Phew! It’s good to know that my contact tracing details collected by the Singapore government during Covid-19 have been deleted.
The information of millions of other residents and individuals here as well as those who visited Singapore between 2020 and 2022 has also been destroyed.
I applaud the authorities here for the good data governance and for following up on this crucial task after the pandemic.
At the back of my mind, however, I wondered: How do I know that the data has vanished, deleted for eternity? Perhaps the process should be audited to reassure the public that their privacy has been safeguarded.
A quick background: Digital contact tracing played a pivotal role in Singapore’s battle against Covid-19, slashing the time needed to identify and isolate close contacts from four days down to a mere 1.5 days.
At the forefront were two cutting-edge systems, TraceTogether and SafeEntry, meticulously logging movement data to swiftly pinpoint individuals in close contact to confirmed COVID-19 cases.
This ensured that the virus was corralled, curbing its spread and sparing many others from infection.
Over three years, a trove of contact tracing data was amassed. The data collected included a random user ID which is a string of numbers and letters linked to the user’s contact number and identification details.
Out of a population of about six million, around five million adults and children used the TraceTogether and SafeEntry systems to go to school, work and visit families as well as undertake essential errands.
Adding to this number are another 10 million or so tourists who visited Singapore between 2020 and 2022 and who also needed to use the two systems for contact tracing purposes.
The data was stored in a secure server and only used to contact the right persons when necessary, according to the Singapore authorities.
Fast forward to today: With the worst of the pandemic behind us and contact tracing no longer needed, the government says it has deleted the data collected.
The backend digital infrastructure has also been dismantled, and the relevant websites shut down. Only TraceTogether data pertaining to a murder case in May 2020, has been kept.
Deleting data in a server is not a mere process of drag-and-drop, like moving files to the digital garbage bin on the desktop computer. The process is a more complex, said Matthew Oostveen of Pure Storage, which provides data services to businesses.
While he has no visibility on the storage infrastructure used to store the contact tracing data, the current industry method is to use a software wipe for data erasure, instead of the traditional media destruction.
Up until recently, organisations would delete sensitive information by physically destroying the assets on which the data was stored, explained Oostveen, Pure Storage’s vice-president and chief technology officer for Asia-Pacific and Japan.
“Special shredding machines will chop the hard drives and other components into minuscule pieces,” he noted. “These fragments are smaller than 2mm to prevent someone from assembling them to read the data.”
This brute force was used along with degaussing which is wiping magnetic storage media by “firing” it with an electronic magnetic pulse. This method was effective for magnetically stored data but is dated in a world moving to solid state media.
Today, software data erasure is preferred. This works by writing 1s and 0s over the storage medium, and thereby rendering the information onboard irretrievable.
This process is akin to embedding digital white noise, a series of 1s and 0s with no special characteristics and pattern. Essentially it is an overlay, repeated a few times, to ensure no discernible patterns remain, said Oostveen.
This is like a field tractor methodically churning soil as it goes back and forth, chopping up the pieces of earth into small bits, he explained.
With sensitive information collected, organisations could add the extra level of security of physically destroy the magnetic storage media, he added.
So, while contact tracing details from TraceTogether did not include personal identifiable information, it is good to know that all the bits and bytes collected are now gone.
Going a step further, the government’s Smart Nation Group, which led the development of the two contact tracing systems, would give people here greater peace of mind by verifying that the deletion had indeed taken place.
An audit of the process and its findings disseminated publicly would quell any lingering doubt and reassure that the data is really gone.
