Unanswered questions about delayed announcement of police access to TraceTogether data

Some questions we have from the January Parliament sitting.

Joshua Lee | January 07, 2021, 05:03 PM

So, TraceTogether data won't be accessed only for pandemic contact-tracing -- as we were originally told -- but it can be accessed by the Police in the course of their investigations.

This access is granted to the Police under the Criminal Procedure Code.

According to Minister of State for Home Affairs Desmond Tan in Parliament on January 14, the Police can obtain "any data, and that includes TraceTogether data for criminal investigations".

This data can only be accessed by authorised personnel for authorised purposes, and it is stored on a secured data platform, he added.

And that leads us to our first question:

Why are we hearing about this only now?

The revelation was triggered by a question posed by PAP Member of Parliament Christopher de Souza to the Minister for Home Affairs:

"Whether TraceTogether data will be used for criminal investigations and, if so, what are the legal provisions and safeguards in using such data."

Most Singaporeans didn't expect the answer to be any different from what we've been assured of in June 2020 -- by Foreign Affairs minister Vivian Balakrishnan no less -- that the "TraceTogether app, TraceTogether running on a device, and the data generated (are) purely for contact tracing. Period".

Inconsistencies aside, the more pertinent thing here is the timing of the revelation.

The TraceTogether adoption rate surpassed 70 per cent -- a target set by the government to enter Phase 3 -- just before Christmas last year.

Some netizens wondered whether there were other factors for the delayed announcement of police access to TraceTogether data, for example perhaps ensuring that the TraceTogether adoption rates could reach the requirements of Phase 3 on time.

On track to reaching a target

The Ministry of Health (MOH) noted that around 65 per cent of Singapore residents are on the TraceTogether Programme as of Dec 13., and Singapore was on track to reaching the target of around 70 per cent by the end of 2020.

Another factor could well be that Vivian was only alerted recently in December. Perhaps he found out when the TraceTogether data had been accessed during the course of a murder investigation last month.

The minister, who is also in charge of the Smart Nation Initiative, mentioned on the second day of the Parliament sitting (Jan.5) that TraceTogether data had been accessed once during the course of a murder investigation.

The details of the murder investigation, including the use of TraceTogether data, would presumably enter public record if and when the case goes to court.

Perhaps some clarity by Vivian on when he found out about the error, and the subsequent sequence of events leading up to the January Parliament sitting would keep these conspiracies at bay.

Why was the wrong information left uncorrected? How long was the info left uncorrected?

It is unlikely that the Singapore government set out to mislead its citizens, but the length of time that elapsed before this detail came to light will make a difference in how Singaporeans perceived this issue.

"Frankly, I had not thought of the CPC when I spoke earlier,” said Vivian in Parliament, adding that he spent sleepless nights wondering if he should persuade his colleagues to change the law, after he realised his error.

One would think that perhaps Vivian could have avoided all that insomnia if the Ministry of Home Affairs, or any of Vivian's colleagues in the Cabinet for that matter, came out with a response to gently clarify the Minister's unintended omission.

Today reported that MP Vikram Nair saw the issue as "a misunderstanding", with Vikram noting that people who are not lawyers may not be aware that there are provisions in the CPC to collect information for investigations.

If that is the case, it was puzzling that none of the parliamentarians -- and there are lawyers from both aisles -- posed this question to the government.

As pointed out by many online, the backlash is less about data privacy than backtracking on what was originally announced.

Some academics have also cautioned that this move might potentially erode people's trust in the government -- the same trust that the Singapore government say have helped Singapore keep Covid-19 under control.

While the government has assured, repeatedly, that the TraceTogether data will be accessed with discretion and only for "serious crimes" (more on this later), it hasn't stopped netizens from threatening to delete their TraceTogether app and data.

Ex-Nominated Member of Parliament Anthea Ong suggested that an apology early on would have helped Singaporeans receive the government's assurances with "more understanding" now.

Is the use of TraceTogether information for Police investigation absolutely necessary?

Home Affairs Minister K Shanmugam took great pains to assure Parliament on January 5 that

"the police approach has been and will be that [the use of TraceTogether information for police investigation purposes is] pretty much restricted to very serious offenses."

It's tangential to Member of Parliament Tin Pei Ling's question about how useful the data from a TraceTogether token or app -- Bluetooth proximity exchanges -- are to a Police investigation.

Well, we don't know the answer to that because Vivian deferred to the Ministry of Home Affairs who would be more well-placed to answer.

What we do know is that indeed, the Police had accessed TraceTogether data in the course of a murder investigation.

We do wonder though, how useful it can be -- and thus, whether it is absolutely needed -- considering there is a wealth of other information that the Police can access under the Criminal Procedure Code: Telco records, SafeEntry data, CCTVs, public transport data, just to name a few.

How serious must an offence be to warrant the use of TraceTogether data?

As far as we know, a murder would warrant the use of TraceTogether data in Police investigations. A terror attack too, presumably.

These are "very serious offences".

But towards the other end of the spectrum, where do we draw the line?

Would the Police access the TraceTogether data of an alleged rapist's victim to prove that she was with him at a certain date and time?

What about a kidnapping case? Surely TraceTogether data can be very helpful in establishing the identity of an alleged kidnapper.

What about accessing TraceTogether data to locate a missing person? Or maybe identify a serial litterbug (some folks do think that littering is a cardinal sin).

What if TraceTogether data can be used to locate a political dissident? Where do we draw the line?

Perhaps more information (and maybe assurances), that will hopefully quell privacy concerns, will come out in the coming days.

In the meantime, we're leaving you with our favourite tweet about the matter.

Top image by Guan Zhen Tan.