The Progress Singapore Party (PSP) has questioned the fitness of COVID-19 contact tracing system TraceTogether in investigating terrorism-related offences.
The Smart Nation and Digital Government Office (SNDGO) on 8 January listed seven categories of serious offences covered under a proposed law that will enable police to access TraceTogether data only when investigating said offences — including terrorism-related crimes.
Party secretary-general Tan Cheng Bock — in a statement dated Saturday (9 January) and shared on Sunday — said that one problem with the above is that it is possible for suspects of terrorism to “forge a different set of metadata” such as their names and other NRIC particulars.
The user of the TraceTogether token or app, said Dr Tan, “might even carry several handsets to throw the investigators off the scent”.
TraceTogether, he added, “was designed to store data for only 25 days”.
“In the case of tracing terror suspects, would the government be storing the data for a longer period because the current period of 25 days may not be sufficient?” Dr Tan questioned.
Dr Tan also questioned if the Government intends to actively monitor data for suspects on the Internal Security Department’s watchlist.
“If so, what are the parameters or modalities of such surveillance?” he added.
Dr Tan, on behalf of the party, also criticised the Government for “backtracking” on its promise to limit the use of data from TraceTogether to contact tracing purposes only.
“Backtracking is not good politics, and it erodes the confidence and social compact of our citizens in our political institutions,” he said.
PSP, he added, is “also concerned that the government’s overreaching powers will discourage people from using the TraceTogether app or token altogether”.
“We need to be singular in purpose when it comes to contact tracing and in our fight against this pandemic. We fear that the government’s latest move may result in a loss of confidence in our systems,” said Dr Tan.
S’pore Parliament to pass legislation to limit usage of data from digital contact tracing solutions in February
According to the SNDGO in a statement on 8 January, the upcoming introduction of the aforementioned proposed law aims to “formalise” earlier assurances made by Law and Home Affairs Minister K. Shanmugam and Minister-in-charge for Smart Nation Vivian Balakrishnan that data from TraceTogether, if used for criminal investigations, will only be utilised in probing into serious offences.
The ministers’ remarks came a day after Minister of State for Home Affairs Desmond Tan revealed in Parliament — in response to Holland-Bukit Timah MP Christopher de Souza’s question — that police are empowered by the Criminal Procedure Code (CPC) to access data from TraceTogether for criminal investigations.
SNDGO said that the law also aims to specify that data in the digital contact tracing solutions “can only be used for the specific purpose of contact tracing”.
It is not, however, “in the public interest to completely deny the Police access to such data, when the safety of the public or the proper conduct of justice is at stake”, said the Office.
Thus, if a serious criminal offence has been committed, the police “must be able to use this data to bring the perpetrators to justice, seek redress for the victims, and protect society at large”, said SNDGO on why an exception is made for criminal investigation of serious offences.
There are seven categories of serious offences that will be covered under the proposed legislation, namely:
- Offences involving the use or possession of corrosive substances, offensive/ dangerous weapons, such as possession of firearms and armed robbery with the use of
- Terrorism-related offences under the Terrorism (Suppression of Bombings) Act, Terrorism (Suppression of Financing) Act, and Terrorism (Suppression of Misuse of Radioactive Material);
- Crimes against persons where the victim is seriously hurt or killed such as murder, culpable homicide not amounting to murder, voluntarily causing grievous hurt (where the victim’s injury is of a life-threatening nature);
- Drug trafficking offences that attract the death penalty;
- Escape from legal custody where there is reasonable belief that the subject will cause imminent harm to others;
- Kidnapping; and
- Sexual offences deemed to be serious or severe such as rape and sexual assault by penetration.
“The data cannot be used in the investigations, inquiries or court proceedings of any other offence besides these seven categories,” SNDGO stressed.
SNDGO said that the proposed law will be introduced in the next Parliament sitting in February on a Certificate of Urgency.
The Office noted that Mr Shanmugam and Dr Balakrishnan held a public consultation on Friday with members of the press, the legal fraternity, technology experts, and academia on Friday to hear their views on the matter.
“The views gathered will inform the debate on the upcoming legislation,” said SNDGO.
SNDGO’s statement on the upcoming proposed law came after public outcry against the disclosure regarding how TraceTogether data could be used in police investigations and — as stated by Mr Shanmugam in Parliament — may even be produced in court or used at trial when relevant, contrary to previous assurances that the data will not be utilised beyond COVID-19 contact tracing.
Dr Balakrishnan, alongside Education Minister Lawrence Wong who co-chairs the multi-ministry task force on COVID-19, said at a press conference on 8 June last year that data from both the TraceTogether app and token will not be used for anything other than for contact tracing.
On 5 June, Dr Balakrishnan gave the same response to MP Murali Pillai in Parliament when the latter questioned the confidentiality of the data collected.
The Minister reiterated — following a written response — that TraceTogether data is “stored only on your own phone in the first instance, and accessed by MOH only if the individual tests positive for COVID-19”.
The data, said Dr Balakrishnan, “is only used for contact tracing”, adding that safeguards “including encryption” are present to protect the data “from malicious hackers”.
Should close contact data be required for contact tracing, he said, “only a small group of authorised officers in MOH will have access to it” and “all the public sector data protection rules will also apply”.