Weekly output: how states are working to expand broadband availability, lessons learned from Estonia’s digital society

This week saw two minor personal milestones: my first in-person attendance at a conference since last March (appropriately enough, it was the Satellite trade show then and now; sadly enough, Richard Branson didn’t say anything nearly as quotable as Elon Musk did last spring), followed by my first reception around town since then (an event at a Rosslyn rooftop with breathtaking views of the city).

Photo of first two pages of the story, held in front of a loop of fiber-optic cable hanging off a utility pole.9/9/2021: How States are Bridging the Digital Divide, Trust

This feature for the Pew Charitable Trusts’ quarterly magazine provided my first print appearance in a while. If you get the mag in paper form yourself, you may have seen it before Thursday–my own comp copies showed up two weeks ago–but the date above reflects the piece’s appearance on Pew’s site.

9/10/2021: This country moved its government online. Here’s why that wouldn’t fly in the U.S., Fast Company

More than three weeks after I set out on my transatlantic journey to Tallinn, this recap of what I learned on that Estonian-government-hosted trip week ran. I used the time after coming home to check in with a few U.S. experts in election security and digital government to get second opinions about Estonia’s digital-society project.

Lessons from transatlantic travel during the never-ending pandemic

Returning to Europe for the first time in close to two years reminded me of some aspects of EU life that had faded from my mind, like the endless series of GDPR-mandated privacy dialogs marring familiar news sites.

But my visit to Estonia on a sponsored press trip this week also exposed a newer difference between life here and on the other side of the Atlantic: how people are responding to the pandemic that’s now nearing its third year.

While I did not have to show proof of vaccination or a negative test result to board my flight (I took a PCR test two days prior to departure anyway and got a negative result the evening prior), I didn’t take too many steps after landing in Frankfurt before being asked for those documents to get into a Lufthansa lounge.

In Estonia–where the positive-test rate is lower than here in Virginia, while the vaccination rate is also lower but rising rapidly–I had to present my vaccination card once again to check into the hotel in Tallinn.

I faced more documentation requests to get into restaurants, a museum and a government office building. I’d call it a papers-please ritual except the Europeans among me could display EU-spec digital certificates on their phones that could be verified with a scan of a QR code, while I was left showing my paper card or a photo of it. This left me feeling like a health-tech hick, especially when one official looked at that image and said something like “I’ll have to trust you.”

(I’m told there’s an effort to build out a digital-vaccination-certificate standard across U.S. states, with California already supporting it; yes, consider the story assignment received.)

Mask compliance, however, did not seem great in the few mostly-empty restaurants and bars I ducked into; I did not linger in any crowded indoor spaces unmasked because I felt like I was pushing my luck enough already.

(For the same reason, I bought a BinaxNow antigen test at a CVS this morning and got yet another negative result.)

I had to present a negative test to board my flight home Thursday morning. That itself got checked twice, once before I could get a boarding pass and again before the gate for my flight back to the States from Munich.

And then after a long day of travel, I returned to a United States in which most people never have to produce any sort of confirmation of vaccination or a recent negative test–and some people seem violently opposed to any such mandate, even if that rugged individualism in the face of a pandemic just might put them in the grave.

Weekly output: supply-chain attacks, Mark Vena podcast, password managers, 5G vs. IMSI catchers, fake vaccination cards

TALLINN, Estonia–I’m writing a post from the other side of the Atlantic for the first time since November of 2019 because of a press trip set up for this week by Estonia’s business-development types to show off the country’s tech sector. That sort of thing would be a non-starter were I on anybody’s staff, but I’m not and I’ve gotten a lot out of a few previous trips along these lines. It does help that Estonia is no Las Vegas in its approach to the pandemic. 

Screenshot of the story as seen in Safari on an iPad8/10/2021: More SolarWinds-style attacks are coming. Here’s how to stop them, Fast Company

I wrote up the keynote that opened Black Hat, in which security researcher (and excellent Twitter individual) Matt Tait outlined how getting hostile code into a software supply chain can yield rewards so outsized that attackers have to work extra to focus their attack.

8/11/2021: SmartTechCheck Podcast by Parks Associates, Mark Vena

This week’s edition of my tech-analyst pal’s podcast featured an unusually contentious debate over Apple’s announced plans to do on-device scanning of photos ready to be uploaded to iCloud for matches of known child sexual-abuse material.

8/12/2021: Best Password Managers of 2021, U.S. News & World Report

I contributed an update to the guide I helped write at the start of this year. My work this time includes profiles of 1Password, Bitwarden, Dashlane, Enpass, and LastPass, plus comparisons of 1Password and LastPass, Dashlane and LastPass, and 1Password and Dashlane.

8/13/2021: 5G defends against IMSI catchers – but implementation is critical, Light Reading

My Black Hat coverage-from-afar continued with this writeup of a briefing about 5G’s vulnerability to IMSI catchers, the fake base stations sometimes used by law-enforcement and national-security investigators as well as criminal enterprises to intercept people’s communications.

8/13/2021: Fake vaccination cards, Al Jazeera

I thought the Arabic-language news network would want me to talk about the technical difficulties involved in making counterfeit-proof vaccination cards, but instead they stuck to such big-picture queries as why people would even want to spend $100 or so on fake vax cards sold by random con artists on Telegram.