MALAYSIA’S announcement that it is developing a “national digital ID” to serve as a standardised digital credential for its people is a move in the right direction, as it makes sense for people to have their own digital identities with the pandemic accelerating society’s migration to cyberspace.
Whether this will result in a “secure and trusted” system depends on how it is implemented and how the data associated with it are used.
National digital ID, if executed properly, holds the potential to reduce cost of services whilst increasing speed and efficiency, and reduce inequalities through equitable sharing of opportunities.
Without a people-centric framework and ethical guiding principles, however, our cyber identities are mere data to be monitored and capitalised by those in power.
Digital identities are not only limited to personal identities, but may also include other personal identifiers such as our unique preferences, tendencies, habits, leanings, political views, our stances, strange fetishes and many more – a wholesome digital fingerprint of “you” in cyberspace.
According to Biometric Update, a website that specialises in analysis and research about the global biometrics market, the national digital ID may be supported with real-world biometrics such as facial, fingerprint or iris recognition, with considerations for integration with border control. As with any other high-risk areas, elevated levels of surveillance are justified.
However, when paranoidly applied even at low risk public areas and private properties, the integration also means the system has the potential to develop a more complete picture of “you” through your daily life in the real world, and not just through your webspace browsing habits.
Without a governing principle that puts people first, it’s clear that instead of a prosperous digital era, there is a real threat of society migrating to an age of “surveillance capitalism”, as warned by Shoshana Zuboff, professor emerita at Harvard Business School.
Unethical implementation and integration of digital ID, biometrics and surveillance technologies, and the wrongful use of the resulting data expand the wings of surveillance capitalism in both the real world and digital space.
It is not a simple blurring between real world and cyberspace, but, as pointed out by InsideBigData, a blurring between the boundaries of the “owners” of the infrastructure/services, the countless intermediary “agents”, and the users.
Regulating this dynamic requires an ethical guiding principle at its core because in current models of society, users may knowingly or unknowingly provide personal data (sacrificing their personal privacy and liberty) for convenience and access to services.
The problem is in the naivety in assuming the owners of the digital infrastructure and/or services are (and will always be) friendly parties. We don’t have to go too far back in time to find examples of how governments in some other countries covertly monitor and turn on their people for the sake of remaining in power, often using national security as an excuse.
Therefore, as mentioned by InsideBigData, the development of our digital ID needs to be viewed through an ethical lens – instead of purely an organisational one as prevalent in the current iteration society – with robust regulatory framework to ensure democracy prevails though ethical use of data, personal or otherwise.
The rakyat needs a way to control when, how and which part of their digital identities can be used, by whom, and for what services in return. Never before has “data ethics” taken a more centre stage than now, when we are at the cusp of the Fourth Industrial Revolution and digital transformation .
In this regard, the Malaysia 5.0 vision – modelled after Japan’s Society 5.0 and championed by Malaysia Digital Economy Corporation chairman Datuk Dr Rais Hussin – provides the necessary policy framework underlining a technology-enabled rakyat-centric principle governing data-ethics. Malaysia 5.0 dictates technology use to ultimately serve the people, and not only the few in power.
According to media reports, Bar Council information technology and cyber laws committee deputy chairman Foong Cheng Leong pointed out several potential weaknesses in the Personal Data Protection Act 2010.
Firstly, the federal and state governments are not subject to it. Secondly, actions on any breach of the PDPA is subject to the discretion of the commissioner.
Thus, the rakyat’s limited influence and ability to respond to PDPA breaches by the government contributes to poor check-and-balance of the regulatory system.
Even with proper national regulations in place, cyberspace is a borderless world. Malaysian Communications and Multimedia Commission (MCMC) has to address the issue of accountability of foreign governments and corporations so that they are also accountable.
As for the issue of a decentralised identity, the MCMC may consider the concept of “self-sovereign identity”, enabled through blockchain, as a potential solution.
Malaysia 5.0 promotes personal liberty through a decentralisation of power and authority, and author Phillip Windley opined that cryptography technology such as blockchain, which is a form of digital distributed ledger, holds the potential to bridge the traditional digital identity dilemma, as self-sovereign identities can be searched for and verified without involving a central directory.
A national digital ID is the first critical step in society’s migration to the digital realm and it must ultimately be implemented through a rakyat-centric policy framework such as inherently ingrained in Malaysia 5.0.
Tech entrepreneur Joe Andrieu pretty much sums it up when he said: “When we build interconnected systems without a core understanding of identity, we risk inadvertently compromising human dignity. We risk accidentally building systems that deny self-expression, place individuals in harm’s way, and unintentionally oppress those most in need of self-determination.”
Ameen Kamal is the head of science and technology at EMIR Research, an independent think tank focused on strategic policy recommendations based on rigorous research.