Singapore TraceTogether app latest to expose privacy concerns
After initially assuring the Singapore public that its data privacy would be protected, the Singapore government last week finally admitted that its TraceTogether COVID contact-tracing app will also be accessible for ‘non-pandemic purposes’.
Close to 80% of Singapore residents are signed up to the TraceTogether program, which is used to check in to locations, including workplaces and commercial zones, to keep track of potential COVID-19 hotspots.
To encourage people to enroll, Singaporean authorities promised the data would not be used for any other purpose, stating “the data will never be accessed, unless the user tests positive for Covid-19 and is contacted by the contact tracing team”.
But the Minister of State for Home Affairs Desmond Tan has since told parliament this week that it can in fact also be used “for the purpose of criminal investigation”, adding that “otherwise, TraceTogether data is to be used only for contact tracing and for the purpose of fighting the Covid situation”.
Amazing. This shows when you download the app and set them up. pic.twitter.com/MhbaInE8aY
— up (@scmsp_wassup) January 4, 2021
This about-turn has been met with concern from privacy advocates, as it appears to be the latest instance of authorities clamping down on data privacy under the guise of protecting the public from a health epidemic.
So far, technology has played a crucial role in stemming the tide of COVID-19, whether that’s in contactless communications, in helping researchers find vaccines, or even in autonomously cleaning hospitals.
Next, governments across the globe turned to the power of citizen data, amid reservations in many territories that data dispensed to the government in times of crisis are often not returned once the crisis has subsided.
Israel passed an emergency law to allow the use of mobile data in contact tracing, using it to identify and notify those who must self-isolate. While details are unclear, it seems the intelligence services had collected location data from telecom providers over a period of weeks, then passed it to public health officials.
Perhaps the most aggressive (after China) has been South Korea. As a result of challenges encountered in the 2015 MERS outbreak, South Korea already has a sweeping law in place that requires companies to disclose location data on individuals that are both actually and merely suspected of being infected.
Over time, there is a risk that law enforcement or surveillance authorities will seek to tap into such fonts of information, as has been the steady trend in counterterrorism surveillance for nearly two decades. And it’s not only contact-tracing apps.
When the coronavirus pandemic broke out in China, authorities upgraded cameras in the country with more sophisticated facial identification tech to be able to capture facial features even when they are obstructed with protective gear such as face masks.
Of course, the technology in the hands of an authoritarian government presents big personal privacy considerations.
What does it mean for businesses?
Data is now the most sought-after ‘commodity’ by businesses today. The rise of the freemium model is built on the concept of exchanging valuable tools, products, and services for marketable data on users.
However, consumers are now privacy-conscious and have become aware of just how valuable their data is to businesses. Businesses can only build long-lasting relationships with their audiences by ensuring customers trust what data is being collected and how it is being used.
TraceTogether’s early success and wide uptake were built on that initial user trust. By abusing it, the Singapore government may struggle to win buy-in to any kind of similar project going forward, particularly with the rise of citizen data-dependent IoT and smart city technology in the future. Once bitten, twice shy.