Singaporese put a lot into passwords
- By David Perera
- Jul 31, 2008
Singapore's citizens are accustomed to the government knowing who they are when they access e-government services. With a mandatory password system named SingPass, in place since 2003, government forms download ' after authentication ' with personal data prepopulated into the fields.
Since the early 1990s, the government has used standardized, cross-agency data-naming conventions for elements such as names and addresses. It also has standardized data elements in the business and land registry domains. SingPass is also a reusable component for agencies building e-services.
Infocomm Development Authority (IDA) officials characterize SingPass as a privacy enhancement, because it protects sensitive information from wrongful access.
Singapore generally earns low marks when it comes to privacy. Privacy International, a United Kingdom-based watchdog group, characterizes Singapore as an 'endemic surveillance society.' It also places the United States in that same category.
Government plays a large role in most citizens' lives. It regulates the media and blocks some Web sites, although IDA officials hasten to call the blocking more symbolic than a serious attempt at censorship.
Citizens don't welcome Big Brother surveillance, said Prashent Dhami, a senior consultant at the Singapore branch of consulting firm Frost and Sullivan. But most Singaporese tend to trust their government, Dhami said. Plus, technology infuses the lives of citizens from a young age. 'You use technology so much, you start to understand it, you start to trust it. People have seen very few failed attempts at technology,' he added. SingTel, the largest local telecommunications provider, even sends text advertisements to mobile phone subscribers based on their current location.
The government is taking steps to make its citizen password structure even more robust. It announced June 17 that it will request industry proposals later this year for a two-factor authentication framework for future e-government services that involve transactions such as transferring money between accounts.
'Consumers will have choices of different authentication methods or devices,' said IDA CEO Ronnie Tay. Although the two-factor form is not yet implemented, it's certain that the government will hire third-party providers to deliver the service, meaning private companies could have log files detailing which government and private-sector services citizens are using.
'There will be very stringent controls which we put in place'to ensure the confidentiality of the information is safeguarded,' said Ong Lay Peng, IDA's deputy director of infocom security and trust.
Following its policy of being technology agnostic, government officials say they're leaving it to the private sector to propose the best authentication process. One-time passwords delivered via e-mail or a mobile device and public-key infrastructure are the most mature technologies, 'but there's nothing to say that biometrics won't be brought to the table,' Peng said.
David Perera is a special contributor to Defense Systems.