This commentary is incredibly inaccurate. The code of version 1 of tracetogether was open sourced in April 2020. The server side wasn't open sourced. There was a hardware based version of tt that went through a community based tear down and it was reliably determined to be only doing (as did the phone app version) ONLY bluetooth-based contact collection. At NO time is any GPS or location data collected. The hardware token only has a bt based hardware and nothing else.
It is true that the Government kept insisting that there is no way the data will be used for any other use and the minister who kept repeating that in parliament subsequently had to apologise that it was indeed used for a murder case. But, legislation was introduced to specifically limit the use cases of any of the data collected - https://www.straitstimes.com/singapore/proposed-restrictions....
The contact data in the phone or hardware token is stored for 21 days in a rolling manner with only the latest 21 days available and should there be a need to send the data to the health authorities in the event that there is a need for actual contact tracing, the data extraction is a two step process: a) the owner of the device (phone/token) has to agree to the extraction b) there is a OTP-like code sent to the individual for it to be entered into the phone for the data to be extracted.
Now, should the person deem that he/she does not want to make the data available, the app in the phone can be deleted and be done with. At which point nothing much can be done for subsequent contact tracing.
The right to privacy of data etc is embodied in the Personal Data Protection Act of 2012 (https://sso.agc.gov.sg/Act/PDPA2012) and all of the data in the app/token is convered by that law.
Yes, trust in the Singapore Government dropped many notches when it was revealed that despite numerous assurances that data won't be used for anything else, that it was indeed used and for a specific criminal investigation, it left a bad impression that the SG govt has not recovered from yet. Suffice to say, as of last month, you can delete the phone app and just take the battery out of the hardware token and be done with it. There are, however, a small set of scenarios where the "SafeEntry checkin" via the tt/token is needed - for places where there are large number of people attending, like weddings, concerts, etc. What I've done is to "force stop" the app in the phone, deny bluetooth access to it and just keep the app still installed.
It is true that the Government kept insisting that there is no way the data will be used for any other use and the minister who kept repeating that in parliament subsequently had to apologise that it was indeed used for a murder case. But, legislation was introduced to specifically limit the use cases of any of the data collected - https://www.straitstimes.com/singapore/proposed-restrictions....
The contact data in the phone or hardware token is stored for 21 days in a rolling manner with only the latest 21 days available and should there be a need to send the data to the health authorities in the event that there is a need for actual contact tracing, the data extraction is a two step process: a) the owner of the device (phone/token) has to agree to the extraction b) there is a OTP-like code sent to the individual for it to be entered into the phone for the data to be extracted.
Now, should the person deem that he/she does not want to make the data available, the app in the phone can be deleted and be done with. At which point nothing much can be done for subsequent contact tracing.
The right to privacy of data etc is embodied in the Personal Data Protection Act of 2012 (https://sso.agc.gov.sg/Act/PDPA2012) and all of the data in the app/token is convered by that law.
Yes, trust in the Singapore Government dropped many notches when it was revealed that despite numerous assurances that data won't be used for anything else, that it was indeed used and for a specific criminal investigation, it left a bad impression that the SG govt has not recovered from yet. Suffice to say, as of last month, you can delete the phone app and just take the battery out of the hardware token and be done with it. There are, however, a small set of scenarios where the "SafeEntry checkin" via the tt/token is needed - for places where there are large number of people attending, like weddings, concerts, etc. What I've done is to "force stop" the app in the phone, deny bluetooth access to it and just keep the app still installed.