Putting the street lamp under the spotlight

(Photo: Pixabay)

By Bertha Henson

Last week, there was a somewhat plaintive letter in The Straits Times Forum pages by a Raphael Teo lamenting the lack of public response to the impending introduction of “smart” street lamps. “Have we become so docile that our privacy and personal freedom can be infringed without anyone protesting?” he asked.

There was a response to his letter. A Florence Veronica Minjoot wrote in to say that the lamps are “an extension of a well-rounded security” which Singapore needs to counter terrorism. “As for invasion of personal privacy, that is something I am prepared to trade for security.”

In case you’re still in the dark, let me shed some light: On April 7, ST reported that “plans have kicked in to fit lamp posts with sensors and cameras that can collect a wide range of data, which can be used to direct driverless cars, catch speeding e-scooters and even analyse faces, down to race, gender and age”.

“According to tender documents, street lamps in one-north business park in Buona Vista and Geylang will be the first to be ‘smartened up’ with state-of-the-art fittings.

“They include temperature and rainfall sensors, surveillance cameras and artificial intelligence-based video analytic systems, which allow for facial matching against a database.”

GovTech expects this to start early next year and to ultimately have 100,000 lamp posts ‘smartened’ up.

Privacy has never been very high on our list of “must-haves”. We only start thinking about it when our own data are thrown into our faces for some misdeed. Then comes the usual “I didn’t know” and “I wasn’t aware” excuses for not keeping up with the news. Or we think about privacy as a supplement to our bigger priority – to not be inconvenienced.

Face it, we welcome the Do Not Call Registry because it stops us from getting bothered by calls to subscribe or buy something. We don’t really think, even after the Personal Data Protection Act was passed in 2012, about what those callers have done with the data they already have on us. Have they been erased or do we simply trust that the companies had done so, like Facebook assumed with Cambridge Analytica?

And of course we cheered when we were told last November that security guards and receptionists cannot simply hold on to our ICs because we want to enter a building. Perhaps, we were concerned about our IC number being bandied around but my guess is that we were glad that we don’t have to go through the hassle, especially if we forget to retrieve our ICs.

What is not so well-known is that the PDPA does not apply to Government agencies. The issue of making sure that the G protects your data (and it has plenty) was raised way back in 2012 when the PDPA was being mooted. The then Information Development Authority (IDA) said officers violating government rules on data protection would be disciplined according to Public Service Disciplinary Regulations.

“Any unauthorised access, use or disclosure of confidential information would be investigated under the relevant Acts such as the Official Secrets Act and the Statutory Bodies and Government Companies (Protection of Secrecy) Act,” the IDA said.

Five years later, law academic Simon Chesterman said in a commentary last September: “The elephant in the room, of course, is that none of this will apply to the Government and its lamp posts. The PDPA specifically excludes public agencies from coverage and allows that exclusion to be extended to any statutory body.”

He added: “Government rules governing data protection are said to offer ‘similar levels of protection’ – but as those rules are not themselves public, this claim is difficult to evaluate.”

Then, in January, the Public Sector (Governance) Bill came before Parliament, on how data should be shared among G agencies. Now, this isn’t like the PDPA which protects personal data, but it goes one step up on what agencies can or cannot do with the data that has been collected. There are safeguards in place, including criminal penalties for the unauthorised disclosure and improper use of information, and the unauthorised re-identification of anonymised data.

You can describe it as another layer of checks, or wonder if the whole-of-Government approach to data sharing is more like Big Brother surveillance.

In responding to privacy questions during the debate, Minister Ong Ye Kung said: “The purpose of this Bill is not to pave the way for a future where Government knows everything about everyone, and every misdeed everyone committed is all consolidated. If ever there was such an initiative, it would have to be explained. And decision-making, be it for policy, license or grant application, are all reduced to data processing and Artificial Intelligence (AI) algorithms. That is not the future we want.”

To the Singaporean who doesn’t like the hassle of form-filling, this is such a good idea. Go to a government service counter and the information is all filled out for you. You merely have to put your signature somewhere. You might even fill in a feedback form to praise the efficient service. You trade your privacy (if it crosses your mind) for convenience.

As for street lamps with facial recognition devices, there is neither convenience nor inconvenience for the citizen. In fact, you can say that this is good for law and order purposes or catching wanted terrorists and fugitives.

What’s interesting is that in the rah-rah run-up over how smart street lamps will replace the current dumb ones, what was touted were their energy saving and environmental sensors. Nothing was said about the Peeping Tom aspect until ST broke the story, ostensibly by having sight of the tender documents.

I am not sure I want anyone to be able to tell where I am at a particular time on a particular day. To those who say “there’s nothing wrong if you have nothing to hide”, I find it a simplistic argument to justify any kind of intrusion into an individual’s privacy.

Also, it doesn’t answer the bigger question that goes beyond data protection: Just how is our personal data being used?