My Take | How a US influence operation undermines Hong Kong’s Covid efforts
- With no expertise in public health or pandemic control, the irresponsible operation behind the US-sponsored expose of ‘Leave Home Safe’ security flaws may well cost local lives
In 2008, researchers at Radboud University in the Netherlands discovered a serious security vulnerability in a smart card, which was being rolled out for the Dutch transit system. The chip has already been used in the transport systems of several major international cities, including Hong Kong.
The researchers informed the chip maker, the Dutch ministry of the interior, and transit agency about the problem and gave them six months to fix it before going public at an academic conference.
The chip maker then tried to impose a restraining order to prevent disclosure, but the court rejected it. The ruling has become a landmark not only for the Dutch, but also many European countries.
Since then, the industry standard or best practice has become known as “coordinated vulnerability disclosure” (CVD), which enables the discoverer of flaws or vulnerabilities to disclose such information in a responsible way and in the public interest.
Giving previous warnings and lead time to those entities or agencies responsible before going public is standard practice. After all, if you sound your “warning” out of the blue, you are not just alerting stakeholders, but potential malicious actors or criminals too.