Broken promises: How Singapore lost trust on contact tracing privacy
For Singaporeans, the covid-19 pandemic has been closely intertwined with technology: two technologies, to be specific. The first is the QR code, whose little black-and-white squares have been ubiquitous all over the country as part of the SafeEntry contact tracing system rolled out in April and May.
Under SafeEntry, anyone entering a public venue—restaurants, stores, malls—must scan a code and register with a name, ID or passport number, and phone number. If somebody tests positive for covid-19, contact tracers use it to track down those who got close enough to be potentially infected.
There’s also TraceTogether, an app that launched in March 2020. It uses Bluetooth to ping close contacts; if two users are in proximity, their devices trade anonymized and encrypted user IDs that can be decrypted by the Ministry of Health should one person test positive for covid-19.
For those who can’t or don’t want to use a smartphone app, the government also offers TraceTogether tokens, small digital fobs that serve the same purpose. And while TraceTogether is currently voluntary, the government has announced that it is going to merge the two systems, which would make it mandatory to either download the app or collect a token.
When the two systems were launched, there wasn’t much space for the public to discuss apprehensions: they were seen as necessary to fight the pandemic, and the Singaporean government acted in typical top-down fashion. It did seek to assuage fears, however, by repeatedly assuring Singaporeans that the data collected with such technology would be used only for contact tracing during the pandemic.
And that’s where things went wrong.
Private data being used by police
Earlier this month, it emerged that the government’s claim was false. The Ministry of Home Affairs confirmed that data could actually be accessed by the police for criminal investigations; the day after this admission, a minister revealed that such data had, in fact, already been used in a murder investigation. It rapidly became clear that despite what ministers had previously said, Singaporean law meant it had been possible for law enforcement to use TraceTogether data all along.
These revelations triggered public anger and criticism, not necessarily because Singaporeans are particularly privacy conscious—in fact, state surveillance is largely normalized in the country—but because people felt they’d been subjected to a bait-and-switch. Many people had reservations about TraceTogether when it was first launched, and only began using it in large numbers after the government indicated that it would soon become mandatory. (According to the cochair of the task force on covid-19, nearly 80% of Singapore’s residents have adopted TraceTogether.)
The government has since announced that it will introduce new legislation to limit law enforcement’s use of contact tracing data to probes into seven specific categories of offense, including terrorism, murder, kidnapping, and the most serious drug trafficking cases. (The MIT Technology Review Covid Tracing Tracker, which monitors the policies around exposure notification apps worldwide, is being updated to reflect this shift.)
“We acknowledge our error in not stating that data from TraceTogether is not exempt from the Criminal Procedure Code,” said the Smart Nation and Digital Governance Office in its statement. The new law, it said, “will specify that personal data collected through digital contact tracing solutions … can only be used for the specific purpose of contact tracing, except where there is a clear and pressing need to use that data for criminal investigation of serious offences.”
Not in the original spirit
There is no timeline yet as to when the proposed legislation will be brought before parliament, and details are scant.
“In Singapore, where laws grant sweeping executive and legislative powers to state actors, I think any commitment to accountability and restraint is welcome,” says digital rights activist Lee Yi Ting. “But it remains to be seen if the bill will make substantive commitment to these proposed limitations. For example, if state actors flout these regulations, what investigative bodies will come into play, and what consequences will state actors be held to?”
Some doubt how useful such data can really be to police investigations and are concerned that even the proposed limits still formally expand its use beyond contact tracing.
“We like to reiterate that extending police powers to [TraceTogether] data is not aligned to the original spirit of what the dataset was intended for,” said the opposition Progress Singapore Party in a statement. “Covid tracing data must solely and strictly be used for fighting the pandemic and nothing else.”
Trust is on the line
The confusion could not come at a more difficult time. Concerns that governments could abuse contact tracing systems have been raised around the world. Many of these worries have been misplaced, especially in countries that use Google and Apple’s exposure notification technology, which does not allow centralized collection by local authorities. The Singapore government had previously rejected Apple and Google’s system, saying that it would be “less effective” in the Singaporean context.
But while digital systems could speed up contact tracing and aid in the fight against the virus—one that could be more vital over time, not less—most countries have struggled with adoption. One major issue: trust.
Lee worries that even if legislation is enough to placate many Singaporeans, the implications outside the country could be serious. Singapore’s early move to build digital contact tracing put it in a global leadership position, and TraceTogether’s underlying systems have been used by other nations—though there is no suggestion that the same legislative mistakes were made elsewhere.
Still, “Singaporeans do care about the extent to which the state intrudes into their private lives,” says Lee. And, she adds, the country is setting an international precedent “for repressive governments to likewise normalize the use of contact tracing data for the purposes they define.”
This story is part of the Pandemic Technology Project, supported by the Rockefeller Foundation.
How to preserve your digital memories
Following recent announcements by Google and Twitter, more data deletion policies are coming.
Your digital life isn’t as permanent as you think it is
Google will delete accounts after two years of inactivity, and experts expect more data deletion policies to come
Catching bad content in the age of AI
Why haven’t tech companies improved at content moderation?
Behind the scenes of Carnegie Mellon’s heated privacy dispute
Researchers at Carnegie Mellon University wanted to create a privacy-preserving smart sensor. They were accused of violating privacy instead.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.