Authorities can use data from ERP 2.0 for counter terrorism and investigation

SINGAPORE: In response to Progress Singapore Party’s (PSP) Non-Constituency MP Hazel Poa’s query on the use of ERP 2.0 data, Home Affairs Minister K Shanmugam referred to the government’s 2016 position on using public transport cameras and ERP data for safety purposes, for instance on counter-terrorism and traffic enforcement.

On Monday (6 Nov), Ms Poa filed a Parliamentary question to asked the Minister whether the Singapore Police Force (SPF) will be allowed to access the transaction and road traffic data collected by the next-generation ERP system for investigations under the Criminal Procedure Code 2010; and if so, what are the specific types of data that the SPF will be able to access.

Separately, PAP MP Hany Soh also asked a similar question, that whether the MHA has any plans to employ the ERP 2.0 system for enforcement purposes such as against speeding and other traffic-related offences.

In a written reply, Mr Shanmugam reiterated that the position has been made clear several times, including in the Parliament.

He asked the MPs to refer to what he said to Parliament on 6 April 2016., during the MHA’s Committee of Supply debate.

In 2016, Mr Shanmugam highlighted that the Home Team will use all intelligence and investigation tools available and make better use of available data.

For example, public transport video cameras, ERP system, these contain important data that can be vital for our safety and security.

He explained, “In this heightened threat environment, we have to use all available resources at our disposal to detect and respond to threats.

At the time, Mr Shanmugam said In light of the evolving security landscape, he provided insights into the organization’s initial stance, which had been articulated during parliamentary discussions, emphasizing their previous reluctance to use certain data.

However, the transformed security environment necessitates a departure from this earlier position.

He underscored the need for transparency by stating, ” I wish to state that clearly here, since it is a change from what we have said previously in Parliament.

“In this changed security environment, the Home Team must be able to collect and analyse suspicious travel patterns, and respond swiftly and decisively for our collective security.”

He emphasized, “If we don’t rely on the existing data, then we have to spend taxpayers’ money to redo the entire infrastructure, to look at how people move, because that’s one of the ways in which you now analyse patterns, apart from the data.”

Uncertainty over data access beyond LTA

LTA said ERP 2.0 will only collect vehicle-specific data for payment, charges and enforcement, such as against non-payment of ERP charges.

The institution emphasized its stringent privacy measures, ensuring secure handling of charging transactions and data. It emphasized the anonymization of data used for traffic management and transport planning, eliminating personally identifiable information.

Furthermore, LTA clarified its utilization of vehicle-specific data solely for payment, charges, and enforcement purposes, such as addressing ERP charge defaults.

However, the ambiguity surrounding the potential for data access by entities beyond the LTA is particularly troubling in light of past incidents. The TraceTogether controversy in 2021 serves as a stark reminder.

Despite initial assurances about data privacy, the government conceded that the police could access the data for criminal investigations, invoking Section 20 of the Criminal Procedure Code.

This revelation, necessitating a parliamentary clarification by Minister Vivian Balakrishnan, was a significant pivot from the privacy commitments initially pledged.

At the time, Dr Balakrishnan told the House that he had not considered the CPC when he earlier spoke about TraceTogether’s data privacy safeguards at a press conference in June 2020.

Given that backdrop, the apprehensions surrounding ERP 2.0 become even more pronounced.

Unlike TraceTogether, where data is stored temporarily and doesn’t track user location, the ERP 2.0 system explicitly does so as part of its core functionality.

The system’s ability to continuously monitor vehicle movement across the city isn’t a byproduct; it’s a feature. And it’s this perpetual, non-anonymous tracking that amplifies privacy concerns.

Singaporeans express concerns not only about external data breaches but also about the potential government exploitation of amassed data.

Although anonymized for transport planning, the persistent tracking of individual vehicles creates a repository vulnerable to misuse beyond traffic management.

Without clear legal and policy protections, apprehensions persist about unauthorized access by law enforcement or other agencies, prompting questions about the broader government data ecosystem.

Similar to TraceTogether, the public seeks assurance regarding the LTA’s potential data disclosures.