Singapore Police Can Access COVID-19 Contact Tracing Data For Criminal Investigations (zdnet.com) 93
An anonymous reader quotes a report from ZDNet: Singapore has confirmed its law enforcers will be able to access the country's COVID-19 contact tracing data to aid in their criminal investigations. To date, more than 4.2 million residents or 78% of the local population have adopted the TraceTogether contact tracing app and wearable token, which is one of the world's highest penetration rates. [...] In its efforts to ease privacy concerns, the Singapore government had stressed repeatedly that COVID-19 data would "never be accessed unless the user tests positive" for the virus and was contacted by the contact tracing team. Personal data such as unique identification number and mobile number also would be substituted by a random permanent ID and stored on a secured server.
However, the Singapore government now has confirmed local law enforcement will be able to access the data for criminal investigations. Under the Criminal Procedure Code, the Singapore Police Force can obtain any data and this includes TraceTogether data, according to Minister of State for Home Affairs, Desmond Tan. He was responding to a question posed during parliament Monday on whether the TraceTogether data would be used for criminal probes and the safeguards governing the use of such data. Tan said the Singapore government was the "custodian" of the contact tracing data and "stringent measures" had been established to safeguard the personal data. "Examples of these measures include only allowing authorized officers to access the data, using such data only for authorized purposes, and storing the data on a secured data platform," he said. He added that public officers who knowingly disclose the data without authorization or misuse the data may be fined up to SG$5,000 or jailed up to two years, or both.
Asked if police use of the data violated the TraceTogether privacy pledge, Tan said: "We do not preclude the use of TraceTogether data in circumstances where citizens' safety and security is or has been affected, and this applies to all other data as well." He noted that "authorized police officers" may invoke the Criminal Procedure Code to access TraceTogether data for such purposes as well as for criminal investigation, but this data would, otherwise, be used only for contact tracing and to combat the spread of COVID-19.
However, the Singapore government now has confirmed local law enforcement will be able to access the data for criminal investigations. Under the Criminal Procedure Code, the Singapore Police Force can obtain any data and this includes TraceTogether data, according to Minister of State for Home Affairs, Desmond Tan. He was responding to a question posed during parliament Monday on whether the TraceTogether data would be used for criminal probes and the safeguards governing the use of such data. Tan said the Singapore government was the "custodian" of the contact tracing data and "stringent measures" had been established to safeguard the personal data. "Examples of these measures include only allowing authorized officers to access the data, using such data only for authorized purposes, and storing the data on a secured data platform," he said. He added that public officers who knowingly disclose the data without authorization or misuse the data may be fined up to SG$5,000 or jailed up to two years, or both.
Asked if police use of the data violated the TraceTogether privacy pledge, Tan said: "We do not preclude the use of TraceTogether data in circumstances where citizens' safety and security is or has been affected, and this applies to all other data as well." He noted that "authorized police officers" may invoke the Criminal Procedure Code to access TraceTogether data for such purposes as well as for criminal investigation, but this data would, otherwise, be used only for contact tracing and to combat the spread of COVID-19.
implying it's only Singapore (Score:2, Insightful)
Re: (Score:2)
They (the notorious They) do this all over the World. No one even slightly informed thinks our overlords take our privacy seriously.
Well, I guess it shows that we, in the UK,were right to reject our government's original app and wait for the one which only uses anonymous IDs, leaving our privacy^W^W Googles (or Apple's) monopoly^W gracious control over our personal data intact. So glad.
Re: (Score:2)
Well, I guess it shows that we, in the UK,were right to reject our government's original app and wait for the one which only uses anonymous IDs, leaving our privacy^W^W Googles (or Apple's) monopoly^W gracious control over our personal data intact. So glad.
Yes indeed! There were actually dozens of apps being developed by a whole bunch of people competing for the work, and who knows what they would have done with the data for "research" purposes. It would be really interesting to know what led to Apple and Google preventing all that -- was it just technical, was it principled data protection, was it a mix of self interest which happened to protect the user as well...
Re: (Score:2)
Re:implying it's only Singapore (Score:5, Insightful)
They (the notorious They) do this all over the World.
Your nihilistic attitude that "everybody does it", they are all the same, and nothing we do matters, is both wrong and harmful.
There are some places in the world, including the EU, where privacy rights are much more protected than others.
Citizen activism is what makes the difference.
Re: (Score:2)
Not like the US is any better, with one pays the lawyers
Having lawyers who get paid is an advantage, not a disadvantage.
Also, the contract tracing happens at the County level, by a Health Department that has independent personnel and budgeting from the state or federal authorities.
We do it this way for a reason. If they try to do some bullshit, they'll get caught, because they're just little people, and they don't have any significant power over the workers in the office if they leak the truth.
We have too many people in prison because we have too many crimes and
Re:implying it's only Singapore (Score:4, Interesting)
Re: (Score:1)
Yet when anyone here suggests that various covid measures are likely to be abused and constitutional rights like the 4th and 1st should be stood up for even at some human cost. Assholes like rslivergun here attack you.
This is an object lesson in why you DONT give government power to do this shit and the people protesting contract tracing and lock downs are not just clowns going "but muh rights" as he claims but also people who are legitimately concerned about real abuse.
Re: (Score:2)
Isn't it a better example of the need for a guaranteed right to privacy? Something explicitly spelled out and untouchable.
Re: (Score:2)
'Your nihilistic attitude that "everybody does it", '
Nope, it's not Nihilistic, it's demonstrable fact. Statistically, what sort of person gets into a position of power in government? Is it a good-hearted, honest person, or a conniving backstabbing megalomaniac? It's the latter - because they are the most ruthless. Then they are the ones who rule over us. A political party is like a sieve for finding sociopaths.
Re: (Score:2)
Well, they do seem to want to protect your privacy with regard to private corporations and entities, but not so much with the government itself.
I see the extreme proliferation of cameras all around cities in the UK for example....the govt itself doesn't have a problem with spying on people.
That's the one I worry more about myself.
Re: (Score:2)
There are some places in the world, including the EU, where privacy rights are much more protected than others.
They certainly say so.
Re: (Score:2)
our overlords
WOOwooWOOwooWOOwoo
Paris Hilton is a Bilderberger.
Some day your fat ass willl be rendered to make skin care products.
If you're lucky. Or the Lizard People will end up with you. Do pay close attention when the sorting begins, if you have a preference.
Re: (Score:2)
They (the notorious They) do this all over the World. No one even slightly informed thinks our overlords take our privacy seriously.
That's not the problem.
"...used only for contact tracing and to combat the spread of COVID-19."
It's the blatant fucking lying that's the problem. Enough with that stupid shit. It's almost as dumb as the society that believes it.
Re: (Score:2)
Location data being collected for ulterior reasons (Score:5, Insightful)
Re: Location data being collected for ulterior rea (Score:3)
Re: Location data being collected for ulterior rea (Score:4, Insightful)
I also think it's wrong and unethical of government and policy makers to push the use of a tracing app with promises the data will be sandboxed only to change it to a person tracing app.
It kills people. Because of this utter evil, many people will not use the app, and more may even go so far as to not trust anything "from" the government like a vaccine.
Re: (Score:1)
The Covid debacle has done it for me.
Everything they told us was a lie, every step of the way, every month a new one, conveniently forgetting the earlier ones. And the press in the EU has been going hand in hand with it, agreeing with every government policy, every government utterance, every laughable rule. (In the US, people still think the press is against the government. That was only because Trump was government. The press is against Trump, and when there's the enemy of Trump in government, you will se
Re: (Score:2)
Some folks like you understand what's going on. Most do not, and there aren't enough of us to make much of a difference at the policymaking level.
None of this is to downplay the real suffering caused directly or indirectly by this disease.
But, basically, every government in the world now understands that they can do exactly whatever the fuck they want, and almost all people are simply too scared to try to object. Furthermore, for each person capable of critical thinking regarding what we are being told, a
There is no location data in the Apple/Google apps (Score:5, Insightful)
The Apple / Google contact tracing app doesn't store or use any location information, and very cleverly protects privacy. That's the system mostly used in the US.
If a government decides not to use that method and to understand do location tracking, yeah they just might have a motive for that decision. :)
Re: (Score:2)
There is no guarantee that the apps built around the API donâ(TM)t collect any peripheral data, especially on Android where location permissions and API access are an all or nothing deal.
Then write your own app, it's open source.
Re: (Score:1)
Did you mean, write your own new version of Android with different APIs?
Re: (Score:2)
No, I meant write your own app. I can't imagine the confusion that must exist inside your brain to think that you'd have to rewrite an operating system just to get write a contact tracing app.
Re: (Score:2)
No, I meant write your own app. I can't imagine the confusion that must exist inside your brain to think that you'd have to rewrite an operating system just to get write a contact tracing app.
LOL you already forgot the whole slashdot discussion when they were building the apps, that covered the permission system, the security and privacy limits of the system, and why it was built the way it was. What a maroon.
Re: (Score:2)
I read the API specification. You're ignorant and dumb.
Re: (Score:2)
LMFAO
Yes, indeed, that would tell you everything about everything, it would even point out and explain the criticisms!
DERP! DERP!
Re: (Score:2)
ok? But unfortunately you understand nothing of it, so gtfo until you do.
Re: (Score:2)
LOL
You're all "I know you are but what am I!" and you don't even remember what it was.
Re: (Score:3, Insightful)
I have mod points but it's important to voice and to understand that until we have laws guaranteeing our privacy, what is sold as none invasive is very invasive. While the app may not collect private information it blares out an ID to all withing the bluetooth distance. It's ideal for beacons to pickup and trace your movement. There is very little honesty in business and government and hardly any legal recourse for individuals when there is abuse. The app may not collect data on your phone but it's far fro
Re:There is no location data in the Apple/Google a (Score:5, Informative)
The "id" you speak of is a random number generated every 10-20 minutes. Precisely so that it can't be used to trace movement. If you have a hash A while you're in one store, by the time you get to a different store you have a different hash based on a freshly chosen random number.
The reason it's changed every 10-20 minutes rather than every 15 is to even better protect privacy - your phone randomly chooses the time. That mitigates the possibility that someone could figure out that somebody has been in the store for a given amount of time, based on hash changes.
https://www.google.com/covid19... [google.com]
It's really quite clever - they had some really bright people put real work into finding cool ways to protect privacy.
Re: (Score:1)
The "id" you speak of is a random number generated every 10-20 minutes. Precisely so that it can't be used to trace movement.
LOL that would be fine if contract tracing was something that ran once a day, instead of something that runs continuously.
You just wave your hands like a moron anyway.
Re:There is no location data in the Apple/Google a (Score:4, Informative)
The "id" you speak of is a random number generated every 10-20 minutes. Precisely so that it can't be used to trace movement.
LOL that would be fine if contract tracing was something that ran once a day, instead of something that runs continuously.
You just wave your hands like a moron anyway.
Which is why your phone keeps a record of the ids it has broadcast and only ever shares them when you indicate you have tested positive. Every other phone then checks the daily broadcast list of positive ids and tells their owners if there is a match. Thus unless the person possessing the ID tests positive there is not any trivial way to connect IDs to an individual. Even if you falsely added ID as positive the phone that broadcast that ID would ignore it as it has not seen itself. Also as this functionality is opaque to the contract tracing app on the phone, you would need to capture the O/S to abuse it for mass surveillance; and if you can do that you do not need a contract tracing app to track people anyway. It is a pretty elegant solution, I would be interested if anyone can think of a better one?
Re: (Score:2)
So the person who tests positive is just a zombie with no privacy rights?
No thanks, I trust my County Health Department to do the contract tracing.
Re: (Score:2)
The person who tests positive doesn't reveal their name in the app. You just find out that somebody who chose the random number 94720472046392 tested positive.
Doesn't need to be... you're still trackable (Score:2)
The "id" you speak of is a random number generated every 10-20 minutes. Precisely so that it can't be used to trace movement. If you have a hash A while you're in one store, by the time you get to a different store you have a different hash based on a freshly chosen random number.
The reason it's changed every 10-20 minutes rather than every 15 is to even better protect privacy - your phone randomly chooses the time. That mitigates the possibility that someone could figure out that somebody has been in the store for a given amount of time, based on hash changes.
All of that only means you're not trackable in real time - should we take the word of a corporation as truth and should we put the faith in the government that it is not willing to break the laws, rules, mores or promises.
But... The moment you or someone you were near checks in as positive...
Everyone you and them have had contact with becomes reverse-trackable - thanks to all the people you bumped into along the way who had some form of tracking turned on.
Just take all their tracking data, perhaps from thei
Guess who makes Android? (Score:2)
> should we take the word of a corporation as truth and should we put the faith in the government that it is not willing to break the laws, rules, mores or promises.
Actually my faith on this is faith in the mathematical proof.
A mathematical proof which I've actually had to do, so I therefore understand it quite thoroughly.
Ive actually had to do the mathematical proof that a hash such as used here is what we call "indistinguishable from random". That means that if I receive a hash, say 9462947294610473027
Re: (Score:2)
They can make all the promises about that app not using it that they want, but like say, it gets turned on for everything.
As it is, the reason a lot of apps can't track me is that I only turn on location when I'm going to the woods.
Sure, I could disable all the carrier tools, and google apps, but sometimes they're needed. Being able to turn off location is a critical privacy feature. Without that, I'd switch to a USB mobile network adapter, and run an IP phone service on something custom.
You can spot that
Re: (Score:2)
> As it is, the reason a lot of apps can't track
> me is that I only turn on location when I'm
> going to the woods.
So exposure tracking is evil because "they" might lie about what it really does. But "turning off" location is good because "they" would not lie to you about what that switch actually does.
Exposure tracking has less issues than using closed hardware and software. Avoiding the Google/Apple exposure tracking for privacy reasons but using a mobile phone may give you a warm feeling because
Re: (Score:2)
> As it is, the reason a lot of apps can't track
> me is that I only turn on location when I'm
> going to the woods.
So exposure tracking is evil because "they" might lie about what it really does. But "turning off" location is good because "they" would not lie to you about what that switch actually does.
Exposure tracking has less issues than using closed hardware and software. Avoiding the Google/Apple exposure tracking for privacy reasons but using a mobile phone may give you a warm feeling because you're oh-so-independent but it is pure symbolism.
Yeah, a guy who can't figure out a quote tag is going to lecture me on the impossiblity of knowing various details. Checks out.
Re: There is no location data in the Apple/Google (Score:2)
That's exactly my problem with it, the open source app in my country doesn't track my whereabouts, but since forever I kept my location off. Now Google has decided that with BLE it's possible to do some kind of tracking, so for that to be enabled, one has to turn on location. And when using the app, my phone time and again warned me about Google services using my location. Add up to that that under the patriot act, the US government can get that data from Google secretly, this really sucks.
Re: (Score:2)
"Laws" don't do squat in Singapore.
They're a city-state with a single party government.
Re: (Score:1)
"Laws" don't do squat in Singapore.
They're a city-state with a single party government.
It's actually technically no longer a single-party government due to the shocking slap in the face by disgruntled voters in the recent General Election. Still, the People's Action Party retains super-majority so effectively it does what it wants with impunity as has been demonstrated in so many instances since the election.
Re: (Score:2)
No, the app does not "blare out an ID". That's not at all how it works.
The Google/Apple system only transmits random numbers, and does it at the OS level. The app does not get Bluetooth permission, all it can do it collect the random numbers generated and transmitted/received by the OS. Those numbers change regularly so are useless for tracking.
Re: (Score:2)
We have all kinds of laws and the fourth amendment that are supposed to protect our privacy among other things. That did not stop the NSA from hovering up everyone's phone records. Even when it came to light and it was mostly found to be illegal. It took YEARS to get them to even pretend to stop doing it (and as far as verification of that the best we get it "you have to trust us"), and not a single person was punished or really held to account in any fashion (well except the guy who exposed it).
Personally
Re: (Score:2)
That's the system mostly used in the US.
The US isn't using an app at all, contract tracing is done by each County.
Some counties paid for an app, but nobody is using it.
Re: (Score:2)
The Apple / Google contact tracing app doesn't store or use any location information, and very cleverly protects privacy. That's the system mostly used in the US.
If a government decides not to use that method and to understand do location tracking, yeah they just might have a motive for that decision. :)
this is how the Singapore app works too. When you register the app (or the standalone bluetooth token), you give the Ministry of Health your contact details, but the phone apps and tokens only swap your random ID with each other, and those exchanges stay on the device.
If you are diagnosed with Covid-19, the MOH gives you a code you put into the phone app that will let it upload all the recent exchange data to their website, where it can be associated with your contact details. (Or you give them the bluetoot
Re: (Score:2)
>> If a government decides not to use that method and to understand do location tracking, yeah they just might have a motive for that decision. :)
I reckon you're right:
Australia’s app is based on Singapore’s
Coronavirus apps: how Australia's Covidsafe compares to other countries' contact tracing technology [theguardian.com]
To rub salt in the wound, our government spent about $AUD2 million (~$USD1.5 million) developing it, and a further $AUD7 million advertising it. Complete failure: barely anybody used it. I don't think I know anyone who installed it. Every
Re: (Score:2)
If you're in a place where police have this power, then they always have and use this power.
Not all places grant broad powers to police.
In America, we let the cops shoot people, but we don't let them snoop in paperwork without getting permission from a judge every time. And anything related to medical records are exceptionally difficult for them to get.
Mission creep in USA also: (Score:3, Informative)
https://www.newsweek.com/dmv-d... [newsweek.com]
Re:Mission creep in Australia also: (Score:2)
Why I will never install a contact tracing app... (Score:1, Flamebait)
Fuck authoritarians.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Insightful)
You still have a smart phone and you’re worried about privacy?
Re: (Score:2)
We all know what happens when you break the rules (Score:2)
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
Wow, now that's a stupid idea (Score:4, Insightful)
Re: (Score:3)
Probably not. In Singapore most people will consider this a good thing.
Ooh now that's a surprise! (Score:5, Insightful)
They swore COVID-19 tracing apps were just for COVID-19. They promised it would be anonymous and it wouldn't be abused. And lo, COVID-19 isn't even past and it's already abused!
Well color me surprised. I'm shocked. SHOCKED I tell you!
Re: (Score:2)
Is this the app though? It's not clear.
We had this in the UK, but there are two parallel systems. The app is anonymous and the police couldn't use the data even if they wanted to, Google/Apple made sure of that.
The other system is manual contact tracing. Someone goes for a test and it comes back positive, so the government calls them up and asks for details of everyone they have been in contact with lately. They voluntarily (at least in the UK) give that information and the government then calls everyone th
I doubt Singapore did anything of the sort (Score:2)
Re: (Score:2)
Don't worry, they will ignore your warnings next time too, calling you negative for having such a memory to remember things that previously happened and were bad for you... if only there was a word for pre-judging something based on past behavior.... Stereotypes maybe?
But, but!! (Score:2)
Re: (Score:2, Insightful)
Find one story that promises the contract tracing app in Singapore was going to be anonymous. You can't. You are outraged because of your own inability in reading comprehension.
Your post represents everything that is wrong with democracy: voters who don't read.
Re: (Score:1)
I know this is Slashdot, so it's bad form to RTFA, but it's even quoted in the summary that "the Singapore government had stressed repeatedly that COVID-19 data would "never be accessed unless the user tests positive", so there's "one story" for you.
Also in TFA, there is a link to the government's own page (https://support.tracetogether.gov.sg/hc/en-sg/articles/360043234694-How-is-my-data-protected-) that says "Any data shared with the Ministry of Health (MOH) will be used for contact tracing persons possib
Re: (Score:2)
Yeah I messed up on that one LOL
Re: (Score:1)
Wow. Humility and a respectful reply to an admittedly pointed reproof? I'm impressed. You win the internet today.
The series of tubes are belong to you.
This is my surprised face. (Score:2)
Healthy distrust of government is healthy.
Re: (Score:1)
Unless of course it claims to be doing this "for your own good." Or that if you don't do what it says, you'll die horribly from COVID-19. Or that if you don't the eeevul terrorists will win. Or that it's for the children. In those cases, you're an eeevul Conspiracy Theorist, and your viewpoints must be suppressed, by any means necessary.
Once my generation is gone, so will the very last memories of true freedom, or, at least, a feeble attempt to approximate the same.
Absolute Data Corrupts, Absolutely (Score:5, Insightful)
As a (retired) data analyst, I can really dig how wonderful it is to mine data stores for unpolished diamonds. That being said, as a lover of liberty, I'm also appalled at the potential for evil that exists in public data stores. China seems especially adept at (ab)using personal data for political purposes, although you can't discount the recent powerhouse moves by American social media and search empires. Even John Deere takes an extremely arrogant position with data collection and commercialization.
I hear (and generally ignore) conspiracy theorists wax eloquent on these and many other topics, but these government and business players are making a believer out of me. It makes me sad to see all the data potential squandered on such sordid pursuits.
Re: (Score:2)
There is a class if humans that cannot stand anybody else thinking differently from them. These fundamental enemies of freedom manage to corrupt anything. Unless and until the human race gets these defectives under control (and makes very sure they never, ever get into positions of power), this crap will continue. Obviously, this will take a long time and a lot of work. If we ever manage to get there.
Re:Absolute Data Corrupts, Absolutely (Score:4, Insightful)
Re: (Score:2)
Fundamentally, any data that is collected, will be misused. Not may be misused. Will be. The only safe data is data that has not been collected or transmitted. By all means allow people to opt into studies to find those diamonds - but don't blanket collect data, because its net use is only, and can only be, for evil.
Exactly this. Databases like this are ripe for parallel construction abuses, which we have now legalized in the US through FISA court abuses. Between a for-profit prison system and Cancel Culture, we better hope that corrupt future leaders don't get desperate for payoff cash and start mining data to create those profits with tactics not seen since the gestapo.
As Gomer Pyle would have said (Score:1)
Surprise, surprise, surprise.
Authoritarians poison everything. (Score:5, Insightful)
History just refuses to be learned. The minute you let big brother anywhere near health data, it just stops working.
One of the main reasons Polio still hasnt been eradicated was during the tail end of the afghan war, the WHO started a Polio erradication campaign in Pakistan where one of the final hotspots of the disease still existed. And then the CIA came along and planted operatives in the WHO who could go into Taliban areas under the cover of the WHO and Red Cross and do their dirty deeds (spying/sabotage/etc). As expected because most intelligence agencies are incompetent, the Taliban worked it out, and started shooting doctors and spreading conspiracy theories (which had the added spice that in the case of "CIA is using vaccines to invade" was actually kinda true torpedoing the vaccination efforts. And so Polio is still a thing that exists.
I think this is similar. Contract Tracing is a vital capacity to stop this horrifying virus, but part of the selling point of the contract tracing apps are that they are engineered to be privacy respecting. If the cops are using this to go after 'criminals' (And in Singapore being a member of the opposition is enough to get you labeled that.) then that trust is irrevocably broken.
Contract tracing app uptake failed dramatically in Australia, because the current federal govt are widely considered to be invasive assholes with no concept of civil rights or privacy with its chief henchman (homeland security minister Peter Dutton) being famous for constantly coming up with new laws that create crimes with detention or deportation punishments that are judged by him alone and not the court. Of course people took one look at this and went "Uh NOPE", despite the fact that in this case, it was a genuinely privacy respecting design (data anonymised, and some clever use of hashing to prevent the server side from identifying the data sources).
Its the perception that counts, and in this case, singapore govt just killed the perception.
State the liability (Score:5, Insightful)
Whenever somebody states "it will never be used for other purposes" or "it will be stored and accessed securely", they should also state who is liable and what will be the compensation if the statement should later be proven false.
In other news... (Score:1)
A group of brown bears were spotted defecting in nearby woods.