TraceTogether tokens allegedly modified by ‘thick-headed’ Singaporeans

Some users are allegedly breaking open their TraceTogether tokens, removing the battery and even swapping the QR code with that of another device.

But doing so is not only a crime, it also puts Singapore at risk.

In response to queries from The New Paper, a Smart Nation and Digital Government Group (SNDGG) spokesman said it was aware of online forums where users claimed to have modified the token.

“Any deliberate or mischievous act to tamper with the token is a criminal offence under the Computer Misuse Act,” he said.

More than 400,000 tokens have been collected since distribution began last month.

The spokesman said TraceTogether has helped cut the time to identify close contacts from four days to less than two days. But tampering with the token can hamper contact tracing.

Last Tuesday, the multi-ministry task force said checking in with TraceTogether will be mandatory by year-end, with cinemas starting yesterday.

Currently, the tokens can be collected at 38 community centres but they will be available at all 108 CCs by end-November.

A thread on online forum HardwareZone last Tuesday discussed how to modify the tokens. A user encouraged others to print QR codes from other tokens to stick on their own.

The thread, which has gained traction with over 780 posts as of yesterday, saw other users discussing how to block the bluetooth signal to prevent it from working as intended.

Many of them appeared to be against the use of the tokens.

Some people had raised concerns about location tracking and surveillance when the tokens were announced in June.

But the authorities have reassured the public the tokens do not collect location data and are used only for contact tracing.

GovTech Singapore also invited four experts to a teardown of the token in June to check the inner workings of the device.


One of them, Mr Roland Turner, the chief privacy officer for analytics company TrustSphere, told TNP that people should not be worried about using the token.

“TraceTogether keeps the information that it collects on the device until you are diagnosed, and purges anything more than 25 days old,” he said.

“This means more than 99.9 per cent of data collected never enters government hands.”

Noting the success of TraceTogether in fighting Covid-19 depends on people’s cooperation, he added: “Like frequent hand-washing, TraceTogether can gain widespread use and high effectiveness only if the population wants to do it.

“It is worth taking every feasible step to encourage this.”

Lawyer Joshua Tong from Kalco Law said those who tamper with the tokens may run afoul of several laws.

“If there is physical damage or alterations to the tokens, one may be liable for an offence of mischief simpliciter,” he said.

The offence carries a jail term of up to two years and/or a fine.

If the mischief disrupts a public health service, one can be charged with mischief causing disruption to a key service, which carries a jail term of up to 10 years and/or a fine.

“This is because the TraceTogether tokens provide a service… (that) is critical to maintaining public health by combating the pandemic,” he said.

Under the Computer Misuse Act, unauthorised access to computer material carries a jail term of up to two years, and/or a fine of up to $5,000.

Those who make unauthorised modifications of computer material can be jailed for up to three years and/or fined up to $10,000.

Infectious disease specialist Leong Hoe Nam said those who tamper with the token are irresponsible and put others at risk.

He said: “Manipulating the token is akin to sabotaging your country. Why are they so thick-headed?”