Singapore refutes suggestions software on students' devices tracks personal data

A software installed on students' devices in Singapore captures only the user's online activities as a safeguard against access to "objectionable material" and does not track personal data, such as location and passwords. This assertion from the government comes after an online petition surfaced, urging support to block the implementation of the application. 

Posted last week, the petition took issue with the Ministry of Education's (MOE) device management application (DMA) that must be installed on personal learning devices issued to students. 

Singapore last March said all Secondary 1 students would each own personal learning devices, distributed by their schools, by 2024 as part of the country's national digital literacy scheme. Remaining secondary school students would be issued such devices by 2028. 

See also

Singapore must return data control to users to regain public trust

Trust plays an important role in consumers' willingness to share their personal data, but trust will erode if businesses continue to be given wider access to personal data and Singaporeans do not feel empowered to safeguard their own cyber hygiene.

Read now

According to the online petition, launched by "Jing-Yu Lye", the DMA would enable teachers to "control and monitor" the use of the device deemed necessary to "improve student management and deliver effective teaching". It also noted that the software facilitated remote deployment of teaching and learning applications, which meant schools could install applications on a student's device, whether the software carried security loopholes or otherwise.

In addition, teachers could control how much time students spent on the device as well as the applications they could run, with users "having no real control over how they can do it". 

The petition stated: "We students are unhappy that the MOE requires such a program to be installed on our personal learning devices, be it our personal ones or ones purchased from the school, due to how little control, freedom, and privacy we have. This may also put many students information and data at risk to hackers, as they can easily access the data if such program is breached."

It urged the public to support efforts to "get the power we need to defend our privacy", noting that while schools needed some control, students should not be forced to install the DMA. To date, the petition has garnered more than 6,370 signatures.

MOE, however, said the software did not monitor personal data such as passwords, identification numbers, and user location. Instead, the application gathered information on students' online activities including their online search history to "restrict access to objectionable material", the ministry said in a report by local TV network CNA. The software also captured device data such as operating system to assist in troubleshooting. 

All data collected were stored in servers managed by authorised DMA vendors "with stringent access controls" that were in accordance with the government's own personal data rules and policies.

MOE's divisional director of educational technology, Aaron Loh, said in the report that the device management software had been installed during a trial held in 2019, during which parents and teachers "affirmed the benefits and need" for the DMA. The software, he said, would ensure teachers had "appropriate controls" to manage device use in classrooms.

Parents, too, said the DMA could resolve their concerns about access to undesirable online content such as pornography and gambling as well as worries over excessive screen time, Loh said.

Such feedback prompted the nationwide deployment of the software on personal learning devices, he added, noting that security was enhanced since these devices were connected to the school's IT infrastructure.

Existing home devices used by students would have to meet "necessary school specifications" and the DMA installed, which would be provided for free, he said. Personal learning devices purchased via the ministry's bulk tender would have the software pre-installed before they were distributed to students. Schools would uninstall the software from these devices when students graduated.

Local schools last April temporarily suspended the use of Zoom following incidents of Zoom-bombing within virtual classrooms, including one breach when male strangers hijacked a lesson to broadcast obscene images and asked female students to expose themselves.

MOE later allowed use of the videoconferencing tool to resume, after modifications were made to integrate additional security controls and turn off some features. 

RELATED COVERAGE

• Singapore allows schools to resume Zoom use for home-based learning
• Singapore sets up committee to review public sector data security, but stands firm on PDPA exemption
• Singapore most exposed, but also most prepared in cybersecurity: Deloitte
• Singapore updates data protection law to exclude user consent for 'legitimate' business purposes
• Singapore unveils framework to facilitate 'trusted' data-sharing between organisations