There’s been much talk since a wearable contact tracing device was announced by Smart Nation Programme Office Minister-in-charge Vivian Balakrishnan, chief of which are privacy concerns.
Roland Turner, Chief Privacy Officer at a software company, attended a GovTech session featuring the upcoming TraceTogether token last Friday (19 Jun), along with 3 others.
In a post on his website detailing the session, he noted that the token’s battery power means there’s little room for any malicious actor to use the device for location-tracking.
You can read the full account here, but we’ve summarised some of the key points below.
Mr Turner enjoyed the fact that the token’s battery, a large coin cell, is not only non-rechargeable but can also last for around 9 months.
This means that one can hook the token like a keychain and forget that it exists, he said, which is great in terms of ease of use.
However, the battery generates little to no power, and Mr Turner believes there are some downsides to this.
One of these is that a less secure encryption code can be used, which might lower the token’s security. Someone from GovTech did tell him, however, that there were “multiple layers providing cumulative protection”, although he couldn’t go into detail.
He doesn’t quite agree with this approach, specifically due to the fact that the token’s sensitive secrets can be accessible to adversaries.
Attendees were allowed to examine the components of the token, and Mr Turner confirmed that there was no GPS receiver present.
This does mean that the token doesn’t track locations.
What he did find were the following:
None of these, he says, were obviously out of the ordinary.
In conclusion, what Singaporeans are most concerned about — the token is safe for use for its intended purpose, which is contact tracing.
Certainly, its features means that it won’t serve as a useful tracking device.
However, much of the device’s security was shrouded in secrecy and Mr Turner expected more disclosures on that front. Regardless, he believes that the token has appropriate security measures in place to prevent exploits.
So, the token seems very much like a work in progress. However, as far as the main feature goes, the token can’t really be used as a location tracking device.
Given the token won’t be compulsory to use, that should be one fear assuaged by those concerned about privacy losses.
Featured image adapted from Facebook.
Passengers were seen screaming and flying off their seats as the plane dropped 8,300 feet.
Both parties, aged 70 and 60, are assisting with police investigations for intentional harassment.
The fire involved the engine compartment, SCDF said.
Localised flash floods typically subside within an hour, PUB said.
The police do not currently suspect foul play.
The victim is in critical condition.