Tracing the Truth of Singapore's TraceTogether: What's Being Collected, and Who's Using It for What?

At the 37th Chaos Communications Congress (37C3), which took place from 27 to 30 December 2023, Joyce gave a presentation about the TraceTogether and SafeEntry contact tracing systems. A recording of the presentation is embedded below.

In her presentation and associated GitHub repository, Joyce raises a number of privacy questions and concerns:

SafeEntry Gateways are linked to specific locations (such as mall entrances). Given that this effectively combines the SafeEntry and TraceTogether systems together, wouldn't this then create location datapoints that could be used to track a person’s movements, which may invalidate bunnie et al’s assessments?

The public was promised that TraceTogether data would be used only for contact tracing – it was revealed that the Criminal Procedure Code allows police officers to use TraceTogether data for criminal investigations and overrides TraceTogether’s privacy policies. While the government has provided its reasoning on the basis of compromise in the name of public safety and security in stopping specific types of crimes, this does not guarantee reliable calibration of the safeguarding of actual public interest. Who has the mandate and discretion to reliably determine the calibration – especially given that institutional trust has already been broken via the government’s previous opacity in its breach of confidentiality? How will the government deal with potential instances of miscalibration and/or abuse by institutions, departments, agencies or actors in public or civil service?

Are there proper counters to prevent departments from intentionally or accidentally sharing our data and information with other agencies, or employers, or even governments? How might these drive or reshape our consumer habits cyclically?

Overall, these risk the blurring of lines between the public and private realm and corresponding duties, particularly but not exclusively in situations that involve information asymmetries and opacity combined with political lobbying, patronage, clientelism, and other risks of corrupt practices. Are there measures to address potential conflicts of interest? Given that corruption is a difficult matter to solve, far-reaching in its consequences, and global in its scope (e.g. Panama Papers), are there feasible measures to address incentives and disincentives related to these conflicts of interest?

Has TraceTogether and SafeEntry data really been deleted?

On 5 February 2024, Smart Nation Singapore put out a press release, stating:

As of 1 February 2024, all COVID-19 related personal contact tracing data derived from TT and SE has been deleted except the TT data pertaining to a murder case in May 2020 which will be retained by the Singapore Police Force (SPF) indefinitely. This is necessary because legal applications may be made to challenge the conviction or sentence many years after the case has concluded. If so, the SPF may be obliged to disclose the data.

In response, Joyce posted a thread on X (formerly Twitter), noting a discrepancy between the press release and prior news reports about deletion of TraceTogether and SafeEntry data:

In 2023, they said: "MOH has deleted all identifiable TT and SE data from its servers and databases."

What does "identifiable" mean here? What's the difference between identifiable and other kinds of TT/SE data? Cause yesterday's article implies that TT data was deleted in 2024

These concerns are not unfounded. We understand that while the Ministry of Health has deleted its copy of TraceTogether and SafeEntry contact tracing data, a complete copy of contact tracing data had been provided to and retained by the Internal Security Department (ISD).

We also understand that two other complete copies of contact tracing data had been provided to the Police Intelligence Department (PID), under the Singapore Police Force (SPF), and the Security and Intelligence Division (SID), under the Ministry of Defence, for training and further investigative use.

TraceTogether and SafeEntry Data Used to Determine Harvey’s Whereabouts

On 2 February 2021, the Covid-19 (Temporary Measures) (Amendment) Bill was passed in Parliament to "[restrict] the use of personal contact tracing data in criminal investigations to only serious crimes".

We understand that during the period of 19 to 21 November 2021, in connection to Harvey's second and third charges, the police used Harvey's TraceTogether and SafeEntry contact tracing data in order to determine Harvey's whereabouts.

Why was Harvey's TraceTogether and SafeEntry data used to determine her whereabouts for what are ultimately harassment offences, a full 9 months after the Bill was passed?

Does the Chinese Communist Party have access to TraceTogether and SafeEntry data?

As we have previously reported, Hijirah Maker (inferable to be Mercury Jamie Alice) has stated in messages to Carissa:

Harvey publicly dishonoured IO Seah Ming Hui Roger with her 18th November 2021 instastory with the intent to cause him to suffer public disrepute, and so far has not shown any propensity whatsoever to back down despite being targetted by China's State Security Ministry for 28 months for consequences if she does not apologise unreservedly and admit that she was in the wrong, which she consistently refused to do despite being given chance for 2 years.

We note that 28 months before the time of Hijirah Maker's messages would be October 2021. This is only a month before the police usage of Harvey's TraceTogether and SafeEntry data laid out in the previous section. Given that Roger Seah has been a police officer under the Singapore Police Force while also being the head of the Singapore chapter of Wah Kee, an organisation loyal to the Chinese Communist Party, this raises the question: Where does Singaporean citizens' data go to, and whose interests does it serve?