DIGITAL IDs are the gateway to seamless and secure transactions, easing our daily lives and raising productivity.
Getting there, however, will not be easy based on the limited information so far on the mammoth National Digital Identity (IDN) project. There seems to be a serious lack of clarity and transparency about how the government intends to proceed.
It could take a leaf from Singapore and Sweden whose digital IDs and the myriad of applications, both government services and private sector ones, are easily accessible to the public.
The first concern is security. With today’s widespread data breaches and digital banking scams, everyone is wary of giving out more information.
Our op-ed contributor Jason Yuen of Ernst & Young Consulting Sdn Bhd points out that it is not enough to reassure the public with terms such as “quantum computing” or tell them to “trust me”.
He posits that we need a clear and effective approach to IDN security as well as continuous monitoring throughout the lifecycle of the ID.
Second is the lack of clarity on the project cost, who the vendors are and how they are being selected.
The problem is we don’t have a clean record on government job tenders. Often, connected parties will get valuable chunks of these projects through intense lobbying although they are not qualified.
The projects will then be subcontracted and the typical result is bad implementation, cost overruns and leakages.
It is also unclear which government body is overseeing this project and how it will liaise with the many other government bodies involved.
Considering the significance, size and sensitivity of the IDN project, and the buy-in it needs from the public, we suggest an oversight select committee be set up. This committee should include non-governmental officials who will help ensure the project follows international best practices.
Q&A: Mimos sheds light on programme
Just over two weeks ago, the government said it had appointed national research and development (R&D) centre, Mimos Bhd, as the implementing agency for the IDN programme with an initial allocation of RM80mil. We reached out to Mimos for more clarity and here are their responses:
What are Mimos and other government bodies’ roles in the IDN project?
The project owner is the Home Affairs Ministry while Mimos is the implementation agency. The National Registration Department is the owner of the national identity database which is the “source of truth” reference for the MyDigital ID issuance.
The Malaysian Communications and Multimedia Commission (MCMC) is the guardian of The Multimedia Act that governs the implementation of digital initiatives. The Department of Personal Data Protection and CyberSecurity Malaysia will ensure all the implementation processes including system design and set-up comply with the Personal Data Protection Act 2010. Malaysia Digital Economy Corporation (MDEC) is taking care of digital ecosystem development.
How much will it cost the government to roll out Malaysia’s IDN?
It is not just a project, indeed it is a programme that will serve as a secure base and platform for overall government services deliveries in the digital realm similar to the MyKad implementation for physical engagement.
Is Mimos proposing any private vendors or is it privately reaching out to vendors for their bids and quotes? What is the level of transparency considering it is government funds?
Mimos will leverage on its R&D achievements for most of the implementation. This includes the technologies, intellectual property and products it has developed. This was the outcome of the R&D initiatives under the 11th and 12th Malaysia Plans.
Equipment and other aspects that Mimos does not produce will be procured via open tender bidding and other transparent processes based on government guidelines. For non-core activities that are not within Mimos’ expertise, such as promotions, public relations and marketing of the MyDigital ID issuance, we will rely on government entities such as the Communications and Digital Ministry, RTM and the Malaysian Information Department.
How soon will the MyDigital ID be rolled out?
It began on Nov 27 for ministers and public servants. From March 1, 2024, it will be rolled out to those in all government agencies and from July 1, it will include the public.
What level of protection of personal data can be achieved with MyDigital ID?
MyDigital ID will not collect, carry or transmit any personal data. Basically the system will enable users to verify their identity against their MyKad and data from statutory databases such as the National Registration Department.
After that, the system will generate a cryptographic certificate unique to each individual to certify that this person is the same person as in their MyKad, and that the MyKad is legitimate.
This article first appeared in Star Biz7 weekly edition.