Giving every citizen a unique digital identity
Proving your identity with physical documents can be a hassle when applying for digital services. Now, with the National Digital Identity (NDI) framework, comprehensive identity data is stored digitally and can be used to transact seamlessly online. Given the sensitivity of personal data, consent and authentication are essential elements of the NDI framework
If you were to write down all the things that represent you as an individual, you’d probably end up with a pretty long list—birth certificate, passport, NRIC, driving license, education certificates, income documents, medical records and so on. Each of these items is part of your identity, but they’re not all in one place. This introduces friction, say, when you apply for a Housing Development Board apartment or request a bank loan.
Now imagine having a ‘wallet’ containing every aspect of your personal identity that you can carry around with you. Should you require services from the public or private sector, simply show the service provider the relevant compartment of that wallet and you can be on your way to completing a transaction. Such seamless interactions across domains and services will be made possible with the National Digital Identity (NDI) framework.
“The NDI framework will see every resident in Singapore having a unique, cryptographic, non-replicable, non-repudiable form of digital identity,” said Mr Kwok Quek Sin, senior director of the NDI programme at the Government Technology Agency Singapore (GovTech) during the Public Sector Infocomm Seminar held on 14 September 2018.
Permission as a pre-requisite to data sharing
Trust is a key element of NDI, and Mr Kwok emphasised that it works two ways: the government must be able to trust and verify citizens’ personal data, while citizens must be able to trust the government to manage and store their personal data responsibly.
The first half of the equation is fulfilled by referencing credible identity data sources such as MyInfo and the Immigration and Checkpoints Authority’s national registry. These databases contain validated information about citizens and form the basis of building a digital identity.
But just because personal data is available doesn’t mean that it should be accessible to any public or private agency. Controls have thus been put in place under the NDI framework to ensure that citizens have a say in who can view their data and how their data is used. For example, when citizens use a digital service that requires data to be pulled from MyInfo, they will encounter a notification that clearly indicates the type of data being shared with the service provider, and they can decide whether to allow it.
“It is very important to make sure that [any sharing or exchange of identity data] takes place only with the consent of the individual,” said Mr Kwok.
Keeping transactions secure
Another key element of the NDI framework is multi-factor authentication, which helps protect against identity fraud. The first level of authentication takes place when citizens login with their Singpass, where in addition to keying in their password, they will be required to provide a one-time password sent to them via SMS or generated with a OneKey token.
But going beyond one-time passwords, NDI is designed to be able to interface with biometrics as well as third-party authentication protocols, such as those used by banks. By relying on multiple modes to verify identity and allowing the private sector to add their own layers of identity assurance on top of Singpass, the NDI prevents citizens’ identities from being hijacked for nefarious means.
“These complementary authentication factors provide [citizens and businesses with] options, resiliency and step-up authentication so that citizens can carry out more high-value and sensitive transactions online,” said Mr Kwok.
“NDI is not just about giving everyone a digital ID; it is about building a trust ecosystem—to enable the private and public sectors to build digital services on a common, universal trust framework,” he concluded.