Singapore is reportedly developing a wearable device that may be issued to every resident as a way to facilitate contact tracing during the COVID-19 pandemic. The move, however, has elicited concerns from the public about the lack of privacy associated with contact tracing devices.
An online petition urging the public to reject its use has, to date, garnered more than 17,500 signatures. The online petition notes the implementation of such devices are "blatant infringements upon rights to privacy, personal space, and freedom of movement."
"All that is stopping the Singapore government from becoming a surveillance state is the advent and mandating the compulsory usage of such a wearable device. What comes next would be laws that state these devices must not be turned off [or] remain on a person at all times -- thus, sealing our fate as a police state," wrote Wilson Low, the creator of the online petition.
Low also noted, "We - as free, independent, and lawful members of the public of Singapore - condemn the device's implementation as blatant infringements upon our rights to privacy, personal space, and freedom of movement. We reject the notion that the non-efficacy of the Trace Together initiative be superceded by a regime that could potentially require all members of the public (regardless of their age, susceptibility to disease, or health status) to give up these rights under fear - not of infection from Covid-19 - but of prosecution by the state."
Matt Gayford, Principal Consultant at the Crypsis Group, a McLean, Virginia-based incident response, risk management and digital forensics firm notes that the data collected though the devices used by the Singapore government is said to be retained for 25 days. "This is a step in the right direction, and other organizations should take note," adds Gayford. "Without limits on retention, data can be amassed for citizens to create a centralized tracking database. Privacy-minded citizens should expect that the data will be removed from the system once the retention period expires, but this end-of-life period for the data needs to be clearly stated.”
Rui Lopes, Engineering and Technical Support Director at Panda Security, a Boston, Mass.-based provider of IT security solutions, says, "Notwithstanding the concerns about personal privacy, this technology also introduces multiple concerns about the security threshold of the device itself as well as the data centers where this information is stored. Without next generation endpoint security, network security and more, a malicious attack could be catastrophic for the public."