””

Fast Forward: Disruption and the Singapore Economy

And next, a mobile digital ID?

Tech advance better secures online transactions and could be huge time saver

Administrator Diana Lee, 42, frequently shuttles between polyclinic and hospital as the main caregiver for her sick parents and mother-in-law.

As a typical time-starved city-dweller, she appreciates the convenience of shopping and paying bills online, and hopes that new technologies will one day bring healthcare straight to the homes of the elderly.

The issue is close to her heart as she has to take leave several days a month to accompany family members to their check-ups.

She said: "Even a routine check-up requires two separate trips - one to draw blood for tests, and another for the doctor's consultation and prescription."

She added: "My employer is understanding. I really don't know how I would cope otherwise."

Her mother, Madam Ng, 74, has had to use a wheelchair since suffering a stroke in 2002.

Every three months, Ms Lee takes her mother for follow-up treatments by going from their home in Jurong to National University Hospital (NUH).

Madam Ng also suffers from high cholesterol, diabetes and hypertension, for which she visits a polyclinic in Jurong for treatment once every three months.

"It takes at least half a day for each visit to the hospital and polyclinic," said Ms Lee.

Her 76-year-old father had a heart operation in 2003 for a blocked artery. He also visits NUH once every three months for a check-up, as well as for treatment for asthma and diabetes.

As Ms Lee's husband works overseas, she has become the sole caregiver for her 71-year-old mother-in-law as well. Ms Lee has accompanied her to NUH for chemotherapy once every three weeks since she had a cancer relapse in March.

Technological advances in home-based healthcare could dramatically improve Ms Lee's situation and that of thousands of caregivers like her. "If only my parents could be monitored from home, get the doctor's prescription online and have their medication delivered to them," said Ms Lee.

When The Straits Times told her this could well be the future, given the Singapore Government's push for more Smart Nation services, she nodded eagerly.

  • Fast Forward series

  • With Singapore firmly focused on the Future Economy, The Straits Times' series, Fast Forward: Disruption and the Singapore Economy, helps you make sense of the big shifts that will shake up entire sectors, reshape jobs and change lives. Every Saturday for 12 weeks, the paper's journalists will examine a disruptive force, its likely impact on the economy and how soon that will be felt. From robotics, 3D printing and smart buildings to dire demographic trends, the global skills revolution and the Asean growth story.

    Next week, find out more about 3D printing.

 

Citizens wait less and do more when more government and commercial services move online. A higher level of efficiency and automation would also see jobs move up the value chain, even as mundane ones are phased out.

DIGITAL IDENTITY KEY TO SMART NATION SERVICES

Crucial to achieving this convenience is having a secure way of identifying people over the Web.

Currently, when a patient sees a doctor, he produces his identity card or NRIC for verification and to allow the doctor to retrieve his health record.

There is no equivalent of the NRIC in the digital world today for such high-stakes online exchanges - except for SingPass, set up for all Singapore residents in 2003.

However, this is not fail-safe. Using SingPass, people enter a password with their NRIC numbers to access over 200 e-government services, including income tax filing. But like other simple password schemes, SingPass is prone to security vulnerabilities when users adopt passwords that are easy to remember, like birth dates, which hackers can easily uncover.

Using one's NRIC number as a username is also insecure, as the string of seven numbers is predictable.

Enter high-tech digital identification.

The Singapore Government called for a tender in March for a Mobile Digital ID, noting that digital identification and authentication are becoming ever more important.

The Mobile Digital ID - likely to sit in a phone's SIM card - will uniquely identify every Internet user, just like the NRIC does, and can be used to authenticate all kinds of online transactions with the Government or commercial entities such as banks or telcos.


For Ms Lee, Smart Nation healthcare services could dramatically reduce the amount of time she has to spend accompanying her parents and mother-in-law to check-ups, consultations and follow-up treatments. Right now, she has to take leave from work several days a month to make these trips. Technologies that could support a home-based healthcare system for the elderly would be a boon to thousands of caregivers in the same boat. ST PHOTO: DESMOND WEE

A similar implementation in the Baltic nation of Estonia has enabled its 1.3 million citizens to get e-prescriptions, and even vote online. (See story on facing page.)

The Infocomm Development Authority (IDA), which called for the tender, believes the idea has the potential to work in Singapore, which has some of the highest mobile penetration rates in the world, hovering at 150 per cent. What that figure means is that each individual has at least one cellphone.

IDA's director for Smart Nation solutions and applications, Mr Amos Tan, said: "The biggest motivation is security and being prepared for a future where more transactions go online."

Already, about five million bank customers, or nearly half, do their banking online these days. And e-commerce is rising in Singapore.

According to British-based market research firm Euromonitor International, online spending in Singapore posted steady growth from 2010 to 2014. Last year, Internet spending rose to $1.3 billion, up 24 per cent from levels in the previous year.

Even so, some people still shy away from online transactions for fear of security risks. Interior designer Helen Chia, 43, joined their ranks after fraudulent expenses totalling US$5,000 (S$6,800) were chalked up on her credit card two years ago.

Although her bank waived the charges, she said: "There is no guarantee that your password is safe.

"One wrong move and your bank account is emptied."

She also hates the hassle of having to remember passwords and carry multiple banking tokens for different bank accounts.

"I don't want to carry so many tokens," she said.

DISRUPTION AROUND THE WORLD

Digital identification is not a new concept. Early adopters include Estonia and Hong Kong, with varying levels of usage.

In 2001, every Estonian was issued with a card containing a smart chip to use as an identity card, and a smartcard reader. Estonians now rely on the card for all cyber exchanges with the government, as well as banks, telcos and other commercial entities.

For instance, Estonians can log in to a national healthcare portal for e-prescriptions. Voting can also be done online. A third of the population voted online during elections in March last year.

Since 2007, Estonians have also been able to opt for a mobile ID. This option - taken up by over 90,000 Estonians to date - is more convenient because it does not require a smartcard reader.

So far, Estonia is leading the world in its advanced use of digital ID. Its laws are constantly being reviewed to provide greater convenience. For instance, a law is expected to be passed by the year end to let people open accounts without showing up at the bank.

In Hong Kong, a smart identity card project was started in 2003 to counter a rise in fake documents produced in China, and to speed up processing at checkpoints for travellers to and from Shenzhen. But Hong Kong's digital ID is not used for online transactions.

If mobile IDs take off here, Singapore is expected to be among the first countries in the world to take advantage of the technology.

Minister of State for Education and Communications and Information Janil Puthucheary is co-leading a group formed under the Committee on the Future Economy in December last year to recommend changes, including legislative ones, to allow Singapore to benefit from these so-termed "disruptive" technologies.

CRACK-RESISTANT PROTECTION

Mobile Digital IDs are said to be more secure than most authentication methods in use today.

An individual's credentials are stored in a tamper-proof zone - likely the SIM card - of a mobile phone, and protected by advanced encryption techniques known as public key infrastructure (PKI). Thus, hackers cannot steal the individual's identity remotely by infecting the phone with malware.

Even if the phone is lost, hackers would not be able to make sense of, or use, the encrypted user credentials without the accompanying personal identification numbers (PINs). The PINs are created and maintained by the individual Mobile Digital ID users.

This is one possible scenario:

To log in to his e-banking account, for instance, a user enters his mobile number instead of the usual username or password on the bank's website.

An SMS will appear on his mobile phone asking for an access PIN. The PIN, after being entered, will be encrypted before it is sent via SMS to the bank.

Once it is authenticated, the user will be able to view his e-banking account. To transfer funds or pay bills, he might be required to enter a second PIN that is different from the access PIN, which will then be encrypted and sent to the bank.

Even if the SMS is intercepted, hackers will not be able to capture the PIN as it is encrypted - unlike one-time passwords (OTPs) delivered via SMS or generated by a security token.

The use of OTP has been mandatory for e-banking since 2006, to provide extra security.

OTP will also be compulsory for sensitive e-government transactions such as those with the Central Provident Fund Board and the Ministry of Manpower from July 5.

The Straits Times understands that the Mobile Digital ID could supersede OTPs as it offers greater protection and is more convenient.

If so, people could finally ditch the multiple e-banking tokens issued by different banks, and they would no longer need to remember usernames and passwords for various online accounts.

RISING FRAUD LEVELS

With more than three billion Internet users globally, and rising cybercrime, secure and reliable online identification is critical.

According to a 2014 report by Internet security software company McAfee, global financial losses from cybercrime had hit US$445 billion annually by then.

Prominent hacking incidents that year involved Web storage services DropBox and iCloud. Nearly 500 private pictures belonging to celebrities, including nude photos, were leaked.

The Singapore Government had its own wake-up call after a discovery of 1,560 breached SingPass accounts in June 2014. Three were fraudulently used to make applications for work passes.

In another high-profile incident here, the personal data of over 300,000 customers of karaoke bar chain K Box was exposed in September 2014. The information included names, addresses and mobile phone and identity card numbers.

Investigations by Singapore's privacy watchdog revealed that lax security measures caused the breach. Access to K Box's computers was protected by weak passwords made up of only one letter of the alphabet. K Box was fined $50,000 as a result of the breach.

DISRUPTING JOBS

Implementing the Mobile Digital ID will also affect the job market.

New jobs will be created and old ones phased out in a new economy powered by this cutting-edge identification technology.

Here's how: A Certification Authority (CA) - likely to be a commercial entity - will be appointed to store the credentials of Mobile Digital ID holders and authenticate transactions in real time.

The CA will have to link its systems with those of service providers such as banks, telcos and government agencies to enable real-time authentication. New systems must be built and software developed to enable the service.

"In all likelihood, digital IDs will lead to a net gain in new jobs," said Mr Tyson Macaulay, the chief security strategist at security software firm Fortinet.

For instance, new high-tech jobs will be created in security and software development.

The Singapore Government has estimated that about 30,000 jobs in areas such as software coding, cyber security and data analytics will be in demand by 2020.

However, low-level service roles such as those of bank or telco branch officers are expected to be phased out as more people move online.

"Some people will not fully adjust to the economic shift brought about by disruptive technologies, but it is not peculiar to any country or industry," said Mr Macaulay.

IMPLEMENTATION OBSTACLES

Investments in the Mobile Digital ID are likely to exceed the current spending on SingPass and OTPs.

Estonia spent more than €20 million (S$31 million) in the early years to set up its system. In addition, software updates and maintenance come to about €4 million a year.

Some industry observers estimate that a similar system could cost Singapore anywhere in the "hundreds of millions" of dollars to build and maintain for the first five years.

This is several times more than what it costs to run SingPass and the OTP system, which can support about two million users here.

Mr Aloysius Cheang, the Asia-Pacific executive vice-president of global computing security association Cloud Security Alliance, said: "It will be expensive - not only must the new system deliver new capabilities, it must also work with existing legacy systems."

Government agencies and commercial organisations must also be convinced to use the new technology.

Banks here have their own systems and could resist the move to a common Mobile Digital ID - previously, they spurned the government-backed OneKey security token, once touted to be a universal tool for securing online transactions across banks and government agencies.

Said Mr Macaulay: "Rebuilding a post-Soviet economy in Estonia was straightforward as it had little legacy technology.

"For a place (like Singapore) with established systems and processes, retrofitting might be a lot more complicated."

The greying population in Singapore could be another hurdle. For instance, Ms Lee's parents might worry about not being able to remember the Mobile Digital ID PIN, or having to learn to use the new technology.

Also, it is not clear if Ms Lee could be authorised to act on behalf of her parents or mother-in-law over the Internet using their digital IDs. The authorities might not allow such use for fear of potential abuse.

"Also, will doctors prioritise face-to-face consultations over online ones? These are practical concerns that must first be addressed," said Ms Lee.

A version of this article appeared in the print edition of The Straits Times on June 11, 2016, with the headline 'And next, a mobile digital ID?'. Print Edition | Subscribe