In coping with an emerging crisis, the need for accurate and actionable information is paramount for effective response – but there has never before been a scenario like the current COVID-19 pandemic. Responders are looking to new technologies including IoT and AI to help tackle this outbreak, but their deployment may have a far-reaching impact on our privacy. How can these technologies contribute to response, both globally and locally – and what privacy concerns could they raise, both now and in the months to follow?
The 451 Take
The evolution of IoT and AI has grown to the point where these technologies can now be called on to make a real contribution to responding to a crisis manifesting both globally and locally. Globally, modern analytics can learn about the factors of spread that can help analysts identify where actions need to be taken. Locally, they can gather data, deliver visibility and empower action to identify and manage specific outbreaks and response scenarios. Here we explore examples of technologies brought to bear on such a situation and the implications for privacy they may introduce, both in the current crisis and beyond.
Critical Event Management
In case of a critical event, whether it is an active shooter, natural disaster or pandemic, access to information is vital. One important lesson that emergency responders have learned from simulations such as the Strong Angel program is that information is often too fragmented to provide actionable intelligence: the larger the incident, the more complicated it is to collect and assess information and coordinate a response.
There are, however, many tools available to tame this complexity for more rapid and effective response and to minimize impact on responders. These generally address four stages of response management. In the first, they gather data from various sources to help assess the context and severity of a critical event, calling upon analytical tools to digest and correlate data to help response teams understand what is happening now and what could or will happen later. A second stage locates assets, employees or vital equipment. In a third stage, these systems offer emergency responders and organizations the tools to act by informing people of actions to take, mass-scale notifications for people in affected areas and tools for collaboration between response teams. The final stage enables responders and others concerned to review and evaluate the critical event so that future response can be improved.
Incident response management platforms are often homegrown among responsible agencies and organizations, but technology providers exist to support efforts. Among these are BeSafe, BlueForce, Crisis360, D4H Incident Management, Everbridge, Haystax, IBM Incident Response and Emergency Management, and NC4's Emergency Operations Center. Some of these technologies consolidate functionality for all four stages into a single system. Everbridge, for example, began with a focus on multi-modal text messaging after the tragic events of 9/11 and expanded into a platform used in 2012 to notify 10 million people after hurricane Sandy, and in 2013 by the city of Boston after the Boston Marathon bombings.
IoT in Critical Event Management
Increasingly, these platforms are embracing IoT systems and devices, given the expanded capability among a wide variety of endpoints that responders can use to connect directly with critical information, guidance and communication with those affected by an emergency situation. In particular, IoT can play an essential part of the information-gathering process. In a 2019 study, the European Telecommunications Standards Institute (ETSI) examined the possibilities of the use of IoT in emergency situations and identified a number of use cases such as emergency calling, mission-critical communications for situational awareness or to protect responder personnel, essential logistics support, public warning systems and automated emergency response.
In smart buildings and smart cities, sensors can provide details about temperature, toxic gases and other hazardous conditions. Smart streetlights can analyze traffic congestion and plan evacuation routes through AI analytics. Body cameras can relay live intelligence from public safety workers to the Incident Command Center (ICS), while crisis teams can use IoT wearables to warn and guide civilians.
In the current global COVID-19 outbreak, the People's Republic of China is showing that rigorous measures seemingly slow the spread the outbreak, but at what cost to personal autonomy and privacy? China is turning to IoT and other emerging technologies to enforce its measures, such as drone surveillance of infected areas, monitoring quarantined zones and have equipped their police force with augmented reality helmets to assess the body temperature of civilians. Facial recognition technology that can discern the identity of individuals despite use of medical masks has also reportedly been deployed. The country has been color-coding their citizens with red, orange and green digital badges on their smart phones to indicate their risk status. All these measures are in support of limiting the spread of the virus, but they can also have enormous impact on personal privacy, and it remains to be seen how authorities keen to apply these techniques to address an emerging crisis will handle the implications for governing and protecting the highly sensitive data they are leveraging.
As the novel coronavirus spreads across the globe, we see new use cases emerging. With the number of new cases spiking in Europe, hospitals are beginning to see a shortage of supplies – a shortage to which the 'maker-space' community is responding. The Open Source Covid-19 Medical Supplies Requirements (OSCMS) group has accordingly started to collect requirements and designs for 3-D-printed medical masks and other supplies.
AI in Critical Event Management
Artificial intelligence technology is used in several ways to diagnose, respond to or predict coronavirus spread. The radiology department of the Zhongnan Hospital of Wuhan University in Wuhan, China, has modified its AI-driven software to detect cancer in CT lung scans to detect COVID-19-related signs of pneumonia to aid the overworked medics in triage, while in Boston, the Boston Children's Hospital has created an AI-driven coronavirus map.
The Chinese search engine Baidu has made its Linearfold algorithm available to researchers and medical teams to fight the outbreak to assist in the analysis of the virus, while across the world researchers are turning to AI technology to predict its spread.
Public Safety vs. Privacy in a post-COVID-19 World
Everybody understands that in emergency response situations it is vital to know the location and condition of people in the affected area – but real-time monitoring of this data has a decided privacy impact. The privacy issues are relevant to technology providers, which also see a growing trend among companies that want to know exactly which employee is in which location. In the case of the COVID-19 outbreak, employers may want to see which employee has been in close proximity to a person who has tested positive for the virus.
Some providers offer an option for people to opt in on location tracking or set requirements for end-user approval. Role-based access controls can help assure that only relevant personnel will be able to see who has accessed facilities. Geofencing capabilities can be included without needing to know the exact location of employees. The creation of notification zones may be as simple as drawing a polygon in the user interface. Personnel can then receive an alert when entering the zone, without the organization needing to know exactly where the individual is.
The COVID-19 spread has sparked debate in the Netherlands over whether or not the names of patients should be made public so people can see if they have been in close contact with a patient and can then self-isolate. Although privacy laws have special conditions for processing special personally identifiable information (PII) in case of medical emergencies, the European General Data Protection Regulation (GDPR) specifically allows for processing of special protected categories of personal data when processing is necessary for reasons of substantial public interest (Article 9(2)(g)).
On March 16, the European Data Protection Board (EDPB) issued a new guidance on the use of personal data in context of the COVID-19 pandemic, stating that data protection rules (such as GDPR) do not hinder measures taken in the fight against the coronavirus. However, they underline that, even in these exceptional times, the data controller must ensure the protection of the personal data of the data subjects.
Perhaps COVID-19 is simply indicative of the world to come, and how personal data can be leveraged and potentially abused in emergency response situations. To get a handle on metrics and data useful for managing response, governments around the world are rushing to leverage personal data to analyze, contain and mitigate the spread in absence of cheap, rapid and reliable diagnostic tools. Current efforts at mitigation are having major disruptive effects on the global economy. For a disease with even higher contagion rates and higher mortality than COVID-19, one can only imagine the ways that personal data might be effectively used to exclude individuals from participation in society, whether or not biological or medical testing confirms risk. For technology providers seeking to improve response, stewardship of sensitive data and transparency of processes moving forward will be paramount to establishing trust and confidence in the many ways they can help.