In efforts to streamline government services and improve efficiency, as well as protect the privacy of citizens and combat fraud, several Asian countries are in the process of planning the rollout of digital ID initiatives. However, even as national digital ID initiatives gather steam, governments have been under pressure to avoid some of the pitfalls that have bedeviled such initiatives in countries like India – where the Aadhaar biometric identity scheme came under fire due to concerns that if it was not handled correctly could pose a threat to the human rights and economic wellbeing of the poorest segments of society. Rights groups also raised questions related to privacy and data security.
Aadhaar national digital ID – A cautionary tale
The Aadhaar example is one that highlights just how quickly a robust well-meaning national digital ID initiative can come apart at the seams. In part the problem with the Aadhaar digital ID initiative was in its ambitious scope – the ID would have touched almost every aspect of the day-to-day lives of India’s citizens. It would have been used to open bank accounts, mobile phone contracts, pay taxes, apply for marriage licenses, receive welfare benefits and pensions – and those would have been only some of the myriad of functions which would have required the Aadhaar card.
The ambitious nature of the Aadhaar project mean that silos of information would be connected – potentially allowing organizations to view a complete profile of the individual. Aadhaar in effect would act as a bridge between previously separate silos of data. The protection against 360-degree profiling would be considerably weakened leaving Indians vulnerable to data mining and identity theft.
In September of 2018 India’s Supreme Court ruled that Aadhaar did not violate the country’s constitution — but at the same time limited the scheme’s scope so that Aadhaar enrolment will not be required for access to bank accounts, schools, or mobile phone connections.
The Supreme Court ruling means the Aadhaar card will not be required in exchange for goods or services. It also serves as a talking point in the ongoing debate about what constitutes “good digital ID” when global concerns about privacy and access are increasing – especially in a world where more than 1 billion people lack any proof of identity.
The dangers of a digital ID
In part the fears of identity theft have proven to be valid. There have already been numerous instances where forged Aadhaar cards have been used to fraudulently open bank accounts and take out loans. Aadhaar linked mobile payment apps have also been used to steal funds. In short Aadhaar is the perfect example of the damage that can be caused when technology falls into the hands of those with less than legal intentions.
It is not only the economic wellbeing of Indians nor the threat of identity theft and privacy that are under threat due to the pervasive nature of the Aadhaar digital ID system. There are very real threats to health and wellbeing when a digital ID system as powerful and all pervasive as Aadhaar is launched.
In 2017 a man starved to death in when thumbprint authentication failed when his family tried to purchase subsidized food. Prior to this an 11-year-old girl also starved to death because her families ration card was cancelled due to them missing a deadline for linking the card with their Aadhaar numbers. Also in 2017 a woman and her 11-month-old child were refused medical treatment due to the fact that they did not have an Aadhaar card – both died.
The lessons of Aadhaar have informed the current digital ID projects that are being rolled out across Asia – but extreme vigilance and careful planning are still required if countries such as Singapore and Malaysia are going to avoid the pitfalls revealed by Aadhaar’s failing.
Singapore and digital identity
Singapore is one of the countries in Asia that is taking the lead in digital ID initiatives. The country is set to roll out a centralized biometric based digital ID system – which will form a central part of its National Digital Identity (NDI) system.
One of the aims of the centralized biometrics system is to streamline the signup process for services. Using the system, Singapore citizens will only have to register once using the system and then it would not be necessary to separately register for a variety of different services.
Rather than go it alone the Singapore government is proactively partnering with a variety of other players to make sure that organizations can seamlessly connect their services to the centralized biometric platform.
In order to make this a reality it is offering partners like financial institutions ‘software development kits’ as well as a choice of plug-ins to make sure that the entire system delivers what it promises.
According to Kwok Quek Sin, Senior Director of NDI from the Government Technology Agency (GovTech), the first step in the biometric identification system will be the rollout of the facial recognition functionality.
Ambitious vision for Singapore digital ID system
Biometrics is only one facet of Singapore’s ambitious national digital ID system. The system aims to be fully functional by 2020. It will encompass the provision of IDs via a variety of technologies which will include smart cards and even wearables. Citizens will be able to obtain the identity technology free of charge.
Singapore has already begun work on adding biometric systems in sectors such as public safety and immigration. These may go some way to proving the efficiency of systems that will be used in the wider rollout of the national digital ID system.
Malaysia rolls out national digital ID system
Malaysians will soon have access to a national digital ID according to Gobind Singh, the country’s Communications and Multimedia Minister.
However, the Malaysian approach is more cautious than that of Singapore.
According to the Minister the national digital ID would not be replacing the current MyKad nor would it be mandatory for everyone. The purpose of the ID would be to offer citizens some element of protection against fraud and build what the Minster called a ‘verifiable platform of trust’ in cyberspace. The digital ID is slated for rollout by the middle of 2019.
The rationale behind the new digital ID is based firmly on the presumption that e-commerce is poised to become the largest retail channel by 2021.
The statistics seem to back up the importance of online security in Malaysia. The internet economy in Southeast Asia, driven mostly by the booming e-Commerce market, is expected to grow to US$200 billion by 2025 making online security, privacy protection and data security a burning issue for many Malaysians.
According to a 2017 Visa Consumer Payment Attitudes survey, 74 per cent of Malaysians indicated that they shopped online at least once a month.
An inclusive approach to digital ID
The national digital ID project will be a cooperation between his ministry, the Malaysian Communications and Multimedia Commission (MCMC) and Malaysia Digital Economy Corporation (MDEC).
Citing an abundance of caution – perhaps informed by the mistakes that were made in the Indian Aadhaar project, Gobind commented that to ensure the national digital ID was legal, his ministry would study various pieces of existing legislation, including the Personal Data Protection Act 2010.
Previous projects encountered teething problems
In 2011, the previous administration under former premier Datuk Seri Najib Tun Razak announced the 1Malaysia email project that was to form the foundation of a national digital ID.
The 1Malaysia email project was an initiative that would have provided a unique and official email account and ID for Malaysians. It would have allowed citizens to receive statements, bills and notices from the government.
The MYR 50 million contract was awarded to a company called Tricubes Bhd. However, the contract ran into problems when it was revealed that the company was in the danger of being delisted because of financial irregularities.
Developed in collaboration with Microsoft, the initiative came under increased scrutiny when questions were raised as to whether the money would come from public funds or the private sector. The final nail in the coffin of the project was when it was revealed that government agencies would have to pay MYR 0.50 for every email sent to a Malaysian. And that money would have to come from somewhere – possibly a decrease in spending on other social projects.
Historically it seems that private enterprise and central governments have been at loggerheads when it comes to controlling the data that they gather from their customers and constituents. The wellbeing of those end users has too often been sacrificed in order to either maximize profit or control. This may be a cynical view – however political and social control and the profit motive are part and parcel of our modern-day society.
Could a national digital ID be the solution to providing a common ground where business and government can work hand in hand to provide an enhanced and simplified experience in terms of service? That question remains a vexing one. There is still no proven digital ID that has been rolled out and delivered on its promise.
Add to this the increasingly complex environment that surrounds privacy and data security, as well as human rights (especially when it comes to the poorest of the poor) and the challenge becomes even greater.
Several pundits have said that citizens should have the right to simply say ‘no’. Perhaps people across the globe should have the option of simply ‘opting out’ of a national ID card without prejudice or negative repercussions. However, it is becoming clear that this is a fever dream – when digital ID initiatives become pervasive, life will become increasingly difficult for those who choose the option of non-participation.
When debating the advisability of a national digital ID, one fact is indisputable. It holds great promise. If done correctly the benefits to citizens can be enormous – but the devil is in the detail.