Keynote at W.Media Digital Week Asia, Hong Kong Session

Our co-founder Charles Mok delivered an online keynote address in this leading regional event for the Cloud, Datacenter, and Cybersecurity industries, on the topic of "From Re-opening to Recovery: Post-COVID Security and Privacy Issues and Trends."

From Re-Opening to Recovery: Post-COVID Security and Privacy Issues and Trends

1. 21 APR 2021 HONG KONG CHARLES MOK | TECH FOR GOOD ASIA POST-COVID SECURITY AND PRIVACY ISSUES AND TRENDS FROM RE-OPENING TO RECOVERY

2. WE’VE COME A LONG WAY

3. Source: Wkimedia Commons, under Creative Commons license

4. Source: Wkimedia Commons, under Creative Commons license

5. Johns Hopkins University | https://coronavirus.jhu.edu/map.html

6. World Health Organization | https://covid19.who.int/

7. From open data to big data analytics “Significant Applications of Big Data in COVID-19 Pandemic” Indian Journal of Orthopaedics (Jul 2020) Numerous applications: Contact tracing/exposure notification Vaccine discovery

8. Exposure notification apps notify a user if he/she has been "near" someone who later tested positive for COVID-19, typically using Bluetooth tracking with the users' phones. Contact tracing apps let users log their location and share it with public health authorities. Who’s doing what? MIT Technology Review: "The Covid Tracing Tracker: What’s happening in coronavirus apps around the world" (Dec 2020) https://www.technologyreview.com/2020/12/16/1014878/covid-tracing-tracker/ EXPOSURE NOTIFICATION VS CONTACT TRACING

9. Singapore’s “TraceTogether” Bluetooth based, app or token https://www.tracetogether.gov.sg/ Hong Kong’s “LeaveHomeSafe” QRcode based app https://www.leavehomesafe.gov.hk/ “Data stored on device” but in case of infection, data will be uploaded to government …OR SOMEWHERE IN BETWEEN?

10. GAEN Google Apple Exposure Notification System Originally known as “Privacy-Preserving Contact Tracing Project” https://developer.apple.com/exposure-notification/ https://www.google.com/covid19/exposurenotifications/ Decentralised reporting protocol based on bluetooth and privacy-preserving cryptography, running on both Android and iOS — an “API” for health authorities to develop their EN apps Adopted by various western countries (Parts of US, UK, Canada, Germany etc) but not well taken up in Asia (https://en.wikipedia.org/wiki/Exposure_Notification) “A Critique of the Google Apple Exposure Notification (GAEN) Framework” (by Prof Jaap-Henk Hoepman, Radboud University Nijmegen) — https://arxiv.org/abs/2012.05097 “this creates a dormant functionality for mass surveillance at the operating system layer…it does not technically prevent the health authorities from implementing a purely centralised form of contact tracing (even though that is the stated aim)”

11. BUT IT WORKS? “Some evidence” shows that exposure notification/contract tracing apps do help bring down COVID-19 cases, even if take-up rates of these apps are not high The ultimate question and debate: How to balance between privacy and public health Citizens’ trust levels toward governments

12. WFH TO HYBRID WORK Reality strikes after race to adopt early in the pandemic Google Wants Workers To Return To The Office Ahead Of Schedule: This Looks Like A Blow To The Remote-Work Trend -- https://www.forbes.com/sites/jackkelly/2021/04/01/google- wants-workers-to-return-to-the-office-ahead-of-schedule-this- looks-like-a-blow-to-the-remote-work-trend/ Microsoft: 52% of the company's IMs were being sent between 6pm and midnight — https://www.zdnet.com/article/microsoft-revealed-the-latest- truths-about-working-from-home-one-is-truly-disturbing/ Not to mention: the troubles with Zoom, and indeed any other video conferencing tools/apps

13. DIGITAL IDENTITY AND OTHER SECURITY MEASURES, AND THE PRICE TO PAY

14. THE GREAT DEBATE: VACCINE PASSPORTS For back to work/school/traffic….etc. From COVID-19 tests to vaccinations — fake certificates keep coming, both in paper forms or digital copies But, what’s in a name: Vaccine Passport vs Health Certificates? Issues: Standards? Privacy? Inequality?

15. ISRAEL’S GREEN PASS

16. CHINA’S INT’L TRAVEL HEALTH CERTIFICATE

17. EU’S DIGITAL GREEN CERTIFICATE

18. NEW YORK’S EXCELSIOR PASS

19. US CDC’S VACCINATION RECORD CARD Federal government “will not maintain centralised vaccination database” Most likely there will not be a ‘nationally issued’ vaccine passport

20. MORE…COMING IN ASIA

21. SINGAPORE’S STRATEGY Standards: “HealthCerts is a set of digital standards and schema for issuing digital COVID-19 test results certificates that are in line with international standards and the Singapore Government’s requirements.” Multiple local firms as “providers”: https://www.healthcerts.gov.sg/list-of-providers/ Leveraging nation’s “trade bubble” strategy — with Malaysia, Australia, Hong Kong etc.

22. Early implementation by: IBM Digital Health Pass, CommonPass (supported by World Economic Forum), Travel Pass (supported by IATA), ICC AOKPass (supported by ICC), etc. Competing ‘standards’: Linux Foundation Public Health’s COVID-19 Credentials Initiative (CCI); Vaccination Credential Initiative (VCI) supported by Microsoft, Oracle, Salesforce, etc. Public concerns on issues like: privacy, data security risks, discrimination (for access to services and work, etc.), inequality (within and between nations), normalising health surveillance, uncertainty of vaccine effects, etc. — all with socio-economical, political and even racial implications Creating long-term infrastructure for a time-bound crisis Reference: Ada Lovelace Institute https://www.adalovelaceinstitute.org/project/international-monitor-vaccine-passports- covid-status-apps/ VACCINE PASSPORTS: WHERE TO GO FROM HERE?

23. WHO INTERIM GUIDELINES Published in March 2021

24. TECHNOLOGY IMPLICATIONS New technology adoption accelerated Self-sovereign identity/verifiable credentials network Blockchain Advances in cryptographic key exchange Decentralised identity (DID) More effective vaccine tracing By Daniel Hardman under Creative Commons

25. STAY SAFE, BE HEALTHY CHARLES MOK TECH FOR GOOD ASIA https://www.facebook.com/charles.mok/ https://www.linkedin.com/in/charlesmok/ Twitter: @charlesmok