COVID-19: IoT and Cybersecurity

Fredrik Johan Skippervold is a UCL MPA Graduate within Digital Technologies and Policy 18/19. He holds a Bachelor of Law with Spanish and is currently a researcher in the PETRAS National Centre of Excellence for IoT Systems Cybersecurity.

Introduction

Over the past four months (April – July) my colleague Dr Catherine Wheller and I have been following the impacts of COVID-19 on cybersecurity and the Internet of Things (IoT) within the UK and beyond. The pandemic has inspired a range of IoT innovations to help stop the spread of the virus. We have written weekly landscape briefings (LB) that provide up to date information on the latest developments in this area. In this blog I will talk about how we set about collecting information and how we put together these reports, as well as highlight some of the major developments which include discussions surrounding privacy and ethics. To note, a final summary briefing will be posted alongside this blogpost. The summary, which can be found here, includes a detailed timeline of events, provides an overview of how IoT devices are helping to stop the spread of the virus (UK and globally) and presents discussions around so-called ‘immunity passports’.

How did the landscape briefings begin?

As the virus began to spread within Europe, governments started looking at the already deployed technological solutions adopted within Asian countries. Singapore was one of the first countries to release a digital contact tracing solution, TraceTogether, which uses Bluetooth technology to alert users to potential contacts with COVID-19. In China, the ‘health code’ service was launched which assigns users a colour and QR code that authorities can scan: Green = travel freely; yellow = self-isolation; red = confirmed case.

Catherine and I were positive that governments in Europe would be following this with a close eye. We thought it would be a good idea to provide an overview of all the IoT developments in relation to COVID-19 around the world. We quickly realised a single overview would not be possible as there were new developments happening at such as fast pace and it was clear these would continue for a long period of time. And so, the weekly LB’s were born!

How did you go about making them?

Each week we set up a shared Google doc where we pasted in everything from news articles, webinars, reports, opinion pieces and more. Some of these links were often in another language! We really tried to capture everything related to COVID-19, IoT and cybersecurity. On Sunday evenings and Mondays’ we began piecing together our findings and started writing the LB. Catherine would then edit and format the document making it look sublime. On Tuesday mornings I would check the LB for any typos and grammar mistakes prior to sending it to the PETRAS Team for their feedback. The team were usually always content with the LB and we would then aim to publish it on the website and other social media channels by 15:00. A special mention to Natalia Maj, a current MPA student at STEaPP, who began helping with proofreading roughly midway through this project – her fresh pair of eyes spotted multiple mistakes that helped improve the quality of these briefings.

Digital contact tracing in the UK

The idea of introducing a contact tracing app similar to the one in Singapore to the UK was first discussed in March. On 18 March NHSX (an NHS unit driving forward the digital transformation of health and social care) announced that they were ‘looking at whether app-based solutions might be helpful in tracking and managing coronavirus’.[1] Pre-COVID-19, I think it would be fair to say that the deployment such an application, in the UK, would have been unthinkable.

Unsurprisingly, many questions and issues to do with privacy and ethics quickly emerged. With regards to privacy, one of the biggest early debates had to do with whether the app was centralised or decentralised. In a centralised model ‘the anonymised data gathered is uploaded to a remote server where matches are made with other contacts should a person start to develop COVID-19 symptoms’.[2] In a decentralised model, matches are instead made on the users’ phone, giving them more control over their information. The UK began pursuing a centralised model. However, after heavy criticism from privacy advocates[3], challenges during the Isle of Wight field tests, and pressure[4] to use Apple and Google’s (Gapple) exposure notification API, the UK government announced the switch to use Gapple’s framework on 18 June.[5]

Since contact tracing apps gained so much traction around the world, the ethical implications were quickly brought to light. On 24 April The CEO of NHSX announced the establishment of an Ethics Advisory Board.[6] Membership includes members of the Centre for Data Ethics and Innovation board.[7] On 1 May, ethical guidelines for digital contact tracing systems[8] for COVID-19 were published by the Oxford Internet Institute comprising 12 factors to guide the design and development of ethical digital tracing systems. On 28 May The World Health Organisation released ethical considerations[9] to guide the use of digital proximity tracking technologies for contact tracing.

Surprisingly, however, on 23 July media report that the Ethics Advisory Board established by NHSX in May to provide timely advice, guidance and recommendations on ethical issues during the development of the NHS contact tracing app had been disbanded.[10]

How IoT devices could control the spread of COVID-19

In an attempt to tackle coronavirus there has been increased interest in the use of wearables around the world. Devices such as Fitbits, smart bracelets and patches are some of the wearables deployed to aid in the effort. The benefit of using this technology is that the virus can be picked up even before symptoms appear – this is done by monitoring ‘biomarkers’ such as heart rate or skin temperature.[11]

Remote monitoring would allow patients to ‘track their own biomarkers in communication with their doctor, and health authorities could observe the emergence of disease indicators at a population level’. Difficulties with the use of wearables include their demographic and geographic ownership. Where ownership is low, outbreaks may be missed.[12]

IoT devices are currently being used for:

• Wearable devices for health monitoring
• Wearable devices for maintaining social distancing
• Wearable devices for early detection of COVID-19
• Wearable devices for enforcing quarantine
• Wearable devices for temperature monitoring
• Wearable device for contact tracing
• Remote monitoring platforms to monitor patient health at home 
• Remote monitoring platforms to discover biomarkers for early identification of COVID-19
• Remote monitoring of breathing to provide early warning of sudden breathlessness
• Automated robotic fulfilment platforms for grocery orders
• Drones for transporting medical supplies
• Smart speakers to provide health advice
• Mobility data to understand the impact of lockdown measures
• Machine learning to and AI to understand critical care
• Robots for remote cleaning
• Smart bins as a proxy for economic activity
• Thermal imaging for symptom tracking

For further information on each of these use-cases please see our summary briefing.

Conclusion

Following the developments in this area has not only been extremely interesting but also very eye opening when looking at the different paths respective governments have taken in this fight. There are many factors that come into play; ethics, privacy, legislation and culture to name a few. It makes this an extremely complicated area, yet at the same time, it’s bringing people from a wide range of disciplines closer together. We have seen great technological innovations in a short space of time and a more technologically enabled society as a result of this.

 

[1] https://www.hsj.co.uk/free-for-non-subscribers/nhs-developing-coronavirus-contact-tracking-app/7027163.article

[2] https://www.bbc.com/news/technology-52355028

[3] https://osf.io/preprints/lawarxiv/6fvgh

[4] https://www.ft.com/content/5ba7dc0a-6fee-4f17-9894-e12dcf9ed286

[5] https://www.gov.uk/government/news/next-phase-of-nhs-coronavirus-covid-19-app-announced

[6] https://www.nhsx.nhs.uk/blogs/digital-contact-tracing-protecting-nhs-and-saving-lives/

[7] https://cdei.blog.gov.uk/2020/04/27/how-is-the-cdei-supporting-the-response-to-covid-19/

[8] https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3582550

[9] https://www.who.int/publications/i/item/WHO-2019-nCoV-Ethics_Contact_tracing_apps-2020.1

[10] https://www.telegraph.co.uk/technology/2020/07/23/nhs-contact-tracing-app-ethics-board-scrapped/

[11] https://www.ft.com/content/f13106bd-dc49-455e-ad9c-5aec256f9aa8

[12] https://www.ft.com/content/f13106bd-dc49-455e-ad9c-5aec256f9aa8