There’s been much talk since a wearable contact tracing device was announced by Smart Nation Programme Office Minister-in-charge Vivian Balakrishnan, chief of which are privacy concerns.
Roland Turner, Chief Privacy Officer at a software company, attended a GovTech session featuring the upcoming TraceTogether token last Friday (19 Jun), along with 3 others.
In a post on his website detailing the session, he noted that the token’s battery power means there’s little room for any malicious actor to use the device for location-tracking.
You can read the full account here, but we’ve summarised some of the key points below.
Mr Turner enjoyed the fact that the token’s battery, a large coin cell, is not only non-rechargeable but can also last for around 9 months.
This means that one can hook the token like a keychain and forget that it exists, he said, which is great in terms of ease of use.
However, the battery generates little to no power, and Mr Turner believes there are some downsides to this.
One of these is that a less secure encryption code can be used, which might lower the token’s security. Someone from GovTech did tell him, however, that there were “multiple layers providing cumulative protection”, although he couldn’t go into detail.
He doesn’t quite agree with this approach, specifically due to the fact that the token’s sensitive secrets can be accessible to adversaries.
Attendees were allowed to examine the components of the token, and Mr Turner confirmed that there was no GPS receiver present.
This does mean that the token doesn’t track locations.
What he did find were the following:
None of these, he says, were obviously out of the ordinary.
In conclusion, what Singaporeans are most concerned about — the token is safe for use for its intended purpose, which is contact tracing.
Certainly, its features means that it won’t serve as a useful tracking device.
However, much of the device’s security was shrouded in secrecy and Mr Turner expected more disclosures on that front. Regardless, he believes that the token has appropriate security measures in place to prevent exploits.
So, the token seems very much like a work in progress. However, as far as the main feature goes, the token can’t really be used as a location tracking device.
Given the token won’t be compulsory to use, that should be one fear assuaged by those concerned about privacy losses.
Featured image adapted from Facebook.
The man said he no longer dared to order durians online.
It's one way to get your public toilets cleaned.
"Ur chance to own a RARE piece of his SG history!" read the Carousell listing…
The motorcyclist was pronounced dead at the scene.
He navigated the Sepang International Circuit like a professional Formula 1 driver.
The pit bull heard the children screaming and leaped to the rescue.