Triclosan, BPA, and the Immune System

November 30, 2010

I’ve written here a couple of times before about variants of the “hygiene hypothesis” — the idea that our environments, which are extraordinarily clean by evolutionary standards, are keeping some children’s immune systems from developing normally, because they are not exposed to the range of microorganisms that the immune system needs to “see” in order to calibrate itself.   I’ve also mentioned concerns about triclosan, an anti-bacterial and anti-fungal agent that is used in a wide variety of consumer products and cosmetics.

The site has a report of a study, conducted at the University of Michigan School of Public Health, which examines the effects of exposure to triclosan and bisphenol-A [BPA] (found in many plastics, and in carbonless receipt tapes) on the immune system.  Both of these chemicals are classified as endocrine-disrupting compounds, and it has been suspected that they have an adverse effect on the immune system.

Using data from the 2003-2006 National Health and Examination Survey, U-M researchers compared urinary BPA and triclosan with cytomegalovirus (CMV) antibody levels and diagnosis of allergies or hay fever in a sample of U.S. adults and children over age 6. Allergy and hay fever diagnosis and CMV antibodies were used as two separate markers of immune alterations.

The paper is being published in the journal Environmental Health Perspectives, and is available online [abstract, with download link to full text].

The study found that, among people 18 and younger, higher exposures to triclosan were associated with a higher likelihood of allergies or hay fever.   People over 18 with higher exposures to BPA showed higher CMV antibody levels, which suggests a potential problem with cell-mediated immunity.  This effect seemed to depend on age, with different results for people under 18.

The results for triclosan seem to lend some additional support to the hygiene hypothesis

“The triclosan findings in the younger age groups may support the ‘hygiene hypothesis,’ which maintains living in very clean and hygienic environments may impact our exposure to micro-organisms that are beneficial for development of the immune system,” said Allison Aiello, associate professor at the U-M School of Public Health and principal investigator on the study..

AS the article point out, one limitation of the study is that it was essentially cross-sectional; that is, it measured both exposure and immune system impact over the same time period.  A longitudinal study that tracked a group of people over a number of years would probably help clarify the effects.

Nonetheless, this is an interesting result, which lends credence to the idea that our well-intentioned efforts to improve hygiene may, like so many other well-intentioned efforts, have unexpected consequences.

Cheap Terrorism

November 29, 2010

I have written here before about the danger that, by over-reacting to incidents like the Christmas “Underpants Bomber”, and the discovery of explosives in toner cartridges, we are doing more damage to ourselves, and to the values that make our society worth defending, than the terrorists could ever accomplish on their own.  In these and similar cases, we have ended up spending enormous amounts of money and energy creating responses to specific attack methods, even though the attacks themselves were unsuccessful.

As the New York Times reports, this lesson has not been lost on some of our enemies.

In a detailed account of its failed parcel bomb plot last month, Al Qaeda’s branch in Yemen said late Saturday that the operation cost only $4,200 to mount, was intended to disrupt global air cargo systems and reflected a new strategy of low-cost attacks designed to inflict broad economic damage.

It mocked the notion that the plot was a failure, saying it was the work of “less than six brothers” over three months. “This supposedly ‘foiled plot,’ ” the group wrote, “will without a doubt cost America and other Western countries billions of dollars in new security measures. That is what we call leverage.”

As a result of these tactics, we have not only the added expense and inconvenience of additional security measures, but also the ongoing squabble about passenger screening protocols.  And more recently, we have had the news of the alleged plot to explode a car bomb at a Christmas tree lighting in Portland OR.  (It is interesting, although probably the height of idleness, to speculate on  what new security measures might be introduced as a result of the Portland affair.)

We need to stop imitating a flock of headless Chicken Littles every time a potential attack is uncovered.  Bruce Schneier has been saying this for years; in an essay about the Underpants Bomber, he wrote:

The real security failure on Christmas Day was in our reaction. We’re reacting out of fear, wasting money on the story rather than securing ourselves against the threat. Abdulmutallab succeeded in causing terror even though his attack failed.

If we refuse to be terrorized, if we refuse to implement security theater and remember that we can never completely eliminate the risk of terrorism, then the terrorists fail even if their attacks succeed.

There are models we might consider.  I can remember how impressed I was, many years ago, when I first saw this picture of a milkman, taken in London in 1940, during the Blitz.

London Milkman During the Blitz

Of course we need to take the threat of terrorism seriously; but we do ourselves no favors by enabling the bad guys to hurt us on the cheap.

Refuse to be terrorized.

CITP Seeks Visitors for 2011-2012

November 28, 2010

I have mentioned the Center for Information Technology Policy [CITP] at Princeton University several times in posts here (most recently here).  Professor Ed Felten, the Director of the CITP, has announced that applications are now being accepted for visiting scholars for the 2011-2012 academic year.

The Center for Information Technology Policy (CITP) seeks candidates for positions as visiting faculty members or researchers, or postdoctoral research associates for the 2011-2012 academic year.

The announcement page at the CITP’s Web site has further details and application information.  The deadline for applications is January 15, 2011.

New TSA Search: Reactions

November 27, 2010

News reports in the last couple of weeks have been full of stories about the new air passenger screening facilities and procedures put in place by the Transportation Security Administration [TSA].  There has been so much commentary and so many different reactions that it is hard to know where to start; however, Bruce Schneier has a long post on his “Schneier on Security” blog which has a fair cross-section of reactions, and lots of links to other sources.  (The date of the original post was November 19, but it has been updates a number of times since then.)

My own reaction to these developments is to some degree mixed.  Although I think it is past time that we had a somewhat serious discussion of the trade-offs between security and privacy, some of the nearly hysterical reactions to the new screening protocols strike me as a bit overblown.  And I am sure there would be at least equivalent hysteria — some of it probably from the same people — in the event that a terrorist attack on an aircraft were successful.

On the other hand, as the late Senator Daniel Moynihan said, everyone is entitled to his own opinion, but not to his own facts.  Ruth Marcus, a generally sensible OpEd columnist for the Washington Post, wrote in a recent column:

… whether this is real security or security theater is to some extent unknowable; the plot deterred cannot be measured. We do know that, without the enhanced imaging, Umar Farouk Abdulmutallab got on a plane with enough explosives to blow it up.

We actually do not know anything of the kind.  As I noted in a post in March, the BBC sponsored an experiment in which the same amount and type of explosive (80g of PETN), placed in the same position as Umar’s seat, were set off in a retired 747 at an aircraft graveyard in the UK.  The resulting explosion almost certainly would have killed the terrorist and some people nearby; however, it did not even rupture the skin of the aircraft fuselage.  The experts involved said that the quantity of explosive was “not nearly enough” to cause structural damage.  There was no evidence that the crew’s ability to control or land the aircraft would have been significantly compromised.

I don’t mean to pick on Ms. Marcus; there have been many other similar statements made by others.  What concerns me is that this sort of “lore” takes on a life of its own.  I think there is in consequence a real risk that we will end up doing to ourselves more, in terms of economic loss, and loss of privacy and freedom, than the terrorists could ever hope to do.


Junking the Threat Colors

November 26, 2010

According to an article in the New York Times, the Department of Homeland Security [DHS] has decided to do away with its color-coded system for indicating terrorist threat levels, in place since 2002.  This is a good thing — the whole thing was more or less a joke from the beginning, principally because it didn’t convey any useful information.  (What am I supposed to do differently when it’s Orange as opposed to Yellow?)   That the levels have not changed in three years would also suggest that the system lacks something in terms of communicating useful and current information.

The color-coded threat levels were doomed to fail because “they don’t tell people what they can do — they just make people afraid,” said Bruce Schneier, an author on security issues.

There is also, I think, a natural bias in a system like this: when in doubt, keep the alert level high, for backside protection reasons.  If the announced threat level is low, and there is an attack, it makes the security agency look bad.

DHS is working on a new system that is supposed to provide more in the way of useful infortmation.

“The goal is to replace a system that communicates nothing,” the agency said, “with a partnership approach with law enforcement, the private sector and the American public that provides specific, actionable information based on the latest intelligence.”

We shall see.

Adobe Releases Reader X

November 25, 2010

Back in October, I posted a note about an announcement from Adobe of new versions of their popular Reader and Acrobat software, which would incorporate a security technology known as sandboxing.   The idea of the sandbox is to isolate the processing of potentially untrustworthy content from the rest of the application.   Google’s Chrome browser, for example, uses sandboxing to isolate plugin processing.

Adobe has now released the new Reader X version for the Windows, Mac OS X, and Android platforms.  (I have not been been able to find a release schedule for Linux/UNIX.)   The release announcement on Adobe’s blog contains some additional information; it also contains links to oter blog posts that discuss the technical implementation of the sandbox in some detail.  You can get the installation packages for the new version from Adobe’s standard download page.

Bear in mind that this is a totally new version of Reader, and is distinct from the security update (to version 9.4.1) that I wrote about a couple of days ago.  I suggest that you make sure that you have that update installed, and continue to use that version for work you need to get done.  I do recommend, for Windows users especially, getting a copy of Reader X and testing it, since I think that the concept of sandboxing is a good one.  However, major changes like this are very seldom entirely free of problems at the beginning, and in fact some conflicts with certain third-party security products have been reported.  I think doing come testing before committing to the new version is only prudent.

Update Friday, 26 November, 11:05 EST

Brian Krebs also has a post on this new version at his “Krebs on Security” blog.

Apple Releases Safari 5.0.3

November 23, 2010

Apple has released updated versions of its Safari Web browser, in order to address a number of security vulnerabilities, and to fix other bugs.  The primary new version, 5.0.3, is available for Windows XP, Vista, and 7, and for Mac OS X versions 10.5.x and 10.6.x.    Apple’s release information page has more details on what’s included in the new version; the related “Security Content” article has details of the vulnerabilities being patched.

The new version, which I recommend installing as soon as you conveniently can, should be available through Apple’s Software Update mechanism; alternatively, the new versions can be obtained from Apple’s Support Downloads page.

%d bloggers like this: