This week’s revelation that TraceTogether data can be used by the police has led to an uproar online. There has been much talk about Singapore turning into a complete police state with no privacy or freedom. This debate is obviously important as these are deeply personal issues that Singaporeans have every right to care about. However, there’s one critical area of the discourse that has been underdeveloped. Yes, the Singapore Police Force (SPF) has the ability to use TraceTogether data for investigations. But how are they going to do it in the first place? Well, we argue that TraceTogether data isn’t really going to be useful for police officers, and that the government should have legally ring-fenced the program for maximum uptake.
Before doing that, however, it is important to have a basic understanding of how TraceTogether works. There seems to be some confusion about the program and its abilities. On multiple occasions, Dr. Vivian Balakrishnan and the government have said that TraceTogether does not track your location or have access to the internet. This, leads to a very important question: how would a contact tracing device work without tracking you in the first place? In short, TraceTogether works by exchanging Bluetooth handshakes instead of using location data on your phone.
Think of it this way, instead of constantly tracking you, your phone creates a ‘name card’ for you. As you go about your day, and come into contact with other phones, your phone exchanges name cards using Bluetooth: you get one of theirs and they get one of yours. Just like in real life, name cards don’t tell you where you’ve met the person, just that you’ve met. It’s important to note here that name cards are kept locally on your device. This means that the police cannot access TraceTogether data without physically retrieving your phone or your token.
With that being said, let’s now look at why the police will find TraceTogether very hard to use.
During his parliamentary speech on 6th January, Minister K. Shanmugam assured the public that the SPF will only use TraceTogether to solve ‘very serious offences’ like murder. In this lens, the usage of tracing data in investigations becomes more unserviceable. Perpetrators who plan and premeditate their crimes, obviously won’t carry a tracing device into a crime scene. This would be perfectly legal as there is no obligation for individuals to be using TraceTogether at all times. If the crime happened in the spur of the moment, criminals can also get rid of the TraceTogether information afterwards, by deleting the app or destroying the token. As stated earlier, the name cards are held locally on devices, and as such, people have some extent of agency over their use.
The Minister’s statement is rather counter-intuitive as well. Considering the noise that the debate has made, it would be easy to presume that individuals who engage in dubious activities, won’t be using TraceTogether anymore. In fact, media outlets have already published articles explaining how to permanently delete the app’s data. So even those who weren’t privy to the process before know now because of the parliamentary statement.
Backlash and nature of data
Apart from the perpetrator, the other stakeholders who could be involved are those in physical proximity of the crime (witnesses), and obviously, the victim. As we’ve explored earlier, TraceTogether name cards are only accessible by the police when the device is retrieved physically. This presents three major issues:
Firstly, matters might get complicated if the victim or perpetrator is incapacitated – which might be likely in the kind of severe cases that the Minister was talking about. If the person was using TraceTogether on a password-protected phone, authorities first need to unlock it before retrieving data. Since even the Americans have had trouble trying to decrypt and break into the password protected phones of terrorists, Singapore should expect no different.
Secondly, assuming that authorities get access to TraceTogether data, name cards will only tell them which individuals the witness or the victim has come into contact with. Critically, it does not tell police where events happened. This means that they would have to investigate, interview and corroborate the stories of those whose ‘name cards’ have been collected to get that information. In other words, the data retrieved can be used on a supplementary basis at best, and won’t be a smoking gun.
Also, there’s a threshold for the number of TraceTogether devices that the police can seize. If the authorities go beyond collecting the devices of victims and suspects and move onto seizing devices from those who were in the general vicinity, the backlash will be quite intense. There will be a feeling that data is being arbitrarily collected, as these individuals were just passing by and had nothing to do with the crime. In a social media world, not only would this be politically disastrous for the PAP but it would also reduce TraceTogether adoption. Neither of these outcomes are desirable for the government and hence, they are unlikely to go down that route.
At the moment, the TraceTogether program has technological limitations that will further complicate police efforts at collecting data. Particularly, on iPhones, Apple hasn’t given TraceTogether the permissions required to work properly. Originally, iPhones weren’t even able to run the app in the background. TraceTogether had to be open and on the foreground at all times, preventing many from using the app regularly. They’ve now changed that, but still, two iPhones with TraceTogether running in the background are still unable to exchange name cards due to Apple’s restrictions (to find out why, you can watch our explainer on TraceTogether). Considering that 1 out of 3 smartphones bought in Singapore were iPhones in 2020, there is a significant probability that potential witnesses aren’t picked up by the app.
Second, the government has been lauding the fact that TraceTogether adoption has reached 70% in December 2020. However, it is important to note here that adoption doesn’t equate to usage. Yes, more than two million people have downloaded the application and 1.75 million have collected the tokens. But how many of them are actively using the device? A typical use case involves people using the app for Safe Entry and then closing it afterwards to save battery life. Both these issues might be solved as TraceTogether Tokens become more prevalent this year, but even then, issues will persist for the police (and contact tracers as well) if the government allows the app to be used.
Other sources of data
As yesterday’s parliamentary session showcased, authorities already have access to other sources of data that are more damning for privacy. Section 20 of the Criminal Procedure Code allows the police to order the “production of any document or other thing” for the purposes of criminal investigations. This includes footage from the vast array of CCTV cameras across Singapore, car cameras, potentially even EZ-LINK and Safe Entry data. Authorities also have the ability to track mobile phones using cell phone towers and 4G networks and have occasionally used this tool to deal with serious crimes. Two differences make these sources of information more useful for police and more privacy-intrusive for Singaporeans. One, through their use, authorities can easily and quickly figure out your day-to-day activities and the places you visit, without having to interview anyone. Secondly, while you can’t turn off a public CCTV camera or stop using Safe Entry, you can opt-out of TraceTogether, or at least limit its usage.
Considering all this, the fixation on TraceTogether seems rather unhealthy. There is a real debate to be had here about whether there is too much surveillance going on in Singapore. Just look around and count the number of CCTV cameras at MRTs, void decks, coffee shops and other public spaces. However, politicising a public health response that is going to be critical for Singapore’s economic recovery is probably not a good idea.
And that goes for the government as well.
Protecting TraceTogether data legally
The Ministers’ parliamentary speeches this week represent a huge mistake. As we’ve discovered throughout this article, the utility that police officers can gain through TraceTogether data is limited. Taking Minister Shanmugam’s hypothetical situation of a murder, we can see that for the police to find the TraceTogether data useful, they need:
- Perpetrators who are reckless enough to carry a tracing device while committing a crime.
- Perpetrators who didn’t delete the app after committing the crime, or while being investigated.
- Deceased victims to have unlocked phones or tokens so that they can access the data.
- Victims and witnesses to have turned on their TraceTogether app on their phone (the possibility of this might be low since you don’t murder people in Safe Entry guarded, public areas).
- Victim and witnesses to not carry iPhones, because that will lead to tracing issues
- To retrieve the TraceTogether device within 25 days.
This isn’t to say that there isn’t a use case at all – triangulation and other supplementary data can always be extracted. The larger point here is that police usage of the program is inherently limited to a small number of use cases. As such, the benefits that the authorities can derive from it are marginal. So why are they leaving the possibility of using the data open? It might have to do with the ‘just-in-case’ attitude that the government has always had. To some extent, the preparedness has been good to Singaporeans – years of planning and stockpiling ensured that there wasn’t a shortage of masks or food during the pandemic. Lessons learnt from SARS led to protocols for contact tracing. These were all things that brought the Covid-19 crisis under control. However, in this particular case, the attitude has not only politically hurt them, but has hurt public trust in the TraceTogether program.
This is a pity, considering that the government had exhibited much openness and transparency earlier on with regards to the program. It openly disclosed the application’s code for anyone to use and pick apart, and let external experts tear down the token to observe its functions. The technology behind it was also developed in a way that protected privacy and showed that the program was not made for surveillance. Name cards would get deleted every 25 days to ensure data hygiene, and the token was designed as a short-term measure with a non-rechargeable battery that lasted 6 months. These are all features that make TraceTogether less scary as compared to Safe Entry, for example. It’s also why people are understandably angry: the government looks like it has turned its back on the original premises and promises of the program. As such, considering the limited utility of the data, it should have followed Australia’s lead in ring-fencing the app legally. Modelled from TraceTogether’s code, their contact tracing app had its own legislation passed stating that it would only be used for public health purposes. If something similar was done in Singapore, increased public trust could have led to more buy-in and thereby more re-opening of the economy.
Nevertheless, downloading and using TraceTogether is still safe. As we’ve shown in this article, the data loss that you incur is much less than what you’ve potentially already given up. The assurances of TraceTogether data being used for the most serious of crimes is also believable since police would find it hard to use on a consistent basis, and the government would encounter a lot of backlash if it did so.
Follow Kopi on Facebook and Instagram to be notified of new articles. Share our passion for storytelling and Singapore? Drop us an email.