The Use and Abuse of Personal Data by the PAP Government

A 2020 study by Comparitech ranked Singapore the sixth most-surveilled country and 32nd most-surveilled city in the world, with 86,000 cameras trained on a population of 5.9 million. The People’s Action Party (PAP) government has justified the increase in camera surveillance over the years as deterring criminal activities and maintaining national security. Yet a lack of transparency on the data collected through these cameras makes it difficult for observers to understand how surveillance is in fact used. Beyond cameras, digital and electronic surveillance is growing: the surrender of personal data to authorities is required for access to welfare and resources, yet this is likewise untransparent and poorly understood. Are thousands of cameras littered around the country truly necessary? Is data collection excessive? Are individuals not entitled to both privacy and security?

This article explores how the PAP understands governance, information and privacy in the context of surveillance, and how such methods benefit the party rather than society. I aim to shed light on ongoing methods of resistance by individuals and other methods through which the community can better resist government abuses.

Personal data: a resource for technocrats?

The People’s Action Party’s (PAP) technocratic ethos holds that society should be run by technologically- and digitally-savvy experts, eventually honing Singapore into a utopian state for the digital landscape — a “Smart Nation” where everyday life can be drastically improved with the help of sensors and cameras scattered all around us. Data collected from traffic lights and traffic cameras aids in reducing traffic congestion. Surveillance cameras in public areas help monitor public cleanliness as well as inform anti-smoking campaigns. Objectively, this sounds like the next frontier of technology and automation to improve living conditions. However, issues of consent surrounding the prevalence of surveillance and data collection remain elusive. The PAP government does not view privacy as a right but a privilege.^[3] In their view, personal information (e.g one’s internet usage, vehicle movements, and medical history) is a resource to be harnessed. This can be seen through the various narratives that encourage the community to share data so that public agencies or private companies can create “better technology” to improve life quality. Such narratives can be seen through the SmartNation initiatives, launched in 2014 by Prime Minister Lee Hsieng Loong where he said,

“Therefore our vision is for Singapore to be a Smart Nation – A nation where people live meaningful and fulfilled lives, enabled seamlessly by technology, offering exciting opportunities for all. We should see it in our daily lives where networks of sensors and smart devices enable us to live sustainably and comfortably.”

The initiative includes the Smart Enabled Home, where one can use sensors in publicly run senior homes so that families of the elderly can monitor their activity levels and readily access their health information.^[4]  This, together with the ubiquity of CCTVs in housing estates and roads, has reportedly aided in deterring loan sharks and litterbugs, ensuring smooth road traffic and boosting safety as a whole. ^[5]

No data is deemed private by the government, attested to by Singapore’s founding Prime Minister Lee Kuan Yew who saw its citizens as mere “digits” to be economically evaluated and manipulated.^[6]

What is particularly worrying is the lack of protection for citizens’ data in the city-state. The closest Singapore comes to protecting its citizens’ privacy is the Personal Data Protection Act (PDPA). The PDPA was created to govern and regulate the collection, use, and disclosure of personal data in Singapore by private organisations, including those not physically located in Singapore.^[7]  For example, failing to ensure adequate security measures in order to protect customers’ personal data constitutes a breach of PDPA obligations.^[8] The law acknowledges the right to protect personal data but avoids mentioning a right to privacy or data privacy. This right to protection is also only extended to the data provided by individuals to private organisations.^[9] Section 4(c) of the Act exempts public agencies from this law.^[10] Instead, they are governed under the Public Sector (Governance) Act.

Under the Public Sector (Governance) Act, public agencies are allowed to cross-share information despite any obligations to confidentiality under the common law but are bound to confidentiality based on legal privilege or contract.^[11] The Act further reiterates in Section 6(3) that “this Act is not intended to prevent or discourage the sharing of information by Singapore public sector agencies as permitted or required by or under any Act or other law (apart from this Act).”^[12]

This means that while all non-public agencies are lawfully required to protect the data it collects and regulate its use, public agencies on the other hand are legally allowed to use this data they collect in any way they deem fit. When it comes to sharing information within agencies, the parameters are equally loose. 

It then becomes possible for authorities to surveil and collect data regarding any individual on the pretext of national security — whether explicitly or surreptitiously. Even if individuals were to claim that their data was being collected surreptitiously, they would have no legal recourse.^[13] To make matters even more opaque, the PAP government is extremely secretive about what types of information are collected and how they are used.

This lack of transparency has long been consistent with the PAP since 1959 when they first came into power in newly-independent Singapore. Long stretches of power with little to no opposition has accustomed the government to acting without proper checks and balances. Emeritus Senior Minister (ESM) Goh Chok Tong, at a press conference during the 2015 General Election, said that “[the PAP] are [their] own checks, the integrity of the [PAP] leaders and [PAP] members… not this seductive lie of check and balance”.^[14]  Yet as technological surveillance intensifies, it becomes more imperative and urgent to demand for this “seductive lie” of checks and balances to ensure accountability and proper use of power.

Quantifying surveillance

What is surveillance and how are we surveilled? One obvious way is through direct surveillance by closed-circuit television (CCTV) cameras, which are extensive. By September 2020, security cameras had been installed in over 150 zones in the country. Over 600 CCTV cameras cover roads and expressways,^[15] while 52,000 cameras are installed in housing blocks.^[16] There are an estimated five cameras on each public bus, and many more on every train, train station and train depot.^[17]

CCTV cameras are ubiquitous in Singapore. These systems are integrated with facial recognition software which can trace and follow citizens through the city.^[18] These undoubtedly have important uses for catching criminals. In 2015, for example, German vandals were apprehended after being traced through the CCTVs found across the country all the way back to their hotels. Authorities located them in Bangkok and Kuala Lumpur, where they were subsequently arrested and eventually extradited back to Singapore.^[19] [1] 

However, such surveillance is growing in complex and unchecked ways in Singapore. During the 2017 National Day Rally speech, Prime Minister Lee Hsien Loong announced plans to not only increase the number of CCTVs installed in public spaces but to also make every lamppost a smart lamppost, mounted with different types of sensors which can register a range of activities.^[20] Incorporating an automatic face detection mechanism into a database or networked system allows for “considerable information about a person” to be mined, such as detailed records of individuals they meet and activities they participate in.^[21] Furthermore, since the COVID-19 pandemic, there has been widespread adoption of facial recognition temperature screening equipment at entrances of buildings such as offices and shopping malls. ^[22] Meanwhile in prisons, facial recognition cameras are used to “better understand how inmates behave in general” and “pre-empt incidents that could happen”. ^[23]

And surveillance in Singapore today goes beyond just cameras. The government has access to other types of biodata, such as fingerprints and iris scans. By 2025, these will be used as security checkers at all immigration checkpoints.^[24] Authorities have claimed that this will aid in responding to security threats such as terrorist or criminal activities, as well as improve government services.^[25]

Individuals’ National Registration Identity Cards (NRIC or IC) provide the government with even more data. These serve as documentary proof of an individual’s identity and are routinely required when accessing any kind of governmental and business services.^[26] For instance, individuals must provide ICs or passport numbers when purchasing a SIM card and obtaining an internet account.^[27] Registration for the Wireless@SG public wi-fi network also requires identity details.^[28] Through this, phone companies, and by extension the government, have an extensive database of user information such as a record of an individual’s communication, with whom, length of time, and location.^[29] This prevents individuals from remaining anonymous, thereby enabling communication surveillance and interception.^[30]

Another example of extensive data collection is the Singapore Personal Access (SingPass), an identification authentication system tied to the IC which allows individuals to access e-services provided by over 60 government agencies.^[31] Through this portal, Singaporeans can pay their taxes , access healthcare services, and access their Central Provident Fund accounts (CPF), a compulsory retirement savings scheme. While obtaining a SingPass is nominally voluntary, online public services heavily rely on it. SingPass is the gateway for all electronic transactions with the government and as a result, government bodies with access to the database are privy to all such transactions.^[32]

Alongside this, legal frameworks such as the Telecommunication Act and the Criminal Procedure Code authorise wide-ranging state surveillance.

Firstly, Section 58(3)^[33] of the Telecommunication Act permits the Minister to give directions to Internet service providers (ISPs) to use or take control of telecommunication systems and equipment. This is the result of a 2011 expansion on the original purposes and powers of the Act, initially enacted in 1999 in order to provide a regulatory framework to enable the governing body of the telecommunications sector, Infocomm Media Development Authority (IMDA), to exercise a “lighter regulatory hand”. The expanded ministerial powers include Special Administrative Orders (SAOs) to take over and control the functions of a telecommunication service or network, including for the purposes of operational continuity.

Moreover, the Minister has the power to stop, delay and censor messages. The government can access individuals’ sensitive data (text messages, e-mails, call logs and internet history) as collected by ISPs anytime it deems fit on the basis of any public emergency, public interest, or public security and national defence, and the PAP has a track record of defining public security extremely broadly to include virtually all political acts. The exercise of this power does not require judicial permission and is not subject to any immediate oversight.^[34] 

Should ISPs refuse any of the Minister’s directions, they are liable to a fine of up to $1 million or 10% of the annual turnover of their licensed activities. Continued non-compliance brings a fine of up to $100,000 for every day or part thereof.^[35]

ISPs may not disclose any of the information relating to the operation or any orders they were given if the Minister views that it is against the public interest.^[36] Accordingly, any account the government provides relating to the issue cannot be challenged.^[37] In 1999, SingNet (now SingTel) was discovered to have surreptitiously scanned 200,000 customers’ computers under the orders of the Ministry of Home Affairs,^[38] ostensibly to prevent a recurrence of previous hacking incidents.^[39] In 2008, ISPs were forced to disclose the personal details of subscribers involved in the Odex copyright infringement lawsuit.^[40]

Secondly, the Criminal Procedure Code permits the Singapore Police Force, under the purview of the Ministry of Home Affairs, to conduct surveillance of its own. Under Sections 39 and 40,^[41] police officers investigating an arrestable or even non-arrestable offence can access suspects’ computers to search for any data contained or make copies of them without a warrant or special authorisation.[42] This includes web-based email accounts and web storage accounts. [43] Section 16(3) states that police officers or any other authorised persons are able to exercise ^[44]“special powers of investigation” whereby they are allowed to search anyone’s premises. They are, however, not allowed to arrest anyone without a warrant. ^[45]

It doesn’t just stop there. With authorisation from only the Public Prosecutor, officers can decrypt any communications they may require. They do not require judicial oversight. This means that if authorities wanted to gain access to an individual’s private property, all they would have to do is merely investigate them.

This law was further amended in 2018 to grant further technology-related powers to authorities. Then Senior Minister of State for Law Indranee Rajah assured Parliament that the powers “exist only to facilitate criminal investigations” to “keep pace with [the] evolving environment” and to improve efficiency when going through electronic evidence. Tampines MP Desmond Choo “[welcomed] the introduction of enhanced computer-related powers of investigation”, citing the threat of criminals who “capitalise on the anonymity and ease of communication and transaction that technology allows for”.^[46]

Any obstruction to police officers accessing data on computers is an offence and individuals face a fine of up to $5,000 or imprisonment for up to 6 months or both,^[47] while obstruction to decryption carries a maximum fine of $10,000 or up to three years in prison or both.^[48] The PAP government has abused this law in relation to offences that criminalise legitimate political activity, so that police reports filed against political activists and government critics permit the police to legally seize their computers and mobile phones for investigation. Former political detainee Toh Soh Lung and Terry Xu, Editor-in-Chief of now-defunct independent news site The Online Citizen Asia, for instance, saw their equipment held for over a year.

The authorities have remained surreptitious on the exact kinds of data they collect whilst positing these initiatives as necessary for improving welfare and security. The PAP narrative holds that excessive intrusion is necessary to ensure safety. But when left unchecked, these intrusions and surveillance may be abused and misconstrued by the PAP government for political purposes.

The Use and Abuse of Surveillance

No one can be sure what exactly is collected and how it is used. The PAP government is tight-lipped. However, what is clear is that such data collection and monitoring is currently legal under the laws discussed. Judicial permission is not required.^[49] This illustrates how the laws exist to help the government achieve its own ends rather than ensuring transparency and accountability and protecting citizens.

No explicit privacy laws stop the government from collecting private communications, financial data, public transportation records, and medical information without any court approval or private consent.^[50] There is also nothing stopping them from abusing this private information because there is no overseeing independent body such as the judiciary to ensure transparency and accountability.

An example of such misuse of personal information by Ministries can be seen from an incident that happened last year. On July 29 2020, the Ministry of Social and Family Development (MSF) released a statement to respond to a viral Facebook post. That post, since deleted, described an unidentified elderly woman who had to seek a second job to make ends meet. In response,  MSF attempted to clarify the woman’s situation by sharing personal details such as her citizenship status, her living arrangements, her monthly gross salary, as well as her family situation.

Such doxing is commonly used by Ministries to respond to viral online posts that could be construed as critical of the state. They do so by purportedly providing the public with more accurate facts by which they divulge personal information of the persons involved in these situations. For instance, the CPF Board divulged information about an individual’s mandatory savings, medical history, and daughter to rebut her claims of misconduct by CPF. MSF also published the private information of Grab driver “Abdullah”, detailing financial assistance schemes that he and his family had applied for in response to Abdullah’s claims that he was left struggling and without the help of the state.

This tactic is usually used to invalidate criticisms against state entities. The PAP government averts public criticisms by penalising individuals for speaking up, many of whom are already vulnerable and marginalised.

This not only demonstrates a lack of respect and concern for individuals’ privacy, it also highlights the government’s expansive surveillance and tracing capabilities that enable them to easily identify individuals and use their personal information.

Government agencies divulging the private information of individuals acts as a form of social castration of individuals who speak up, a smoke signal to warn against those intending to criticise authorities. In the long term, it undermines people’s trust that the government is acting in the best interest of citizens and individuals, rather than in the best interest of the incumbent party itself and its officers.

Such transparency about data and information is also highly inconsistent. When the Personal Data Protection Commission (PDPC) released detailed information on data breaches by O2 Advertising, AIA and GrabCar, it explained how these breaches happened, how the data was used and the subsequent punishment: SG$10,000 to $15,000 (US$7,500-10,000) in fines. O2 Advertising was also required to appoint a data protection officer and put in place data protection policies and practices.^[51]

However, the same scrutiny is not afforded to state entities. In July 2018, SingHealth, Singapore’s largest group of healthcare institutions, faced a cyberattack: a total of 1.5 million patients’ non-medical personal data and 160,000 patients’ medical records were stolen.^[52] However, no information about the perpetrators or the exact methods of the cyberattack were disclosed by the Cyber Security Agency of Singapore (CSA) on grounds of security.^[53] Despite similar scenarios of serious data leaks mentioned above, details about this particular attack were not disclosed. What did get reported was that SingHealth and Integrated Health Information Systems (IHis) which are all under the purview of the Ministry of Health, were fined SG$250,000 (US$187,000) and SG$750,000 (US$561,000) respectively.^[54] SingHealth’s senior leadership team had also accepted an undisclosed financial penalty.^[55]

Implications for such data breaches can be perilous for individuals, especially those belonging to marginalised communities. In January 2019, the Ministry of Health (MOH) reported that the pre-January 2013 data from the HIV Registry had been illicitly accessed and posted online.  Whilst MOH had initially lodged a police report in 2016 where the police had successfully seized and secured all stolen materials,  affected individuals were only notified two years later — in 2018. In fact, the public admission of the data breach came only after it was discovered that the perpetrator had uploaded residual information online. The disclosed records included names, NRIC, contact details, HIV test results, and other medical information.^[56] The leak was especially harmful to LGBTQ+ individuals who might have not been publicly out yet, especially because the HIV-positive patients were mostly LGBTQ+ individuals. ^[57]

Again, the secrecy and lengthened periods of silence before going public due to public safety highlights the double standards upheld by authorities. Other commercial or non-governmental parties who kept silent during breaches were severely punished for the lack of transparency, while in this instance, MOH was given more lenient treatment.

The Real Utopia To Aspire To

So, what exactly does open and transparent data collection and processing look like? According to the UN Principles on Personal Data Protection and Privacy Principles, there are 10 key principles states and organisations that should be upheld when processing any personal data. In reality, these principles should only be the bare minimum. Yet, Singapore is missing the bar by a few points.

Out of the 10 which can be found here, these are ones that Singapore consistently misses out upon: 

1. Fair, legitimate and transparent processing – processing personal data in a fair and transparent manner with the basis that consent is given and the process is to the best interest of subjects involved. This includes provision of information about the processing of their personal data as well as information on how to request access, verifications, rectifications and deletion.

2. Purpose specification – personal data should be processed for specified reasons while taking into account the balancing of relevant rights, freedoms and interests.

3. Proportionality and necessity – processing of personal data should be relevant, limited and adequate to what is necessary in relation to the specified purposes of personal data processing.

4. Confidentiality – personal data should be processed with due regard to confidentiality.

The PAP government could argue that every step taken to increase surveillance is for the good of the community. However, if citizens are unaware of what exactly is being collected and how they are being collected — how is consent inherently given? Activists argue that Singaporeans have a high threshold for surveillance, using it as a justification for such policies. ^[58] However, having a high threshold does not equate to consent. Mass collection of personal data by the government is not inherently bad but soliciting such data without transparency and consent is. In fact, collection of certain data can lead to positive outcomes — the PAP government just needs to let us know when, where and how they collect and plan to use these data. Transparency is, however, only the bare minimum. To attain a more rigorous understanding of data rights, we need to start working towards data justice.

Professor Linnett Taylor defines data justice as ensuring fairness in the way “people are made visible, represented and treated as a result of their production of digital data”.^[59] She argues that data justice is necessary to determine ethical paths through a digital and datafied world. This means that we can no longer view only the government as the sole proprietors of our data. Instead, as producers of this data — we can and should demand for more transparency and rights.

Singaporeans as non-passive individuals of society.

Despite existing under an authoritative government, Singaporeans are championing data rights in their own ways. TraceTogether is an app developed by the health authorities to facilitate “contact tracing” during the COVID-19 pandemic, by collecting the locational and associational data of individuals.^[60] When it was first released, authorities presented the initiative as voluntary; physical tokens were also made available as an alternative to the mobile phone app. However, when the takeup proved below authorities’ expectations, they slowly shifted toward making the system quasi-mandatory. For instance, politicians signalled that only after achieving  “70% TraceTogether take-up rate” could the country enter its third phase of reopening (allowing residents greater freedom of association), mooting plans to make TraceTogether the only accepted method to enter any buildings or businesses. These slow shifts point to the inevitable de facto compulsory use of TraceTogether and highlight how the PAP government can become heavy-handed when there is resistance against such surveillance.

TraceTogether captures the “who” in the contact tracing process. Its mechanism is “pretty solid” and the idea is “sound” in terms of living up to the promises and purpose set out by the authorities.^[61] It does not have the ability to track live locations as there is no GPS inside the tokens. Data is only stored in local devices and the data collected is anonymous to peers. Authorities such as GovTech and MOH are able to look up the ID to identify the users. Should they even want to use the data, authorities require users’ knowledge, consent and MOH’s keys to decrypt and use the data. Additionally, individuals who have used TraceTogether (app or token) can ask for their data to be deleted by GovTech through de-registering with them. According to Jason Chee, “it would take an enormous effort for a bad actor, (Government or otherwise) to use the data in an intended way because the data is local to the person”.^[62] Before the implementation of TraceTogether, the government rolled out SafeEntry, a data collection system which, according to the government, captures the “where” in the contact tracing process. This system has not received wide scrutiny. Chee has noted that the data collected for SafeEntry is stored in a central government server, seemingly allowing authorities to use the data as they wish. Its privacy statement states “we may share necessary data with other Government agencies so as to serve you in the most efficient and effective way unless such sharing is prohibited by law”.^[63] Yet, as discussed above, the law is not airtight in the data protection department, to say the least.

Theoretically, individuals are able to decline to hand over their data. Additionally, during a press conference on 8 June 2020, Minister of Foreign Affairs and Minister-in-charge of the Smart Nation Programme Vivian Balakrishnan said, “TraceTogether app, TraceTogether running on a device, and the data generated, is purely for contact-tracing. Period.”^[64]

Plot twist, this did not turn out to be true. Data generated could also be — and was — used to help with criminal investigations. As discussed above, declining consent for the purpose of criminal investigation would mean obstructing a criminal investigation which is lawfully punishable.  However, this was not made explicitly known to the public until recently when it was divulged that authorities had used contact tracing data as evidence in an arrest. This revelation to the public reignited conversations on surveillance, government transparency and lack of public trust. As a response, the PAP government amended its COVID-19 Temporary Measures Act 2020 which outlines the dos and don’ts for officers when using contact tracing data (both from TraceTogether and SafeEntry) in criminal investigations. This amendment happened because the public spoke up. The public had helped in pushing the government to be accountable for its actions and be transparent of the uses of its laws. This is a win towards public transparency and data justice. 

Conclusion

Today, surveillance in Singapore today goes beyond footage captured on CCTVs. The government has enacted laws that make it easy for them to surreptitiously monitor or coercively demand data from individuals. No data is lawfully deemed private in the eyes of the government. The government has the power to follow your footsteps, access your sensitive data and scan your possessions without your consent. This is the cost Singaporeans pay in exchange for a nebulous, state-posited idea of “safety”. Yet the PAP government has never been able to demonstrate conclusively how this data improves “safety”, and, instead, the use and regulation of data seems to be more focused on making life easier for the PAP government.

The safety of Singapore’s people is undoubtedly important. However, it is a false dichotomy to suggest that safety and privacy cannot co-exist together. We should not allow safety to take precedence over privacy, or the other way around. One cannot exist without the other. These two factors are rights that individuals should be conferred by the state. Governments can and should work towards protecting the right to privacy of individuals while also ensuring the safety and security of the people. If the PAP government could implement PDPA to regulate private organisations’ use of personal data, implementing laws to regulate public agencies’ use should be on the table too. Laws that uphold privacy already exist in many places including other Asian states such as Taiwan and South Korea. For example, in Taiwan, their version of PDPA is under the purview of the Ministry of Justice.

Aside from structural changes, individuals, citizens and the community too can help push for privacy. Digitally literacy is an important gateway to understanding surveillance and the weight and repercussions of digital innovations. We are then able to ask questions i.e. what is being collected, why is this information required, what are the organisations using this information for etc. These questions push for transparency and accountability while deterring the PAP government from unnecessarily and excessively collecting data. It pushes for data justice. Ultimately, citizens must also hold their government accountable for its actions.

---

^[1] Paul Bischoff, “Surveillance camera statistics: which cities have the most CCTV camera?”, Comparitech, 22 July 2020, https://www.comparitech.com/vpn-privacy/the-worlds-most-surveilled-cities/

^[2] Freedom House, “Freedom on the Net 2017: Singapore”, Freedom House, 2017, https://freedomhouse.org/country/singapore/freedom-net/2017 

^[3] Privacy International, ‘The right to privacy in Singapore’, Universal Periodic Review Stakeholder Report: 24^th Session – Singapore, 2015, https://privacyinternational.org/advocacy-briefing/722/right-privacy-singapore 

^[4] Chris Weller, “Singapore is taking the ‘smart city’ to a whole new level by tracking bathroom visits”, Business Insider, 26 Apr 2016, https://www.businessinsider.in/singapore-is-taking-the-smart-city-to-a-whole-new-level-by-tracking-bathroom-visits/articleshow/51986476.cms

^[5] Janice Heng, “Network of CCTV cameras proving effective”, Straits Times, 9 Mar 2016, https://www.straitstimes.com/singapore/network-of-cctv-cameras-proving-effective

^[6] See: Lee Kuan Yew’s Speech in Parliament on 14^th December 1965, Available at: https://www.nas.gov.sg/archivesonline/data/pdfdoc/lky19651214b.pdf

^[7] Paul Lanois, “Data protection in Singapore, what have we learned?”, Journal of Internet Law, vol.20, no.2, August 2016, p.14

^[8] Matthew Mohan, “PDPC fines IHiS, SingHealth combined S$1 million for data breach following cyberattack”, CNA, 15 January 2019, https://www.channelnewsasia.com/news/singapore/ihis-singhealth-fined-1-million-data-breach-cyberattack-11124156?cid=h3_referral_inarticlelinks_24082018_cna

^[9] Warren B. Chik and Keep Ying Joey Pang, “The meaning and scope of personal data under the Singapore Data Protection Act”, Singapore Academy of Law Journal, vol.26, September 2014, p.354, https://ink.library.smu.edu.sg/sol_research/1960 

^[10] See: Personal Data Protection Act 2012, Available at: https://sso.agc.gov.sg/Act/PDPA2012#pr3-

^[11] See: Public Sector (Governance) Act 2010, Section 6(1). Available at: https://sso.agc.gov.sg/Act/PSGA2018#P12-P22-

^[12] See: Public Sector (Governance) Act 2018, Section 6(3). Available at: https://sso.agc.gov.sg/Act/PSGA2018#P12-P22-

^[13] Ievgen Iaroshenko, “E-government in Singapore: strengthening political control over society”, Thesis (Masters}, (Sweden: Lund University), 2016, p. 61, https://lup.lub.lu.se/luur/download?func=downloadFile&recordOId=8924426&fileOId=8924427

^[14] Lauren Elizabeth Philomin, Check and balance a seductive lie: ESM Goh”, Today Singapore, 26 August 2015, https://www.todayonline.com/singapore/check-and-balance-seductive-lie-esm-goh

^[15] Joost Alleblas and Steven Dorrestijn, “’Care of the self’ and discipline in smart cities sensors in Singapore”, Contemporary Practices of Citizenship in Asia and the West, ed. Gregory Bracken, (Amsterdam: Amsterdam University Press, 2020), p.178; Shane Harris, “The social laboratory”, Foreign Policy, 2014, p.69

^[16] Janice Heng, “Network of CCTV cameras proving effective”, The Straits Times, 9 March 2016, https://www.straitstimes.com/singapore/network-of-cctv-cameras-proving-effective

^[17] Ghim Lay Yeo, “$29m for more cameras at MRT stations: work due to start next month in move to beef up commuter safety”, The Straits Times, 29 August 2008

^[18] Alleblas and Dorrestijn, “’Care of the self’ and discipline in smart cities sensors in Singapore”, p.178

^[19] Elena Chong, “Two Germans who vandalized MRT train in Bishan depot get 9 months, 3 strokes each”, The Straits Times, 5 March 2015, https://www.straitstimes.com/singapore/courts-crime/two-germans-who-vandalised-mrt-train-in-bishan-depot-get-9-months-3-strokes

^[20] Alleblas and Dorrestijn, “’Care of the self’ and discipline in smart cities sensors in Singapore”, p.180

^[21] Peng Zhang, Tony Thomas and Sabu Emmanuel, “Privacy enabled video surveillance using a two state Markov tracking algorithm’, Multimedia Systems, vol.18, Aug 2011, p.176, doi: 10.1007/s00530-011-0247-8 

^[22] Calvin Yang, “Coronavirus: New AI-driven temperature screening device to save time and manpower”, The Straits Times, 12 February 2020, https://www.straitstimes.com/singapore/health/coronavirus-new-ai-driven-temperature-screening-device-to-save-time-and-manpower

^[23] Derrick A Paulo and Elrica Tanu, “How Changi Prison is taking to video analytics and facial recognition in a big way”, Channel News Asia, 25 February 2019,  https://www.channelnewsasia.com/news/cnainsider/singapore-changi-prison-facial-recognition-ai-tech-surveillance-11263318

^[24] Zhaki Abdullah, “Privacy, data security concerns as facial recognition becomes more common”, CNA, 18 November 2019, https://www.channelnewsasia.com/news/singapore/facial-recognition-ai-technology-privacy-data-security-issues-12100592

^[25] See: An integrated national sensor network for Singapore 2017, Prime Minister’s Office, https://www.youtube.com/watch?v=cY5nrtSJMIY 

Jhee Jiow Hee and Sofia Morales, “Lateral surveillance in Singapore”, Surveillance & Singapore, vol.13, no.3/4, 2015, p.327, ISSN: 1477-7487

Jake Maxwell Watts and Newley Purnell, “Singapore is taking the ‘Smart City’ to a whole new level”, The Wall Street Journal, 24 April 2016, https://www.wsj.com/articles/singapore-is-taking-the-smart-city-to-a-whole-new-level-1461550026?mod=e2fb

^[26] Sun Sun Lim, Hichang Cho and Milagros Rivera Sanchez, “Online privacy, government surveillance and national ID cards”, Communications of the ACM, vol.52, no.12, 2009, p.116, doi: 10.1145/1610252.1610283

^[27] Shane Harris, “The social laboratory”, p.69

^[28] Freedom House, “Freedom on the Net 2019: Singapore”, Freedom House, 2019, https://freedomhouse.org/country/singapore/freedom-net/2019 

^[29] Shane Harris, “The social laboratory”, p.69; Privacy International, “Singapore enhances smart city programme with pervasive data collection”, Privacy International, 24 April 2016, https://privacyinternational.org/examples/1867/singapore-enhances-smart-city-programme-pervasive-data-collection 

^[30] Privacy International, “Timeline of SIM card registration laws”, Privacy International, 11 June 2019, https://privacyinternational.org/long-read/3018/timeline-sim-card-registration-laws 

^[31] Iaroshensko, “E-government in Singapore”, p.61, https://lup.lub.lu.se/luur/download?func=downloadFile&recordOId=8924426&fileOId=8924427 

^[32] Iaroshensko, “E-government in Singapore”, p.63

^[33] See: Telecommunications Act 1999, c.323, section 58(3). Available at:https://sso.agc.gov.sg/Act/TA1999?ProvIds=legis#legis

^[34] Terrence Lee, “Singapore an advanced surveillance state, but citizens don’t mind”, Tech In Asia, 26 November 2013, https://www.techinasia.com/singapore-advanced-surveillance-state-citizens-mind

^[35] See: Telecommunications Act 1999, c.323, section 58(5A) Available at:https://sso.agc.gov.sg/Act/TA1999?ProvIds=legis#legis

^[36] See: Telecommunications Act 1999, c.323, section 58(6) Available at:https://sso.agc.gov.sg/Act/TA1999?ProvIds=legis#legis

^[37] See: Telecommunications Act 1999, c.323, section 58(9) Available at:https://sso.agc.gov.sg/Act/TA1999?ProvIds=legis#legis

^[38] David Legard, “ISP admits scanning its own subscribers”, CNN, 6 May 1999, http://edition.cnn.com/TECH/computing/9905/06/ispscan.idg/

^[39] Legard, “ISP admits scanning its own subscribers”, n.p

^[40] Privacy International, ‘The right to privacy in Singapore’, Universal Periodic Review Stakeholder Report: 24^th Session – Singapore, 2015, https://privacyinternational.org/advocacy-briefing/722/right-privacy-singapore 

^[41] See: Criminal Procedure Code 2010, c.68. Available at: https://sso.agc.gov.sg/Act/CPC2010#legis 

^[42] Freedom House, “Freedom on the Net 2017: Singapore”, n.p

^[43] Ee-Ing Ong, “Singapore report: data protection in the internet”, Data Protection in the Internet, eds. Dario Moura Vicente and Sofia de Vasconcelos Casimiro eds, vol. 38, (Lisbon, Portugal: Ius Comparatum – Global Studies in Comparative Law), p.325, https://doi.org/10.1007/978-3-030-28049-9

^[44] See: Criminal Procedure Code 2010, c.68, section 70 and 87 Available at: https://sso.agc.gov.sg/Act/CPC2010#legis

^[45] See: Criminal Procedure Code 2010, c.68, section 16(3) Available at: https://sso.agc.gov.sg/Act/CPC2010#legis

^[46] See: Singapore Parl Debates; Vol 94, Sitting No 69; 19 March 2018

^[47] See: Criminal Procedure Code 2010, c.68, section 39(3) Available at: https://sso.agc.gov.sg/Act/CPC2010#legis

^[48] See: Criminal Procedure Code 2010, c.68, section 40(3) Available at: https://sso.agc.gov.sg/Act/CPC2010#legis

^[49] Iaroshensko, “E-government in Singapore”, p.55

Privacy International, “Singapore enhances smart city programme with pervasive data collection”, n.p

^[50] Shane Harris, “The social laboratory”, p.68

^[51] Hariz Baharudin, “Advertising firm fined $10k for not securing personal data”, The Straits Times, 7 September 2019, https://www.straitstimes.com/tech/advertising-firm-fined-10k-for-not-securing-personal-data

^[52] Kevin Kwang, “Singapore health system hit by ‘most serious breach of personal data’ in cyberattack; PM Lee’s data targeted”, CNA, 18 October 2018, https://www.channelnewsasia.com/news/singapore/singhealth-health-system-hit-serious-cyberattack-pm-lee-target-10548318

^[53] Kwang, “Singapore health system hit by ‘most serious breach of personal data’ in cyberattack; PM Lee’s data targeted”

^[54] Irene Tham, “Singapore’s privacy watchdog fines IHis $750,000 and SingHealth $250,000 for data breach”, Straits Times, 15 January 2019, https://www.straitstimes.com/singapore/singapores-privacy-watchdog-fines-ihis-750000-singhealth-250000-for-data-breach

^[55] Tham, “Singapore’s privacy watchdog fines IHis $750,000 and SingHealth $250,000 for data breach”

^[56] Dean Koh, “Confidential data on 14,200 individuals with HIV leaked, says Singapore’s Health Ministry”, Healthcare IT News, 29 January 2019, https://www.healthcareitnews.com/news/confidential-data-14200-individuals-hiv-leaked-says-singapore%E2%80%99s-health-ministry

^[57] Beh Li Yi, “LGBT+ people in Singapore ‘more fearful’ after HIV data leak”, Reuters, 29 Jan 2019, https://www.reuters.com/article/us-singapore-health-lgbt-idUSKCN1PN1NA

^[58] Shane Harris, “The Social Laboratory: Singapore is testing whether mass surveillance and big data can not only protect national security, but actually engineer a more harmonious society”, Foreign Policy, 29 Jul 2014, https://foreignpolicy.com/2014/07/29/the-social-laboratory/

Grace Ho, “Singaporeans have high level of confidence in Government but politically uninterested: IPS study”, The Straits Times, 24 Mar 2021, https://www.straitstimes.com/singapore/politics/singaporeans-have-high-level-of-confidence-in-government-but-politically

^[59] Linnet Taylor, “What is data justice? The case for connecting digital rights and freedoms globally”, Big Data & Society, 2017, p.1, doi: 10.1177/2053951717736335

^[60] Academia SG, “Governed by tech: Citizens and the making of the Smart Nation”, Academia SG, 14 October 2020, https://www.academia.sg/academic-views/governed-by-tech-citizens-and-the-making-of-the-smart-nation/

Hallam Stevens and Monamie Bhadra Haines, TraceTogether: Pandemic Response, Democracy and Technology, East Asian Science, Technology and Society: An International Journal, 2020, vol.14, p.2, doi: 10.1215/18752160-8698301

^[61] Jason Chee, “TraceTogether, SafeEntry, and the erosion of public trust”, RoC Research, https://research.reignofcomputer.com/2021/01/09/tracetogether-safeentry-and-the-erosion-of-public-trust/

^[62] Chee, “TraceTogether, SafeEntry, and the erosion of public trust”.

^[63] GovTech, “SafeEntry Privacy Statement”, https://www.safeentry.gov.sg/privacy_statement

^[64] Amir Hussain, “TraceTogether data used by police in one murder case: Vivian Balakrishnan”, Yahoo News, https://sg.news.yahoo.com/trace-together-data-used-by-police-in-one-murder-case-vivian-084954246.html