The time that ISD was caught in the act probing Singaporeans’ computers for vulnerabilities

Student reports hacking incidents

Straits Times, By Chong Chee Kin., Thursday, 29 April 1999

A NATIONAL University of Singapore law student has made a police report alleging that her computer account had been hacked into from an account with the Ministry of Home Affairs.
Ms Anne Lee, 21, told The Straits Times yesterday that her SingNet account was hacked into on 10 occasions over four days about two weeks ago.

A protection programme called Jammer, which she had installed in her computer, alerted her to the hacker. It gave her the Internet Protocol (IP) address of the hacker’s computer as well as the dates and times of the hacker’s intrusions.
According to a record of the hacker’s activities shown to The Straits Times, the hacker had tried his luck at all hours of the day – even as early as 3 am. Once, he gained access to her computer three times in a single day.
“When I checked my computer, I was shocked to learn that someone using a program called Back Orifice had hacked into my system,” she said.
“Although there did not seem to be any files missing, there was a lot of sensitive information in the computer, and I also buy things over the Internet.”
Back Orifice allows the hacker to gather information – passwords and credit card numbers, for instance – from the victim’s computer.
The Jammer programme also narrowed the source of the attack to an account with SingTel Magix. She gave the IP address to SingTel Magix and was told that the account belonged to the Ministry of Home Affairs. She also approached SingNet.
“SingNet just said they can’t do anything about it, and told me to make a police report. I just do not understand why anyone would want to access my computer.
“It is as if I am a criminal who had done something wrong!”
She filed a police report on April 20.
When contacted, a Home Affairs Ministry spokesman referred The Straits Times to the police.
Assistant Superintendent John Chang confirmed that a report had been made, adding: “The police are still investigating this case, and the Computer Crime Branch will be handling it.”
A SingNet spokesman said it was working closely with the police on the matter and declined to give further details. He added: “As an ISP, it is our responsibility to keep our customers’ particulars confidential.
“Customers may make a police report if they suspect that their accounts have been tampered with. SingNet only sends warning letters to customers who misuse our network, such as spamming, which affects a large number of people.”

The National Computer Board’s assistant director of IT security, Mr Goh Seow Hiong, said that it was possible, but difficult, for a hacker to set his IP address to resemble one from MHA.
“The system should be able to tell that it is not the genuine address. It is very difficult to change the IP address unless the person has very sophisticated skills,” he added.

SingNet scanning computers

Straits Times, By Chong Chee Kin., Friday, 30 April 1999

MORE than 200,000 SingNet and SingTel Magix customers’ computers, or close to half of Internet subscribers here, are being scanned without their knowledge to see if their systems are vulnerable to hacker attacks.

The Internet Service Provider had asked the Home Affairs Ministry’s IT security unit to do the scan following news on March 6 that two boys who had hacked into 17 SingNet customers’ accounts had been arrested. The scan, begun last month, will continue till all customers’ accounts are covered.

This disclosure from SingTel CEO for Multimedia, Mr Paul Chong, came after The Straits Times published yesterday law student Anne Lee’s complaint to police that someone with an account in the Home Affairs Ministry had hacked into her computer.
Explaining, Mr Chong said SingTel was being “responsible” by giving customers the “value-added service” of scanning their computers.
Asked if the law allowed it to do this without customers’ consent, he said nothing illegal had taken place. “We are merely protecting the interest of our customers.”
Customers were not informed of the scan, he said, so as not to alarm them. “We do not want to make a mountain out of a molehill. In the end, the scan might not turn up anything. If we had informed the customers, it might cause an alarm,” he said.

Also, he said, “real hackers might lie low” if people knew of the scan.
He added that the scanning programme so far had shown that some users were vulnerable, and that they would be informed when the process is over.
He said MHA was approached as the ministry was the “expert” in this area – it had helped crack the case of the two teenage hackers.
He stressed that the scan did not delve into the users’ computer database, or amount to an illegal entry into computer accounts.
“There is no invasion of privacy at all. Basically, what we did was to check if the systems had open windows through which hackers can exploit,” he said.
“The scanning itself does not allow anyone to go into the computer. There was no invasion of privacy. There was no way we could access the information or data at any time.”
Elaborating, Mr Chang Wai Leong, a SingTel director, described the scan as “a policeman patrolling in cyberspace checking if the “windows’ of the computer systems are opened”.
An open “window” is an indication that a hacker might be retrieving information by using the same “language” as the victim’s computer.
The scanning programme, Mr Chang said, had no such ability to “talk” to the user’s computer, and would therefore be unable to receive such data.
Contacted last night, Ms Lee, 21, who had filed a police report on April 23, said the ministry’s IT security unit had contacted her earlier in the day to tell her what had happened.
While she was glad to know that her computer account had not been hacked into, she added: “I strongly think that the subscribers should have been informed about it because anyone with a protection program would think that their systems had been hacked into.
“And that would have caused a panic.”

‘No’ to Net scan requests

Straits Times, By ZURAIDAH IBRAHIM., Friday, 18 June 1999

Saying there was no invasion of privacy, Wong Kan Seng calls criticism of recent Net scanning ‘very unfair’

THE Home Affairs Ministry, stung by public criticism of its recent scanning of Internet accounts, may turn down future requests for the service. Stressing that there had been no invasion of privacy at all, Home Affairs Minister Wong Kan Seng called the remarks “very unfair”, and said that the controversy would deter the ministry’s information technology security unit from helping out again.
“Why get into all these controversies? Better stay out. We will say no to such requests,” he told The Straits Times in a wide-ranging interview on the ministry.
The unit had been engaged as a consultant by internet service provider (ISP) SingNet to find out the scale of the “Back Orifice” problem, which is a virus attack, among its subscribers.
It launched a computer program which scanned more than 200,000 SingNet and SingTel Magix customers’ computers at SingNet’s request.
The non-intrusive scanner was built specifically to check only the network addresses for signs of Back Orifice infection, Mr Wong stressed.
It did not go into the databases or hard disks of the subscribers’ PCs because it has no ability to do so, he added. “Why should the ministry be involved in breaking into other people’s computers? What benefit does it gain to invade people’s privacy when it is there as a consultant?” he said.
“ISPs also have a responsibility to their subscribers to ensure that the accounts are clean. Maybe, in this instance, SingNet could have told its subscribers first. But that would have the culprits and even innocent subscribers staying away. So what is the solution?”
He said he was told that the scanning of subscribers’ computers by ISPs or IT security consultants had been done in other countries, including Australia, the United States and Germany.
MHA’s IT security unit, he added, had a good record in dealing with computer crime.
In 1993, a POSB lucky draw was suspected to have an IT-related fraud in which one of the staff members rigged the computers.
It was the MHA unit which was asked to help to solve the problem.
In 1994, when Singapore Telecom suffered an interruption in its services, it sought the unit’s help.
This time, SingNet engaged the unit because of fears that its subscribers’ accounts had been compromised following the discovery of a website which displayed passwords of subscribers whose accounts had been hacked.
The ministry’s unit found that nearly 900 SingNet accounts had been infected by “Back Orifice”.
“Our people thought they were doing a good turn, and now they’re being blamed for what they thought was a service. I think it is very unfair,” Mr Wong said.

Secret information campaigns – by the Government

Ever since the Select Committee hearings on Deliberate Online Falsehoods, the Government has made clear its intentions to tighten the screws on independent media in Singapore ostensibly to prevent “foreign interference”. Most recently, Second Minister for Home Affairs, Josephine Teo, said during the Committee of Supply debate on MHA’s budget, “To address the threat of foreign interference in our domestic politics, we must, in the first place, build up Singaporeans’ ability to discern legitimate and artificial online discourse, and respond appropriately. However, as interference operations are increasingly sophisticated and well-disguised, it is not enough to have a discerning public… Legislative levers may be needed.”

As a citizen, I fully support the Minister’s call for Singaporeans to be able to identify artificial online discourse, whether it is instigated by local or foreign political actors. Sad to say, the Government itself has not been able to resist the temptation to wage undercover influence campaigns in Singapore. In a series of articles last year, The Online Citizen Asia revealed that the Ministry of Communications and Information (MCI) comissions a company called Rysense Limited to conduct public opinion polls in Singapore. Rysense in turn conducts online surveys via an entity called Unfortunately, does not disclose that it is fully owned by the Government and is conducting surveys on behalf of the Government. Instead, merely says that it is an “exclusive online survey community for Singapore residents” and that “some of the surveys we conduct are on behalf of organisations with an interest in specific social issues”.’s parent company Rysense conducts face-to-face surveys for the Government and while it does not reveal that it is a Government-owned company, it does at least tell participants that it is conducting surveys on behalf of the Government. If only conducted online polls, we could excuse its attempts to hide its links to the Government on the grounds that is only trying to find out what people think rather than trying to influence them. But also regularly publishes articles on its websiteFacebook and Instagram that support the government’s messaging on issues such as healthcare and transport.

Ironically, even as Ministers warn of secret influence operations in Singapore, the existence of sites such as that publish articles on social and political issues without disclosing their links to the Government raise questions as to whether the Government is itself creating channels that it can use to secretly influence public opinion in Singapore.

“A lot of planning, hard work, and fortitude went into creating a country that ensured the needs of its people. These efforts have paid off as Singapore is widely known to be one of the safest and most highly-developed countries in the world today.”

Even though the Singapore Government says that it does not govern by opinion poll, it is not surprising that it wants to gauge public sentiment. When a public agency commissions polls, however, it should require pollsters to inform participants that the survey is commissioned by the agency, regardless of whether the survey is face-to-face, phone, or online. Rysense already does this and should follow suit.

Fixing Nespresso U leak

My contribution to the Singapore Green Plan – resisting Nespresso’s call to “trade-in” the old machine for a new one. The little tabs on the distributor had broken so the duct (the movable part in front) could not swivel and all the freshly brewed coffee ended up being dumped into the drip tray. The original spare part including shipping would have been >$50 but the solution is to just cut a plastic skewer to size and epoxy it to the distributor so that it can engage the duct.

Credit to

Nespresso U service manual at

Privacy laws applied to Government at last

Well, OK, we haven’t really seen the details yet, and we already know that there will be exceptions, and that it will be inherently time-limited because TraceTogether is supposed to go away when Covid comes under control. But the fact that the Government was forced to give in to calls for legal protection of contact tracing data is a big step forward for Singapore.

The Government has already announced that the legislation will be introduced under a Certificate of Urgency meaning that the First, Second and Third Readings of the Bill will be on the same day. This is unavoidable as it is necessary to restore public trust in SafeEntry/TraceTogether as soon as possible but it also means that there will be even less opportunity than usual to examine the Bill before it becomes law. Hopefully, the Government will release drafts of the Bill a reasonable time before it is introduced, rather than its usual practice of only releasing the text of a Bill at its First Reading, which in this case might be the same day that the Bill becomes law. Some things that we should watch out for:

What will be protected ?

The SNDGO press release mentioned “digital contact tracing solutions, which comprise the TraceTogether Programme and the SafeEntry Programme” so both platforms will likely be included. But what about contact tracing information obtained by non-digital means such as interviews ? A 65-year-old woman was recently sentenced to five month jail for trying to conceal her meetings with a male friend from MOH contact tracers. Would patients and close contacts be more forthcoming with contact tracers if they could be assured that anything they say to contact tracers would be kept confidential under force of law and would only used for controlling disease ?

As a side note, while looking at the legislative history of the Infectious Diseases Act, I discovered that healthcare professionals are prohibited, with some exceptions, from disclosing that a person is HIV positive. Most of those exceptions are related to the treatement or prevention of AIDS, but one of the exceptions is disclosure to a police officer under the Criminal Procedure Code. The exception was added in 2008 but no explanation was given in Parliament as to why it was necessary. It would be useful for an MP to ask for clarification from the government whether non-digital information provided to contact tracers can be used for any purpose besides disease control.

How serious is a “serious crime” ?

The Progress Singapore Party (PSP) has issued a statement saying that contact tracing data should only be used for “fighting the pandemic and nothing else”. I am sympathetic to that view and look forward to PSP Non-Constituency Members of Parliament (NCMPs) Leong Mun Wai and Hazel Poa arguing that position in parliament. Pragmatically speaking, though, it would be very hard to legislate such a purist position even though other jurisdictions such as Australia have done so.

TraceTogether is certainly not required to conduct contact tracing. MOH contact tracers were very successful durings SARS in 2003, and in the early stages of the Covid pandemic before electronic contact tracing was even introduced. All that digital contact tracing does is to reduce the manpower required and to make the process faster. Similarly, Police were investigating crimes long before SafeEntry/TraceTogether and will still be able to investigate crimes after the Covid pandemic is controlled and the government has promised that SafeEntry/TraceTogether will be stood down. The only reason to justify police access to contact tracing data is to speed up investigations where speed is critical (e.g. to prevent imminent likelihood of serious harm to somebody) or where this is no realistic way of obtaining the information (e.g. from a deceased person and where no other witnesses are known). Looking at the list of of crimes that SNDGO has released, most could be justified on the grounds that speed is critical and that access to the data could reduce the risk of serious harm. The exception is drug trafficking. While we can argue over the long-term harm that is caused by drug addiction, it is hard to see any scenario where speed would be so essential that it would be necessary to make use of TraceTogether information to prevent imminent harm to others. I would assume that “drug trafficking” is included in the list more to signal the Government’s “tough on drugs” stance than for actual public safety reasons.

1Offences involving the use or possession of corrosive substances, offensive/ dangerous weapons, e.g. possession of firearms, armed robbery with the use of firearms.
2Terrorism-related offences under the Terrorism (Suppression of Bombings) Act, Terrorism (Suppression of Financing) Act, and Terrorism (Suppression of Misuse of Radioactive Material).
3Crimes against persons where the victim is seriously hurt or killed, e.g. murder, culpable homicide not amounting to murder, voluntarily causing grievous hurt (where the victim’s injury is of a life-threatening nature).
4Drug trafficking offences that attract the death penalty.
5Escape from legal custody where there is reasonable belief that the subject will cause imminent harm to others.
7Serious sexual offences, e.g. rape, sexual assault by penetration.
Categories of Serious Offences to be Covered

“Clear and pressing need” and “Who decides ?”

This is perhaps the most important part of the proposed law that must be scrutinised if it is not possible to hold to the position of a total ban on the use of contact tracing data for anything other than prevention of infectious disease. The Government says that digital contact tracing data will only be accessed if there is a “clear and pressing need” for it, but what exactly is a “clear and pressing need” and who decides if a specific request passes that criteria.

At a minimum, I would expect that any procedure for accessing contact tracing data would require the investigating officer to clearly specify the reasons for the request, the specific individual whose data is being targeted and why there is a “clear and pressing need” for the data, and that the request should be approved by an independent reviewer such as a Judge in a similar manner to how search warrants are issued today.

It will be meaningless if the investigating officer himself gets to decides that there is a “clear and pressing need” for the data. Might as well not bother with the law in the first place. The present requirement in the Criminal Procedure Code of police officers above the rank of sergeant or inspector is a very low bar because even Police full-time National Servicemen (NSFs) are routinely appointed as sergeants or inspectors. If a teenaged Police NSF sergeant is not even old enough to vote, I don’t think he is old enough to decide that there is a “clear and pressing need” to access contact tracing data.

What does the government mean by “Clear and pressing need” ? Does that mean that there is a likelihood of serious harm to an individual if the request for acess is not granted ? If there are alternative means of obtaining the information that the police are looking for, there is no “pressing need” and the request should not be granted. I would also expect the police to have to demonstrate a reasonably clear idea of what they are looking for, rather than just going on a fishing expedition.

Data retention period

Both TraceTogether and SafeEntry claim that data is deleted for 25 days. That is relatively clear-cut in the case of TraceTogether data on your own app or token. That would be deleted if you do not test positive within that period. However, you may still leave some digital footprints for much longer than 25 days on other people’s TT or in the SE system.

For example, let’s say you briefly said “Hi” to Bob a week ago. Bob tests positive and MOH extracts his TT data. Under present guidelines, you would not be considered a close contact so MOH will not contact you. But would MOH decrypt your identifier anyway even though you only met Bob for one minute ? And once the identifier is decrypted, how long is the data kept if the subject is never identified as a close contact to be sent for Covid testing ?

Similarly, for SafeEntry, if no one who visits a particular location tests positive, MOH is supposed to delete the SafeEntry records for that location after 25 days. But let’s say Bob visited the supermarket a week before he tested positive and MOH extracts the list of everyone who visited the supermarket around the same time that Bob visited. But how long is “around the same time” ? Does that mean only a few hours or does it mean a few days before and after Bob’s visit ? How long do they keep the data if no-one else tests positive besides Bob ?

It’s not clear if the proposed legislation would also specify the data retention period (25 days) and most importantly, define the conditions under which data would be retained for longer than 25 days.

Ministerial exemptions

This is one of my pet peeves. Many laws in Singapore give the Minister substantial leeway to exempt people or classes of people from the law, or to unilaterally introduce subsidiary legislation that substantially changes requirements in an Act. An example of this was under the Personal Data Protection Act, where the Minister for Communications and Information announced exemptions that weakened key parts of the Do Not Call (DNC) registry just a week before the new law was to come into effect. Likewise, I would not be surprised if provisions that allow the Minister to unilaterally modify the privacy protections on contact tracing data are inserted into the legislation. Given that TraceTogether/SafeEntry are supposed to only be temporary anyway, it does not make sense for the Minister to be given that power. If the Government wishes to tighten any rules on accessing contact tracing data, they can do that with internal SOPs anyway. If they wish to loosen the rules, they should go back to Parliament since any changes to COVID regulations can be passed quickly under Certificates of Urgency.

What will it take to change the leopard’s spots ?

Almost thirty years ago, when the Electronic Road Pricing (ERP) system was first proposed, the government claimed that it could not be used to track motorists because all the information would be on a smart card rather than on a central server. I actually believed them and even told other people that the Government could not track them in the ERP system. What a fool I was, because it soon became obvious that the ERP system really did record all vehicle movements in a central server and the Government could track vehicles if they wanted to. Stupid me ! I would never trust the Government on privacy again.

Letter published in the Business Times, 1 Oct 2001

So I really cannot say I was surprised when the Government revealed that not only could the Police access TraceTogether data, they had already done it, despite Ministers’ earlier declarations that it would only use TraceTogether for Contact Tracing. Disappointed, certainly, but not surprised. The Government’s refusal to apply the Personal Data Protection Act (PDPA) to itself should have made it obvious that the Government does not believe that its citizens have any right to privacy or that there should be any legal limits on its powers.

The irony is that this was a self-inflicted wound on the part of the Government. TraceTogether data really doesn’t add that much to the investigative powers the Police already have. Would it have been so hard for them to voluntarily avoid using TraceTogether data, given the importance that was placed on TraceTogether adoption as part of Singapore’s fight against the pandemic ? There was a failure in political judgement, in understanding that Singaporeans’ compliance with anti-Covid measures was based more on trust than on coercion, and that political promises are not expressed in legalistic formulations but on plain English meanings of words. Yet somehow, after the Government staged a public relations campaign in the midst of crisis to gain Singaporeans’ co-operation, it reverted to form as the crisis abated and re-asserted it’s deeply-held belief that there are no limits to the Government’s powers.

The only silver lining is that this is an opportunity to enact meaningful privacy protections on contact tracing data, including TraceTogether and SafeEntry data. To quote my letter from 2001,

There are valid law enforcement and national security reasons for the government to be allowed to use data from present and future Intelligent Transportation Systems.
The key is to establish a legislative, administrative and technical framework to ensure that these powers are used with justification and only under judicial or ministerial authority, much as search warrants and telephone intercepts are used today[1].
Even more important is to establish public confidence that such powers are not abused.

It’s really not rocket science. The same principles apply for TraceTogether as they would for ERP or any other data. There are legitimate reasons for the Government to get access to data, but there must be a robust framework to independently examine every request for data and to decide whether the State’s need for that data outweighs individuals’ right to privacy. Allowing the police to police themselves does not cut it.

Will things be different this time round ? The Satellite-based ERP will be even more effective at tracking vehicles than the gantry-based system. But people actually clamoured for LTA to provide a billing service for ERP charges rather than to use a CashCard, meaning that those motorists accepted or even welcomed the fact that LTA was keeping a record of their movements.

Will the average Singaporean just say that the more surveillance the better, whether it is for a killer virus or for a criminal or enemies of the State ? Maybe, but I don’t think so. The government really did spend a lot of political capital on persuading Singaporeans to use TraceTogether. Blackbox’s survey shows that 68% of Singaporeans believed that TraceTogether would only be used for contact tracing. Those 68% must now realise that they had been too gullible in taking the government at its word. Singaporeans will be more demanding of greater legal protections for their privacy rather than just relying on the government’s word.

[1] OK, yes, even back in 2001, I suspected that Government agencies had found ways around the requirement for court order or Ministerial warrnt to intercept communications, but well, the letter did have to pass through the editors at Business Times back then…

Whiter than white ?

Alex Yam was appointed Mayor of the North West Community Development Council (CDC) in July 2020. However, he appears to still hold the position of Executive Director of PAP HQ. As the job of PAP HQ Executive Director was historically a full-time, paid position, this implies that the Government is subsidising the operating cost of the PAP by paying for Mr Yam’s salary while he continues to serve as a Party administrator.

At the time of his election to Parliament in 2011, Alex Yam was Head (Strategies & Planning/Youth Lab) of Young NTUC but left that job for the the position of Executive Director of the People’s Action Party (PAP) headquarters. The role of Executive Director has been described as “full-time” in the PAP newsletter, Petir, and Yam has not been reported as holding any other job since leaving NTUC, so we can infer that Executive Director of PAP HQ was a paid full-time position and that Yam was an employee of the PAP between 2013 and 2020.

Is Yam still serving as Executive Director of PAP HQ after his appointment as Mayor ? If so, how is that different from a political office-holder working for a private company while holding political office ? As of 30 December 2020, Yam still lists “Executive Director at PAP” as his occupation on his Facebook page. Admittedly, this could just be a sign that he did not update his web presence after getting re-elected so I wrote to him twice at his PA email address but did not receive any response.

As of 30 December, 2020, Alex Yam’s Facebook page still showed “Executive Director” of PAP HQ as his occupation.

When Yam was appointed as Deputy Executive Director in 2012, the PAP issued a press statement announcing his appointment and published a feature article in its Party organ, Petir, when Yam succeeded Pearce Lau Ping Sum as Executive Director in 2013. Given that the PAP has not made any announcements on replacing Yam as Executive Director, we can infer that he continues to serve in that capacity. The significance of that is that I am quite sure the PAP would not continue to pay Yam his Executive Director salary, and the Government would not allow him to be paid by the PAP in addition to the $660,000/yr he receives as Mayor. But this means that the taxpayer is subsidising the PAP by paying for the salary of its Executive Director.

Mayors who multi-task

Over the last five years, three Mayors – Low Yen Ling, Teo Ser Luck and Maliki Osman – have held other political appointments as Parliamentary Secretaries or Ministers of State at the same time that they served as Mayors. Political appointment holders often hold multiple portfolios in Singapore so this is not unusual.

The case of Desmond Choo is more interesting because he is Assistant Secretary General of the National Trades Union Congress (NTUC) in addition to being Mayor of the North-East District. This would raise eyebrows in many other democracies because of the risk of conflict of interest when a political office-holder also holds office in a trade union at the same time. In the United Kingdom, for example, the Ministerial Code states that Ministers “should take no active part in the conduct of union affairs, should give up any office they may hold in a union and should receive no remuneration from a union.” Notwithstanding the close relationship between the Labour Party and trade unions, the separation of union and government appointments has been respected even when the Labour Party was in power. By contrast, every Secretary-General of the NTUC in the last forty years has been a Government Minister though current Secretary-General Ng Chee Meng had to leave Cabinet after losing his seat in Parliament. Despite Ng’s loss and questions that are now being raised publicly about the relationship between the Government, PAP and NTUC, two Senior Ministers of State, Koh Poh Koon and Heng Chee How remain in the NTUC as Deputy Secretaries-General.

There is a big difference between a political office-holder working for the NTUC and one working directly for the PAP, however. The Government can argue that Koh Poh Koon’s, Heng Chee How’s and Desmond Choo’s work for NTUC is for the benefit of all Singaporean workers but it is clear that Alex Yam’s work as Executive Director of PAP HQ is only for the Party’s benefit.

To be clear, I am not making any aspersions as to Alex Yam’s personal integrity. I am very sure he is only taking one salary, that of Mayor. The problem is that by paying Yam, the Government is subsidising the PAP by paying for the cost of its Executive Director. In the same way that it would not be acceptable for the Government to send civil servants to work for a private company without charging the company, it is not acceptable for the Government to be paying the salary of a political party administrator.

The PAP has never been shy about using State resources for political purposes – estate upgrading and even the People’s Association itself are just two examples that come to mind. In both those examples, however, the government can argue that public funds are being used to benefit the community as a whole. But by paying Alex Yam’s salary even as he continues to serve as a PAP administrator, the Government is indirectly paying for the PAP’s running costs. That represents an unacceptable blurring of the line between Party and State reminiscent of the dramatic failure of governance that allowed PAP Town Councils to sell their IT system to a shell company owned by the Party.

As I mentioned earlier, Alex Yam did not respond to my emails raising these concerns directly with him. It’s possible that my inferences are incorrect and that he no longer holds the position of Executive Director, or that the position of Executive Director was an unpaid position. If any of these assumptions are incorrect, my concerns are unfounded and there is nothing wrong with him continuing to volunteer his services as Executive Director even as he serves as Mayor.

The PAP needs to find another Executive Director

If Yam had been paid by the PAP as Executive Director between 2013 and 2020, however, then the PAP cannot retain him in that position now that he has been appointed as Mayor. Six months has been plenty of time for the Party to find another administrator and the earlier they hire and announce a new Executive Director, the better.

The Futility of Marking Electoral Registers

One of the complaints that many people have about the conduct of elections in Singapore is that PAP polling agents are stationed at polling stations and conspicuously mark off voters’ attendance on their own copies of the electoral register during polling. This is completely legal and while indvidual voter’s votes are secret, the practice leads to an environment that reinforces the perception of pervasive surveillance in Singapore.

When e-registration of voter attendance was first announced a few years ago, I urged the Elections Department (ELD) to retain its practice of having Presiding Officers (POs) call out voters’ particulars while issuing ballot papers. This was so that polling agents could prevent impersonation or multiple voting (the same person voting more than once). In practice, however, the only effective checks against those malpractices are the Presiding Officers (POs) who check voters’ particulars and mark attendance in the official copy of the register. Polling agents are not allowed to check voters’ identity cards so they cannot really verify voters’ identities, and because voters may now receive their ballot paper at any of several tables, it is not practical for polling agents to keep track of which particular voters have already voted.

I have therefore tempered my views somewhat in that while I still think it is important for transparency that POs audibly read out voters’ particulars when issuing ballot papers, I no longer think that there is any point for polling agents to mark their own copies of the electoral register. For all the effort that PAP polling agents expend on marking their copies of the register, I’m very sure that Party branches just throw them away at the end of the election. Even if there were ever a dispute over the results of an election, the PAP’s marked copies of the electoral registers would have no legal standing. And given all the brouhaha over their polling agents not being able to hear properly, we can infer that the PAP’s records are chock-full of errors anyway.

As the Election Department(ELD)’s Guide for Polling Agents puts it, the role of polling agents is to “observe that polling at the polling station is carried out in accordance with the law”. They may mark voters’ attendance in their own registers but there is no legal obligation for elections officials to assist them in that task. Specifically, the ELD Guide states

5.6 Polling agents should pay close attention when the POs are reading out the particulars of the voters. They must not ask the PO to repeat the voters’ particulars or check their own copy of the register (obtained from their political party or candidate) against the PO’s copy, as this will disrupt the orderly conduct of poll.

Elections Department, “Guide for Polling Agents for General Election 2020”

This admonition against polling agents asking POs to repeat voters’ names and serial numbers has been in the Guide for Polling Agents since the first version of the Guide was released in 2011. Historically, enforcement has been lax, however, and it was common for PAP polling agents to ask POs to repeat themselves during past elections. This problem was aggravated this year because of the new polling station layout resulting from the switch to a centralized e-registration system and additional precautions taken for Covid-19.

Typical layout of polling station for 2020 General Election with labels for polling agents added to original drawing from ELD.

Unlike in past elections where polling agents were seated directly facing POs, polling agents are now seated further away from POs. In addition, POs were wearing face masks as a precaution against Covid-19. This made it more difficult for polling agents to hear the POs and led to much frustration on the part of POs who had to shout themselves hoarse trying to satisfy the PAP polling agents. Ironically, the POs were under no obligation to repeat themselves and should have just refused the PAP polling agents’ demands by referring to the ELD’s Guide for Polling Agents which specifically states that polling agents should not ask POs to repeat themselves. But the PAP polling agents were themselves performing a meaningless task. Their marked copies of the registers will never be used, and their presence in white-and-white is sufficient to show their Party colours. There is no real need for them to go through the wayang of marking their electoral registers if the concern is just to prevent wrongful issuance of ballot papers.

As another polling agent has commented, PAP polling agents seem to be so obsessed with marking their electoral registers that they don’t pay attention to anything else. Indeed, I wonder what kind of training the PAP provides to its polling agents. From what I observed as a polling agent during this election, I got the distinct impression that some of their polling agents had never received any training or briefings at all before showing up and just being told to mark voters’ attendance in a name list. It is this focus on taking voters’ attendance that leads them to ask POs to repeat voters’ particulars for fear that they will be scolded by party bosses later on if they miss out anything. Because marking of the register is a tangible output, the PAP’s polling agents get fixated on it to the detriment of their more important task of observing general proceedings in the polling station.

Arguably, the PAP may gain some votes from people who are reminded of the omnipresence of PAP-affiliated grassroots organisations when they see white-clad polling agents marking their names in a file, but this has to be set against votes lost from other people who dislike seeing the PAP trying to exert undue influence on voters. Over time, the votes lost from this practice may exceed the votes gained. The PAP will have to decide when that point is reached and how long they want to continue the practice.

I do not see ELD going back on e-registration which means that in future elections, polling agents will still be seated some distance away from POs and PAP polling agents will still get tempted to ask POs to repeat themselves. But after the experience of this election, polling agents from other parties are more likely to point to ELD’s own guidelines and remind elections officials that the PAP polling agents are not supposed to ask POs to repeat voters’ particulars. POs themselves may also become less willing to go along with the PAP polling agents’ demands.

A related issue is the provision of tables for polling agents. Tables were provided for polling agents in previous elections, but in the past, polling agents sat directly opposite POs and were much closer to voters so the tables acted as physical barriers between the polling agents and voters. In this year’s layout (see above), polling agents were no longer provided with tables. I do not know whether this was due to a general rethinking of polling station layouts after the introduction of e-registration or was a result of Covid-19 safe distancing requirements. Either way, it is a postive step. Providing tables for polling agents gives voters the impression that the PAP’s polling agents are acting in an official capacity when they mark their copies of the electoral registers. But they are not. They are merely observers. Tables are definitely not required for polling agents to do their job. If it wants to, the PAP can just buy clipboards for its polling agents in future elections.

The bigger question is why the PAP even bothers to mark voter attendance at all. Its polling agents’ habit of asking POs to repeat voters’ names and serial numbers just annoys both POs and voters. At some point, this practice may become a nett vote-loser for them. Marking the register does not help to catch electoral fraud and if I were a PAP polling agent, I would be asking my candidate why I am wasting my time and energy on a ritual that serves no useful purpose.

Badly behaved polling agents

I volunteered as a polling agent for the Workers’ Party in Marine Parade GRC in the recent election. It has taken me a few weeks to write this up unfortunately as I was busy with work commitments.

I have been involved in every General Election since 2006 as a civil servant (elections official) or observer. Election law in Singapore does not provide for independent, non-partisan observers so observers have to be appointed as polling agents or counting agents by candidates. While this does inject an element of partisanship into the role of polling and counting agents, I have always had a cordial relationship with observers from other parties in the past. Elections offficials have also always tried their best to be fair to all sides and to follow the procedures laid down by the Elections Department (ELD).

Kirsten Han has already written about PAP polling agents’ habit of interrupting proceedings by asking Presiding Officers (POs) to repeat the names and serial numbers of voters so that they (PAP polling agents) could mark voters’ attendance. PAP polling agents have done this in previous elections too, but it was worse this year because of the new polling station layout where polling agents are seated further away. Covid-19 precautions also made it harder to hear the PO’s because their voices were muffled by their face-masks. Unfortunately, one of the PAP polling agents at the Maha Bodhi school kept demanding that the PO repeat herself and was so insistent to the point that the PO shouted back at the polling agent.

Earlier in the day, this particular PAP polling agent had taken a table from a storage area to use to mark voter attendance in her copy of the electoral register. I objected to this on the grounds that giving the PAP polling agent a table created the appearance of favoritism. As seen in this official poster from ELD below, polling agents are provided with chairs but not tables. I did not see why a polling agent should be allowed to bring additional furniture into the polling station for her own convenience, especially since the table would give her the appearance of being in a position of authority. The other PAP polling agent at the polling station was able to mark his register without a table and I’m sure thousands of other polling agents around Singapore managed quite well without a table too. After a short discussion, the Senior Presiding Officer (SPO) accepted my objection and made the polling agent put the table back. This did not stop her from marking her register of course; she just rested her file on an extra chair instead of using a table.

Standard polling station layout in 2020 – Position allocated to polling agents is circled in red. Note that while polling agents are provided with chairs, there is no entitlement for tables.
Based on

This was not the most egregious behaviour I saw from the PAP polling agents that day. Around 11 am, two women dressed in white appeared and started talking to the two PAP polling agents. This raised my eyebrows because the women were not wearing any official passes and should not have been allowed to enter the polling station. Based on their dressing, however, I inferred that they were PAP polling agents. This was still a problem because each party was only allowed to have up to three polling agents at a time [1]. If the two women were also PAP polling agents, that meant that the PAP now had four polling agents in the polling station and had exceeded the legal limit.

Despite my concerns, I decided to cut them some slack because it was not unreasonable to have an overlap of shifts for a short time during shift changes. It was only after they continued talking among themselves for some time that I realized that the first shift of PAP polling agents was training the second shift while inside the polling station. As neither the Assistant Returning Officer (ARO) nor SPO were present at that time, I advised the PAP polling agents that they had exceeded their limit on the number of polling agents and that they should finish their handover as soon as possible. I was shocked when the PAP polling agents snapped at me in response. It was only when I reminded them that they were breaking the law that the original two polling agents withdrew. Luckily, the SPO returned at this point and after I informed him that the two newcomers were not wearing any official passes, he instructed them to leave as well. After a few minutes, the original two PAP polling agents came back and stayed until 12 noon when the second batch took over (after having been issued the appropriate polling agent passes).

I must say that the first two PAP polling agents were very much the exception. None of the PAP polling agents or counting agents I have encountered in the past have gone so far. This is the first time that I have seen such arrogant and entitled behaviour from PAP polling agents. Starting from the polling agent who thought that she had could rearrange furniture in the polling station for her own convenience to the brazen attempt to sneak in two unregistered persons and conduct a training session inside the polling station while voting was in progress, I can only describe those two PAP polling agents as behaving as if they thought it was their grandfather’s polling station.

Other than the misbehaviour of the first two PAP polling agents, polling generally passed uneventfully that morning and early afternoon. Lines were not unreasonably long and while the second shift of PAP polling agents did occasionally ask the PO’s to repeat themselves, they were not disruptive and were much more apologetic about troubling the PO’s.

I do not think that the bad behaviour of the first two PAP polling agents affected the integrity of the election. However, their actions reinforced the stereotype of the PAP as being arrogant and not playing fair. Related to that is the PAP’s long-standing practice of marking the attendance of voters in their own registers. Whatever benefit they may have gained from that in the past, I don’t think that it is a nett positive for them any longer. But more on that in another post. Akan Datang…

See this post for more of my thoughts on polling agents and marking of registers.


  1. Under Regulation 3 of the Parliamentary Elections (Polling Stations) Regulations 2019, candidates are allowed to have one polling agent for every thousand voters assigned to a polling station. In the case of the Maha Bodhi School (B) polling station, that meant that each party was limited to having three polling agents at the same time.

Doing the same thing and expecting different results

Sigh. The past connects to the present. When it was first passed in 2014, the Protection from Harassment Act (POHA) was sold as being for the protection of vulnerable individuals from harassment. But not only did the Government try to make use of POHA to suppress criticism, the first Government agency to make use of it was Mindef. The Ministry of Defence ! Mindef can call upon whole regiments of armour, artillery, fighter jets and frigates and yet it could claim to be “harassed” by mere words ??? If I had still been an SAF reservist at that time, I would have been too embarassed to know where to hide my face. The Government eventually lost at the Court of Appeal, but the first mistake it made was in using Mindef as the test case to try to set the precedent. The idea of Mindef being “harassed” was just too far beyond belief for the Government’s attempt to abuse POHA to sit well with the public. If the Government had used a softer, cuddlier agency as the first case, it might have stood a chance of easing in its interpretation of POHA without triggering such a strong reaction.

Which brings us now to POFMA. Immediately after the Government lost its POHA case, a Ministry of Law spokesman said that it was considering a new law against online falsehoods. And now, in its very first use of POFMA, the Government issues a correction order against an opposition politician for statements which are substantially opinions rather than facts. So much for the scenarios of racial or religious violence, foreign interference in elections, or national security painted by the Government when it pushed the Act through. By no stretch of the imagination could Bowyer’s comments threaten the “public finances” of Singapore. Furthermore by targeting an opposition politician, the government just reinforces fears that POFMA is intended to be used to gag political opponents rather than in the national interest. Honestly, this was just stupid and will backfire on the Government. The Government expended a lot of political capital to push POFMA through. Why did it waste it on such a trivial case as this ?