Biotechnology and DNA sequencing have become commonplace in their integration into a multitude of fields. Forensics has employed DNA sequencing in order to identify crime scene victims. Direct to consumer (DTC) DNA testing has allowed consumers to determine nuances regarding their ancestry and health. Medicine has employed sequencing and wet lab systems in order to further drug development and create targeted treatments. Previous literature has shown the potential for DNA sequencing and biotechnology systems to host unique cybersecurity vulnerabilities rooting in their functionalities. For example, researchers have shown the potential for misuse in the genetic genealogy database GedMatch. Often used by law enforcement, databases such as GedMatch allow individuals to perform relationship and family tracking, using DNA sequencing results to match potential relatives. Researchers have shown that this database and its underlying algorithms could be capitalized on by an adversary to spoof their own identity or create false relationships. In coming years, we expect genetic inference models such as ancestry analysis and DNA Phenotyping, the extrapolation of an individual’s physical features based on their genetic information, to become commonplace in the aforementioned fields amongst others. Given the potency for issues that researchers have found in other models, we look to advance the body of knowledge surrounding the validity and robustness of these genetic inference models being used. We perform an overview of a series of models that determine traits such as ancestry and physical features of individuals from DNA and explore how these models could be exploited or tricked into returning incorrect results. Finally, we discuss the implications of these vulnerabilities, both for the biotechnology space and cyber-physical systems as a whole.

There is growing use of technology-enabled contact tracing, the process of identifying potentially infected COVID-19 patients by notifying all recent contacts of an infected person. Governments, technology companies, and research groups alike have been working towards releasing smartphone apps, using wifi-connected devices, and distributing wearable technology to automatically track "close contacts" and identify prior contacts in the event an individual tests positive. However, there has been significant public discussion about the tensions between effective technology-based contact tracing and the privacy of individuals. To inform this discussion, we present the results of seven months of online surveys focused on contact tracing and privacy, each with 100 participants. Our first surveys were on April 1 and 3, before the first peak of the virus in the US, and we continued to conduct the surveys weekly for 10 weeks (through June), and then fortnightly through November, adding topical questions to reflect current discussions about contact tracing and COVID-19. Our results present the diversity of public opinion and can inform policy makers, technologists, researchers, and public health experts on whether and how to leverage technology to reduce the spread of COVID-19, while considering potential privacy concerns. 

Wearable medical devices are now increasingly connected to the Internet, enabling improved patient outcomes and quality of care. However, this increased connectivity has also increased the attack surfaces, making the device and their data vulnerable to cyberattacks. Because wearable medical devices transmit private and sensitive medical information, it is critical to secure access to these devices. As evidenced by recent ransomware attacks on hospitals, the ability to remotely access and manipulate a medical device poses a direct threat to patient health whether in a hospital or at home. In this research, our goal is to enhance the security of wearable medical devices by using patients’ electrocardiogram (ECG) signals to authenticate devices. Specifically, we propose a deep learning approach for classifying a patient’s electrocardiogram (ECG) as a biometric for authentication. The deep learning approach allows a device to learn its user’s ECG in order to authenticate them against untrusted entities. Our research also extends the use of electrocardiogram signals for authentication by accounting for patient’s stress levels and varying emotional states, as the accuracy of ECG authentication may be affected by these variables. Our experimentation involves testing different parts of electrocardiogram signals using deep learning models and determining the most accurate method of classifying the end user’s device. The proposed research is useful for studying and evaluating the benefits of deep learning algorithms used in conjunction with authentication techniques in healthcare domains.

Usually, to compute the mean of a probability distribution, one takes samples from the distribution and computes the sample mean. However, if the samples are corrupted by an adversary, or if they contain outliers, then these estimates can differ significantly from the true mean. In 2019, an algorithm was developed to detect outliers in a sample, which allowed for robust mean estimation algorithms - that is, mean estimation in the presence of outliers or corruptions. In 2020, a robust covariance estimation algorithm was developed, using the 2019 mean estimation algorithms. The proofs in the 2020 paper suggest that we can create robust covariance estimation algorithms using robust mean estimation algorithms. So it’s natural to ask whether we can create a robust and differentially private covariance estimation algorithm (that is, the algorithm is robust and doesn’t leak information about users whose data appears in the dataset), as long as we have a robust mean estimation algorithm that is differentially private. Building on a 2021 work from researchers at the University of Washington that introduces the first efficient algorithms for private and robust mean estimators, we have created private and robust covariance estimators. Our approach is analogous to the 2020 robust (but not private) covariance estimation algorithm that builds on the 2019 robust (but not private) mean estimation algorithm, with the required modifications. This will be a crucial part of designing federated systems, where privacy is a main constraint and robustness is necessary as data comes from multiple sources, not all of which can be trusted.

Misinformation, media containing misleading or inaccurate information, is an increasingly prevalent and complex issue in society. There has been lots of previous work to classify misinformation, but none have contextualized it in terms of its harms to people, groups, and society. Misinformation can also have disparate harms and impacts on different groups: political disinformation campaigns often target underprivileged groups to attempt to disenfranchise them, while recent coronavirus misinformation has significantly affected marginalized groups. Misinformation may vary in the scope of their societal harm: some harassment may target specific individuals with misinformation, while others can cause a broader societal effect, such as through the loss of trust in public institutions. We propose to develop a taxonomy that classifies types of misinformation according to their potential for harm to aid efforts to address the effects of misinformation effectively. We also start with specific examples from two domains: elections and public health. We aim to interview fact-checkers early about what factors they consider when deciding to fact-check specific content, as they often must triage and select incoming media, and harness their intuitions in terms of potential negative impacts of misinformation. After this, we will develop a survey and survey a broad demographic of people to obtain initial results. From the survey data, we will develop a taxonomy of harms related to misinformation and iterate on the taxonomy with more people to get feedback. Our harm taxonomy can help fact-checkers triage incoming misinformation and prioritize which needs to be checked first. It also offers an explicit characterization of different types of intended harms, which may be useful when considering what kind of response is warranted. Finally, it lays a groundwork for improvement of machine learning systems that could better aid human review.