Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Crime

Singapore Police Can Access COVID-19 Contact Tracing Data For Criminal Investigations (zdnet.com) 93

An anonymous reader quotes a report from ZDNet: Singapore has confirmed its law enforcers will be able to access the country's COVID-19 contact tracing data to aid in their criminal investigations. To date, more than 4.2 million residents or 78% of the local population have adopted the TraceTogether contact tracing app and wearable token, which is one of the world's highest penetration rates. [...] In its efforts to ease privacy concerns, the Singapore government had stressed repeatedly that COVID-19 data would "never be accessed unless the user tests positive" for the virus and was contacted by the contact tracing team. Personal data such as unique identification number and mobile number also would be substituted by a random permanent ID and stored on a secured server.

However, the Singapore government now has confirmed local law enforcement will be able to access the data for criminal investigations. Under the Criminal Procedure Code, the Singapore Police Force can obtain any data and this includes TraceTogether data, according to Minister of State for Home Affairs, Desmond Tan. He was responding to a question posed during parliament Monday on whether the TraceTogether data would be used for criminal probes and the safeguards governing the use of such data. Tan said the Singapore government was the "custodian" of the contact tracing data and "stringent measures" had been established to safeguard the personal data. "Examples of these measures include only allowing authorized officers to access the data, using such data only for authorized purposes, and storing the data on a secured data platform," he said. He added that public officers who knowingly disclose the data without authorization or misuse the data may be fined up to SG$5,000 or jailed up to two years, or both.

Asked if police use of the data violated the TraceTogether privacy pledge, Tan said: "We do not preclude the use of TraceTogether data in circumstances where citizens' safety and security is or has been affected, and this applies to all other data as well." He noted that "authorized police officers" may invoke the Criminal Procedure Code to access TraceTogether data for such purposes as well as for criminal investigation, but this data would, otherwise, be used only for contact tracing and to combat the spread of COVID-19.

This discussion has been archived. No new comments can be posted.

Singapore Police Can Access COVID-19 Contact Tracing Data For Criminal Investigations

Comments Filter:
  • They (the notorious They) do this all over the World. No one even slightly informed thinks our overlords take our privacy seriously.
    • They (the notorious They) do this all over the World. No one even slightly informed thinks our overlords take our privacy seriously.

      Well, I guess it shows that we, in the UK,were right to reject our government's original app and wait for the one which only uses anonymous IDs, leaving our privacy^W^W Googles (or Apple's) monopoly^W gracious control over our personal data intact. So glad.

      • by Bongo ( 13261 )

        Well, I guess it shows that we, in the UK,were right to reject our government's original app and wait for the one which only uses anonymous IDs, leaving our privacy^W^W Googles (or Apple's) monopoly^W gracious control over our personal data intact. So glad.

        Yes indeed! There were actually dozens of apps being developed by a whole bunch of people competing for the work, and who knows what they would have done with the data for "research" purposes. It would be really interesting to know what led to Apple and Google preventing all that -- was it just technical, was it principled data protection, was it a mix of self interest which happened to protect the user as well...

      • Exactly. We're all just a bunch of very stupid Brits at the end of the day. Our Government tracks us already cell towers, while pairing this info with our card transactions, ANPR matches from our cars etc. to know where we are at all times anyway. All we achieved by not doing as told was causing more death and greater intrusions into our everyday lives. To truly keep our privacy intact, we'd all have to act like Richard Stallman, minus the public speeches. I don't see many people doing that. What I do see
    • by ShanghaiBill ( 739463 ) on Monday January 04, 2021 @09:41PM (#60897438)

      They (the notorious They) do this all over the World.

      Your nihilistic attitude that "everybody does it", they are all the same, and nothing we do matters, is both wrong and harmful.

      There are some places in the world, including the EU, where privacy rights are much more protected than others.

      Citizen activism is what makes the difference.

      • by jeti ( 105266 ) on Tuesday January 05, 2021 @03:01AM (#60897990)
        I wish. In Germany, restaurants are obliged to keep lists of their customers for contract tracing. The police started accessing them, even for misdemeanors. As a result, customers started to enter fake names, which sabotaged said contact tracing. The restaurants now have to pay a hefty fine if they don't verify the identity of their customers. They're currently closed, anyway.
        • by DarkOx ( 621550 )

          Yet when anyone here suggests that various covid measures are likely to be abused and constitutional rights like the 4th and 1st should be stood up for even at some human cost. Assholes like rslivergun here attack you.

          This is an object lesson in why you DONT give government power to do this shit and the people protesting contract tracing and lock downs are not just clowns going "but muh rights" as he claims but also people who are legitimately concerned about real abuse.

          • Isn't it a better example of the need for a guaranteed right to privacy? Something explicitly spelled out and untouchable.

      • 'Your nihilistic attitude that "everybody does it", '

        Nope, it's not Nihilistic, it's demonstrable fact. Statistically, what sort of person gets into a position of power in government? Is it a good-hearted, honest person, or a conniving backstabbing megalomaniac? It's the latter - because they are the most ruthless. Then they are the ones who rule over us. A political party is like a sieve for finding sociopaths.

      • There are some places in the world, including the EU, where privacy rights are much more protected than others.

        Well, they do seem to want to protect your privacy with regard to private corporations and entities, but not so much with the government itself.

        I see the extreme proliferation of cameras all around cities in the UK for example....the govt itself doesn't have a problem with spying on people.

        That's the one I worry more about myself.

      • by Agripa ( 139780 )

        There are some places in the world, including the EU, where privacy rights are much more protected than others.

        They certainly say so.

    • our overlords

      WOOwooWOOwooWOOwoo

      Paris Hilton is a Bilderberger.

      Some day your fat ass willl be rendered to make skin care products.

      If you're lucky. Or the Lizard People will end up with you. Do pay close attention when the sorting begins, if you have a preference.

    • They (the notorious They) do this all over the World. No one even slightly informed thinks our overlords take our privacy seriously.

      That's not the problem.

      "...used only for contact tracing and to combat the spread of COVID-19."

      It's the blatant fucking lying that's the problem. Enough with that stupid shit. It's almost as dumb as the society that believes it.

    • Got any evidence, tin foil hat?
  • by klipclop ( 6724090 ) on Monday January 04, 2021 @06:36PM (#60896996)
    I think this was an easy conclusion to make when these apps released. I beli other governments will make the same policies if adoption is as large too. (the info can literally do all the initial detective work)
    • I also think it's wrong and unethical of government and policy makers to push the use of a tracing app with promises the data will be sandboxed only to change it to a person tracing app.
      • by gweihir ( 88907 ) on Monday January 04, 2021 @10:26PM (#60897504)

        I also think it's wrong and unethical of government and policy makers to push the use of a tracing app with promises the data will be sandboxed only to change it to a person tracing app.

        It kills people. Because of this utter evil, many people will not use the app, and more may even go so far as to not trust anything "from" the government like a vaccine.

        • The Covid debacle has done it for me.

          Everything they told us was a lie, every step of the way, every month a new one, conveniently forgetting the earlier ones. And the press in the EU has been going hand in hand with it, agreeing with every government policy, every government utterance, every laughable rule. (In the US, people still think the press is against the government. That was only because Trump was government. The press is against Trump, and when there's the enemy of Trump in government, you will se

          • Some folks like you understand what's going on. Most do not, and there aren't enough of us to make much of a difference at the policymaking level.

            None of this is to downplay the real suffering caused directly or indirectly by this disease.

            But, basically, every government in the world now understands that they can do exactly whatever the fuck they want, and almost all people are simply too scared to try to object. Furthermore, for each person capable of critical thinking regarding what we are being told, a

    • by raymorris ( 2726007 ) on Monday January 04, 2021 @06:42PM (#60897026) Journal

      The Apple / Google contact tracing app doesn't store or use any location information, and very cleverly protects privacy. That's the system mostly used in the US.

      If a government decides not to use that method and to understand do location tracking, yeah they just might have a motive for that decision. :)

      • Re: (Score:3, Insightful)

        by MeNeXT ( 200840 )

        I have mod points but it's important to voice and to understand that until we have laws guaranteeing our privacy, what is sold as none invasive is very invasive. While the app may not collect private information it blares out an ID to all withing the bluetooth distance. It's ideal for beacons to pickup and trace your movement. There is very little honesty in business and government and hardly any legal recourse for individuals when there is abuse. The app may not collect data on your phone but it's far fro

        • by raymorris ( 2726007 ) on Tuesday January 05, 2021 @12:47AM (#60897748) Journal

          The "id" you speak of is a random number generated every 10-20 minutes. Precisely so that it can't be used to trace movement. If you have a hash A while you're in one store, by the time you get to a different store you have a different hash based on a freshly chosen random number.

          The reason it's changed every 10-20 minutes rather than every 15 is to even better protect privacy - your phone randomly chooses the time. That mitigates the possibility that someone could figure out that somebody has been in the store for a given amount of time, based on hash changes.
          https://www.google.com/covid19... [google.com]

          It's really quite clever - they had some really bright people put real work into finding cool ways to protect privacy.

          • The "id" you speak of is a random number generated every 10-20 minutes. Precisely so that it can't be used to trace movement.

            LOL that would be fine if contract tracing was something that ran once a day, instead of something that runs continuously.

            You just wave your hands like a moron anyway.

            • by realxmp ( 518717 ) on Tuesday January 05, 2021 @07:59AM (#60898374)

              The "id" you speak of is a random number generated every 10-20 minutes. Precisely so that it can't be used to trace movement.

              LOL that would be fine if contract tracing was something that ran once a day, instead of something that runs continuously.

              You just wave your hands like a moron anyway.

              Which is why your phone keeps a record of the ids it has broadcast and only ever shares them when you indicate you have tested positive. Every other phone then checks the daily broadcast list of positive ids and tells their owners if there is a match. Thus unless the person possessing the ID tests positive there is not any trivial way to connect IDs to an individual. Even if you falsely added ID as positive the phone that broadcast that ID would ignore it as it has not seen itself. Also as this functionality is opaque to the contract tracing app on the phone, you would need to capture the O/S to abuse it for mass surveillance; and if you can do that you do not need a contract tracing app to track people anyway. It is a pretty elegant solution, I would be interested if anyone can think of a better one?

              • So the person who tests positive is just a zombie with no privacy rights?

                No thanks, I trust my County Health Department to do the contract tracing.

                • The person who tests positive doesn't reveal their name in the app. You just find out that somebody who chose the random number 94720472046392 tested positive.

          • The "id" you speak of is a random number generated every 10-20 minutes. Precisely so that it can't be used to trace movement. If you have a hash A while you're in one store, by the time you get to a different store you have a different hash based on a freshly chosen random number.

            The reason it's changed every 10-20 minutes rather than every 15 is to even better protect privacy - your phone randomly chooses the time. That mitigates the possibility that someone could figure out that somebody has been in the store for a given amount of time, based on hash changes.

            All of that only means you're not trackable in real time - should we take the word of a corporation as truth and should we put the faith in the government that it is not willing to break the laws, rules, mores or promises.

            But... The moment you or someone you were near checks in as positive...
            Everyone you and them have had contact with becomes reverse-trackable - thanks to all the people you bumped into along the way who had some form of tracking turned on.
            Just take all their tracking data, perhaps from thei

            • > should we take the word of a corporation as truth and should we put the faith in the government that it is not willing to break the laws, rules, mores or promises.

              Actually my faith on this is faith in the mathematical proof.
              A mathematical proof which I've actually had to do, so I therefore understand it quite thoroughly.

              Ive actually had to do the mathematical proof that a hash such as used here is what we call "indistinguishable from random". That means that if I receive a hash, say 9462947294610473027

        • "Laws" don't do squat in Singapore.

          They're a city-state with a single party government.

          • by Anonymous Coward

            "Laws" don't do squat in Singapore.

            They're a city-state with a single party government.

            It's actually technically no longer a single-party government due to the shocking slap in the face by disgruntled voters in the recent General Election. Still, the People's Action Party retains super-majority so effectively it does what it wants with impunity as has been demonstrated in so many instances since the election.

        • by AmiMoJo ( 196126 )

          No, the app does not "blare out an ID". That's not at all how it works.

          The Google/Apple system only transmits random numbers, and does it at the OS level. The app does not get Bluetooth permission, all it can do it collect the random numbers generated and transmitted/received by the OS. Those numbers change regularly so are useless for tracking.

        • by DarkOx ( 621550 )

          We have all kinds of laws and the fourth amendment that are supposed to protect our privacy among other things. That did not stop the NSA from hovering up everyone's phone records. Even when it came to light and it was mostly found to be illegal. It took YEARS to get them to even pretend to stop doing it (and as far as verification of that the best we get it "you have to trust us"), and not a single person was punished or really held to account in any fashion (well except the guy who exposed it).

          Personally

      • That's the system mostly used in the US.

        The US isn't using an app at all, contract tracing is done by each County.

        Some counties paid for an app, but nobody is using it.

      • by kinko ( 82040 )

        The Apple / Google contact tracing app doesn't store or use any location information, and very cleverly protects privacy. That's the system mostly used in the US.

        If a government decides not to use that method and to understand do location tracking, yeah they just might have a motive for that decision. :)

        this is how the Singapore app works too. When you register the app (or the standalone bluetooth token), you give the Ministry of Health your contact details, but the phone apps and tokens only swap your random ID with each other, and those exchanges stay on the device.

        If you are diagnosed with Covid-19, the MOH gives you a code you put into the phone app that will let it upload all the recent exchange data to their website, where it can be associated with your contact details. (Or you give them the bluetoot

      • by skegg ( 666571 )

        >> If a government decides not to use that method and to understand do location tracking, yeah they just might have a motive for that decision. :)

        I reckon you're right:

        Australia’s app is based on Singapore’s

        Coronavirus apps: how Australia's Covidsafe compares to other countries' contact tracing technology [theguardian.com]

        To rub salt in the wound, our government spent about $AUD2 million (~$USD1.5 million) developing it, and a further $AUD7 million advertising it. Complete failure: barely anybody used it. I don't think I know anyone who installed it. Every

    • If you're in a place where police have this power, then they always have and use this power.

      Not all places grant broad powers to police.

      In America, we let the cops shoot people, but we don't let them snoop in paperwork without getting permission from a judge every time. And anything related to medical records are exceptionally difficult for them to get.

  • by Tablizer ( 95088 ) on Monday January 04, 2021 @06:42PM (#60897024) Journal
    • And personal accountability, by the Department head who authorized and spent project money this project , should immediately resign or a new rollout that says terms and conditions have changed - Police will get to see this data - Do you wish to uninstall now? Note how blame moves from an individual(and loss of face) to 'Singapore Government' as a generic face. In Australia they have extended this to credit card time of use, CCTV and likely mobile tower dumps. But so far, they are too dumb to use ANR or aut
  • Fuck authoritarians.

    • You misspelled "law". I'm sure you wouldn't mind if someone damaged your car with "hot tar, paint remover, red spray paint, and hatchets. "
  • by rsilvergun ( 571051 ) on Monday January 04, 2021 @06:59PM (#60897082)
    you just made contract tracing impossible for a significant percentage of your population. Why to go geniuses.
  • by Rosco P. Coltrane ( 209368 ) on Monday January 04, 2021 @07:06PM (#60897096)

    They swore COVID-19 tracing apps were just for COVID-19. They promised it would be anonymous and it wouldn't be abused. And lo, COVID-19 isn't even past and it's already abused!

    Well color me surprised. I'm shocked. SHOCKED I tell you!

    • by AmiMoJo ( 196126 )

      Is this the app though? It's not clear.

      We had this in the UK, but there are two parallel systems. The app is anonymous and the police couldn't use the data even if they wanted to, Google/Apple made sure of that.

      The other system is manual contact tracing. Someone goes for a test and it comes back positive, so the government calls them up and asks for details of everyone they have been in contact with lately. They voluntarily (at least in the UK) give that information and the government then calls everyone th

    • they're not exactly known for a brilliant track record on human rights.
    • Don't worry, they will ignore your warnings next time too, calling you negative for having such a memory to remember things that previously happened and were bad for you... if only there was a word for pre-judging something based on past behavior.... Stereotypes maybe?

  • This is all supposed to be anonymous!! We promise!!
    • Re: (Score:2, Insightful)

      by phantomfive ( 622387 )

      Find one story that promises the contract tracing app in Singapore was going to be anonymous. You can't. You are outraged because of your own inability in reading comprehension.

      Your post represents everything that is wrong with democracy: voters who don't read.

      • I know this is Slashdot, so it's bad form to RTFA, but it's even quoted in the summary that "the Singapore government had stressed repeatedly that COVID-19 data would "never be accessed unless the user tests positive", so there's "one story" for you.
        Also in TFA, there is a link to the government's own page (https://support.tracetogether.gov.sg/hc/en-sg/articles/360043234694-How-is-my-data-protected-) that says "Any data shared with the Ministry of Health (MOH) will be used for contact tracing persons possib

  • Healthy distrust of government is healthy.

    • Unless of course it claims to be doing this "for your own good." Or that if you don't do what it says, you'll die horribly from COVID-19. Or that if you don't the eeevul terrorists will win. Or that it's for the children. In those cases, you're an eeevul Conspiracy Theorist, and your viewpoints must be suppressed, by any means necessary.

      Once my generation is gone, so will the very last memories of true freedom, or, at least, a feeble attempt to approximate the same.

  • by walkerp1 ( 523460 ) on Monday January 04, 2021 @07:47PM (#60897196)

    As a (retired) data analyst, I can really dig how wonderful it is to mine data stores for unpolished diamonds. That being said, as a lover of liberty, I'm also appalled at the potential for evil that exists in public data stores. China seems especially adept at (ab)using personal data for political purposes, although you can't discount the recent powerhouse moves by American social media and search empires. Even John Deere takes an extremely arrogant position with data collection and commercialization.

    I hear (and generally ignore) conspiracy theorists wax eloquent on these and many other topics, but these government and business players are making a believer out of me. It makes me sad to see all the data potential squandered on such sordid pursuits.

    • by gweihir ( 88907 )

      There is a class if humans that cannot stand anybody else thinking differently from them. These fundamental enemies of freedom manage to corrupt anything. Unless and until the human race gets these defectives under control (and makes very sure they never, ever get into positions of power), this crap will continue. Obviously, this will take a long time and a lot of work. If we ever manage to get there.

    • by larwe ( 858929 ) on Monday January 04, 2021 @11:07PM (#60897582)
      Fundamentally, any data that is collected, will be misused. Not may be misused. Will be. The only safe data is data that has not been collected or transmitted. By all means allow people to opt into studies to find those diamonds - but don't blanket collect data, because its net use is only, and can only be, for evil.
      • Fundamentally, any data that is collected, will be misused. Not may be misused. Will be. The only safe data is data that has not been collected or transmitted. By all means allow people to opt into studies to find those diamonds - but don't blanket collect data, because its net use is only, and can only be, for evil.

        Exactly this. Databases like this are ripe for parallel construction abuses, which we have now legalized in the US through FISA court abuses. Between a for-profit prison system and Cancel Culture, we better hope that corrupt future leaders don't get desperate for payoff cash and start mining data to create those profits with tactics not seen since the gestapo.

  • Surprise, surprise, surprise.

  • by sg_oneill ( 159032 ) on Tuesday January 05, 2021 @01:07AM (#60897778)

    History just refuses to be learned. The minute you let big brother anywhere near health data, it just stops working.

    One of the main reasons Polio still hasnt been eradicated was during the tail end of the afghan war, the WHO started a Polio erradication campaign in Pakistan where one of the final hotspots of the disease still existed. And then the CIA came along and planted operatives in the WHO who could go into Taliban areas under the cover of the WHO and Red Cross and do their dirty deeds (spying/sabotage/etc). As expected because most intelligence agencies are incompetent, the Taliban worked it out, and started shooting doctors and spreading conspiracy theories (which had the added spice that in the case of "CIA is using vaccines to invade" was actually kinda true torpedoing the vaccination efforts. And so Polio is still a thing that exists.

    I think this is similar. Contract Tracing is a vital capacity to stop this horrifying virus, but part of the selling point of the contract tracing apps are that they are engineered to be privacy respecting. If the cops are using this to go after 'criminals' (And in Singapore being a member of the opposition is enough to get you labeled that.) then that trust is irrevocably broken.

    Contract tracing app uptake failed dramatically in Australia, because the current federal govt are widely considered to be invasive assholes with no concept of civil rights or privacy with its chief henchman (homeland security minister Peter Dutton) being famous for constantly coming up with new laws that create crimes with detention or deportation punishments that are judged by him alone and not the court. Of course people took one look at this and went "Uh NOPE", despite the fact that in this case, it was a genuinely privacy respecting design (data anonymised, and some clever use of hashing to prevent the server side from identifying the data sources).

    Its the perception that counts, and in this case, singapore govt just killed the perception.

  • by dromgodis ( 4533247 ) on Tuesday January 05, 2021 @06:30AM (#60898268)

    Whenever somebody states "it will never be used for other purposes" or "it will be stored and accessed securely", they should also state who is liable and what will be the compensation if the statement should later be proven false.

  • A group of brown bears were spotted defecting in nearby woods.

"It takes all sorts of in & out-door schooling to get adapted to my kind of fooling" - R. Frost

Working...