- Veröffentlicht: 19. April 2017
Strong data protection measures and private sector collaboration will be instrumental to the success of Singapore’s upcoming national digital identification system
Singapore’s upcoming government-led national digital ID system needs strong private sector participation and security safeguards to succeed, according to Gemalto, a digital security specialist.
“Building a national digital ID system is immensely reliant on collaboration between the authorities, banks, telecom operators and others in the private sector,” says Jimmy Ang, marketing director for government programmes at Gemalto in the Asia-Pacific (APAC) region.
Ang says the government can encourage the private sector to come onboard for the digital ID scheme by incentivising or subsidising their efforts in the collaboration. It could also establish a trusted framework to protect the data of users.
Regulations and related laws defining the parameters of digital ID implementations will need to be in place as well. “This can be as simple as outlining who has access to the users’ personal data, and how they should be properly handled without infringing privacy laws or concerns,” Ang says.
Data protection measures are critical for digital ID systems to gain consumer acceptance. According to Gemalto’s 2016 Mobile security survey involving more than 1,300 adult smartphone users across six markets including Singapore, 70% of users said they would take up mobile identity documents, such as passports or national ID cards, if they knew they were fully protected.
“The relevant bodies – be it the government, telcos or services providers – should task themselves with the responsibility of showcasing the convenience and security of mobile identity to users, and dispensing proper instructions for users to securely use the service,” Ang says.
The idea of a national digital ID system was mooted in March 2017 by Singapore’s minister in charge of the country’s smart nation initiative, Vivian Balakrishnan, who noted that while the authentication of digital identity is a difficult challenge, it is “absolutely essential if we are going to have secure transactions in the digital world”.
Balakrishnan had said the current SingPass authentication system used by Singapore citizens and residents to log on to e-government services is “not good enough”, and that there is a need to upgrade that system into one that can serve as a secure digital ID system.
“We need to do all this to engender greater confidence, reduce transaction costs, allow information to be exchanged securely and seamlessly, create services and improve consumer experiences,” Balakrishnan says. “Now the point is we can provide these platforms, but we have to enable our companies to ride on these platforms to derive competitive advantage.”
Gemalto and Singapore’s Government Technology Agency (GovTech) are currently testing a mobile digital ID system in the healthcare and banking sectors where organisations are likely to benefit the most from Singapore’s digital ID initiative.
“Singapore residents use healthcare and banking e-services on a daily basis, sometimes under urgent circumstances, such as booking a doctor’s appointment in the middle of the night or paying credit card bills due the next day.
“These e-services are sensitive to identity fraud, making accurate identification of the user an indispensable component of the process. As the number of such e-services continues to grow, it is crucial users produce authenticatable identity documents when they access the services on digital platforms,” Ang says.
While the healthcare and banking industries are typically saddled with manual processes and legacy IT systems, Ang says the fact that the public generally understands how new technologies can improve their lives provides another nudge for companies to set up mobile digital ID systems.
“The potential of an integrated mobile ID system is manifold,” says Ang, who sees a future where citizens can carry out important tasks on their smartphones or computers, like paying taxes or voting in elections.
“They can easily navigate online platforms, assured that the data they provide are secured via two-factor authentication [2FA] and consent-based digital identity management,” he adds.
In response to queries from Computer Weekly, GovTech says it is still reviewing the various forms that Singapore’s national digital ID can take, such as a software-based security token, together with the industry.
Easing the transition
Given the earlier hiccups in getting SingPass users to sign up for 2FA, efforts to ease the transition to the national digital ID system are just as crucial.
“At that time, the biggest hurdle was to get older citizens who were not tech-savvy to switch to the new 2FA system and teach them how to use it, before the deadline hit,” Ang says.
For the new digital ID system to take off, Ang says the government needs to make enrolment easy for citizens by simplifying and streamlining the processes as much as possible without compromising security.
“The government also needs to communicate the rationale and benefits of adopting a new system and encourage organic transition,” Ang says.
“Previous incidents such as phasing out of Teletext and 2G services were well-intended – as we were moving up the technology chain – but poorly relayed, due to the inconvenience caused, in Singapore.”
A GovTech spokesperson says the government is taking a more transitional approach to introduce new technology progressively for users, given the diverse user base and evolving technology landscape. “We will share more details when ready,” she says.
Meanwhile, one country that has led the way in national digital ID systems is Estonia. The country’s electronic ID card is not only used by its population of more than 1.3 million people to vote, check their medical records, make mobile payments, file taxes and digitally sign documents, it also enables non-citizens to take up e-residency and set up businesses in Estonia to tap the larger European Union market.
It is uncertain, however, if the Singapore government plans to emulate Estonia’s digital ID system in its entirety and allow foreigners to set up local firms virtually, as doing so would require the use of advanced technologies and changes in business registration regulations.
“However, I would say having such a system does open up a repository of opportunities for Singapore to explore in the future as the right time comes, and it will be up to the government to decide how they would implement this feature in the national digital ID system,” Ang says.
Read more about digital identity management
- Identity is vital for presenting a consistent customer relationship across digital channels, but not everyone in all organisations understands this shift.
- A Radiant Logic executive explains why the growing consumer identity management trend may be the death knell for traditional enterprise identity provisioning systems.
- Learn about the identity management and compliance relationship and how IAM should and shouldn't support good enterprise compliance processes.
- A report on contactless card fraud highlights the need for multi-factor authentication for payments.
Autor(en)/Author(s): Aaron Tan
Quelle/Source: ComputerWeekly, 12.04.2017