””

One digital ID to rule them all?

Efficiency of the online system is appealing but there might be serious costs and risks

Last month, Prime Minister Lee Hsien Loong reiterated his vision for Singapore to have a digital ID for more efficiency.

He mentioned how Estonian citizens have a digital access card for secure online transactions such as accessing national health insurance and bank accounts, remarking: "The Estonians have this: There is no reason why we should not have it."

A digital ID or identification is akin to a digital version of the NRIC or identity card.

Whereas the NRIC is used to verify one's identity in the physical world, the digital ID verifies identity online.

In the digital world where people hide behind fake online identities, a verifiable ID system can make online databases more reliable, and reduce the time required for people to log in and out of different systems.

Estonia pioneered, and now leads the world in, digital ID systems.

Like Estonia, Singapore has a relatively small resident population, high broadband Internet penetration rate and a technologically savvy workforce.

However, the similarities between both countries do not go much further, and there might be good reason for us to consider why we should not create the digital ID.


Like Estonia, Singapore has a relatively small resident population, high broadband Internet penetration rate and a technologically savvy workforce. However, the Republic will have to battle massive legacy systems and expose the country to disproportionate security risks to adopt the digital ID. ST FILE PHOTO

Estonia's digital success is largely attributed to a big bet on technology it made at its founding.

Estonia - once part of the Soviet Union - gained independence in 1991 and built its state when the Internet was just gaining popularity.

Empowered by trustworthy leadership and technologically savvy bureaucrats, Estonia defied all expectations, launching its digital stock exchange by 1995, declaring Internet access a human right in 2000, and implementing the digital ID in 2002.

Moving to digital ID might seem like a natural progression for the Smart Nation. However, we differ from Estonia in terms of legacy systems, security conditions and digital accountability laws, all of which were crucial contributors to that nation's success. If the goal is to create a leaner and more efficient bureaucracy, we might get better returns without the digital ID.

Singapore in 2017 is a 52-year-old country with a history of bureaucratic efficiency.

Many of our systems are digital, and we've had a moderately successful effort in SingPass.

Moving to a digital ID might seem like a natural progression for the Smart Nation.

However, we differ from Estonia in terms of legacy systems, security conditions and digital accountability laws, all of which were crucial contributors to that country's success.

If the goal is to create a leaner and more efficient bureaucracy, we might get better returns without the digital ID.

It's a system that does not play to our competitive digital advantage, and its price tag is too high for what will probably be modest gains.

LEGACY SYSTEMS
Since we already have a comprehensive ID system, will the new digital ID system provide additional efficiency gains large enough to outweigh transitional transaction costs and the political cost of hurting current players?

It will almost certainly require reconfiguring how the current bureaucracy works.

The sheer cost of this cannot be underestimated for a public sector employing 6.5 per cent of the resident labour force

SECURITY ARCHITECTURE
The digital ID's promise for efficiency must contend with a potent risk: cyber security.

As we have seen in multiple cyber security breaches in the last few months, many bad actors are attempting to compromise our systems.

In technology speak, a digital ID creates a "honeypot", a single point of failure for the entire system of identification. If a hacker has access to this central database, everyone is compromised.

The Estonians have begun to acknowledge this massive vulnerability created by the digital ID, especially after Russia's cyber attack campaign in 2007.

With few options available, Estonia's solution is to make digital copies of their entire citizen database in the United Kingdom and Sweden, for an offshore "back-up" system in case Russia tries to "delete" everyone's identities.

It is easy to protect the honeypot from bees but the digital ID will create a target too valuable for grizzly bears to ignore.

Once we begin to consider the eventual possibility of "backing up" our citizen database in another country, it is not difficult to realise that the digital ID inadvertently punctures the sovereignty of the state.

Secondly, the desire to digitise ID should also take lessons from the physical world.

There is good reason why we do not use the same card for debit accounts, frequent flyer membership or Starbucks rewards.

A separation of ID cards creates separation between networks.

In the physical world, we can be sure that even if the SingPass goes down, or if SIA's network experiences some interruption, we can still do our bank transactions because they are governed independently of each other.

Sacrificing redundancy for efficiency would dangerously put all our digital eggs in one basket.

DIGITAL ACCOUNTABILITY
Finally, a policy like the digital ID needs to provide robust assurances in data accountability.

Through its information exchange architecture called X-Road, Estonians perform secure and well-logged transactions with government departments.

For example, there is a log record when the Ministry of Finance retrieves information from the Ministry of Education, which is in turn available to citizens.

Citizens can check if an official is checking on them without valid reason, and are legally empowered to file an inquiry to get the official fired. Such transparency is crucial to retaining trust in the system.

Furthermore, to protect citizens from erroneous records (a citizen incorrectly labelled a "criminal offender" , for example) in the database, Estonia's Public Information Act allows citizens to request for and edit their government-held data.

Such assurances are necessary to ensure that citizens will not be unjustly denied services.

Our latest Personal Data Protection Act does not ask the Government to log access to citizen data, nor does it create administrative procedures for citizens to request for or edit data in government databases (such provisions are currently available only for data held by private organisations).

Building a successful digital ID system may require laws to be updated with these provisions.

AN ALTERNATIVE?
In my view, the limited potential benefits of the digital ID do not outweigh the massive costs and risks it poses to our digital future.

It is not wise for a centralised model of digital government such as Singapore to take selective examples from a decentralised model of digital government such as Estonia.

Instead, we should look to other similarly centralised systems.

For example, the UK's Verify system uses private company digital identities to identify (authenticate) users and create a secure database through encryption. It does not require extensive information sharing between databases to minimise data security risks.

To be sure, Singapore can bring real innovation to digital identification but the idea does not lie in Estonia's digital ID.

For little benefit, we will have to battle massive legacy systems, expose the country to disproportionate security risks and put in place new data accountability mechanisms.

Copying Estonia's digital ID, unfortunately, might not be the smart thing to do for our nation.


  • Mr Benjamin Goh is a Master in Public Policy candidate at the Harvard Kennedy School. He is also research assistant to Professor James Waldo, chief technology officer for Harvard University.
A version of this article appeared in the print edition of The Straits Times on March 17, 2017, with the headline 'One digital ID to rule them all?'. Print Edition | Subscribe