Watching the watchers


Originally published under the title “An eye for an eye” in the Computer Times supplement of The Straits Times on Aug 13, 2003

In 1991, the Law Reform Committee of the Singapore Academy of Law proposed that Singapore adopt a Data Protection law to complement the Computer Misuse Act.

Over the next decade, many countries such as Canada, Australia and Hong Kong introduced new laws or strengthened existing laws on Privacy and Data Protection.

Singapore, in contrast, chose not to adopt any omnibus Privacy or Data Protection laws even though it enacted a far-reaching Computer Misuse Act.

This reflects the fact that, in Singapore, the balance between individual and group is tilted firmly in favour of the group. This was clearly seen in the Government’s response to the severe acute respiratory syndrome (Sars) outbreak.

Surveillance cameras were installed in the homes of persons under quarantine. Confirmed and suspected Sars patients were compelled to reveal details of their movements and contacts under amendments to the Infectious Diseases Act.

During parliamentary debate on the amendments, only one MP, Mr Chiam See Tong, voiced concerns: The possibility that information collected by Health Ministry contact tracers could be misused.

He supported the Bill, on balance, and in view of the urgency of the situation. But Mr Chiam’s concern over possible abuse of personal information is certainly justified.

Several police officers have been convicted for using the Ministry of Home Affairs database to illegally obtain personal information about other people.

Sars contact tracers are covered under the Official Secrets Act (OSA) but the OSA has primarily been used to guard the Government’s secrets not individuals’.

Other laws such as the Income Tax Act and Statistics Act specifically prohibit the disclosure of information obtained under the respective Acts.

The Census Act also provides that information collected during a census cannot be used as evidence for prosecution of offences under other Acts. It is unfortunate that no similar safeguards were built into the Infectious Diseases Act.

One positive development in Privacy protection in Singapore has been the incorporation into law of ‘fair information principles’ as they apply to the Consumer Credit Bureau.

The bureau is required to ensure that all the data it collects is used only under specified purposes. They are: accurate and up-to-date; accessible to the subject; kept secure; and destroyed after a specified time

The right of access to our own credit reports is a landmark in Singapore privacy law. Up until now, individuals have not had a right of access to personal information held on them by government departments or businesses.

Ironically, while we have no right to view our own medical records, health care providers are not legally obliged to protect the confidentiality of our medical records.

In the Simon Shorvon scandal, pharmacies at two hospitals released the names of patients taking a certain drug to Dr Shorvon even though he had no legitimate use for that information. Had the pharmacies put more robust patient confidentiality rules in place, the scandal might well not have taken place.

The National Trust Council has finalised its Data Protection Code but because it is voluntary and intended primarily to promote e-commerce rather than to protect individuals, it is of very limited value to people seeking to protect their privacy.

Some recent events illustrate the difference in the Government’s response to surveillance technology when it is used by individuals rather than by the Government itself.

In the first incident, a Raffles Junior College (RJC) student used a personal digital assistant to videotape his teacher berating another student and tearing up the student’s notes. This video eventually made its way onto the Internet and resulted in a reprimand for the camera-wielding pupil.

The college’s principal spoke of ‘betrayal’. Indeed, government ministers lost no time in admonishing the student for the irresponsible use of technology.

Barely two months prior to the incident, the Government had been busy installing video cameras in the homes of people placed under Sars Quarantine Orders.

The Police have also announced that they will be setting up a network of 30 video cameras in Little India, Boat Quay and Newton Hawker Center to deter trouble-makers.

It seems odd for the principal of RJC to assert a right to privacy in the classroom when, by design, a classroom is filled with students who are supposed to be taking notes. The ‘privacy’ that the principal is talking about is really the freedom from accountability.

In the words of author David Brin: ‘Whenever a conflict appears between privacy and accountability, people demand the former for themselves and the latter for everybody else.’

In his book, The Transparent Society, Brin recognises that advances in technology are inevitable and that they result in ubiquitious surveillance.

In a controversial leap, he then argues that this may be a good thing and that we should welcome it but only if the surveillance is two-way.

If governments and corporations have the power to shine a torchlight onto the lives of individuals, citizens – all individuals -must also have the power to shine the torchlight back at the mighty and the strong.

The question facing society, then, is not whether it should ban cameras (a moot point as it’s not negotiable), but rather who should control the cameras.

Disconcerting as his arguments may be to privacy fundamentalists, Brin poses a key question: is the loss of privacy that technology brings acceptable – even desirable – if that same technology leads to greater accountability for those in power

In Singapore, what would happen if the Land Transport Authority (LTA) takes a different approach to privacy in Electronic Road Pricing and asks its CEO and board of directors to install satellite-based in-vehicle units (IU) in their cars, and to publish their real-time locations on a publicly-accessible website – just as the authority can monitor the movements of other motorists.

Changes in technology may be inevitable. But it is people who write the rules that govern how they use technology and where to delineate the boundaries of privacy.

To paraphrase Acting Minister for Manpower Dr Ng Eng Hen, individuals must be responsible in their use of technology – and the government even more so.

Ngiam Shih Tung is an engineer in a multi-national aviation company.

Advertisements