Case Study 2

Pandemic, Technology & Privacy

How Far Will the State Go?

Commentary
Government around the globe are launching contact tracing applications in their fight against
COVID-19. These contact-tracing applications come from the various levels of data collection,
data privacy and security practices. Some applications are mandatory with others are voluntary.

This global trend engenders concerns about privacy and the potential use of these tools
after the pandemic. These concerns emerge as a factor preventing the optimal rate of adoption
of applications and branch into debates if they could be better marketed, or whether they
worked. An Oxford study suggested that contact tracing applications need at least 60%
adoption rate to help prevent the spread of COVID-19.

Contract Tracing Landscape

The landscape is diverse as countries design contact-tracing applications with different
levels of technical features, and legal frameworks for privacy protection. State policy towards
privacy is a significant factor that could affect how entrenched any surveillance technology
would be in a country’s social governance.

In india, the Aarogya Setu contact tracing application was launched as voluntary but
subsequently enforced on “central government” employees and staff of some private
companies. The application’s privacy policy and terms of service lack transparency on how it
“tracks and stores location data”. India’s proposed Data Protection Bill (2019) has been
criticized for oversupply(ing) government intervention and strengthen(ing) the state.

In Europe, the General Data Protection Regulation (GDPR) provides a degree of legal
protection against any infringement of data privacy by contact tracing applications. In
Singapore, the TraceTogether application is designed with transparency and privacy in mind.
The source-code of the TraceTogether is made open-source and it is available for interested
parties to audit. The global research community has begun initiatives to help improve privacy.

***Muhammad Faizal Abdul Rahman and Gulizar Haciyakupoglu are Research Fellows with the Centre
of Excellence for National Security (CENS) and Future Issues and Technology (FIT) Cluster, S. Rajaratnam
School of International Studies (RSIS), Nanyang Technological University (NTU), Singapore. This joint
contribution by CENS/FIT is part of an RSIS series.
However, the extent to which governments would go to enhance the privacy and security of
their contact-tracing applications remains a question. But how would people feel if they gain
nothing from sacrificing more privacy (and face more cyber-attack risks) than they agreed?

Contact Tracing Beyond Healthcare?

While discussions over privacy continue, another related issue is about expanding the reach of
contact tracing applications to people who lack smartphone access. For instance, Singapore is
deliberating the distribution of a wearable contact-tracing device to everyone in the country.
Singapore has also implemented SafeEntry as a mandatory national check-in/checkout system
for high-risk venues such as shopping malls. As countries ease lockdown restrictions, a more
extensive reach is crucial to preventing COVID-19 resurgence. The use of multiple contact-
tracing tools raises the question of how data from various platforms could be mined for
predictive analysis, and inform government policies during and after the pandemic. For
instance, could and should the data be used to predict potential future clusters?

Technology & Social Discontent Scenarios

Social discontent is set to worsen as COVID-19-related restrictions cause widespread economic
disruptions. In the United States, masses have poured to the streets to protest against these
restrictions. The ideological leanings of some protest groups are under scrutiny.

The World Economic Forum foresees a "prolonged recession of the global economy" and social
discontent over the next 18 months. Many countries are likely to see a surge in dissatisfaction
over livelihood matters. To anticipate plausible dangers, imagine a hypothetical country where
citizens demand government interventions in the aftermath of this major crisis. However, the
government is running out of resources and scales back on support measures that should be
easing socioeconomic pressures. Some citizens resort to petty crime or undesirable activities to
mitigate these pressures.

These people eschew the use of contact-tracing applications, given the perceived risk of police
detection, arrest, and shame. Consequently, they become a vector of undetected community
transmission in a new wave of COVID-19.

‘Sousveillance’: Watching the Watchers

In another scenario, some segments of the society are more severely hit by the pandemic. People
in low-wage and low-skilled sectors, the gig economy, and the unemployed are in the most
precarious state. Economist Guy Standing argues that a person in these circumstances “… lives

***Muhammad Faizal Abdul Rahman and Gulizar Haciyakupoglu are Research Fellows with the Centre
of Excellence for National Security (CENS) and Future Issues and Technology (FIT) Cluster, S. Rajaratnam
School of International Studies (RSIS), Nanyang Technological University (NTU), Singapore. This joint
contribution by CENS/FIT is part of an RSIS series.
in public spaces but is vulnerable to surveillance and undemocratic nudging.” The angrier ones
in these groups may find it harder to subjugate their privacy to state surveillance.

They embrace “sousveillance” such as filming police officers on duty. This counterculture of
watching the watchers can be a form of protest. The hypothetical government sees these groups
as potential sources of unrest, hence a “threat” that should be contained.

A possible reaction by some governments to “sousveillance” is to implement more means of

surveillance. This possibility underpins concerns over the uncertainty around the duration of
the use of contact-tracing applications. Would some governments repurpose these tools for
surveillance to clamp down on potential sources of and actual unrest? While there would be
agitators with malicious intent, some may participate in unrest out of social and financial
desperation.

The questions posed here call for attention to issues that are more complex and go beyond
debating human-security. COVID-19 affects national conditions, but more importantly, it affects
the welfare of the fundamental elements of a nation – the individual.

As surveillance technology becomes increasingly entrenched in social governance, governments

should also use it in an empathetic way and uphold individual rights and privacy.

As more countries use technology to enhance anti-COVID-19 measures, surveillance and

privacy are undergoing shifts in practice and norms. These shifts may have profound effects on
social governance and create new issues in a post-pandemic world.

Jeffrey B. Mier Jr. BSHM 1A

April 13, 2022

After reading this case, answer the following questions below.

Questions:

1. Given all the commentaries, how are you going to strike the balance
of ensuring data privacy of hotel guests or restaurant patrons without
compromising the safety of other clients and employees?

ANSWER: As a hotelier, it’s your duty to keep customer’s information safe. The
following are the ways in protecting hotel guest data. Be transparent, the more
open you are with hotel guests about how you acquire and use their data, the

***Muhammad Faizal Abdul Rahman and Gulizar Haciyakupoglu are Research Fellows with the Centre
of Excellence for National Security (CENS) and Future Issues and Technology (FIT) Cluster, S. Rajaratnam
School of International Studies (RSIS), Nanyang Technological University (NTU), Singapore. This joint
contribution by CENS/FIT is part of an RSIS series.
 more trust they will have in you. Employee training, staff should be trained on
the importance of safeguarding guest information as well as how to gather and
enter it into the system properly. A company's privacy policy should be
understood by all employees, and they should know what to do if a violation
happens. Restrict access to sensitive information, Passwords should be used to
gain access to computers or systems that store sensitive data. Only those who
have a genuine need for access should be granted access. The greater the number
of people that have access to a guest's personal information, the higher the risk.

2. Would it be in the public interests if governments expand the use of

the data beyond healthcare to other aspects of social governance, or
not? What would happen if the government leverages the data for
forecasting in non-COVID-related area such as crime prevention and
social management?

ANSWER: Yes, this data will be used as intelligence-led policing. It is a collaborative

law enforcement model that combines increased intelligence operations with problem-
solving policing, information sharing, and police accountability. Its purpose is to direct
enforcement efforts toward high-volume criminals, areas, or crimes in order to influence
resource allocation choices. Intelligence-led policing fosters and, in some ways, depends
on collaboration across many agencies and the community, including not just local
police.

3. The source code of the TraceTogether is made of open-source in

Singapore, and it is available for interested parties to audit. What is
your stand on this statement?

ANSWER: A strong public health response relies heavily on contact tracing. The
goal of contact tracing is to identify people who may have been exposed to the
virus so that they may be isolated before symptoms appear, limiting further
transmission in the population. Tracetogether is a tracing app, as far as we can
tell. This isn't a tracking app. According to the limited information available
about the app, tracking the GPS position of an individual or their contact is not
feasible. The software merely records a list of IDs (i.e., other people) with whom
the user interacts, as well as the time and distance between them. The app will
not be able to acquire the phone numbers of other individuals that are close to

***Muhammad Faizal Abdul Rahman and Gulizar Haciyakupoglu are Research Fellows with the Centre
of Excellence for National Security (CENS) and Future Issues and Technology (FIT) Cluster, S. Rajaratnam
School of International Studies (RSIS), Nanyang Technological University (NTU), Singapore. This joint
contribution by CENS/FIT is part of an RSIS series.
 you. To utilize the system, a cloud-based service will provide random IDs to
phones that will be used to identify them. The only site where both may be
found, the information (phone number and ID) will be in the database on the
server. The quality and effectiveness of built-in controls inside the app itself, as
well as the isolation of data on the device to protect/detect and prevent dangers,
are unknown, as is whether the app may be updated on download for non-
approved reasons. It's unclear whether the program is code-signed and, if so,
what certificate system the receiver, phone, tablet, or other device uses for
authentication.

***Muhammad Faizal Abdul Rahman and Gulizar Haciyakupoglu are Research Fellows with the Centre
of Excellence for National Security (CENS) and Future Issues and Technology (FIT) Cluster, S. Rajaratnam
School of International Studies (RSIS), Nanyang Technological University (NTU), Singapore. This joint
contribution by CENS/FIT is part of an RSIS series.