By Lynette Chang
Following the previous articles, we will look at the non-mandatory implementation of digital and mobile IDs via smart devices in Singapore and South Korea. By comparing and contrasting the digital ID experiences in these Asian countries, we hope to identify areas that Taiwan can learn from to improve its digital ID policy.
Non-mandatory digital/mobile ID via smart devices: Singapore and South Korea
Singapore’s National Digital Identity Initiative authorizes the launch of the Singapore Personal Access (SingPass) mobile application in 2018. The app, which users may log in via a 6-digit passcode or biometrically through fingerprint or facial recognition, is a one-stop portal that allows access to various government services, such as MyTax, Singapore’s online tax portal.
The SingPass Mobile app features a MyInfo Profile page containing a digital identity card and links to various government services. The MyInfo Profile is a service allowing SingPass users to auto-fill selected personal details on online forms, which reduces repetitive form-filling and the need for users to provide verifying documents.
Information stored in the MyInfo profile includes the SingPass user’s name, identification number, contact details, driver’s license, and information on the user’s education and employment histories, among others.
The SingPass Mobile app is available for use on both iOS and Android devices. While the use of the SingPass Mobile app is not mandatory, it is increasingly becoming the de facto way to access SingPass and other digital government services. Besides using the SingPass Mobile app, users may also login to SingPass by keying in a one-time PIN sent to the user via text message (SMS 2FA) or generated on a physical OneKey token. Currently, only 2% SingPass users access the service through the OneKey token, and the Government Technology Agency of Singapore has announced plans to phase out the physical token by April 1, 2021.
Like Singapore, South Korea is also seeing a rise in the use of digital or mobile identification apps. The difference is that the SingPass Mobile app is a government-initiated service while the provision of mobile ID services is privatized in South Korea.
This follows the passing of the amendments to South Korea’s existing Digital Signature Act, slated to take effect in December 2020. The Act revokes the monopoly that the South Korean government had on the Official ID Certificate in South Korea, which has been used for 21 years to regulate online financial transactions in the private sector. The old Official ID Certificate has faced criticism because it requires users to download multiple software programs.
The amended Digital Signature Act aims to introduce competition to the digital certificate market and allows consumers to choose a certificate system from an array of options provided by private firms. For instance, South Korea’s three largest telcos, SK Telecom, KT, and LG Uplus, jointly launched the identity authentication app, PASS, in 2018 and has worked with the Korean National Police Agency and Road Traffic Authority (KoRoad) to introduce a digital driver’s license this year.
Driver’s license is the first ever official identification in South Korea to be digitized. It can be used in convenience stores like CU and GS25 for age verification when purchasing age-restricted goods.
Compared with the physical driver’s license, which reveals the bearer’s Resident Registration Number, address, and other personal information, the digital driver’s license only shows the user’s name and photo identification with a QR code and barcode. The codes are automatically refreshed to prevent the misappropriation of personal data.
However, even with such measures in place, data security remains a concern for South Koreans like Miru from the Korean Progressive Network Center Jinbonet. Miru is concerned about the privatization of the digital certificate market as there is no real guarantee where users’ personal data may end up and for what purposes. “Usually, convenience brings danger,” she shares, exercising caution when it comes to this new form of convenience.
eID in the Making: Taiwan
In March this year, Taiwan’s Ministry of the Interior enacted the Regulations for the National-wide Replacement of National ID Cards as a nation-wide effort to replace the traditional identity card with an electronic ID card containing a chip.
Currently, Taiwanese who wish to verify their digital identity with a card may apply for a Citizen Digital Certificate at the Ministry of the Interior. It will be incorporated into the new eID card and can be disabled if users wish to do so. However, this option is not available for all other information and functions stored in the chip. While there are plans to incorporate the existing National Health Insurance card and driver’s license into the new eID, it is not clear when these changes will take place.
Residents of Penghu County, Hsinchu City, Yonghe and Banqiao districts of New Taipei City were originally slated to be the first to have their IDs replaced beginning January 2021 as part of a trial. However, Penghu County and New Taipei City have pulled out of the trial early on as the problems regarding data security risks have not been addressed.
Some Taiwanese are worried about the data security risks associated with the chip card. The government has not been fully transparent regarding the specifications of the card or the data security measures in place, choosing instead to make revisions without thorough consideration. As such, the government has found it difficult to win the trust of its people in this respect. Activists and academics alike have stepped up to express their disapproval.
What Can Taiwan Learn from the Experiences of These Countries?
According to Acuity Market Intelligence and Taiwan’s Ministry of the Interior, of the 128 countries that have issued national IDs, 82% of them have opted for the use of a chip card or other forms of electronic certificates as of 2017. This number is projected to rise 7% by 2021. The technological revolution has seen many countries and their governments grow increasingly reliant on technology and jumping onto the bandwagon of digital ID. However, can their policies really catch up?
Recently, Singapore experienced its worst data breach involving the medical records of 1.5 million SingHealth patients, making up about a quarter of its population. South Korea has also seen the personal data of 20 million residents being leaked, and even has plans to revamp its Resident Registration Number system. The personal data of more than 46 million people in Malaysia was leaked and up for sale on a forum, and finally in Taiwan, millions of job portal users and an estimated 590,000 Ministry of Civil Service employees found their personal data being sold on the dark net.
It’s evident that data digitization, whether in the public or private sector, is a double-edged sword which brings convenience to users while putting them at risk. The setting up of a national database is a large-scale project involving the collection and central storage of a wide variety of personal data. A data breach of that scale would seriously compromise users’ privacy and security, and the effects could be irreversible.
In Japan, Malaysia, Singapore, South Korea, and Taiwan, many people still have doubts about the use of digital ID. They are not confident in the legal system and the government’s ability to protect their personal data. Data breach still poses a very real threat, despite the severe punishment meted out in Singapore, the existence of a law protecting personal data in Malaysia, and the amendment of a law in South Korea.
As Taiwan is just starting to implement a digital ID scheme, it is important for the government to learn from the experiences of other countries and review its Civil Code, Personal Data Protection Act, and other regulations to ensure that they are up-to-date and sufficient to protect peoples’ rights. It is also important for the government to work with the people, seek expert evaluation regarding data security risks and ways to resolve them. The government should also set up an independent agency and review existing regulations for the collection and appropriation of personal data.
Only when these measures are in place should the government proceed with the design and rollout of digital IDs so as to keep up with the global trend, reduce security risks, and ensure the integrity of user data.
The article is licensed by CC BY-SA 4.0.
The News Lens has been authorized to publish this article from OCF Lab.
TNL Editor: Bryan Chou (@thenewslensintl)
If you enjoyed this article and want to receive more story updates in your news feed, please be sure to follow our Facebook.