Inside Singapore’s National Digital Identity programme

For someone who lives in Singapore, where average summer temperatures exceed 30 °C and humidity is often at 80 percent, London during a heatwave shouldn’t be too unbearable – or so I imagined.

No one was better to prove me wrong than Quek Sin Kwok, Senior Director of Singapore’s National Digital Identity (NDI) Programme, who travelled to Britain last month to discuss with peers from the UK’s Government Digital Service (GDS) the rollout of the NDI in the city-state next year.

GovTech

Making an analogy between the readiness for merciless hot weather and the implementation of a digital identity system, Kwok said that Singapore is prepared for it thanks to an adequate infrastructure owned to the relative youth of the republic (whether in the form of fully air conditioned buildings or having national identity cards already in place). The UK meanwhile is in the position of an old country carrying heavy legacy (by having carpeted floors or lacking a single citizen identification system).

Functioning as a mobile crypto-based identity, NDI will allow Singaporean residents to use a centralised set of credentials to carry out transactions in both public and private sectors, like filing tax returns or opening bank accounts. Basically, it’s a means for individuals to prove their legal identity in both the digital and physical realms.

Through NDI, Singapore’s Government Technology Agency (GovTech) aims to bring the convenience of a seamless digital experience to citizens and the efficiencies of digitalisation to businesses.

The NDI is one of GovTech’s actions within Singapore’s ambitious Smart Nation project, a government initiative which is transforming the country’s public and private sectors through aggressive and innovative applications of digital technologies to lead citizens into a “digitally enabled life”.

The digital identity programme has the personal endorsement of PM Lee Hsien Loong, who in August 2017 said that the NDI will be “a cornerstone of Singapore’s Smart Nation vision”.

In June, Singapore’s Government Technology Agency (GovTech) and GDS signed a Memorandum of Understanding (MoU) with the aim of strengthening collaboration in the design and delivery of digital government public services, at a time when both countries are actively engaging in a partnership to move government services from the physical to the digital realm.

What’s new about the NDI?

The concept of digital identity in Singapore is nothing new.

Ironically, it was the British, so adamantly opposed to ID for its own citizens because of privacy concerns, who first issued national identity cards to Singapore residents during the colonial period.

Kwok is grateful that today Singapore continues to have a foundational identity in the form of their identity card scheme, which served as a basis for their digital identity.

“It makes things a lot easier as we can base our digital identity on our physical identity,” explained Kwok. “Unlike in the UK, where I think the challenge is that there isn’t a physical identity, in Singapore we have a foundational identity to rely on.”

During the late 90s and early 2000s, many European countries, such as Spain or Belgium, starting introducing digital identities in the form of a crypto-based identity card. Why didn’t Singapore initiate its NDI programme then?

Kwok gives two reasons: first, it was very expensive, since the card chip had to be replaced every couple of years; and secondly, it wasn’t user-friendly as it required a card reader to access the data stored in the ID card, which the government feared would deter widespread adoption.

Instead, in 2003 the government introduced SingPass, a personal access identification which allows users to transact with over 60 government agencies online. It’s issued to all Singaporeans over 15 years old, and uses 2-factor authentication (2FA) for digital transactions involving sensitive data.

The NDI, explains Kwok, means taking SingPass one step forward, making it more secure and user-friendly. It will also remove the need to have different passwords and usernames as currently SingPass operates through an ID and password.

At the moment, the greatest challenge in the use of SingPass system, said Kwok, is forgotten passwords. From next year, all Singaporeans will be able to digitally sign documents through the scanning of QR codes.

“The more important objective of introducing the NDI is really about creating a universal trust layer that allows data and their sources to transcend the boundaries of organisations – with users’ consent,” added the Director. 

“In other words, it is providing the control of data to individuals so that they have control over how they want to use the data that they have with the government, even with private sector transactions.”

GovTech

The ‘trust layers’ Kwok refers to are led by the government by offering trusted data and identity, and co-developed with the private sector in the form of trusted access and trusted services. 

As the NDI keeps developing, GovTech plans to collaborate with more private partners, such as ride-hailing app Grab or online marketplace Carousell, which will be able to use NDI data to verify users.

It is also working on creating a centralised biometric scheme in the next six to eight months, beginning with facial recognition, in order to enable its use for a number of services. This, however, will require clearing citizens of any doubts of what their biometric data is being used for. As Kwok explained, it will be for verification purposes and not surveillance.

Lessons from the British experience

But one of the reasons why Kwok visited London was to learn from the British government experience during its own digital identity scheme implementation journey.

Regardless of the arguable success of UK Verify, Kwok believes that there are areas where his team can learn from GDS, such as the standards and framework they had setup for the UK Verify ecosystem.

Since it officially went live in May 2016 – four years later than expected – UK Verify has been marred with delays and complications.

The identity assurance system developed by GDS was intended to be a flagship digital programme to provide identity verification services for the whole of the UK government. Its goal was to provide UK residents with a single channel which they could use to authenticate their identity digitally for services such as claiming tax refunds, sign mortgage deeds or receive the state pension. 

However, the National Audit Office (NAO), the UK’s public spending watchdog, published a report in March 2019 in which it said: “Verify is also an example of many of the failings in major programmes that we often see, including optimism bias and failure to set clear objectives.” 

The watchdog concluded that the expensive scheme, which cost the British taxpayer a total of £154 million from 2011 to 2018, had significantly missed every single target set at the beginning of the project.

As of February 2019, only 19 government services were using Verify – a distant shot from the 2016 goal of 46 government services.

And although Universal Credit, a social security payment, remains Verify’s biggest government customer, most claimants still can’t use the verification system to apply for it. In fact, only 38 percent of Universal Credit claimants can successfully verify their identity online (of the 70 percent of people attempting to sign up through the scheme).

NAO’s report went on to say that “it is difficult to conclude that successive decisions to continue with Verify have been sufficiently justified”.

Kwok emphasises that these are not issues likely to affect NDI. 

Unlike in the UK, Singapore had the advantageous starting point of being able to rely on the identity cards already in place as a foundational base. More importantly, all government agencies were given the mandate to use the identity cards to access digital services, which standardised the way government verifies people’s identities.

“We were able to do that because the early 2000s was a time when most of Singapore’s government agencies were starting to get their services online,” he said. 

That’s a stark contrast with the UK, where each agency can request a different form of ID (passport, driving license, national insurance number, etc), which translates into significant legacy issues when trying to merge those systems together.

“The other advantage that we had versus other countries is that our layers of government are a little bit more simpler, flatter,” added Kwok. “We don’t have multi-layers of government, so that makes it easier for us to move ahead. I also feel fortunate that I have very strong support from political holders. Everyone is in sync that this is something we have to do.”

The main difference between both cases, however, is that Singapore didn’t have to face adoption challenges that the UK had. While Verify’s original target was to have 25 million users signed by 2020, figures show that if current trends continue, approximately only 5.4 million users will have signed up by that year.

Despite only being at the trial phase and not having invested much in promotion during the initial stage, the new crypto-based mobile digital identity called SingPass Mobile is close to reaching the half a million user mark within 6 months – out of a population of 5.6 million.

Digital culture in Singapore is highly developed, with technology permeating every aspect of work and life. The current government’s efforts towards making Singapore the paramount ‘smart country’ only reinforces this. The city-state’s mobile penetration is at 150 percent, among the highest in the world, demonstrates the hunger that Singaporeans have for the online and mobile realm.

Once fully implemented next year and overall adoption results can be quantified, Singapore might well make it to the small list of countries, such as Estonia, with a successful citizen-centric digital identity system that’s actually improving the lives of residents.