What is one current Singapore public policy challenge you care deeply about and why?

Public policy application. (500 word limit)

Smart Nation, SingPass and possible risks

Worldwide, we live in the age of modernization in societies. Singapore is no exception. In a bid to strategically position ourselves in an advantageous position for increased power in the global economy, we are aggressively riding on the wave of digital advancement to get ahead. In a time of digitization, our government advocates the ‘Smart Nation’ movement to increase our quality of life, with one of the strategic national projects being NDI (National Digital Identity) through SingPass. However, one public policy challenge we face is that citizens’ privacy can be put at risk when hacking of data occurs. This could lead to serious consequences, where data can be sold to interested parties, who may manipulate it to their own advantage such as profit.

Ideal state and our current state

The end goal of NDI is to make transactions using one’s personal information easily accessible with a short transaction time, through communal sharing of data among relevant public and private agencies. SingPass extends to public sectors, and in 2020, private sectors available at 20 entities. SingPass uses different strategies to prevent the misuse and exploitation of data, through their multiple options for 2 factor-authentification (2FA) via biometrics (facial recognition, thumbprint) and SMS. They also enforce legislations such as the Computer Misuse Act to effectively punish those who intend to do harm. In an ideal state, people are reassured their data will not be compromised.

In our current state, SingPass can still be breached despite the multiple strong firewalls put in place. When multiple parties in the outside world have access to data, there are potential loopholes. For example, public sectors are more open, sharing in best interest of citizens as necessary. For private sectors, they need to state a clear purpose for their need for access to data, and guard data by PDPA. When either is compromised methods like malware and phishing, the one-time slip up can cause significant losses in data privacy. The trade-off lies between convenience and security. Ultimately, it is not a matter of if, but when.

Severity of data-hacking

Knowing this gap between our public policy and our reality, we understand the severity when our data falls into the wrong hands of people who decide to use it for their own purposes. For example, a former administrative assistant called James Sim Guan Ling hacked 300 SingPass account holders. The data was sold to a China gang, who used it to earn profit from China residents who wanted to enter Singapore with fake Visas. The challenge lies not only in the idea of our privacy given away for another’s profit, but also that such data can be used to blackmail and harass others.