The government of Singapore has admitted that data collected by the TraceTogether app for purposes of preventing the spread of Coronavirus can be leveraged by the police.
The revelation came from Desmond Tan, Minister of State for Home Affairs, who told Parliament that the data could be exploited during criminal investigations thanks to the existing Criminal Procedure Code.
The announcement is a reminder of why it is extremely harmful to citizens' privacy for government-enforced COVID-19 test and trace systems to use a centralized system to harvest location-related information.
Centralized vs Decentralized
When governments around the world began touting COVID-19 test and trace apps as a method for preventing the spread of coronavirus, privacy advocates warned how those apps might be exploited for secondary surveillance purposes.
To track citizens and prevent the spread of the virus, it is necessary for apps to leverage people's location information. As a result, those apps harbor the potential to be used to track citizens' whereabouts constantly.
This kind of decentralized system would permit citizens to opt-in to test and trace without needing to send location data back to the government. And the consensus was that decentralization would increase trust in – and the uptake of those tracking apps.
Despite these findings, we revealed that many countries were opting to roll-out centralized systems that allowed for heightened levels of surveillance. As a result, those countries were opting to enforce apps that could infringe on citizens' basic human rights.
Government admission
Following questions from MP Christopher de Souza, Singapore's Minister of State for Home Affairs recently admitted that these kinds of privacy and surveillance concerns are valid. According to Desmond Tan, data collected by Singapore's TraceTogether app (and tokens) can be legally exploited by the police during their investigations.
Speaking in Parliament, Tan stated that the Criminal Procedure Code empowers Singapore Police to access any data they require for their investigations – including sensitive COVID-related location data:
Authorised police officers may invoke then the Criminal Procedure Code ... powers to obtain this data for purpose of criminal investigation, and for the purpose of the safety and security of our citizens, but otherwise TraceTogether data is indeed to be used only for contact tracing and for the purpose of fighting the COVID situation.
Mandatory surveillance
The recent confirmation from the government validates previous warnings regarding the use of centralized databases for COVID-19 tracing apps. It is particularly concerning considering Singapore's Ministry of Health's announcement that it is planning to make TraceTogether mandatory for entrance to all public venues from early 2021.
As a result, it will soon become impossible for anybody to enter public venues without simultaneously informing the authorities of their whereabouts. This is a gross violation of Singaporean citizens' privacy and means that all citizens will have to download the app or register for a unique token in order to access those public spaces.
For citizens, the idea that the Coronavirus pandemic is being exploited to facilitate the roll-out of widespread surveillance tools should be extremely concerning – particularly when those apps are being made mandatory.
In Singapore, people's ability to move around in privacy is being dismantled through the use of centralized systems that are known to be unnecessary.
Ultimately, this reveals that the government is actively seeking to exploit the virus to improve its surveillance capabilities. And it serves as a clear warning for any other countries whose government has opted for a centralized system that can do the same.