App Restrictions on Government-Issued Mobile Devices

Earlier this year, several governments around the world banned specific apps from being installed on government-issued mobile devices, amid fears that user data and information collected by these apps would be misused, or that sensitive data would be collected by such apps. 

I asked the Prime Minister whether all government-issued mobile devices are pre-installed with device management apps and antivirus software. I also asked how the government ensures that sensitive information on these devices do not fall into the wrong hands, especially devices used by civil servants and political office holders. 

This was the full exchange in Parliament on 9 May 2023: 

Mr Gerald Giam Yean Song asked the Prime Minister (a) whether all Government-issued mobile devices used by civil servants and political office holders are pre-installed with device management application (DMA) and antivirus software; (b) if so, how does the Smart Nation Digital Government Group (SNDGG) ensure that sensitive information passing through these devices does not fall into the wrong hands; and (c) if not, how does SNDGG ensure that only approved apps are downloaded, only appropriate websites are accessed and only malware-free email attachments are opened on these devices.

The Senior Minister of State for Communications and Information (Dr Janil Puthucheary) (for the Prime Minister): Madam, Government-issued mobile devices are secured through technical controls and policies on appropriate use.

Technical controls include the installation of Mobile Device Management software, which allow for remote removal of data from compromised devices. Connectivity to the Government network must be done via a virtual private network. Emails are screened by a security application that blocks emails containing suspicious attachments. As a policy, such devices cannot be used to process and store highly classified information that may cause serious damage to national interests.

We also educate public officers through regular training so that they are aware of cybersecurity risks, including rogue apps or spoof websites. As members will appreciate, cyber risks can never be fully eliminated. We will implement appropriate safeguards while enabling officers to be effectively supported with IT tools.

Mdm Deputy Speaker: Mr Gerald Giam.

Mr Gerald Giam Yean Song (Aljunied): I thank the Senior Minister of State for the reply. Has the Government assessed the risk that the apps installed on these phones, whether they are personal or official mobile phones of public servants and civil servants, may be able to surreptitiously access official secrets that may be stored on the phone or accessible on the phones? And what mitigation measures are done to prevent this – for example, do all official devices require anti malware software to be installed? 

Also, the Senior Minister of State mentioned quite a bit of restrictions on the official mobile phones. What rules are in place to ensure that civil servants do not use their personal devices for official purposes, just to get around the official phone restrictions in an effort to communicate with one another or with the public?

Dr Janil Puthucheary: Madam, I thank the Member for the question. His supplementary questions touch on a number of areas – malware mitigation, installation of software, installation of apps, the use of personal devices versus official devices. We do have policies as well as technical solutions that apply to all of those areas that he had asked about.

But the key issue is the behaviour of our personnel. Every single one of these technical, software solutions can be weakened by inappropriate behaviour. So, the key is really to make sure that our public officers understand what they are allowed to do and how what they do exposes themselves as well as our systems to risks, and to make sure that their behaviour is not compromised. The short answer is, we do have technical solutions to each of the issue that he has brought up, but what we really need to emphasise is the process and people factors in order to make sure that we secure this space. And I thank him for his questions.

Source: Singapore Parliament Reports (Hansard)

Photo by Ketut Subiyanto on Pexels

Security at preschools

The horrific attacks at a preschool in Thailand shocked the world, including Singapore. In view of this tragedy, my Sengkang GRC colleague He Ting Ru and I asked Parliamentary questions today on what security measures preschools in Singapore are required to put in place to safeguard our children:

*9. Ms He Ting Ru: To ask the Minister for Social and Family Development (a) whether there are any standard training, support or security measures in place for staff of preschools or childcare service providers regulated by the Early Childhood Development Agency to handle unexpected security incidents; and (b) if so, whether any further updates will be made to these measures.

*10. Mr Gerald Giam Yean Song: To ask the Minister for Social and Family Development (a) what physical security measures are preschools and childcare centres required to put in place to detect and prevent intrusions by unauthorised persons; (b) whether the Ministry regularly checks that these measures are being implemented across all centres; and (c) whether these measures are sufficient to prevent persons with criminal intent from entering the centres and harming staff and children. 

I asked these Supplementary Questions following the reply from Minister of State (Social and Family Development) Sun Xueling:

Mr Speaker, can I extend my deepest condolences to the families of the victims in the tragic shootings in Thailand, which involved children in a childcare centre. 

In Singapore, during preschool dismissal times, it is common for a large number of caregivers to be fetching their children at the same time. It is difficult for teachers to identify each and every caregiver, and are likely to use their own subjective judgement to decide whether to open the door to the centre and release the child to the caregivers. 

Can I ask the MOS: Are all preschools required by regulation to have their doors locked at all times and unlocked only for authorised persons whose identity is authenticated by the centre staff and are they required to maintain a list of pre-designated caregivers who are allowed to fetch children?

If not, could ECDA (Early Childhood Development Agency) assess if these enhanced security measures are necessary to ensure the safety of young children?

A government out of order

The Public Order Act, which was just passed in Parliament on Monday, got me wondering just how far the PAP will go to thumb its nose at the Constitution to serve its narrow political interests.

Among some “highlights” of the law are:

  • A demonstration by a lone person is called an “assembly”.
  • Two persons walking together form for a common cause is a  “procession”.
  • Assemblies and processions both need permits from the Commissioner of Police.
  • Cause-related activities (i.e., political activities) require permits regardless of the number of persons involved. (I guess that means that zero-person activities can also be banned.)
  • An entry-level policeman has the power to order people to “move on” away from an area, even if they are not committing an offence. Those people have to comply, even if that policeman is in the wrong.
  • The police have the power to ban ordinary citizens from filming them as they work.

Continue reading “A government out of order”