“If COVID-19 is an opportunity for Singapore to accelerate data collection efforts, it should also be an opportunity for speeding the implementation of governance, regulation, and accountability,” said academics.
Associate Professor of History Hallam Stevens and Associate Professor of Sociology Monamie Bhadra Haines at the Nanyang Technological University explored the privacy implications of wearable technology for the purposes of COVID-19 contact tracing in an article on Academia.sg.
This comes on the heels of the government’s recent announcement that it is developing such technology for the purposes of contact tracing following a low uptake and shortcomings of the TraceTogether app launched in March this year. Among the issues is that the Bluetooth required for the app to function is disabled on iOS phones and that it is also a massive drain on the phone’s battery.
The article notes that the wearable device being developed will function similar to the app in that it will Bluetooth connections to exchange unique ID numbers between devices that are in close proximity. This information is then stored in the device for 25 days.
This way, information from the infected individuals devices can be extracted to reveal the ID numbers of other devices it has come in contact with, thus easing contact tracing efforts.
However, the authors note that this new technology has garnered an “overwhelmingly negative reaction”. A petition opposing these wearable devices have garnered over 54,000 signatures.
In response to these concerns, the minister in charge of Singapore’s Smart Nation initiative Mr Vivian Balakrishnan clarified that it is not a tracking device and that it does not track location as it does not have GPS or mobile internet connectivity.
He said in a Facebook post: “It acts as a personal diary, uses Bluetooth proximity data to collate prolonged close contacts, encrypts the data in your personal device, auto erases after 25 days and never leaves the device unless you are infected. If and only if that happens, then the data is used by authorised contact tracers to find people who may have inadvertently infected by you.
We believe we are actually being far more protective of privacy than in many other jurisdictions. We have to get the balance right between public health and personal privacy.”
However, the two associate professors argue that there is more to privacy than just locational data.
Highlighting the phenomenon of “surveillance capitalism”, the authors note that there is “an increasing concentration of personal data, collected by both governments and corporations, that will be used to both predict and control our lives.”
The author go on to say that the proposed wearable devices collects data about proximity and associations, meaning it will know who people have been close to.
“Although location data certainly seems private, information about our associations reveals, potentially, far more about us. Balakrishnan’s comparison to a “personal diary” is unintentionally revealing: for most people, a diary is one of their most personal items. Just because the device is not tracking location, doesn’t mean it’s not tracking us.”
They go on to note that even if the device does not track location by itself, it may inadvertently reveal location when couple with other devices such as a smartphone.
“For instance, if the device is used in combination with smartphones as part of a broader system (as has already been proposed), a wearable carried by one person could exchange IDs with a smartphone carried by another. That second person’s smartphone is linked to a location (via GPS), tying the first person to a place by proxy,” the article explained.
They then go on to point out a couple of instances when such technology has had a negative impact. For example in India, vulnerabilities in the digital identity system called Aadhaar has allowed hackers and scammers to access personal information in order to steal benefits and identities.
There was also the Cambridge Analytica scandal when personal data harvested from Facebook was used to make predictions about a person’s political preferences as well as how susceptible they are to political advertising. The information was then used back in 2016 in an attempt to influence the US Presidential Election.
“In these scenarios, and many others, private data has been used in ways that were not anticipated—or perhaps even conceived of—by the users or the designers of the systems,” say the associate professors.
“The gathering, circulation, aggregation, and analysis of data using artificial intelligence tools is increasingly inscrutable and opaque.”
While Mr Balakrishnan argued that the data from these wearable contact tracing devices will not be centralised, it is inevitable that some of the data will require centralisation and aggregation, said the academics.
As such, they questioned if there are adequate legal safeguards in place to protect the data that will be collected, as well as who would be responsible if the data is misused or misappropriate. And in the case that the data is misused, what recourse is there for individuals or the public?
Though safeguards such as the Official Secretes act are in place, the authors note that the government is still in the process of implementing recommendations for public sector data security. The process is expected to be complete only in 2023.
Noting that regulations often lag behind the development of technologies, the authors argued that if the current pandemic is an opportunity for the country to accelerate data collection efforts, then it should also be an opportunity to speed up the implementation of governance, regulation and accountability.
The article goes on to acknowledge the wariness people have over yet another means of collecting data on them, even if the government promises that the devices won’t be used in that way.