Our co-founder Charles Mok delivered an online keynote address in this leading regional event for the Cloud, Datacenter, and Cybersecurity industries, on the topic of "From Re-opening to Recovery: Post-COVID Security and Privacy Issues and Trends."
From Re-Opening to Recovery: Post-COVID Security and Privacy Issues and Trends
21 APR 2021 HONG KONG CHARLES MOK | TECH FOR GOOD ASIA POST-COVID SECURITY AND PRIVACY ISSUES AND TRENDS FROM RE-OPENING TO RECOVERY
WE’VE COME A LONG WAY
Source: Wkimedia Commons, under Creative Commons license
Source: Wkimedia Commons, under Creative Commons license
Johns Hopkins University | https://coronavirus.jhu.edu/map.html
World Health Organization | https://covid19.who.int/
From open data to big data analytics “Significant Applications of Big Data in COVID-19 Pandemic” Indian Journal of Orthopaedics (Jul 2020) Numerous applications: Contact tracing/exposure notification Vaccine discovery
Exposure notification apps notify a user if he/she has been "near" someone who later tested positive for COVID-19, typically using Bluetooth tracking with the users' phones. Contact tracing apps let users log their location and share it with public health authorities. Who’s doing what? MIT Technology Review: "The Covid Tracing Tracker: What’s happening in coronavirus apps around the world" (Dec 2020) https://www.technologyreview.com/2020/12/16/1014878/covid-tracing-tracker/ EXPOSURE NOTIFICATION VS CONTACT TRACING
Singapore’s “TraceTogether” Bluetooth based, app or token https://www.tracetogether.gov.sg/ Hong Kong’s “LeaveHomeSafe” QRcode based app https://www.leavehomesafe.gov.hk/ “Data stored on device” but in case of infection, data will be uploaded to government …OR SOMEWHERE IN BETWEEN?
GAEN Google Apple Exposure Notification System Originally known as “Privacy-Preserving Contact Tracing Project” https://developer.apple.com/exposure-notification/ https://www.google.com/covid19/exposurenotifications/ Decentralised reporting protocol based on bluetooth and privacy-preserving cryptography, running on both Android and iOS — an “API” for health authorities to develop their EN apps Adopted by various western countries (Parts of US, UK, Canada, Germany etc) but not well taken up in Asia (https://en.wikipedia.org/wiki/Exposure_Notification) “A Critique of the Google Apple Exposure Notification (GAEN) Framework” (by Prof Jaap-Henk Hoepman, Radboud University Nijmegen) — https://arxiv.org/abs/2012.05097 “this creates a dormant functionality for mass surveillance at the operating system layer…it does not technically prevent the health authorities from implementing a purely centralised form of contact tracing (even though that is the stated aim)”
BUT IT WORKS? “Some evidence” shows that exposure notification/contract tracing apps do help bring down COVID-19 cases, even if take-up rates of these apps are not high The ultimate question and debate: How to balance between privacy and public health Citizens’ trust levels toward governments
WFH TO HYBRID WORK Reality strikes after race to adopt early in the pandemic Google Wants Workers To Return To The Office Ahead Of Schedule: This Looks Like A Blow To The Remote-Work Trend -- https://www.forbes.com/sites/jackkelly/2021/04/01/google- wants-workers-to-return-to-the-office-ahead-of-schedule-this- looks-like-a-blow-to-the-remote-work-trend/ Microsoft: 52% of the company's IMs were being sent between 6pm and midnight — https://www.zdnet.com/article/microsoft-revealed-the-latest- truths-about-working-from-home-one-is-truly-disturbing/ Not to mention: the troubles with Zoom, and indeed any other video conferencing tools/apps
DIGITAL IDENTITY AND OTHER SECURITY MEASURES, AND THE PRICE TO PAY
THE GREAT DEBATE: VACCINE PASSPORTS For back to work/school/traffic….etc. From COVID-19 tests to vaccinations — fake certificates keep coming, both in paper forms or digital copies But, what’s in a name: Vaccine Passport vs Health Certificates? Issues: Standards? Privacy? Inequality?
ISRAEL’S GREEN PASS
CHINA’S INT’L TRAVEL HEALTH CERTIFICATE
EU’S DIGITAL GREEN CERTIFICATE
NEW YORK’S EXCELSIOR PASS
US CDC’S VACCINATION RECORD CARD Federal government “will not maintain centralised vaccination database” Most likely there will not be a ‘nationally issued’ vaccine passport
MORE…COMING IN ASIA
SINGAPORE’S STRATEGY Standards: “HealthCerts is a set of digital standards and schema for issuing digital COVID-19 test results certificates that are in line with international standards and the Singapore Government’s requirements.” Multiple local firms as “providers”: https://www.healthcerts.gov.sg/list-of-providers/ Leveraging nation’s “trade bubble” strategy — with Malaysia, Australia, Hong Kong etc.
Early implementation by: IBM Digital Health Pass, CommonPass (supported by World Economic Forum), Travel Pass (supported by IATA), ICC AOKPass (supported by ICC), etc. Competing ‘standards’: Linux Foundation Public Health’s COVID-19 Credentials Initiative (CCI); Vaccination Credential Initiative (VCI) supported by Microsoft, Oracle, Salesforce, etc. Public concerns on issues like: privacy, data security risks, discrimination (for access to services and work, etc.), inequality (within and between nations), normalising health surveillance, uncertainty of vaccine effects, etc. — all with socio-economical, political and even racial implications Creating long-term infrastructure for a time-bound crisis Reference: Ada Lovelace Institute https://www.adalovelaceinstitute.org/project/international-monitor-vaccine-passports- covid-status-apps/ VACCINE PASSPORTS: WHERE TO GO FROM HERE?
WHO INTERIM GUIDELINES Published in March 2021
TECHNOLOGY IMPLICATIONS New technology adoption accelerated Self-sovereign identity/verifiable credentials network Blockchain Advances in cryptographic key exchange Decentralised identity (DID) More effective vaccine tracing By Daniel Hardman under Creative Commons
STAY SAFE, BE HEALTHY CHARLES MOK TECH FOR GOOD ASIA https://www.facebook.com/charles.mok/ https://www.linkedin.com/in/charlesmok/ Twitter: @charlesmok