wladimir1804 - stock.adobe.com

Inside Singapore’s national digital identity journey

Singapore’s national digital identity system has evolved from providing single sign-on to e-government services to pandemic-related and digital document capabilities in recent years

At the peak of the Covid-19 outbreak, the team at Singapore’s Government Technology Agency (GovTech) behind Singpass quickly pivoted to build pandemic-related capabilities into the widely used digital identity app in the city-state.

Besides enabling citizens and residents to check in at places to facilitate contact tracing, Singpass also lets users store their vaccination certificates and their pre-departure Covid-19 test results, among other digital documents.

These features, said Dominic Chan, GovTech’s director for national digital identity, had led to a surge in usage of Singpass, which has some 4.5 million users who make up 97% of citizens and permanent residents aged 15 years and above.

First launched in 2003 as an identity service for users to access e-government services using a single set of credentials, Singpass has since expanded its capabilities to enable users to digitally sign documents, look up contributions to their Central Provident Fund accounts, and access digital equivalents of their driving licence and identity card (IC), among others.

Leveraging application programming interfaces, the service is also being used by private sector organisations such as banks and financial firms to facilitate account applications by retrieving their customers’ personal information, with their permission, via through a service called Myinfo.

Myinfo, which sees more than 200,000 transactions a day, has decreased application time for users by up to 80%. Businesses have also reported up to 15% higher approval rate due to better data quality and significant cost savings in their customer acquisition process.

Chan said onboarding more private sector organisations onto Singpass is a key strategy to maintain uptake of the service as Singapore emerges from the throes of the pandemic. Some insurance companies such as Great Eastern, for example, now allow users to use Singpass to log on to their accounts to manage their policies.

Another way improve adoption is to cater to users who may be less digitally savvy through support for vernacular languages, a feature that was recently launched to enable people to use the Singpass app in native languages such as Malay, Tamil and Chinese.

Chan said having digital ICs within Singpass also helps to drive adoption by giving people one less reason to carry their wallets: “Government offices now recognise a digital IC and that sets up a precedent for the private sector to consider doing the same.”

Technology foundation

The Singapore government has been a big proponent of public cloud services with a goal to have at least 70% of eligible government systems running on commercial cloud services by 2023. Last November, it announced plans to enhance the Government on Commercial Cloud service to make it easier for government agencies to manage and secure their use of public cloud services.

Chan said Singpass is “almost entirely on cloud” today, with service availability close to 100%, noting that as GovTech looks ahead to differentiate its offerings, it will rely on cloud service providers to support its work.

Singpass currently relies on digital certificates as part of public key infrastructure technology to authenticate a person’s identity for the purposes of electronic transactions. The digital certificates are stored in a user’s Singpass app and come with a unique serial number.

As a service underpinned by Singapore’s centralised national registration identity card (NRIC) system and the high level of trust in government, there is a lesser need for Singpass to rely on technologies like blockchain to authenticate identities, Chan said.

“We apply technology where it makes sense, and not to mention, blockchain brings a lot of additional costs that we don't necessarily need to bear today,” he added.

That said, Chan said GovTech will watch how the blockchain space evolves in the longer term, particularly in terms of its ability to enable Singpass to interoperate with other digital identity systems in other countries, “but that probably wouldn’t be something we will look at in the near future”.

Meanwhile, following a memorandum of understanding (MoU) with the UK in 2019, GovTech and the UK Government Digital Service have started exchanging knowledge and are working towards mutual recognition of UK and Singapore digital identities through pilots.

Chan said mutual recognition of digital identities can make it easier for people to open bank accounts and access other local services if they work or study in the UK or Singapore.

“Our verified credentials include education certificates and maybe certain information about employment like your last drawn salary, which is very difficult to verify across borders,” he added. “But if we can onboard some of these things, we can make life easier for citizens of both countries”.

Building digital trust

One of the factors that has enabled Singapore’s national digital identity system to take off in a big way is the country’s high trust society built up over decades.

In the case of GovTech, building trust entails being citizen-centric and sharing how services like Singpass will benefit people, whether it is accessing different government services with a single set of credentials or updating their new addresses just once across all their services, Chan said.

“People looked at it and said that’s very powerful and there wasn’t an argument about whether it infringes their privacy because they can immediately associate what we're doing with a real benefit the moment they join,” he said.

Still, Chan said the government does not take that trust for granted. Building digital trust, for one, requires organisations to show that they can provide transparency, safety, privacy, security, reliability and data ethics with their services.

In terms of transparency, for example, usage of personal data provided through Myinfo requires a user’s consent, with the type of data being drawn transparent to the user. A notification that the data has been drawn is also sent to the user and recorded.

Chan said security is a top priority for the government, which holds itself to the highest standards in meeting different security requirements, noting that it conducts penetration testing and bug bounty programmes among other efforts to retain the trust from citizens.

“I always tell my people that it only takes one single security incident like a data breach that will take away years of our efforts,” he said.

Read more about IT in ASEAN

Read more on Identity and access management products