Leaks of top secret documents by intelligence whistleblower Edward Snowden has exposed Singapore as a key “third party” providing five countries, including the United States and Australia, secret access to Malaysia’s communications data.
This is done by way of Singapore intelligence tapping on the SEA-ME-WE-3 internet cable which runs from Japan to Singapore, Djibouti, Suez, and the Straits of Gibraltar to Northern Germany. SingTel, Singapore’s largest telco which has close relations to the government, allegedly facilitated providing access to the cable. Malaysia and Indonesia are said to be key targets for Australian and Singaporean intelligence.
However, the news, which suggests that the state has the resources to spy on its own citizens, got little traction within the country. Revealed in August, the pageviews only snowballed recently, and even so, it garnered a weaker reaction than the entrance of extra-marital dating site Ashley Madison into Singapore, a move which sparked an outcry among conservative Singaporeans.
It seems that citizens are more concerned about moral policing than the possibility of having their actions monitored by the state.
Singapore has unfettered access to citizen’s data
The recent leaks about the NSA’s highly organized attempts to spy on the world has not led to an outcry in Singapore. Few ask if the government has PRISM-like programs in place to monitor citizens, but few doubt that the state can get private data whenever it wants. It’s an accepted but hidden fact of life.
Online services and Internet Service Providers (ISPs) in Singapore are at the mercy of the government. Laws are so broadly phrased that the government can obtain access to sensitive data like text messages, e-mail, call logs, and web surfing history without court permission. Contrast this with the United States, where a court order or search warrant is required to obtain data without the user’s knowledge.
Singapore’s Computer Misuse and Cybersecurity Act has been amended to let the government compel organizations to do pre-emptive surveillance. The Criminal Procedure Code is phrased in such a way to enable investigators to forcibly obtain any information they need.
The newly enacted Personal Data Protection Act, meanwhile, is aimed more at restricting companies’ use of private data. Government agencies are exempted from most parts of the Act.
The state’s obtaining of user data without permission is historical fact. In 1999, SingTel was found to have scanned its customers’ computers surreptitiously under the orders of the Ministry of Home Affairs. In 2008, ISPs were forced to disclose personal details of its subscribers in a lawsuit involving copyright infringement.
Then between 2008 and 2009, a police officer was arrested for using his office database to obtain the addresses and criminal records of several individuals, including past girlfriends, while an immigration officer was charged with helping his foreign mistress enter the country with a fake identity.
Government data requests
According to a Global Government Request Report released by Facebook, the Singapore government has made 107 information requests in the first half of 2013, which when adjusted to population size, makes it one of the highest in requests per capita (but still lower than the United States). It has made 111 information requests to Google over the same period.
In response to a question made in Parliament about these data requests, Deputy Prime Minister Teo Chee Hean responded that the government has made about 600 combined requests a year to Google, Facebook, and Microsoft from 2010 to 2012, of which the majority were for investigating Computer Misuse and Cybersecurity Act offenses, while the rest were for crimes like corruption, terrorist threats, cheating, theft, gambling and vice. These requests were for non-content data like account-related information and login details.
While the government says that it uses its powers in a lawful manner, it’s worth bearing in mind that Singapore law is noted for its broad and all-encompassing phrasing.
Under the Sedition Act, anything deemed to “excite disaffection against the Singapore government” could be grounds for arrest. The law was recently wielded against political cartoonist Chew Peng Ee and a number of political dissidents in the past.
Security trumps privacy
Singaporeans, however, don’t seem to mind having more surveillance in exchange for better security. A search of Parliament records for the keyword ‘surveillance’ in the past year indicated that Members-of-Parliament raised concerns regarding the lack of adequate surveillance to tackle crime. In contrast, Americans have grown more worried about privacy, placing it above the possibility of terrorist attacks in light of the NSA leaks.
The apathy towards privacy may have something to do with how the harms of crime and terrorism are more easily visualized. Many Singaporeans would say that they have nothing to hide, and therefore, data privacy isn’t important.
But privacy does matter. According to Daniel Solove, professor of law at George Washington University, state surveillance increases the power that the government has over citizens by denying us the ability to participate in how our information is used. This one-sidedness can potentially result in abuse since citizens have no knowledge about the data that’s collected about them, and hence are unable to raise concerns.
It’s possible to gauge your political preferences – despite the fact that voting is secret in Singapore – and criminal tendency by getting data from social media posts, email, location-based services, and bank transactions. The data can then be compiled into a profile of an individual, and used to deny you certain rights and privileges.
While I’m not suggesting that the government has done so, it’s certainly within a realm of possibility for a future government given the lack of checks and balances. Singapore’s Prime Minister himself has admitted that the government prioritizes public housing upgrades in sectors that have voted in favor of the ruling party. A future government could take this one step further and prioritize services for citizens based on desired behavior. It could also use uncovered crimes – which include mundane acts like using copyrighted content without permission – as leverage against individuals.
The lack of transparency also means that citizens would have no opportunity to correct erroneous data, and no chance to change the dossier made about them by the government. Solove brings up a plausible scenario:
Suppose government officials learn that a person has bought a number of books on how to manufacture methamphetamine. That information makes them suspect that he’s building a meth lab. What is missing from the records is the full story: The person is writing a novel about a character who makes meth. When he bought the books, he didn’t consider how suspicious the purchase might appear to government officials, and his records didn’t reveal the reason for the purchases.
This creates paranoia which causes citizens to stop debating openly or participate in civil activism due to the state’s ability to penetrate deep into our most intimate behavior.
As surveillance rises, so must checks and balances
The government has been procuring technology to enable better surveillance. Video analytics company Kai Square, which has close links to SingTel, has a technology that enables CCTV cameras to identify and record faces. Users can then execute searches from the archives for matching faces, or compare the images with government data to establish identities.
Drone technology is another area to watch out for. While used primarily for military purposes, it’s a matter of time before they are brought into the civilian field for surveillance purposes. The quantified self and Internet of Things movements would mean that more data about us will be collected automatically – like where we walk, when we sleep – by computing devices in the near future, increasing the possibility and impact of abuse.
The rise of these technologies means that new policies should be put in place by the government to bring about self-regulation and transparency.
In a January Parliamentary debate about amendments to the Computer Misuse Act, several Members of Parliament have brought up the need for better accountability in obtaining user data for investigating cybercrimes. Suggestions included the setting up of a panel to conduct periodic reviews on past actions and increasing penalties for government officials that abuse their powers.
In a Straits Times article about Singapore’s data surveillance, National University of Singapore law faculty dean Simon Chesterman brought up the need to publish regular reports on how, when, and why surveillance was conducted. Other suggested measures in the report include ensuring surveillance is done by public bodies and not private contractors, as well as allowing individuals harmed by surveillance to claim compensation.
Member of Parliament Hri Kumar Nair was quoted saying that since police powers in Singapore are restricted by the courts, cyber surveillance should be similarly subjected to checks and balances:
Why should cyber surveillance and security be any different? The public must have confidence that things are being done properly, and that no matter who is in government, there are checks in place to protect their interests.”
(Image credit: Mike Fleming)
(Editing by Steven Millward)