Cloud robotics faces a set of technical challenges that need to be addressed in order for the concept to work well. Such challenges include safely balancing operations between local and cloud computation, ensuring adequate connectivity to the cloud, and providing strong data privacy and security for the cloud-robot environment. Indeed, safety should be paramount for any cloud robotics. Features such as real-time motion control and the handling of emergency stops will always require some element of local processing and I/O. And even though sharing information is perfect for a cloud-based architecture, network security is also key. Any architecture must prevent unwanted access to the data crossing the internet while also controlling access to prevent malevolent activities with the robot system. To overcome these barriers, Noos has been developed with appropriate care that critical operations (such as motion control) always remain on-board the robot, and that communication between the cloud and the robot can be performed via any available path (wireless or wired, remote or local). Furthermore, adherence to the stricter industry standards and compliance to GDPR and its evolution is of paramount importance.
One other hurdle has to do with the makeup of individual robots. In many cases, the different physical hardware of each robot limits the applicability of sharing knowledge. To tackle this, new ways to define common knowledge representations are needed, so each robot can “understand” and perform an interaction regardless of the physical differences of one robot to the other. Cloud computing services have been developed to overcome this problem, such as RoboEarth, a repository where robots upload their “knowledge”, or Rapyuta, an open-source platform-as-a-service framework for robots. In Noos we make use of such existing knowledge, and suggest a modular and scalable architecture which can accommodate a number of different platforms and robots.
Medical and social challenges also exist for applications in the healthcare domain. To care for someone with a progressive condition such as Alzheimer’s one needs to have an understanding of the condition and its signs. To develop a useful app we need to be able to recognise the disease’s progression, spot the symptoms, and decide with a consultant if these symptoms are real or the temporary effect of anxiety, tiredness or depression. To achieve this, we have been working (and will continue to work) with a diverse set of actors, including the elderly and their informal carers, their formal carers (nurses, doctors, and personnel in health care centres), as well as health care centre managers and funding bodies (including regulatory authorities and ethical watchdogs). Human-robot interaction issues will be thoroughly examined and assessed, and the applicability and acceptability of the designed solutions by the elderly will be ensured. Both technological feasibility and social acceptance have to be achieved.
Last but not least, ethical issues arise from the storage and manipulation of medical data and personal data. Towards this we have made provisions to enforce the GDPR (General Data Protection Regulation) which on the 25th of May 2018 replaces exiting EU and National Data Protection Laws, also in the UK, until Brexit takes effect. But even when the UK is no longer an EU Member State, the UK government has confirmed that its decision to leave the EU will not affect the commencement of the GDPR, according to the responsible UK authority, the Information Commissioner’s Office[1]. By continuing to adhere to provisions of the GDPR, the UK will ensure that adequate protection for transfers of personal data from the EU to the UK will exist. Towards this we have foreseen the following in relation to different types of data we collect and will be collecting in the future:
- Noos receives data from robots (e.g. audio, video, geolocation, etc.). When personal data are included in such transmissions, these are encrypted, anonymised and transmitted exclusively through SSL. This data is used only by our cloud platform services and keeps being encrypted using AES256 in MySQL for as long as it remains in our servers. Data is deleted after processing is finished. In case we wish to keep any of the submitted data to improve performance of our services, we inform users prior to storing any of it, asking for their permission. We don’t store any data (even anonymized) without the user’s prior explicit consent.
- Especially for medical data that are transmitted to Noos, these are always encrypted using AES256 in MySQL, and accessible only by authorised personnel bound by strict confidentiality agreements. Informed and explicit consent from individuals is required prior to any passive monitoring of their health status, personal habits, or otherwise. Such consent is asked in a manner distinguishable from other matters, in an easily accessible form, using clear and plain language. Individuals are able to withdraw their consent at any time. Information is provided to individuals to explain the context for the use of their personal data. Such data are never redistributed, retailed or otherwise given access to unauthorized personnel, and are always kept encrypted.
- For each registered user in Noos we maintain personal information (name, email address, github username, github public repository). This data is encrypted and only used for maintaining accurate customer records. Users can update, change, or delete their personal information at any time. For the registered robots we keep hardware and software information such as type of robot, on-board sensors, operating system, etc. This information also stays encrypted in our databases, is aggregated, and is being used to improve performance of our services.
We also work with other cloud service providers (Hetzner and Amazon) that offer sufficient guarantees to implement appropriate technical and organizational safeguards that meet the GDPR. A detailed privacy policy is presented on our website.
[1] https://ico.org.uk/for-organisations/data-protection-reform/guidance-what-to-expect-and-when/.