Connect with us

Opinion

Ho Ching defends NRIC as “digital name,” calls for practical policies over secrecy

Former Temasek CEO Ho Ching has defended the use of NRICs as “digital names,” arguing they should not be treated as secret but as unique identifiers. Her remarks follow the Bizfile controversy, where unmasked NRICs raised privacy concerns, prompting questions about government accountability and data security.

Published

on

Ho Ching, former CEO of Temasek, weighed in on the ongoing controversy surrounding the collection and use of Singapore’s National Registration Identity Card (NRIC) numbers.

In a Facebook post on Monday, she praised recent efforts to revise NRIC policies but highlighted the importance of balancing privacy concerns with practical use.

Her comments follow public backlash over the Accounting and Corporate Regulatory Authority’s (ACRA) new Bizfile platform, which briefly allowed unrestricted access to full NRIC numbers.

The incident raised widespread concerns about privacy and data security, prompting apologies from government agencies and a temporary suspension of the feature.

In her post, Ho Ching supported the idea that NRIC numbers should be treated as unique identifiers, describing them as a “digital name” assigned uniquely to every individual.

She argued that masking NRICs serves little purpose, as names and identifiers are not inherently confidential. Instead, she emphasised personal responsibility and robust digital hygiene to prevent misuse.

Ho Ching advised against using NRIC numbers as passwords or user IDs, likening such practices to using one’s name as a password—an easily guessable and insecure method.

She proposed that NRIC numbers should serve solely as identifiers, while separate authentication methods, such as passwords, PINs, or biometric measures, be employed for sensitive transactions.

She added, “Don’t treat the NRIC as secret—it is not! Instead, what should be secret would be the passwords we create for ourselves, or the user ID that we create for ourselves.”

Her perspective aligns with the Personal Data Protection Commission’s (PDPC) advisory on NRICs, which also discourages their use for authentication purposes, recommending multi-factor authentication or other secure methods instead.

ACRA’s NRIC Controversy

The debate over NRIC masking resurfaced after ACRA’s revamped Bizfile platform launched on 9 December 2024. The platform initially permitted users to access full NRIC numbers linked to businesses without login credentials or payment.

This marked a significant departure from the earlier system, which masked all but the last three digits of NRIC numbers.

The unmasking sparked public outcry, particularly after former journalist Bertha Henson highlighted the issue in a viral social media post on 12 December.

Critics pointed to risks such as identity theft and fraud, especially given that statutory boards like ACRA are exempt from the Personal Data Protection Act (PDPA), which governs private entities.

The Ministry of Digital Development and Information (MDDI) and ACRA apologised on 14 December, acknowledging the premature implementation of the policy and suspending the search function on the platform.

The MDDI clarified that the move to unmask NRIC numbers was part of a broader government initiative to reduce reliance on masked identifiers, which they argued provided a “false sense of security.”

ACRA said the new service was in line with the broader government effort to move away from using masked NRIC numbers.

The search feature has, however, been suspended since the public outcry until the PDPC reviews the guidelines.

Moving forward, the government plans to launch a public education campaign in 2025 to address misconceptions about NRIC use.

Meanwhile, the PDPC reiterated its stance that NRIC numbers should not serve as passwords or verification tools. The Commission emphasised the need for organisations to adopt secure practices, such as biometric verification or multi-factor authentication, for identity verification.

Singaporeans being gaslighted?

Ho Ching’s remarks calling for NRIC numbers to be treated as “digital names” rather than confidential information have raised uncomfortable questions about the government’s handling of the recent ACRA controversy.

Her suggestion—echoed by other commentators on mainstream media—that NRIC numbers are not meant to be secret appears to align with the government’s justification for unmasking these identifiers, yet it overlooks the broader implications of the incident.

Scammers have frequently exploited NRIC data to impersonate victims or conduct fraudulent activities. Beyond financial scams, in 2020, a man used other individuals’ NRICs to redeem over 200 face masks from vending machines. He was later sentenced to seven months and six weeks in jail and fined S$3,000.

Additionally, individuals whose NRICs were exposed publicly, such as former Presidential candidate Tan Kin Lian, faced consequences like having their SingPass accounts locked out after repeated failed login attempts.

While Ho emphasised the importance of public responsibility in safeguarding NRICs, her comments do little to address the systemic vulnerabilities exposed by ACRA’s premature unmasking of NRICs.

More troublingly, her remarks raise the question of whether authorities are now attempting to gaslight Singaporeans into believing that the long-standing practice of treating NRICs as confidential was misguided.

This shift in narrative seems designed to downplay the severity of ACRA’s lapse, which eroded public trust by making sensitive personal data widely accessible.

If NRICs were never meant to be secret, why has their protection been a cornerstone of Singapore’s data privacy policies for years?

Ultimately, Ho Ching’s perspective sidesteps key issues, such as why ACRA had to suspend the people search feature if its actions were in line with current policy.

It also leaves unanswered whether the government genuinely intends to liberalise the use of NRIC numbers or simply redefine its policies to absolve itself of responsibility for past lapses.

39 Comments
Subscribe
Notify of
39 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments

Trending