What is one current Singapore public policy challenge you care deeply about and why?

Public policy application. (500 word limit)

Smart Nation, SingPass and possible risks

Worldwide, we live in the age of modernization in societies. Singapore is no exception. In a bid to strategically position ourselves in an advantageous position for increased power in the global economy, we are aggressively riding on the wave of digital advancement to get ahead. In a time of digitization, our government advocates the ‘Smart Nation’ movement to increase our quality of life, with one of the strategic national projects being NDI (National Digital Identity) through SingPass. However, one public policy challenge we face is that citizens’ privacy can be put at risk when hacking of data occurs. This could lead to serious consequences, where data can be sold to interested parties, who may manipulate it to their own advantage such as profit.

Ideal state and our current state

The end goal of NDI is to make transactions using one’s personal information easily accessible with a short transaction time, through communal sharing of data among relevant public and private agencies. SingPass extends to public sectors, and in 2020, private sectors available at 20 entities. SingPass uses different strategies to prevent the misuse and exploitation of data, through their multiple options for 2 factor-authentification (2FA) via biometrics (facial recognition, thumbprint) and SMS. They also enforce legislations such as the Computer Misuse Act to effectively punish those who intend to do harm. In an ideal state, people are reassured their data will not be compromised.

In our current state, SingPass can still be breached despite the multiple strong firewalls put in place. When multiple parties in the outside world have access to data, there are potential loopholes. For example, public sectors are more open, sharing in best interest of citizens as necessary. For private sectors, they need to state a clear purpose for their need for access to data, and guard data by PDPA. When either is compromised methods like malware and phishing, the one-time slip up can cause significant losses in data privacy. The trade-off lies between convenience and security. Ultimately, it is not a matter of if, but when.

Severity of data-hacking

Knowing this gap between our public policy and our reality, we understand the severity when our data falls into the wrong hands of people who decide to use it for their own purposes. For example, a former administrative assistant called James Sim Guan Ling hacked 300 SingPass account holders. The data was sold to a China gang, who used it to earn profit from China residents who wanted to enter Singapore with fake Visas. The challenge lies not only in the idea of our privacy given away for another’s profit, but also that such data can be used to blackmail and harass others.




a collection of thoughts given breath.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

I’m glad the hitman had poor marketing skills

What is ARP (Address Resolution Protocol) & how it works?

Information security on Slack

Exploring Popular zkEVM Solutions: AppliedZKP, Matter Labs, Hermez, and Sin7Y

Apple’s First Malware Notarized | OpenAVN

Use This Mailsac Alternative For Temporary Emails

The Ultimate Guide for Cloud Penetration Testing

Visualising the Attacks and Pentesting on Clouds

How to spot online scams that target tradesmen

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


a collection of thoughts given breath.

More from Medium

Happiness is a Bowl of Snails in Saigon

Am I made to weave?

Can Santa Love A Jewish Girl?

a year here