Singapore police will have access to contact-tracing data
Image credit: DT
The Singaporean Minister for Home Affairs has confirmed that the state’s police force has the authority to access Covid-19 contact-tracing app data for the purposes of criminal investigations, raising potential privacy concerns.
Singapore’s TraceTogether app was developed in less than two months and was among the first Covid-19 contact tracing apps to be launched. The app exchanges proximity data with nearby devices which also have the app installed, based on Bluetooth Relative Signal Strength Indicator readings.
Although the TraceTogether app is not anonymous (requiring users to provide their phone number and evidence of residency), it has some privacy measures. These include automatically deleting data over 25 days old, regularly changing randomly generated User IDs, and allowing users to opt out and request that their data is wiped.
The privacy statement on the TraceTogether website says that: “Data will only be used for Covid-19 contact tracing”.
However, it has now been confirmed that the data may also be accessed by the Singapore Police Force for investigations. Responding to a direct question asked in Parliament by MP Christopher de Souza, Minister of State for Home Affairs Desmond Tan said: “The Singapore Police Force is empowered [by the Criminal Procedure Code] to obtain any data, including TraceTogether data, for criminal investigations.
“The government is the custodian of the TraceTogether data submitted by individuals, and stringent measures are put in place to safeguard this personal data. Examples of these measures include only allowing authorised officers to access the data, using such data only for authorised purposes and storing the data on a secured data platform.”
Tan added that officers who disclose the data deliberately or through negligence may be fined up to S$5,000, or imprisoned for up to two years, or both.
When questioned about whether this contradicts the privacy statement by MP Gerald Giam, Tan said: “We do not preclude the use of TraceTogether data in circumstances where citizens’ safety and security is or has been affected, and this applies to all other data as well.”
“Authorised police officers may invoke the Criminal Procedure Code… to obtain this data for the purpose of criminal investigation and for the purpose of the safety and security of our citizens, but otherwise TraceTogether data is indeed to be used only for contact tracing and for the purpose of fighting the Covid situation.”
The Singaporean government has implemented a contact-tracing strategy which brings together manual contact tracing, the TraceTogether app, and wearable devices issued to every citizen which collect and store data in a similar manner to the app. According to the government, approximately 80 per cent of the population is covered by TraceTogether.
In December, the government tightened rules regarding the TraceTogether system, making active use of the app or wearable compulsory in shopping centres, cinemas, restaurants, workplaces, schools and at large events, as well as for specific populations such as migrant workers.
The Singaporean contact-tracing apps – along with some other contact-tracing app models – have provoked criticism for threatening privacy, such as by potentially allowing for the reconstruction of individuals’ real-world activities. Calls for privacy-focused contact tracing have led several governments (including the UK and German governments) to backtrack on plans for centralised apps.
Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.