Supporting Local Health Authorities in dealing with future pandemics
Cas, tell us about your personal experience of the COVID-19 pandemic.
My personal experience was stressful, not just because of the pandemic, which was an experience everyone had, but because I ended up working in the DP3T* team that was trying to come up with a solution for contact tracing that was privacy-preserving. This meant that for several weeks during the pandemic, I was working day and night and all weekends to get that done. And then I ended up working on the “Corona-Warn-App” for a longer period. It was a very intense time for me and we tried to help where we could from a security perspective.
What aspect of your research was triggered by the pandemic?
I think at the time I got involved, nobody knew exactly what was going to happen or what the impact would be, because the biological and medical knowledge was still very limited. As security researchers, our main angle was that there were people proposing all sorts of things that would give citizens' locations to governments and app providers, and they were arguing that this was inevitable. We wanted to show – because we thought we could theoretically prove this – that we could achieve the same thing without giving all that data away. We had to work very fast, and that made it stressful. There was pressure that if we didn't complete this project, or at least show that it was feasible, within a month or so, then a big provider would take over and they would have done it by basically losing all privacy on the data.
You are now involved in a project called LOKI-Pandemics. What is the aim of this project?
The aim of the project is to provide local health authorities, the general public and decision-makers in Germany with software that helps them deal with future pandemics that have a similar spread mechanism, such as physical contact or proximity, as we've seen with the COVID-19 pandemic. We want to do this while preserving privacy and keeping the data local. That is the L in LOKI, dealing with the data locally at the local health authority level, but still providing modelling and analysis and all sorts of algorithms to extract data from that. Part of LOKI is a graphical user interface (in the form of a web application) called ESID (Epidemiological Scenarios for Infectious Diseases). It allows users to see the impact of various scenarios on the predicted infection rates, and aims to support decision-making.
Are local health authorities involved as project partners, and if so, why is this important?
People have tried similar things before and they have failed. One of the reasons why such projects can fail is that you need a lot of interaction with local health authorities to really understand what they actually need or what they might be willing to do. It needs input from their side and it needs an interface that they can understand. In Germany, the hardware and the setups that local health authorities use are very diverse, without a unified software chain that everybody shares. We are in contact with a number of local health authorities for some small pilot projects, where we are trying to train them to use the software that we have developed so far. Additionally, we get their input on what else they need and what data they are able and willing to provide locally. The problem is that they are already overloaded. If you tell them, "Take this extra step and please provide the software with data every day", they have to see that they are getting something useful in return, otherwise they will not do it.
LOKI-Pandemics is a project that mainly concerns the health sector. What is the privacy and cybersecurity dimension of the project?
Ultimately, of course, we are dealing with data that comes from disease cases. It is data that is very sensitive in terms of privacy because it comes from local health authorities. Ideally, we would like to know a little bit more about these cases. For example, how old are the people dealing with infections, what segment of the population are they in and so on. There are many factors that could affect the models that we use to make predictions. And you can imagine that if you could access all that data across Germany in a very detailed fashion, you would be able to predict certain things very accurately. But that is very bad for privacy. On the other hand, if you abstract the data too much and just say, “this local health authority had a hundred cases today”, then it is very hard to make predictions because you have taken away too much information.
The challenge is to find some sort of sensible middle ground, using techniques like differential privacy, for example, that still give you the level of modelling that you want and that give you sensible results without giving away too much private information. That is one key aspect of it. And there is a secondary aspect, which is that at the end of the day some end results have to be transmitted to a central point after some privacy measures have been taken. So, there is security involved in getting information to a central server that stores the end result of some prediction and also in distributing that to the individual local health areas.
The project is geared toward local health authorities in Germany. Could the solution you have been developing work in other countries too?
Although it was designed to be workable specifically for local health authorities in Germany, I think most of the elements that are in there are widely applicable. These are general observations about how you can take locally aggregated data and use differential privacy and anonymization techniques on it before you aggregate it or use it for modelling. And there's another aspect here that I haven't touched on yet, which is not a security element. We use simulation and other techniques to improve predictions that do not use private data. And I think all of these techniques could be used elsewhere with maybe minor modifications.
Looking ahead to the end of the project, what has to happen for the project to be successful in your eyes?
Ultimately, if your goal is to give something to the local health authorities, the measure of real success is whether they are using it. And that is a real challenge which goes beyond the project, because it requires real funding beyond the immediate project duration. Because there is maintenance, there is support, etc. This kind of project needs continuation, needs long-term support. If we consider success in terms of the larger goals of the LOKI project, it can only be successful if we can continue working on it for a couple of years and develop it further. In terms of ambition, this is beyond the scope of the currently funded LOKI project, which has the smaller goal of developing a platform and showing its feasibility. If we are successful in the smaller goal for LOKI, if we can get it to a point where a follow-up project can take it on to the next stage, then I will be happy.
What are the main takeaways from the COVID-19 pandemic for your research?
I think it is hard to say what arbitrary pandemics might look like, because they can be very different from the COVID-19 pandemic in terms of shape, manifestation and behavior. But one thing we have learned is that the IT infrastructure in many countries is in a very poor state. We may be able to solve a lot of things technically, but the local health authorities simply do not have the necessary infrastructure. This applies to Germany, but also to other countries. And I think in that sense we haven't made the progress we would like to see. That is my honest takeaway. We would be better prepared for the next pandemic if we had a much better and more consistent IT infrastructure. On the technical side, we are better prepared now to deliver certain things in a way that protects privacy. There are real advances that have come out of it. But I think the most important advances are, of course, on the medical side, as we have seen with the new type of medicine.
Cas, thank you for taking the time for this conversation.
* DP3T is the abbreviation for “Decentralized Privacy-Preserving Proximity Tracing”