Data protection - Personal data

[martincymru]

Kindly refer me to the website or whatever that can answer the question:-

Which organisation/companies etc have mandatory instructions to notify or link to a 3rd party certain data without first requiring approval from the person ?

An example: Do Hotels, when you check in short or long term inform a 3rd party without guest knowledge ?

[zzm9980]

Are you worried about commercial exploitation or governmental knowledge?

This is a good start:
http://www.pdpc.gov.sg/personal-data-protection-act

But you should assume the government receives notification of everything. Hotel Check-ins, pre-paid SIM purchases, etc. Assume little or no personal rights exist in Singapore when it comes to protecting your privacy from the government.

[Thrandos]

Are you worried about commercial exploitation or governmental knowledge?

This is a good start:
http://www.pdpc.gov.sg/personal-data-protection-act

But you should assume the government receives notification of everything. Hotel Check-ins, pre-paid SIM purchases, etc. Assume little or no personal rights exist in Singapore when it comes to protecting your privacy from the government.

Paranoid much? The Government does not receive notification of "everything". Do you have any idea how much it would cost in terms of computer power alone to track the transactions of 5 million people over the course of just one day? Never mind about having the infrastructure to connect all these transaction sites to a location that can process these transactions, then having someone process it into useable information and someone else to decide if that information can/should be acted upon.

Can they have access to such information? Yes. But most of it is re-active. e.g. You commit a crime, in order to track you down, they search your phone records, bank transactions, get details of your hotel 81 stay where you were accused of murdering some hooker, etc. Even then, this information is only made available with a warrant from the courts. A police officer can't just go up to a bank and request for confidential information and expect to get anything. Most of the time they're not interested in you anyways, unless you've done something to interest them. If you're an especially vocal in your disagreement with them or pose some sort of security risk to the country, they may just keep tabs on you...



Back to the Martin's question, we need more details... Who are you worried will gain access to this information and what level of information do you expect them to access regarding your transactions? I think I already answered the question on the government. Are you asking about a spouse who's suspicious of something and going hotel to hotel asking if you spent the past week at the hotel, then the answer is most likely, No. They aren't going to release information about their guests so easily.
Most reputable hotels or businesses for that matter try to protect their customer's information. I makes plenty of business sense to do so. They know their clients treasure privacy and who's to stay this random person asking about their customers isn't a competitor trying to poach customers?

Other corporations stealing your contact details, possible. Given that most admin staff are underpaid and over worked and they have access to contact info, they may just steal client info and sell it to the highest bidder for a quick buck. Not difficult to arrange.

[sundaymorningstaple]

Paranoid much? The Government does not receive notification of "everything". Do you have any idea how much it would cost in terms of computer power alone to track the transactions of 5 million people over the course of just one day? Never mind about having the infrastructure to connect all these transaction sites to a location that can process these transactions, then having someone process it into useable information and someone else to decide if that information can/should be acted upon.

Can they have access to such information? Yes. But most of it is re-active. e.g. You commit a crime, in order to track you down, they search your phone records, bank transactions, get details of your hotel 81 stay where you were accused of murdering some hooker, etc. Even then, this information is only made available with a warrant from the courts. A police officer can't just go up to a bank and request for confidential information and expect to get anything. Most of the time they're not interested in you anyways, unless you've done something to interest them. If you're an especially vocal in your disagreement with them or pose some sort of security risk to the country, they may just keep tabs on you...

It is interesting in the sheer numbers of camera on public utility poles on this little island. It's is interesting that all the majors databases in Singapore are now interlinked. While the information may well be reactive, they CAN and DO react rather quickly. As far as needing a court order? Well, for certain things, sure, but for most it's given up all too freely hence the worry about accessibility. As far a getting a court order, well, we all know about that, now don't we...... and fast too.

[nutnut]

i.e. through the SoEasy program http://sgcgo.com/soeasy-program/

now called Soe, due to the embarrassing mess that EDS/HP made of the $1.2bn program of work in Singapore.

Whether they actually use it or not is one question, the fact they have it is pretty much guaranteed, why else would you have to swipe your easylink everywhere or give you FIN/NRIC.

I heard from a very reliable source not long ago, that the MOM can trace anyone in Singapore to a distance of 15sqm by cell phone and ezlink details. Makes sense, they have the ability to scan rfid cards from lamp posts and cell phones triangulation is very simple. also facial recognition on cctv is now a well established technology, and with today's quality of cameras, it would probably be pretty accurate.

[zzm9980]

Are you worried about commercial exploitation or governmental knowledge?

This is a good start:
http://www.pdpc.gov.sg/personal-data-protection-act

But you should assume the government receives notification of everything. Hotel Check-ins, pre-paid SIM purchases, etc. Assume little or no personal rights exist in Singapore when it comes to protecting your privacy from the government.

Paranoid much? The Government does not receive notification of "everything". Do you have any idea how much it would cost in terms of computer power alone to track the transactions of 5 million people over the course of just one day? Never mind about having the infrastructure to connect all these transaction sites to a location that can process these transactions, then having someone process it into useable information and someone else to decide if that information can/should be acted upon.

Can they have access to such information? Yes. But most of it is re-active. e.g. You commit a crime, in order to track you down, they search your phone records, bank transactions, get details of your hotel 81 stay where you were accused of murdering some hooker, etc. Even then, this information is only made available with a warrant from the courts. A police officer can't just go up to a bank and request for confidential information and expect to get anything. Most of the time they're not interested in you anyways, unless you've done something to interest them. If you're an especially vocal in your disagreement with them or pose some sort of security risk to the country, they may just keep tabs on you...



Back to the Martin's question, we need more details... Who are you worried will gain access to this information and what level of information do you expect them to access regarding your transactions? I think I already answered the question on the government. Are you asking about a spouse who's suspicious of something and going hotel to hotel asking if you spent the past week at the hotel, then the answer is most likely, No. They aren't going to release information about their guests so easily.
Most reputable hotels or businesses for that matter try to protect their customer's information. I makes plenty of business sense to do so. They know their clients treasure privacy and who's to stay this random person asking about their customers isn't a competitor trying to poach customers?

Other corporations stealing your contact details, possible. Given that most admin staff are underpaid and over worked and they have access to contact info, they may just steal client info and sell it to the highest bidder for a quick buck. Not difficult to arrange.

Thanks for the lesson, but this is what I do for a living and I understand what's possible and what isn't. I never said they were actively tracking people like in 24 or Enemy of the State, but they do have 'access' to all of that information which is what Martin seems to have been referring to.

And I think you severely overestimate how much computing power would be required and/or what an insignificantly small data set all of the transactions of the 5 million people in Singapore is to correlate in realtime. Five million people? Let's say each person performed one 'action' which would be tracked every minute, every hour. That is under 84k EPS. You can process, correlate, store and index that in probably 6U or less of rackspace, or EC2 for a few bucks an hour.

[zzm9980]

I heard from a very reliable source not long ago, that the MOM can trace anyone in Singapore to a distance of 15sqm by cell phone and ezlink details. Makes sense, they have the ability to scan rfid cards from lamp posts and cell phones triangulation is very simple. also facial recognition on cctv is now a well established technology, and with today's quality of cameras, it would probably be pretty accurate.

Now this is where I'll personally call "paranoid" SIM card transactions aren't recorded with enough accuracy IMO for the cell tracking, and ezlink cards can be paid for and topped up with cash. And then not everyone will have one..

The proliferation of police cameras all over is making me a bit apprehensive though, such as the HDB lifts.

[PNGMK]

Schooled by ZZM.

Look at two recent cases - the Supermarket Mama kidnap case and the NS man who absconded with a rifle a few years back and who was found less than 0.5 km from where old pinky lives/Istana with his loaded rifle.

In both those cases the key was location tracking via massive number crunching I'll bet.

The only case I can think of where they didn't catch the person with massive data crunching was Mas Selemat who escaped with NO easylink card or cellphone and probably has some basic training in evasion of electronic surveillance.

[JR8]

Paranoid much? The Government does not receive notification of "everything". Do you have any idea how much it would cost in terms of computer power alone to track the transactions of 5 million people over the course of just one day?

Well all phone calls in the country were monitored for 'red-flag' comms/words, and that was 20 years ago now.

What do you think the situation might be these days?

[Thrandos]

Thanks for the lesson, but this is what I do for a living and I understand what's possible and what isn't. I never said they were actively tracking people like in 24 or Enemy of the State, but they do have 'access' to all of that information which is what Martin seems to have been referring to.

And I think you severely overestimate how much computing power would be required and/or what an insignificantly small data set all of the transactions of the 5 million people in Singapore is to correlate in realtime. Five million people? Let's say each person performed one 'action' which would be tracked every minute, every hour. That is under 84k EPS. You can process, correlate, store and index that in probably 6U or less of rackspace, or EC2 for a few bucks an hour.

I stand corrected, but the impression I got from your response was exactly the "24"/ Enemy of the state scenario. With 24/7 live tracking of each individual.

The majority of us are not exactly on their radar anyways and don't have much to worry about in terms of government surveillance, until you do something stupid and they decide to come after you.
Yes when they do act, they react very quickly. But that's the point. We've only ever seen them act after something's gone down. If they we tracking details/phone conversations live would they not have picked up on the kidnapping case before/during, rather than after the ransom was paid? Seems to me like only after the kidnapping was reported did they start pinging phones to track down the kidnappers.

As I recall about the AWOL soldier with the stolen rifle, he was ratted out by his "friend" after the "friend", who was hiding him, realised the trouble that the stolen arms could have gotten him in.


Still seems more to me like OP's concerned that some P.I is on his tail rather than government surveillance.

[Thrandos]

I heard from a very reliable source not long ago, that the MOM can trace anyone in Singapore to a distance of 15sqm by cell phone and ezlink details. Makes sense, they have the ability to scan rfid cards from lamp posts and cell phones triangulation is very simple. also facial recognition on cctv is now a well established technology, and with today's quality of cameras, it would probably be pretty accurate.

Now this is where I'll personally call "paranoid" SIM card transactions aren't recorded with enough accuracy IMO for the cell tracking, and ezlink cards can be paid for and topped up with cash. And then not everyone will have one..

The proliferation of police cameras all over is making me a bit apprehensive though, such as the HDB lifts.

Of all government agencies, MOM? I mean ISD, SPF or one of the Intelligence Units in the SAF, but MOM?

Not the SIM cards themselves, but the phones can be remotely pinged and the location triangulated. If google maps can give me, my location accurate down to 3m. I'm sure the relevant agency can figure out which pocket your phone is in.

[x9200]

I heard from a very reliable source not long ago, that the MOM can trace anyone in Singapore to a distance of 15sqm by cell phone and ezlink details. Makes sense, they have the ability to scan rfid cards from lamp posts and cell phones triangulation is very simple. also facial recognition on cctv is now a well established technology, and with today's quality of cameras, it would probably be pretty accurate.

Now this is where I'll personally call "paranoid" SIM card transactions aren't recorded with enough accuracy IMO for the cell tracking, and ezlink cards can be paid for and topped up with cash. And then not everyone will have one..

The proliferation of police cameras all over is making me a bit apprehensive though, such as the HDB lifts.

Isn't the average cell size small enough in this country to give reasonable accuracy location alone just from logging? Probably not 15sqm but more like 1000.

[nakatago]

I heard from a very reliable source not long ago, that the MOM can trace anyone in Singapore to a distance of 15sqm by cell phone and ezlink details. Makes sense, they have the ability to scan rfid cards from lamp posts and cell phones triangulation is very simple. also facial recognition on cctv is now a well established technology, and with today's quality of cameras, it would probably be pretty accurate.

Now this is where I'll personally call "paranoid" SIM card transactions aren't recorded with enough accuracy IMO for the cell tracking, and ezlink cards can be paid for and topped up with cash. And then not everyone will have one..

The proliferation of police cameras all over is making me a bit apprehensive though, such as the HDB lifts.

Isn't the average cell size small enough in this country to give reasonable accuracy location alone just from logging? Probably not 15sqm but more like 1000.

A building alone can have a high cell site density: most people mistake them for smoke alarms but looking closely, most of them even have the telco's logo stamped on them.

[zzm9980]

I heard from a very reliable source not long ago, that the MOM can trace anyone in Singapore to a distance of 15sqm by cell phone and ezlink details. Makes sense, they have the ability to scan rfid cards from lamp posts and cell phones triangulation is very simple. also facial recognition on cctv is now a well established technology, and with today's quality of cameras, it would probably be pretty accurate.

Now this is where I'll personally call "paranoid" SIM card transactions aren't recorded with enough accuracy IMO for the cell tracking, and ezlink cards can be paid for and topped up with cash. And then not everyone will have one..

The proliferation of police cameras all over is making me a bit apprehensive though, such as the HDB lifts.

Isn't the average cell size small enough in this country to give reasonable accuracy location alone just from logging? Probably not 15sqm but more like 1000.

1000 for sure. From what I know, probably 100m. *But* (and this is a key "but" for Singapore), no z-axis/elevation. 100m radius somewhere like Toa Payoh isn't incredibly useful. This could also be why we see the proliferation of police cameras monitoring the HDB lifts.

[zzm9980]

A building alone can have a high cell site density: most people mistake them for smoke alarms but looking closely, most of them even have the telco's logo stamped on them.

The campus for the company I work for has these all over at our location in the US. We had this discussion with the carriers during installation, and for some reason the microcells couldn't triangulate. I think it was just a software thing and they physically could, but the way the telcos used them it wouldn't work. Each building or set of buildings just sort of showed up as a single logical cell site. You'd know the user was attached to it, but not specifically say the microcell in the SW corner of the 2nd floor. Not sure if Singtel/etc's implementation is better. Given that their 3G network couldn't handle simultaneous voice and data, I'm doubtful.