The Science Says Everyone Needs a COVID-19 Booster Shot—and Soon

The Science Says Everyone Needs a COVID-19 Booster Shot—and Soon
It’s time for governments to admit that the biology of the delta variant has made mass revaccination an urgent necessity.
By Laurie Garrett
Jul 30 2021
https://foreignpolicy.com/2021/07/30/booster-shot-coronavirus-covid-science/

The world has fought many battles against the novel coronavirus since January 2020, losing more than 4.2 million people and vanquishing some of its spread. But the war is still raging and will do so for a long time. I predicted early last year, in a best-case scenario, that we would face a 36-month battle before COVID-19 could be considered under human control. We are only now in month 19.

Sure enough, the United States is again awash in virus, with the incidence of new COVID-19 cases having soared 131 percent in the third week of July. To be clear, the vaccines available work well—especially the Pfizer and Moderna products based on mRNA technology. But it is likely that waning vaccine efficacy, coupled with a stubborn one-fifth of the adult population refusing any immunization, has opened the door for the dangerous mutant delta variant of SARS-CoV-2 to wreak havoc among the vaccinated and unvaccinated alike.

That’s why the United States is going to need a third dose of mRNA vaccines; for the nation’s older population, the triple play is already overdue. “I don’t see the virus just disappearing,” said Stanley Plotkin, considered the godfather of vaccinology. The University of Pennsylvania vaccine inventor and immunologist told me that the U.S. Food and Drug Administration (FDA) should comply with requests from Pfizer, following Israel’s example, and immediately approve third-dose immunization for adults over the age of 60, with general triple dosing for all Americans to follow. I agree.

The World Health Organization (WHO) has voiced opposition to third dosing in richer nations before making primary doses available to billions of people in middle-income and poorer countries. It’s a completely reasonable point, both morally and strategically, in the war against COVID-19. But evidence now points in an alarming new direction, suggesting that fully vaccinated individuals can carry the delta variant in their noses and mouths, shedding in some cases just as much virus to infect others as do unvaccinated infected individuals.

Moreover, in the absence of fully effective vaccination of better than 75 percent of adults, a society may act as a herd of walking petri dishes, cultivating immune-escape mutant forms of SARS-CoV-2—that is, mutants that evade existing vaccines. The vaccine that rolls out tomorrow in a poorer country may have already been rendered less effective by its prior inadequate, or incorrect, use in richer countries.

Urgent action is required from the FDA, the U.S. Centers for Disease Control and Prevention (CDC), and their counterparts in Europe, Canada, and other parts of the world that have already widely administered vaccines. And recommending the usage of masks, while necessary, is no longer enough. The message must be that if you’ve had a second shot, it’s time to start planning to get a third.

The example of Israel clearly suggests as much. Because it was the first nation to mass vaccinate its population, scientists around the world are paying close heed to events unfolding there. The government began rolling out the first doses in January and by July had achieved two-dose immunization of 58 percent of its population over 12 years old. Though an estimated 1 million adults still refused vaccination, the government eased nearly all behavior-restricting regulations, including mask-wearing.

But by July the Israeli miracle sobered up, revealing that fully vaccinated people were protected against severe disease and death but not necessarily against infection. In early July, the Ministry of Health announced effective immunity among the fully vaccinated had dropped to 64 percent, from the 95 percentlevel measured two months previously. Then, on July 17, the ministry reported a surge in breakthrough cases involving the delta variant. Most cases occurred in people either who had been fully vaccinated more than four months previously, indicating the waning immunity problem, or who were just completing their shots in July, too recently to be completely effective.

The data from vaccinated Israeli medical staff shows that while breakthrough infections aren’t life-threatening, they are also not benign: 19 percent of cases led to so-called “long-haul COVID-19,” featuring months of difficult symptomsthat can include acute fatigue, depression, loss of stamina and muscle strength, brain fog, and other challenging disabilities.

A multinational study of six months’ use of two-dose Pfizer vaccine also found that efficacy wanes with time, from about 97 percent to a low of 86 percent—still robust. But none of the work involved delta variant exposure. A recent study in Scotland showed that both the AstraZeneca and Pfizer vaccines were considerably less able to prevent delta infection, compared with the alpha strain or original 2020 forms of the coronavirus. (No similar data has been published for the nearly identical Moderna vaccine, but most vaccine experts assume that what holds for Pfizer is also true for Moderna.)

The biology behind all this matters and explains the global delta variant surge. Whether an individual is immunized against SARS-CoV-2 via natural infection or vaccination, there are four key elements necessary to guarantee defense against future reinfection and protection from hospitalization or death. The most important is a huge antibody response against the spike proteins that protrude from the surface of the SARS-CoV-2 viruses and attach themselves to ACE2 receptors located on the outside of hundreds of types of human (and all mammalian) cells. The antibodies must be capable of neutralizing the enemy.

The neutralizing antibodies are made in the second key element of defense—B cells, which are white blood cells and lymphocytes found inside bone marrow and in lymph nodes dispersed around the body and in the spleen. Those B cells must retain what immunologists call “memory”—the key to why, for example, a measles shot administered to a 2-year-old protects the same person as a 40-year-old when exposed to the virus. The B cell memory recognizes the measles and triggers manufacture of those fierce neutralizing antibodies.

The third component essential to protecting people against COVID-19 infection and illness is the antibodies that target other parts of the virus, especially the mechanism SARS-CoV-2 uses to poke itself into human cells and invade. And the final necessity is so-called CD8 and CD4 cells from the T cell side of the immune response, which are capable of calling to the battlefield a vast array of virus-eating cells and releasing chemicals that alert defenses in every organ of the body.

Amazingly, the mRNA vaccines and, to a lesser degree, other non-RNA types made by Johnson & Johnson, AstraZeneca, Russia, and Chinese drugmakers all arm this full range of necessary weaponry against SARS-CoV-2. But they do so with widely varying degrees of efficacy—especially as applied to the delta variant.

When the first three variant forms of SARS-CoV-2 were discovered in the United Kingdom, South Africa, and Brazil, respectively, many immunologists and vaccine experts were quick to say the vaccines still worked—just somewhat less well—against them. Concern about the variants was labeled alarmist at the time. One prominent vaccine expert responded in March to my persistent queries about the first wave of variants by writing that I was “obsessed by the variants to a deeply unhealthy extent that can badly influence public confidence.”

The lion’s share of variant studies executed worldwide in the spring pivoted on the question of how well the vaccines stood up to the mutants. The studies generally concluded that neutralizing antibodies were less abundant in reaction to, say, alpha exposure but remained sufficient to stave off disease, if not infection. Deep sighs of relief were exhaled, albeit with the warning that it remained dangerous to have large percentages of societies unable, or unwilling, to obtain vaccination, as there might arise in the future from that unprotected population a worse mutant form of SARS-CoV-2.

And so it passed in mid-March that the mutant delta variant spread across India like a wildfire, the country recording 400,000 deaths officially by July—a toll widely believed to represent a tenfold undercount. Nearly every country in the world is now battling the delta variant, which threatens athletes in the Tokyo Olympic Village, has spawned a new outbreak in China, and is pushing Africa’s worst COVID-19 epidemic to date.

The delta variant has numerous mutations that give it special attributes. The spike protein that is vital to viral attachment to cells is altered so that it’s harder for the immune system to see it and generate slews of neutralizing antibodies—a case of immune-escape mutation. The proteins it uses to get inside human cells are also mutated so that they dodge the immune system and function efficiently. And the virus is able to generate copies of itself far more rapidly and efficiently. Within three to five days, the viral load of delta peaks at levels up to 1,000 times higher than seen with 2020 forms of SARS-CoV-2.

The implications in the real world of these biological findings are overwhelming. Because the virus surges so rapidly after infection, peaking its viral load two or three days faster than garden-variety COVID-19, individuals who are carrying all that virus in their bodies have no idea, exhibit no symptoms, and take no special precautions to protect others. Worse, even if they were immunized by either vaccines or prior COVID-19 illness, they may be vulnerable to reinfection. That’s for two reasons. First, the sheer volume of virus coming at their unmasked faces from a delta-infected individual is three orders of magnitude larger than anything their bodies were prepared for—instead of encountering a few puffs of particles in the air, they are gulping down microscopic hurricanes of the stuff. And secondly, it surges inside their bodies faster than their B cell memory component can mobilize to generate neutralizing antibodies and other weaponry.

According to Israel, and to Pfizer, vaccine-induced immune response shifts from a powerful form replete with neutralizing antibodies drifting in the bloodstream to the quieter B cell memory type within about four months’ time after the second dose. Neutralizing antibody production declines, Pfizer says, about 6 percent per month, hitting 84 percent vaccine efficacy by month six. By eight months, it’s all about memory, which leaves the individuals highly vulnerable to infection.

[snip]

Vaccine Mandates Are as American as Apple Pie

Vaccine Mandates Are as American as Apple Pie
Those who claim that vaccine resistance is an expression of liberty are historically illiterate.
By Matt Ford
Jul 30 2021
https://newrepublic.com/article/163122/vaccine-mandates-american-apple-pie

If you support mandatory vaccination to fight COVID-19, you are in good company. The first vaccine mandate in American history came from none other than George Washington at the height of the American Revolution. The United States’s struggle for independence coincided with a major smallpox epidemicthat raged through North America in the 1770s and 1780s, and it was an omnipresent threat to the ragtag Continental Army.

“By January 1777 [Washington] ordered Dr. William Shippen to inoculate every soldier who never had the disease,’” historian Ron Chernow wrote in his 2010 biography of the first president. “‘Necessity not only authorizes but seems to require the measure,’ [Washington] wrote, ‘for should the disorder infect the army in the natural way and rage with its usual virulence, we should have more to dread from it than the sword of the enemy.’ This enlightened decision was as important as any military measure Washington adopted during the war.”

Washington’s fears were far from hypothetical. Until the 20th century, disease outbreaks could be as deadly for the average soldier in the average war as the average enemy combatant. Chernow noted that British generals released infected civilians and captives towards American lines at the siege of Boston and at Yorktown in a ghoulish pre-industrial version of biological warfare. Fighting smallpox and fighting the British, in Washington’s eyes, were one and the same. 

Anti-vax groups often allude to basic American values to resist vaccine mandates, asserting that they have the liberty to not take steps to ensure they don’t spread infectious diseases to other people. Public-health officials, in their version of events, are derided as authoritarian and tyrannical figures. This juvenile worldview could not be more backward. Getting vaccinated is as American as baseball and apple pie—and so is compelling those who refuse to do so voluntarily.

When COVID-19 vaccines became widely available this spring, the immediate priority was ensuring that those who wanted to get the vaccine could do so. Millions of Americans did their patriotic duty to one another and rushed out to get the jab. But millions of their fellow citizens did not. In May, President Joe Biden set a goal of 70 percent vaccination among adults by July 4, once again linking American independence to a mass-vaccination campaign. As of the end of July, however, only 69 percent of Americans have so far received at least one shot, and only 60 percent can be described as fully vaccinated.

These vaccination rates are, unfortunately, not evenly distributed throughout the country. States in New England are leading the pack: Vermont, for example, has given at least one dose to nearly 87 percent of adults in the state and fully vaccinated 77 percent of them, with Connecticut and Massachusetts close behind. (A recent CNN report on how Vermonters are enjoying their regional herd immunity shows how the vaccine is pretty successful at fully unleashing what Americans might call “freedom.”) In the southern and central portions of the country, things are far worse. Mississippi has yet to administer at least one dose to more than 50 percent of its adult population, and ten other states also haven’t yet fully vaccinated a majority of their adults.

Some of these shortfalls can be attributed to equity problems. But many more can be blamed on culture-war nonsense or sheer stubbornness. My personal patience with the “vaccine-hesitant” ran out when I read a ProPublica article last week about elder-care workers who refuse to get vaccinated. COVID-19 is particularly dangerous for elderly Americans, who make up the bulk of the American death toll from the virus so far. Their excuses were as unpersuasive as they were callous. “This is just a personal choice and I feel it should be a free choice,” one of the nurses told ProPublica. “I think it’s been forced on us way too much.” It has not, but it should be.

As with every other aspect of American life, some of this “hesitancy” has led to litigation against real or imagined vaccine mandates. Fortunately, vaccine mandates are undoubtedly constitutional. In 1902, the town of Cambridge, Massachusetts experienced a major smallpox outbreak. Its public-health board issued an order for everyone in the community to get a vaccine if they didn’t already have one or pay a $5 fine. Henning Jacobson, a Swedish immigrant who feared a bad reaction to the vaccine, refused the order for himself and his children. He sued Massachusetts, arguing that the state’s mandatory-vaccination law had violated his constitutional rights.

Three years later, in a 7-2 decision, the Supreme Court flatly rejected his stance. States wield what the court called the “police powers”—the basic powers of any community to regulate its own health, safety, and general welfare. Mandatory vaccination, especially in an age of plagues and pandemics, fell well within these powers. “The liberty secured by the Constitution of the United States to every person within its jurisdiction does not import an absolute right in each person to be, at all times and in all circumstances, wholly free from restraint,” the court wrote. “There are manifold restraints to which every person is necessarily subject for the common good.”

It’s here that we should note that mandatory vaccination doesn’t mean forcible vaccination. Biden won’t be sending troops door-to-door with those tranquilizer guns from Jurassic Park to shoot vaccine-laden darts into unsuspecting civilians. What it does mean is that those who refuse to get the vaccine despite a mandate will face certain consequences for it, such as regular Covid testing or denial of entry into certain places. The private sector has even more leeway to impose consequences on workers who won’t get vaccinated: A Texas hospital system ousted more than 150 health-care workers earlier this summer who had refused to get the shot.

Such is the nature of living in civilization. “There is, of course, a sphere within which the individual may assert the supremacy of his own will, and rightfully dispute the authority of any human government, especially of any free government existing under a written constitution, to interfere with the exercise of that will,” the Supreme Court wrote in Jacobson. “But it is equally true that in every well-ordered society charged with the duty of conserving the safety of its members the rights of the individual in respect of his liberty may at times, under the pressure of great dangers, be subjected to such restraint, to be enforced by reasonable regulations, as the safety of the general public may demand.”

For all the anti-vaxxers’ talk of liberty and personal freedom, the nature of pandemics and infectious diseases mean that everyone else is forced to suffer for their short-sightedness. COVID-19 has imposed its own subtle tyranny upon our lives for the past 18 months. Even if they do not get sick and die, people have been unable to find work, to meet family and friends, to go on dates and fall in love, to hold weddings and funerals, and to enjoy the full blessings of everyday life without risking their own health and the health of others. If anti-vax folks mistake a key for a shackle, that’s only because their selfishness is part of the problem.

[snip]

The Trap Doors and Dead Ends of Trying to Get Treated for Long Covid

The Trap Doors and Dead Ends of Trying to Get Treated for Long Covid
Experts say the long-Covid crisis will mirror the pandemic itself, creating a “tsunami of disability” that will take a disproportionate toll on low-income people of color.
By Karina Piser
Jul 27 2021
https://newrepublic.com/article/163036/long-covid-treatment-dead-ends

Tiffany Nazaire felt her first Covid symptoms last October and was diagnosed—along with many of her colleagues at the hospital where she worked—later that month. In the nine months that have passed since then, shortness of breath has landed the 38-year-old in the emergency room multiple times; persistent brain fog, memory loss, and fatigue have made her unable to return to work as a nurse in the Baltimore area.

Nazaire soon found doctors were slow to acknowledge her ongoing symptoms. Emergency room physicians dismissed her shortness of breath as panic, she said, sending her home with a prescription for anti-anxiety medication. When, in December, she visited the University of Maryland Comprehensive Care Clinic, she says the attending nurse did not take her long-haul symptoms seriously. She was told that because she hadn’t been hospitalized, other than her brief emergency room visit, her symptoms were too mild for her to be admitted to their clinic for long-haul patients. In a medical chart Nazaire shared with The New Republic, there is no documented mention of her post-infection symptoms, though they were the reason for her visit. (Contacted by The New Republic,University of Maryland Upper Chesapeake Health would not comment on the specifics of an individual patient’s care or recovery and did not provide eligibility criteria for receiving long-haul Covid treatment at its medical centers.)

Nazaire reached out to other clinics but either didn’t hear back or found there were state residency requirements that prevented her from enrolling. “There were so many roadblocks to care,” Nazaire told me. “That was one of the most depressing things about it.”

Nazaire’s challenges are not unique. Even as the worst of the pandemic subsides in much of the United States, a growing body of research points to an evolving, long-term crisis: Around a quarter of Americans who contracted Covid-19 face enduring symptoms that, for many, keep them out of work and struggling to cope with mounting medical bills. And although data is just starting to come in, experts say the “long Covid” crisis will mirror the pandemic itself, creating a “tsunami of disability” that will take a disproportionate toll on low-income people of color. 

It’s become a common trope that the pandemic has exposed long-standing inequities in the U.S. health care system, but as the country begins to reckon with the scope of long Covid, there’s little indication it’s learning from past mistakes. Instead, Americans struggling with post-Covid symptoms face a highly unequal health care landscape, with the most vulnerable populations navigating labyrinthian barriers to treatment. For many, persistent and devastating symptoms have made it difficult to return to work—even as medical bills pile up. With many pandemic-era assistance programs set to expire by the end of the summer, this growing population of Covid long-haulers faces an especially uncertain future. 

“All estimates indicate that low-income communities of color, who were disproportionately hit by Covid, will be disproportionately hit by long Covid,” said Sabrina Assoumou, an infectious diseases physician at Boston Medical Center and an assistant professor of medicine at Boston University School of Medicine. “And because some of the hardest-hit communities are in areas with a lot of disinvestment and limited access to health care, one of the biggest barriers will be finding someone to diagnose you and make sure you get the care you need.”

Indeed, access to the emerging long-Covid health care landscape—defined in large part by specialized, multidisciplinary clinics—is hardly straightforward. Clinics are overwhelmingly concentrated at large medical centers and beset by extensive waitlists, insurance constraints, and strict eligibility requirements. Until recently, most clinics required that patients present proof of a positive Covid test—a roadblock for individuals who got sick early in the pandemic, when testing was limited, especially in underserved communities. (A study from earlier this year indicated that 20 percent of U.S. counties lack a single test site, primarily in low-income rural and urban areas.) 

And although testing became more widely available as the pandemic escalated, the difficulties some patients faced early on have followed them as their initial Covid infection has settled into a long-term illness. Chimére Smith, a former middle-school teacher in Baltimore, first felt Covid symptoms in March 2020, when the Centers for Disease Control and Prevention recommended using limited testing resources on patients who were hospitalized, had preexisting conditions, or had traveled to international hotspots.

“My doctor said, You don’t have a fever, you don’t have Covid,” Chimére told me. Instead, her doctor suggested she had a sinus infection. But Smith’s symptoms only worsened, from migraines and brain fog to, a month after she first felt sick, losing vision in her left eye. Last August, she says she sought care at Johns Hopkins’s long-Covid clinic but was told that absent a positive Covid test, she couldn’t be treated. Attending physicians noted on Smith’s medical documents, reviewed by The New Republic, that she was experiencing anxiety, and recommended psychiatric treatment. A physician with the Hopkins long-Covid clinic—where the waiting list is currently seven to nine months—told The New Republic that he does not require patients to present a positive Covid test for treatment, noting that he will see anyone who continues to experience chronic fatigue, elevated heart rate, or “disabling symptoms” more than three months after a Covid infection. But other clinics contacted by The New Republic said they continue to require a positive Covid test to receive care for long-haul symptoms. According to a National Institutes of Health study released last month, an estimated 17 million cases had gone undiagnosed by mid-July 2020. For those who face persistent symptoms but whose initial infections went undiagnosed—overwhelmingly those in low-income urban and rural communities, as well as undocumented people who avoided Covid tests due to immigration status concerns—a positive test requirement poses a significant barrier to treatment. 

“For a race of people who historically don’t like to go to the doctor because we’re not treated well,” said Smith, who is Black, “adding pieces to the puzzle isn’t going to encourage us to seek care.”

Long-Covid clinics are relatively new and continue to evolve with growing research on the illness. But so far, they’re concentrated at major medical centers—and out of reach to people in rural settings or areas otherwise cut off from transportation, said Ada Stewart, president of the American Academy of Family Physicians and a family physician with Cooperative Health in Columbia, South Carolina. “Once again, we’re missing the people in rural areas, the people I’m seeing every day,” she said.

Even as more hospitals launch clinics to serve long-haul patients, some states—North Dakota, South Dakota, Nebraska, West Virginia, Mississippi, Vermont, Alaska, and Maine—don’t have a single one.

Stewart points to additional factors driving disparities in access to long-Covid care: access not only to insurance but to a primary care physician who knows a patient’s medical history and, critically, can refer them to specialists for the litany of long-haul symptoms they might face. People of color—especially Black Americans—are significantly less likely than white Americans to see a primary care or family medicine doctor. And nonprofit community health centers, where many low-income and underinsured Americans have long sought care, are emerging from the pandemic weaker than ever.

“As a primary care physician, I take care of the total person, and we need to do everything we can to improve access to that type of care,” Stewart, who works at a community health center, said.

Carina Marquez, an assistant professor of medicine at the University of California, San Francisco, School of Medicine, has focused on increasing representation of nonwhite patients in research on long Covid. “For the most part, research cohorts have not reflected the ethnic and racial makeup of Covid, and undersamples Black and Latino patients, in particular,” she said.

That in part stems from who’s able even to enter clinical settings. “The first step is just getting in the door, and many patients don’t have a primary care doctor or don’t have insurance,” said Marquez. Without those resources, “you may not even enter the door. That’s one of the biggest issues we’re seeing all over the United States.”

Abha Agrawal, chief medical officer at Humboldt Park Health, a community health center on the west side of Chicago, launched a long-Covid clinic when she realized that the only long-haul treatment centers were at Northwestern and the University of Chicago. “These academic research centers have a very different mission, a different goal in the health care ecosystem,” she said. “They have a valuable role to play in advancing science. But clinics like ours have an invaluable role to play in making sure people can access care regardless of how they look, how they talk, or whether they have insurance or a positive Covid test.”

[snip]

‘The war has changed’: Internal CDC document urges new messaging, warns delta infections likely more severe

‘The war has changed’: Internal CDC document urges new messaging, warns delta infections likely more severe
The internal presentation shows that the agency thinks it is struggling to communicate on vaccine efficacy amid increased breakthrough infections
By Yasmeen Abutaleb, Carolyn Y. Johnson and Joel Achenbach
Jul 29 2021
https://www.washingtonpost.com/health/2021/07/29/cdc-mask-guidance/

The document is an internal Centers for Disease Control and Prevention slide presentation, shared within the CDC and obtained by The Washington Post. It captures the struggle of the nation’s top public health agency to persuade the public to embrace vaccination and prevention measures, including mask-wearing, as cases surge across the United States and new research suggests vaccinated people can spread the virus.

The document strikes an urgent note, revealing the agency knows it must revamp its public messaging to emphasize vaccination as the best defense against a variant so contagious that it acts almost like a different novel virus, leaping from target to target more swiftly than Ebola or the common cold.

It cites a combination of recently obtained, still-unpublished data from outbreak investigations and outside studies showing that vaccinated individuals infected with delta may be able to transmit the virus as easily as those who are unvaccinated. Vaccinated people infected with delta have measurable viral loads similar to those who are unvaccinated and infected with the variant.

“I finished reading it significantly more concerned than when I began,” Robert Wachter, chairman of the Department of Medicine at the University of California at San Francisco, wrote in an email.

CDC scientists were so alarmed by the new research that the agency earlier this week significantly changed guidance for vaccinated people even before making new data public.

The data and studies cited in the document played a key role in revamped recommendations that call for everyone — vaccinated or not — to wear masks indoors in public settings in certain circumstances, a federal health official said. That official told The Post that the data will be published in full on Friday. CDC Director Rochelle Walensky privately briefed members of Congress on Thursday, drawing on much of the material in the document.

One of the slides states that there is a higher risk among older age groups for hospitalization and death relative to younger people, regardless of vaccination status. Another estimates that there are 35,000 symptomatic infections per week among 162 million vaccinated Americans.

The document outlines “communication challenges” fueled by cases in vaccinated people, including concerns from local health departments about whether coronavirus vaccines remain effective and a “public convinced vaccines no longer work/booster doses needed.”

The presentation highlights the daunting task the CDC faces. It must continue to emphasize the proven efficacy of the vaccines at preventing severe illness and death while acknowledging milder breakthrough infections may not be so rare after all, and that vaccinated individuals are transmitting the virus. The agency must move the goal posts of success in full public view.

The CDC declined to comment.

“Although it’s rare, we believe that at an individual level, vaccinated people may spread the virus, which is why we updated our recommendation,” according to the federal health official, who spoke on the condition of anonymity because they were not authorized to speak publicly. “Waiting even days to publish the data could result in needless suffering and as public health professionals we cannot accept that.”

The presentation came two days after Walensky announced the reversal in guidance on masking among people who are vaccinated. On May 13, people were told they no longer needed to wear masks indoors or outdoors if they had been vaccinated. The new guidance reflects a strategic retreat in the face of the delta variant. Even people who are vaccinated should wear masks indoors in communities with substantial viral spread or when in the presence of people who are particularly vulnerable to infection and illness, the CDC said.

The document presents new science but also suggests a new strategy is needed on communication, noting that public trust in vaccines may be undermined when people experience or hear about breakthrough cases, especially after public health officials have described them as rare.

Matthew Seeger, a risk communication expert at Wayne State University in Detroit, said a lack of communication about breakthrough infections has proved problematic. Because public health officials had emphasized the great efficacy of the vaccines, the realization that they aren’t perfect may feel like a betrayal.

“We’ve done a great job of telling the public these are miracle vaccines,” Seeger said. “We have probably fallen a little into the trap of over-reassurance, which is one of the challenges of any crisis communication circumstance.”

The CDC’s revised mask guidance stops short of what the internal document calls for. “Given higher transmissibility and current vaccine coverage, universal masking is essential to reduce transmission of the Delta variant,” it states.

The document makes clear that vaccination provides substantial protection against the virus. But it also states that the CDC must “improve communications around individual risk among [the] vaccinated” because that risk depends on a host of factors, including age and whether someone has a compromised immune system.

The document includes CDC data from studies showing that the vaccines are not as effective in immunocompromised patients and nursing home residents, raising the possibility that some at-risk individuals will need an additional vaccine dose.

The presentation includes a note that the findings and conclusions are those of the authors and do not necessarily represent the CDC’s official position.

The internal document contains some of the scientific information that influenced the CDC to change its mask guidance. The agency faced criticism from outside experts this week when it changed the mask guidance without releasing the data, a move that violated scientific norms, said Kathleen Hall Jamieson, director of the Annenberg Public Policy Center at the University of Pennsylvania.

“You don’t, when you’re a public health official, want to be saying, ‘Trust us, we know, we can’t tell you how,’” Jamieson said. “The scientific norm suggests that when you make a statement based on science, you show the science. … And the second mistake is they do not appear to be candid about the extent to which breakthroughs are yielding hospitalizations.”

The breakthrough cases are to be expected, the CDC briefing states, and will probably rise as a proportion of all cases because there are so many more people vaccinated now. This echoes data seen from studies in other countries, including highly vaccinated Singapore, where 75 percent of new infections reportedly occur in people who are partially and fully vaccinated.

The CDC document cites public skepticism about vaccines as one of the challenges: “Public convinced vaccines no longer work,” one of the first slides in the presentation states.

Walter A. Orenstein, associate director of the Emory Vaccine Center, said he was struck by data showing that vaccinated people who became infected with delta shed just as much virus as those who were not vaccinated. The slide references an outbreak in Barnstable County, Mass., where vaccinated and unvaccinated people shed nearly identical amounts of virus.

“I think this is very important in changing things,” Orenstein said.

[snip]

Covid surge creates fertile grounds for more dangerous new variants

[Note:  This item comes from friend Ed DeWath.  DLH]

Covid surge creates fertile grounds for more dangerous new variants
Scientists say third wave is breeding ground for potentially more infectious and resistant forms of coronavirus
By Clive Cookson
Jul 30 2021
https://www.ft.com/content/f6a72bbb-e247-4cc3-b53b-e189795149fb

Scientists are warning that the world has entered a dangerous new phase of the pandemic, as the coronavirus third wave creates fertile breeding grounds for more infectious and potentially vaccine-resistant new variants. 

The surge of Covid-19 around the globe, with the World Health Organization reporting new cases up 8 per cent and deaths up 21 per cent in just a week, has parallels with the conditions at the height of the pandemic last year when four highly transmissible viral variants originated.

Virologists say the Sars-Cov-2 virus that causes Covid-19 may have already developed into more threatening forms which have so far evaded detection because they have not yet infected enough people.

“We’ve been surprised more than once by the evolution of variants, though maybe we shouldn’t have been because the virus only recently moved into humans and is still adapting to its new hosts,” said Nick Loman, professor of microbial genomics at Birmingham university in the UK. “We’ve been humbled by this virus before and no one can predict confidently what will happen in the future.” 

Global infections have surged to an average of 540,000 per day, and an average of almost 70,000 weekly deaths, the WHO said this week, driven by the more transmissible Delta variant.

As well as spreading in countries with low inoculation rates, a new variant could establish itself in a population with high immunisation levels such as the US or much of Europe, where other measures to control transmission — notably mask wearing and restricting social contacts — have been lifted.

WHO “variants of concern”, its most serious category, are named with the Greek letters Alpha, Beta, Gamma and Delta. All four emerged in the second half of 2020, although it took some time for the more transmissible viruses to spread more widely. The next “variants of interest” category — suspected of being more transmissible or vaccine resistant — includes Eta, Iota, Kappa and Lambda. 

Scientists say further evolutions of the virus are inevitable because of the way the genetic code can be altered by errors in the copying mechanism during replication. Most mutations are neutral but occasionally one increases the “fitness” of the virus, enabling it to infect human cells more easily.

“We’re trying to understand why Delta is more transmissible,” said Maria Van Kerkhove, the WHO’s Covid-19 technical lead. “Some of the mutations allow the virus to adhere to the cell more readily and therefore infect it.”

Delta is about twice as transmissible as the Alpha variant first recorded in England, which was itself 40 per cent more infectious than earlier forms of the virus first detected in China.

The reproduction number R0, which measures transmissibility, is estimated at about 3 for the original virus in Wuhan and close to 6 for Delta, Loman at Birmingham university said. That means an average person infected with Delta in a population unprotected by vaccination, prior infection and social distancing measures would pass it on to six others. 

Most variants of concern or interest have accumulated about 20 individual mutations in the 30,000 biochemical letters that make up the genetic code. Molecular research by virologists such as Ravi Gupta, a Cambridge university microbiology professor, aims to provide a greater understanding of how they affect the behaviour of Sars-Cov-2. 

Gupta said changes in the spike protein, enabling the virus to enter human cells more effectively, seemed most important, although more research is needed. “We know some of the mutations involved but we don’t know the whole story,” he added.

Of the existing variants, Beta that emerged in South Africa appears to be the most able to reinfect the vaccinated. Fears over Beta led the UK to this month place France in a special “amber plus” travel category. French experts say the UK has miscalculated, as Delta is rapidly displacing Beta as France’s dominant variant.

The Beta proportion of cases in France has fallen from about 20 per cent at the start of June to 2 per cent, according to the Nextstrain database. “The Beta variant has been replaced by the Delta variant everywhere where it has been co-circulating. It’s less ‘fit’,” said Sylvie van der Werf, a molecular geneticist at the Institut Pasteur in Paris.

The precise process through which the virus acquires a series of mutations with sufficient impact to qualify as a new variant remains something of a mystery, though sometimes it may happen within an individual who suffers prolonged infection. 

Gupta and colleagues studied a Cambridge patient with an impaired immune system in whom the virus replicated for more than three months before he died. A series of mutations evolved similar to those observed in the Alpha variant, though this one-man variant did not infect anyone else.

[snip]

A Soil-Science Revolution Upends Plans to Fight Climate Change

[Note:  This item comes from friend David Rosenthal.  DLH]

A Soil-Science Revolution Upends Plans to Fight Climate Change
A centuries-old concept in soil science has recently been thrown out. Yet it remains a key ingredient in everything from climate models to advanced carbon-capture projects.
By Gabriel Popkin
Jul 27 2021
https://www.quantamagazine.org/a-soil-science-revolution-upends-plans-to-fight-climate-change-20210727/

Scientists began to suggest that we might be able to coax large volumes of atmospheric carbon back into the soil to dampen or even reverse the damage of climate change.

In practice, this has proved difficult. An early idea to increase carbon stores — planting crops without tilling the soil — has mostly fallen flat. When farmers skipped the tilling and instead drilled seeds into the ground, carbon stores grew in upper soil layers, but they disappeared from lower layers. Most experts now believe that the practice redistributes carbon within the soil rather than increases it, though it can improve other factors such as water quality and soil health.

Efforts like the Harnessing Plants Initiative represent something like soil carbon sequestration 2.0: a more direct intervention to essentially jam a bunch of carbon into the ground.

The initiative emerged when a team of scientists at the Salk Institute came up with an idea: Create plants whose roots produce an excess of carbon-rich molecules. By their calculations, if grown widely, such plants might sequester up to 20% of the excess carbon dioxide that humans add to the atmosphere every year.

The Salk scientists zeroed in on a complex, cork-like molecule called suberin, which is produced by many plant roots. Studies from the 1990s and 2000s had hinted that suberin and similar molecules could resist decomposition in soil.

With flashy marketing, the Harnessing Plants Initiative gained attention. An initial round of fundraising in 2019 brought in over $35 million. Last year, the multibillionaire Jeff Bezos contributed $30 million from his “Earth Fund.”

But as the project gained momentum, it attracted doubters. One group of researchers noted in 2016 that no one had actually observed the suberin decomposition process. When those authors did the relevant experiment, they found that much of the suberin decayed quickly.

In 2019, Joanne Chory, a plant geneticist and one of the Harnessing Plant Initiative’s project leaders, described the project at a TED conference. Asmeret Asefaw Berhe, a soil scientist at the University of California, Merced, who spoke at the same conference, pointed out to Chory that according to modern soil science, suberin, like any carbon-containing compound, should break down in soil. (Berhe, who has been nominated to lead the U.S. Department of Energy’s Office of Science, declined an interview request.)

Around the same time, Hanna Poffenbarger, a soil researcher at the University of Kentucky, made a similar comment after hearing Wolfgang Busch, the other project leader, speak at a workshop. “You should really get some soil scientists on board, because the assumption that we can breed for more recalcitrant roots — that may not be valid,” Poffenbarger recalls telling Busch.

Questions about the project surfaced publicly earlier this year, when Jonathan Sanderman, a soil scientist at the Woodwell Climate Research Center in Woods Hole, Massachusetts, tweeted, “I thought the soil biogeochem community had moved on from the idea that there is a magical recalcitrant plant compound. Am I missing some important new literature on suberin?” Another soil scientist responded, “Nope, the literature suggests that suberin will be broken down just like every other organic plant component. I’ve never understood why the @salkinstitute has based their Harnessing Plant Initiative on this premise.”

Busch, in an interview, acknowledged that “there is no unbreakable biomolecule.” But, citing published papers on suberin’s resistance to decomposition, he said, “We are still very optimistic when it comes to suberin.”

He also noted a second initiative Salk researchers are pursuing in parallel to enhancing suberin. They are trying to design plants with longer roots that could deposit carbon deeper in soil. Independent experts such as Sanderman agree that carbon tends to stick around longer in deeper soil layers, putting that solution on potentially firmer conceptual ground.

Chory and Busch have also launched collaborations with Berhe and Poffenbarger, respectively. Poffenbarger, for example, will analyze how soil samples containing suberin-rich plant roots change under different environmental conditions. But even those studies won’t answer questions about how long suberin sticks around, Poffenbarger said — important if the goal is to keep carbon out of the atmosphere long enough to make a dent in global warming.

Beyond the Salk project, momentum and money are flowing toward other climate projects that would rely on long-term carbon sequestration and storage in soils. In an April speech to Congress, for example, President Biden suggested paying farmers to plant cover crops, which are grown not for harvest but to nurture the soil in between plantings of cash crops. Evidence suggests that when cover crop roots break down, some of their carbon stays in the soil — although as with suberin, how long it lasts is an open question.

Not Enough Bugs in the Code

Recalcitrant carbon may also be warping climate prediction.

In the 1960s, scientists began writing large, complex computer programs to predict the global climate’s future. Because soil both takes up and releases carbon dioxide, climate models attempted to take into account soil’s interactions with the atmosphere. But the global climate is fantastically complex, and to enable the programs to run on the machines of the time, simplifications were necessary. For soil, scientists made a big one: They ignored microbes in the soil entirely. Instead, they basically divided soil carbon into short-term and long-term pools, in accordance with the humus paradigm.

More recent generations of models, including ones that the Intergovernmental Panel on Climate Change uses for its widely read reports, are essentially palimpsests built on earlier ones, said Torn. They still assume soil carbon exists in long-term and short-term pools. As a consequence, these models may be overestimating how much carbon will stick around in soils and underestimating how much carbon dioxide they will emit.

Last summer, a study published in Nature examined how much carbon dioxide was released when researchers artificially warmed the soil in a Panamanian rainforest to mimic the long-term effects of climate change. They found that the warmed soil released 55% more carbon than nearby unwarmed areas — a much larger release than predicted by most climate models. The researchers think that microbes in the soil grow more active at the warmer temperatures, leading to the increase.

[snip]

Morocco team hails stone age tool site dating back 1.3m years

Morocco team hails stone age tool site dating back 1.3m years
Find pushes back by hundreds of thousands of years start of stone-tool industry associated with Homo erectus
By Agence France-Presse inRabat
Jul 28 2021
https://www.theguardian.com/world/2021/jul/28/morocco-team-hails-stone-age-tool-site-dating-back-13m-years

Archaeologists in Morocco have announced the discovery of north Africa’s oldest stone age hand-axe manufacturing site, dating back 1.3m years, an international team has reported.

The find pushes back by hundreds of thousands of years the start date in north Africa of the Acheulian stone-tool industry, associated with the human ancestor Homo erectus, researchers told journalists in Rabat on Wednesday.

The discovery was made during excavations at a quarry on the outskirts of Morocco’s economic capital, Casablanca.

This “contributes to enriching the debate on the emergence of the Acheulian in Africa,” said Abderrahim Mohib, the co-director of the Franco-Moroccan prehistory of Casablanca programme.

Previously, the presence in Morocco of the Acheulian stone-tool industry was thought to date back 700,000 years. The discoveries at the Thomas Quarry I site, made famous in 1969 when a human half mandible was discovered in a cave, mean the Acheulian there is almost twice as old.

The 17-strong team behind the discovery comprised Moroccan, French and Italian researchers, and their findings are based on the study of stone tools extracted from the site.

The Moroccan archaeologist Abdelouahed Ben-Ncer called the news a “chronological rebound”. He said the beginning of the Acheulian in Morocco is now close to the south and east African start dates of 1.6m and 1.8m years ago respectively.

Earlier humans had made do with more primitive pebble tools, known as Oldowan, after their east African-type site. Research at the Casablanca site has been carried out for decades, and has “delivered one of the richest Acheulian assemblages in Africa”, said Mohib. “It is very important because we are talking about prehistoric time, a complex period for which little data exists.”

Mohib said the study also made it possible to attest to “the oldest presence in Morocco of humans” who were “variants of Homo erectus”.

In 2017, the discovery of five fossils estimated at 300,000 years old 100km west of Marrakesh at Jebel Irhoud, overturned evolutionary science when they were designated Homo sapiens.

The Moroccan fossils were much older than some with similar facial characteristics excavated from Omo Kibish in Ethiopia, dating back about 195,000 years.

… we’d like to take a moment to say a big thank you for reading in the last year. With more than 1.5 million supporters like you in 180 countries, we remain fiercely independent and can keep our high-impact journalism open for everyone.

This year marks the Guardian’s bicentenary – for 200 years, we have been publishing quality, investigative reporting that’s helped to change the world. Tens of millions of readers have placed their trust in us, turning to our news and analysis in moments of crisis, uncertainty, solidarity and hope. Times change, but our principles remain steadfast.

[snip]

QR Codes Are Here to Stay. So Is the Tracking They Allow.

[Note:  This item comes from reader Monty Solomon.  DLH]

QR Codes Are Here to Stay. So Is the Tracking They Allow.
Fueled by a desire for touchless transactions, QR codes popped up everywhere in the pandemic. Businesses don’t want to give them up.
By Erin Woo
Jul 26 2021
https://www.nytimes.com/2021/07/26/technology/qr-codes-tracking.html

SAN FRANCISCO — When people enter Teeth, a bar in San Francisco’s Mission neighborhood, the bouncer gives them options. They can order food and drinks at the bar, he says, or they can order via a QR code.

Each table at Teeth has a card emblazoned with the code, a pixelated black-and-white square. Customers simply scan it with their phone camera to open a website for the online menu. Then they can input their credit card information to pay, all without touching a paper menu or interacting with a server.

A scene like this was a rarity 18 months ago, but not anymore. “In 13 years of bar ownership in San Francisco, I’ve never seen a sea change like this that brought the majority of customers into a new behavior so quickly,” said Ben Bleiman, Teeth’s owner.

QR codes — essentially a kind of bar code that allows transactions to be touchless — have emerged as a permanent tech fixture from the coronavirus pandemic. Restaurants have adopted them en masse, retailers including CVS and Foot Locker have added them to checkout registers, and marketers have splashed them all over retail packaging, direct mail, billboards and TV advertisements.

But the spread of the codes has also let businesses integrate more tools for tracking, targeting and analytics, raising red flags for privacy experts. That’s because QR codes can store digital information such as when, where and how often a scan occurs. They can also open an app or a website that then tracks people’s personal information or requires them to input it.

As a result, QR codes have allowed some restaurants to build a database of their customers’ order histories and contact information. At retail chains, people may soon be confronted by personalized offers and incentives marketed within QR code payment systems.

“People don’t understand that when you use a QR code, it inserts the entire apparatus of online tracking between you and your meal,” said Jay Stanley, a senior policy analyst at the American Civil Liberties Union. “Suddenly your offline activity of sitting down for a meal has become part of the online advertising empire.”

QR codes may be new to many American shoppers, but they have been popular internationally for years. Invented in 1994 to streamline car manufacturing at a Japanese company, QR codes became widely used in China in recent years after being integrated into the AliPay and WeChat Pay digital payment apps.

In the United States, the technology was hampered by clumsy marketing, a lack of consumer understanding and the hassle of needing a special app to scan the codes, said Scott Stratten, who wrote the 2013 business book “QR Codes Kill Kittens” with his wife, Alison Stratten.

That has changed for two reasons, Mr. Stratten said. In 2017, he said, Apple made it possible for the cameras in iPhones to recognize QR codes, spreading the technology more widely. Then came the “pandemic, and it’s amazing what a pandemic can make us do,” he said.

Half of all full-service restaurant operators in the United States have added QR code menus since the start of the pandemic, according to the National Restaurant Association. In May 2020, PayPal introduced QR code payments and has since added them at CVS, Nike, Foot Locker and around one million small businesses. Square, another digital payments firm, rolled out a QR code ordering system for restaurants and retailers in September.

Businesses don’t want to give up the benefits that QR codes have brought to their bottom line, said Sharat Potharaju, the chief executive of the digital marketing company MobStac. Deals and special offers can be bundled with QR code systems and are easy to get in front of people when they look at their phones, he said. Businesses also can gather data on consumer spending patterns through QR codes.

“With traditional media, like a billboard or TV, you can estimate how many people may have seen it, but you don’t know how people actually interacted with it,” said Sarah Cucchiara, a senior vice president at BrandMuscle, a marketing firm that introduced a QR code menu product last year. “With QR codes, we can get reporting on those scans.”

Cheqout and Mr. Yum, two start-ups that sell technology for creating QR code menus at restaurants, also said the codes had brought advantages to businesses.

Restaurants that use QR code menus can save 30 percent to 50 percent on labor costs by reducing or eliminating the need for servers to take orders and collect payments, said Tom Sharon, a co-founder of Cheqout.

Digital menus also make it easier to persuade people to spend more with offers to add fries or substitute more expensive spirits in a cocktail, with photographs of menu items to make them more appealing, said Kim Teo, a Mr. Yum co-founder. Orders placed through the QR code menu also let Mr. Yum inform restaurants what items are selling, so they can add a menu section with the most popular items or highlight dishes they want to sell.

These increased digital abilities are what worry privacy experts. Mr. Yum, for instance, uses cookies in the digital menu to track a customer’s purchase history and gives restaurants access to that information, tied to the customer’s phone number and credit cards. It is piloting software in Australia so restaurants can offer people a “recommended to you” section based on their previous orders, Ms. Teo said.

[snip]

Apple Watch’s data ‘black box’ poses research problems

Apple Watch’s data ‘black box’ poses research problems
Algorithms can change without warning
By Nicole Wetsman
Jul 27 2021
https://www.theverge.com/2021/7/27/22594178/apple-watch-data-research-heart-rate-reliability

A Harvard biostatistician is rethinking plans to use Apple Watches as part of a research study after finding inconsistencies in the heart rate variability data collected by the devices. Because Apple tweaks the watch’s algorithms as needed, the data from the same time period can change without warning. 

“These algorithms are what we would call black boxes — they’re not transparent. So it’s impossible to know what’s in them,” JP Onnela, associate professor of biostatistics at the Harvard T.H. Chan School of Public Health and developer of the open-source data platform Beiwe, told The Verge. 

Onnela doesn’t usually include commercial wearable devices like the Apple Watch in research studies. For the most part, his teams use research-grade devices that are designed to collect data for scientific studies. As part of a collaboration with the department of neurosurgery at Brigham and Women’s Hospital, though, he was interested in the commercially available products. He knew that there were sometimes data issues with those products, and his team wanted to check how severe they were before getting started. 

So, they checked in on heart rate data his collaborator Hassan Dawood, a research fellow at Brigham and Women’s Hospital, exported from his Apple Watch. Dawood exported his daily heart rate variability data twice: once on September 5th, 2020 and a second time on April 15th, 2021. For the experiment, they looked at data collected over the same stretch of time — from early December 2018 to September 2020.

Because the two exported datasets included data from the same time period, the data from both sets should theoretically be identical. Onnela says he was expecting some differences. The “black box” of wearable algorithms is a consistent challenge for researchers. Rather than showing the raw data collected by a device, the products usually only let researchers export information after it has been analyzed and filtered through an algorithm of some kind. 

Companies change their algorithms regularly and without warning, so the September 2020 export may have included data analyzed using a different algorithm than the April 2021 export. “What was surprising was how different they were,” he says. “This is probably the cleanest example that I have seen of this phenomenon.” He published the data in a blog post last week.

Apple did not respond to a request for comment. 

It was striking to see the differences laid out so clearly, says Olivia Walch, a sleep researcher who works with wearable and app data at the University of Michigan. Walch has long advocated for researchers to use raw data — data pulled directly from a device’s sensors, instead of filtered through its software. “It’s validating, because I get on my little soapbox about the raw data, and it’s nice to have a concrete example where it would really matter,” she says.

Constantly changing algorithms makes it almost prohibitively difficult to use commercial wearables for sleep research, Walch says. Sleep studies are already expensive. “Are you going to be able to strap four FitBits on someone, each running a different version of the software, and then compare them? Probably not.”

Companies have incentives to change their algorithms to make their products better. “They’re not super incentivized to tell us how they’re changing things,” she says. 

That’s a problem for research. Onnela compared it to tracking body weight. “If I wanted to jump on a scale every week, I should be using the same scale every time,” he says. If that scale was tweaked without him knowing about it, the day-to-day changes in weight wouldn’t be reliable. For someone who has just a casual interest in tracking their health, that may be fine — the differences aren’t going to be major. But in research, consistency matters. “That’s the concern,” he says.

[snip]

Researchers Hid Malware Inside an AI’s ‘Neurons’ And It Worked Scarily Well

[Note:  This item comes from friend David Rosenthal.  DLH]

Researchers Hid Malware Inside an AI’s ‘Neurons’ And It Worked Scarily Well
In a proof-of-concept, researchers reported they could embed malware in up to half of an AI model’s nodes and still obtain very high accuracy.
By Radhamely De Leon
Jul 22 2021
https://www.vice.com/en/article/bvzp78/researchers-hid-malware-inside-an-ais-neurons-and-it-worked-scarily-well

Neural networks could be the next frontier for malware campaigns as they become more widely used, according to a new study. 

According to the study, which was posted to the arXiv preprint server on Monday, malware can be embedded directly into the artificial neurons that make up machine learning models in a way that keeps them from being detected. The neural network would even be able to continue performing its set tasks normally.

“As neural networks become more widely used, this method will be universal in delivering malware in the future,” the authors, from the University of the Chinese Academy of Sciences, write. 

Using real malware samples, their experiments found that replacing up to around 50 percent of the neurons in the AlexNet model⁠—a benchmark-setting classic in the AI field⁠—with malware still kept the model’s accuracy rate above 93.1 percent. The authors concluded that a 178MB AlexNet model can have up to 36.9MB of malware embedded into its structure without being detected using a technique called steganography. Some of the models were tested against 58 common antivirus systems and the malware was not detected.

Other methods of hacking into businesses or organizations, such as attaching malware to documents or files, often cannot deliver malicious software en masse without being detected. The new research, on the other hand, envisions a future where an organization may bring in an off-the-shelf machine learning model for any given task (say, a chat bot, or image detection) that could be loaded with malware while performing its task well enough not to arouse suspicion. 

According to the study, this is because AlexNet (like many machine learning models) is made up of millions of parameters and many complex layers of neurons including what are known as fully-connected “hidden” layers. By keeping the huge hidden layers in AlexNet completely intact, the researchers found that changing some other neurons had little effect on performance.

In the paper, the authors lay out a playbook for how a hacker might design a malware-loaded machine learning model and have it spread in the wild:

“First, the attacker needs to design the neural network. To ensure more malware can be embedded, the attacker can introduce more neurons. Then the attacker needs to train the network with the prepared dataset to get a well-performed model. If there are suitable well-trained models, the attacker can choose to use the existing models. After that, the attacker selects the best layer and embeds the malware. After embedding malware, the attacker needs to evaluate the model’s performance to ensure the loss is acceptable. If the loss on the model is beyond an acceptable range, the attacker needs to retrain the model with the dataset to gain higher performance. Once the model is prepared, the attacker can publish it on public repositories or other places using methods like supply chain pollution, etc.”

According to the paper, in this approach the malware is “disassembled” when embedded into the network’s neurons, and assembled into functioning malware by a malicious receiver program that can also be used to download the poisoned model via an update. The malware can still be stopped if the target device verifies the model before launching it, according to the paper. It can also be detected using “traditional methods” like static and dynamic analysis.

“Today it would not be simple to detect it by antivirus software, but this is only because nobody is looking in there,” cybersecurity researcher and consultant Dr. Lukasz Olejnik told Motherboard. 

Olejnik also warned that the malware extraction step in the process could also risk detection. Once the malware hidden in the model was compiled into, well, malware, then it could be picked up. It also might just be overkill. 

“But it’s also a problem because custom methods to extract malware from the [deep neural network] model means that the targeted systems may already be under attacker control,” he said “But if the target hosts are already under attacker control, there’s a reduced need to hide extra malware.” 

“While this is legitimate and good research, I do not think that hiding whole malware in the DNN model offers much to the attacker,” he added.

[snip]