the study. Did they buy less milk? Lose weight? Get better grades? Anything? If this is their best and only example, they must not have seen any positive results worth reporting.

My guess is Whole Foods sells low-fat because they know it is popular right now. My guess is also that Whole Foods did not actually read the study when they used it as an example (they also did not include it in their references). If they had, they might have noticed this caveat:

…no data were collected on total food consumption during the school day, so the effect of the milk switch on overall diet is unknown. Students might compensate for the averted calories/fat from milk by changing their consumption patterns.

Compare that with a doctoral thesis in Sweden by a nutritionist who found that children drinking whole milk more than once a day had a lower body mass index than those who did not drink, or rarely drank, milk.

Maybe this tells us that children who drink a lot of milk also lead a more active lifestyle, or it is served to them along with healthier foods compared with the other kids, but at least the study tries to explain results with a measurable benefit instead of meaningless numbers.

The Soviet Union was famous for pushing meaningless calculations around. I had an economics professor once who had studied real cases where success was measured on output without factoring input. It had led to all kinds of absurd attempts to cheat and manipulate the measures. If a factory was measured on area output, the input would be spread as thinly as possible. If they were measured by weight, the input was collected into small and dense areas. Take the production of glass windows, for example. All the windows either were so thin they immediately broke or they were so thick they did not fit the frames.

From what I can tell, based on measures and studies so far, whole milk is still the safest, healthiest and best-tasting option. That is why I avoid low-fat milk.

Security

Exemption Law Passed for ID Theft Rule

1 Comment

The Identity Theft Red Flags Rule has been narrowed; health care organizations no longer must comply thanks to a new Red Flag Clarification Act

In a colloquy in support of the bill, Sen. Christopher Dodd, D-Conn., said the legislation “makes clear that lawyers, doctors, dentists, orthodontists, pharmacists, veterinarians, accountants, nurse practitioners, social workers, other types of healthcare providers and other service providers will no longer be classified as ‘creditors’ for the purposes of the Red Flags Rule just because they do not receive payment in full from their clients at the time they provide their services, when they don’t offer or maintain accounts that pose a reasonably forseeable risk of identity theft.

That last sentence sounds like a big one. What is a reasonably forseeable risk of identity theft? Can health care providers be expected to reasonably predict the risk of identity theft if they do not develop and implement an Identity Theft Prevention Program (as required by the Red Flags Rule)? The exception was a political move to lessen the regulatory burden on businesses, but it is not clear if it also was due to confidence with the information security practices at health care providers.

Security

Cloud Email Protected by 4th Amendement

Leave a comment

The Electronic Frontier Foundation has announced that an Appeals Court Holds that Email Privacy Protected by Fourth Amendment in America.

In a landmark decision issued [December 14th, 2010] in the criminal appeal of U.S. v. Warshak, the Sixth Circuit Court of Appeals has ruled that the government must have a search warrant before it can secretly seize and search emails stored by email service providers. Closely tracking arguments made by EFF in its amicus brief, the court found that email users have the same reasonable expectation of privacy in their stored email as they do in their phone calls and postal mail.

The court’s ruling is well said:

[T]he police may not storm the post office and intercept a letter, and they are likewise forbidden from using the phone system to make a clandestine recording of a telephone call–unless they get a warrant, that is. It only stands to reason that, if government agents compel an ISP to surrender the contents of a subscriber’s emails, those agents have thereby conducted a Fourth Amendment search, which necessitates compliance with the warrant requirement….

Security

Cyber War Book Review

Leave a comment

Here’s my response to Bruce’s review of Cyber War: The Next Threat to National Security and What to do About It by Richard Clarke and Robert Knake, HarperCollins, 2010:

I guess I should blog about this separately, and I have done so a little already, but here’s my take:

1) Clarke is great about warning us of yesterday’s windmills. The discussion has been public for a while now (since at least 1999) and money is being funneled into the congressional-military-industrial complex (original term preferred by Eisenhower). It’s not necessarily a bad thing, and he should be congratulated on this, but it’s time to update the story.

2) The (newish) risks he could warn about are related to a dimension of hyper-collaborative bonds and time-bound social groups. When people ask “who was behind stuxnet” they really should be asking who was *not* behind stuxnet. What Gonzales showed in spades is that special collaboration is the new nuke. Attribution is a pain and definition of foe is nearly impossible. This is part of what I tried to argue at RSA Europe — don’t ban crossbows; out-think the mercenaries. A government could seed a group with a dumb and attributable tool, for example, like LOIC; that makes definition of their foe easy, since they’ve tagged a group (even for future reference).

3) I asked Clarke how and why he brings up but does not compare the risk of a mechanical gas-pipe explosion in California with the cyber-alteration of uranium enrichment in Iran. He said it was because the latter is “so much more complex”. That indicates a common cybermistake to me — fear of the unfamiliar, rather than the likely or the severe. Maybe he can make a good case for the stuxnet severity, but I still don’t see it.

To me the cold and calculated assassination of the uranium enrichment scientists should have been in the press as much as stuxnet, no? Motorcyclists who stick a bomb to the door of a scientist and then ride away? How’s the treaty against that going?

Back to 2) there are many other examples of real (severe and likely) risk that need to be addressed, such as the impact from failing education and health of children. That’s why, turning his own model around, I wish Clarke spent less time on how to respond to printer fires and worms and more on new forms of attack prevention — why/how to keep youth from being recruited into (temporal social network) groups that will intentionally or even accidentally blow gas lines. Whether they use a wrench, ssh or java does not scare me as much as how easily they are misdirected.

A couple weeks ago Clarke wrote this update:

…because the attack on the Iranian nuclear facility got out into the wild and analyzed, it can now be used against the US by altering it slightly (changing the Zero Day and the SCADA system-PLC target). And we are completely vulnerable. Get it now? Think power grid black out.

Power grid blackout like the Northeast in 1965, New York City in 1977, West in 1996, Northeast in 2003, or something worse?

Lets assume this slightly altered Stuxnet is made; would it be any more likely than any of the other attacks that can cause a power grid blackout? I mean is the power grid only “completely vulnerable” to Stuxnet or is it already completely vulnerable to other attacks and we just do not see them yet? I am thinking of the San Bruno explosion again.