On Tuesday (2 February), Workers’ Party MP Sylvia Lim questioned on why no one in the Government came forward to rectify the misinterpretation that other Ministers have made in regards to police obtaining data from national contact tracing programme TraceTogether (TT) for criminal investigations.
In her speech in Parliament, Ms Lim said:
“First, it seems to me that the furore about the use of Trace Together data could have been avoided if the government had been clear from the start that the police would be using its powers to access the data. Instead, blanket assurances were given by several Ministers that the TT data would only be used for contact tracing in COVID-19 cases. These blanket assurances were given from at least mid-2020. Minister Vivian Balakrishnan told the House last month that he had forgotten about the Criminal Procedure Code when he gave his assurances, and had sleepless nights thereafter. But the bigger question is: for all these months, why did no one in the government step forward to correct the misrepresentation that Trace Together was fully ring-fenced for COVID tracing?”
However, no answers were given on why no one in the Government pointed out the Ministers’ misinterpretation of privacy feature of TT data.
Timeline of TraceTogether privacy saga
To understand further on the drastic changes made in terms of using data collected from TT, we shall first look how it all started.
The Government launched TT, a mobile application, to help support and boost the contact tracing efforts in order to contain the spread of COVID-19 in the country.
The TT app, which was developed by the Government Technology Agency (GovTech) in collaboration with Ministry of Health (MOH), assured the public that data collected from the app will only be used for contact tracing purposes.
GovTech also gave the assurance that there are several layers of security and privacy safeguard in place, including not accessing to a user’s phone contact list or address book. The app does not also collect or use location data of any kind, such as GPS.
“The app doesn’t identify ‘where’ the exposure to COVID-19 cases may have occurred. It only seeks to establish ‘who’ else might have been exposed to the virus,” according to the TraceTogether website.
“The logs do not contain the user’s phone numbers but a set of cryptographically generated temporary IDs,” the joint press release said.
It added, “The logs leave his or her phone only when he or she uses the app to send the information to authorities to facilitate contact tracing.”
During a Multi-Ministry Taskforce (MTF) press conference on 8 June last year, Education Minister Lawrence Wong, who co-chairs the MTF, and Minister-in-charge of the Smart Nation Initiative Vivian Balakrishnan both stressed that data from the TT app and token would not be used for anything else other than for the purposes of contact tracing.
“There is no intention to use a TraceTogether app, or TraceTogether token, as a means of picking up breaches of existing rules. There is no intention at all. So the app and the device, plus SafeEntry combined, are meant to provide us with information in a timely manner so that we can do speedy, fast, and effective contact tracing. It is not meant as a way to detect offences and breaches of rules,” Mr Wong said.
Adding to Mr Wong’s clarification, Dr Balakrishnan said: “TraceTogether app, TraceTogether running on a device, and the data generated is purely for contact tracing. Period.”
Before that, on 4 June last year, Senior Minister Teo Chee Hean gave the same response to MP Murali Pillai in Parliament when the latter questioned the steps Government have taken to safeguard personal data collected by contact tracing apps.
Mr Teo reiterated that TT data is “stored only on your own phone in the first instance, and accessed by MOH only if the individual tests positive for COVID-19”.
The data, said the Senior Minister, “is only used for contact tracing”, adding that safeguards “including encryption” are present to protect the data “from malicious hackers”.
Should close contact data be required for contact tracing, he said, “only a small group of authorised officers in MOH will have access to it” and “all the public sector data protection rules will also apply”.
Despite the constant assurance from Government officials that TT data will solely be used for contact tracing purposes, Minister of State for Home Affairs Desmond Tan revealed in Parliament on 4 January that the police can use TT data for criminal investigations.
Mr Tan explained that police is empowered under the Criminal Procedure Code (CPC) to get hold of any data, and that includes the data gathered from TraceTogether.
Following heavy debate on this issue, Dr Balakrishnan said in Parliament on Tuesday (2 February) that the Government acknowledged its “error in not stating that data from TraceTogether is not exempt” from the Criminal Procedure Code (CPC).
In fact, Dr Balakrishnan, who is also the country’s Foreign Minister, took responsibility for the mistake in his speeches on Tuesday.
“I take full responsibility for this mistake and I deeply regret the consternation and anxiety caused by my mistake,” he said.
He went on to state that he first realised that TT data could be used for criminal investigations after a member of the public asked him about it in October last year.
Dr Balakrishnan then noted that he spent November checking the CPC and discussed with senior Cabinet ministers on whether it was possible extract TT data from the Code.
What is even more puzzling is that Mr Tan recently revealed that the police had sought and got hold of data from TT to assist a murder investigation in May last year, while Dr Balakrishnan and Mr Wong continued to assure the public that TT data will only be for contact tracing purposes in June 2020.
The Straits Times (ST) reported that the data accessed was used for the Punggol Fields murder.
Why no other Ministers came to clarify the confusion?
While we may give the benefit of the doubt that Dr Balakrishnan was not aware of the powers of CPC, why isn’t Mr Teo, who is also the Coordinating Minister for National Security, making the caveat that CPC may apply to TT data in his reply to MP Murali last June?
If that’s not all, even if Dr Balakrishnan was misguided, why hasn’t anyone from the Ministry of Home Affairs (MHA) or Ministry of Law (MinLaw) come out to correct him?
As a matter of fact, Minister of Home Affairs and Law K Shanmugam was also present at the same Parliament sitting where Mr Teo replied to Mr Murali in June last year. Why didn’t he sound off about the misinterpretation?
Besides the Cabinet members, why did the Attorney General Chambers (AGC) not sound out the matter to the Ministers? After all, AGC is the legal advisor to the Singapore government.
It is rather puzzling to know that a member of the public had to raise the question to Dr Balakrishnan before he could actually check on the matter.
At the end of yesterday’s Parliament session, much have been said about the urgency of implementing the TT app by Dr Balakrishnan and his intention to come clean with the public.
But nothing was said about why the entire Singapore government was oblivious to the mistake – as the minister acknowledges – and silent about the misinterpretation to the public.