1) On the face recognition/verification thing, I have some Thoughts, being a privacy lawyer, sg qualified lawyer and an activist. Hold on to your hats because this will be a long rant and it is literally my living here.
2) I work in the EU in a Pte co to manage their privacy program. Bc on GDPR I’m on my toes every single damn day. B4 that I did some privacy/in house work in Sg and there is a huge gulf in how privacy is perceived here and SG
3) let’s face it, privacy compliance is a struggle here too but the base level of compliance and respect is still higher than anywhere in SG. In SG I had to explain to HR that no they shouldn’t see the medical records of the employees and they didn’t have the right to.
4) the idea that People In Power have the right to collect and see all your data is deeply ingrained in the public and private sector. Spas ask for your entire damn marital and medical history b4 giving you a massage. Employers ask for your whole salary history.
5) when it comes to the government there is almost a resigned acceptance that they Know Everything and also that they are entitled to Know Everything. This might be shocking but... no. They don’t.
6) it is only this way because of decades of social engineering and base level denial of human rights. Privacy doesn’t exclude the government. In the past I’ve called for the PDPA to be made applicable to the govt - and that’s because govt is the biggest threat actor out there
7) govts are usually modeled as external domain actors in most privacy models bc it is assumed that they don’t have direct access. Picture is from Jason Cronk’s Strategic Privacy by Design.
7) that’s the modified FAIR model from cronk’s book. Look at the left side where you see opportunity, probability, capability and difficulty as factors.
8) govt has high capability, that’s a given. Sg govt specifically in the past has demonstrated high probability of action since they consistently violate privacy. There are only two things stopping them - opportunity and difficulty.
9) going back to the privacy model what if the govt were no longer an external domain actor but an internal one who is holding all the data? then acc to the modified FAIR model, opportunity is no longer an issue. Then let’s tackle difficulty.
10) difficulty here is a factor that can only be controlled by internal controls within the govt. Is it easy for anyone in SG govt to get a hold of PD? Yes, numerous past instances have shown how easy it is. But maybe we aren’t talking about rogue employees...
11) if we address the govt as a whole threat actor and not individual employees then govt has unlimited capability, high opportunity, high probability and low difficulty bc there are no incentives not to do it.
12) the only way to force the power balance back is to reduce opportunity and difficulty and the main way to do that is by enacting strict, enforceable laws around the use of PD by the govt, which hopefully also reduces probability.
13) now comes “but we must trust the govt!” people. “What can they possibly do!” privacy detractors too. Ok let me throw a few real life scenarios at you: in the 1940s the US govt used US census data to find and detain us citizens of Japanese descent.
14) in China they are using facial recognition software TODAY to find and ID Uighur people in order to detain them. In the UK students who couldn’t take A levels (bc COVID) were given algorithm-based grades that predicted based on behavior, school and other socio-economic bg
15) risk-based algorithms based on personal data now determine sentencing in some places. There is no transparency about any of this.
16) “but data is useful! They help us see trends and ID problems!” Yes you are right data is useful. But how is data processing treated? I have in the past seen zero evidence that SG follows Privacy by Design principles for data processing. I’ve seen evidence of the opposite tho.
17) in 2019 just last year the registry of PLHIV in Singapore got leaked through malicious actors. If the register had followed security and PBD principles, no one person would have been able to access it so easily.
18) In 2019 the HSA exposed the info of 800000 blood donors through poor security practices. It had their IC, gender, blood type, height and weight. It is not difficult to segregate and pseudonymise data.
19) several civil servants have been caught snooping into the records of people they know. IDGAF that they were fired, I want to be able to sue the agency that employed them for monetary compensation at the very least.
You can follow @indulekshmi16.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more