The Commission of Inquiry (COI) that will look into the illegal access of data stored by SingHealth of its patients will hold its first hearing in a few weeks.
Based on reports, it has been disclosed that certain hearings will be held behind closed doors due to the sensitive nature of some of the information which, if revealed to all and sundry could lead to further cyber attacks. While I have some sympathy for this view, I hope that it is not used as an excuse to keep confidential mistakes made by those in positions of power.
To reiterate the severity of this incident - the data of 1.5 million people was stolen. This included the personal data of our Prime Minister. Further, it has been widely suggested that the perpetrators of the attack were state sponsored. While the state in question has not been disclosed, it bears noting that there are a few countries in the world who are notorious for hacking. One such country is North Korea. Wouldn't it be ironical if we are hacked by them after we wined and dined them at the Trump-Kim summit?
I accept that the decision has been taken to close off certain hearings from the public. That said, will there be a summary or transcript of each closed hearing to Parliament? Information that could leave us open to further attacks can be redacted but key information such as the individuals who have been negligent and how so should be disclosed. For the COI to have any meaning, there has to be accountability and there can only be accountability if there is transparency.
There has already been much criticism of the members of the COI who are seen as part of the establishment who will protect their own. Further, it has been pointed out that none of the members of the COI are tech security experts. With the backdrop of mistrust coupled with the seriousness of the breach (which saw us in international headlines for the wrong reasons), it is all the more important that all the findings of the COI be made public. The only information to be censored are those that could actually directly lead to further hacks. In other words, no protection of any individuals no matter how high up.
Further, will the COI also investigate why the head of SingHealth was in another country showing no signs of urgency when the story of the hack broke? Clearly, our personal data is of no grave concern to her! What then the data of PM Lee? Is his data not important enough for Ivy Ng to jump on the next available flight?
In principle, there is nothing wrong with safeguarding information that could make us vulnerable to further attacks. However, it is crucial that this is not used as a front to protect those in power from public responsibility!
Editor's note - If one were to look at the terms of reference, one can roughly guess what is the outcome of the COI.