PETALING JAYA: Amid growing concerns about privacy and online scams, the MyDigital ID initiative could revolutionise digital authentication in Malaysia but only if done correctly, according to a cyber safety specialist.
The expert, a private university’s Global Centre for Cyber Safety director Assoc Prof Datuk Dr Husin Jazri said the initiative serves to complement the existing MyKad and provides trustworthy verification for online interactions and activities on digital platforms.
He said MyDigital ID could help improve transparency and streamline administration, based on the algorithm proposed for petrol subsidies.
“MyDigital ID can be the most efficient way to organise targeted subsidies as long as no abuses and conflict of interest occur in its ecosystem.”
He said the public is concerned that MyDigital ID and the subsidy programme might be abused or have errors due to human failure.
Husin said addressing the technology part of the initiative is easy but managing public trust and confidence in the system would be challenging.
“The petrol subsidy programme should not be handled by Mimos Berhad as it is the one that developed the system.
“Instead, the Economy Ministry or its appointed agencies should manage it.”
He said a good audit is also needed to ensure that the entire ecosystem is trustworthy and reliable, while its validation processes should not store any information other than mandatory ID data.
“The ministry should also announce validation and audit results, which should ideally be conducted by a reputable third party.”
Husin added that other objectives and distribution processes should not be merged into the main system but be executed through another independent application that runs on a different server or environment.
Besides targeted subsidy programmes, Husin said MyDigital ID could help revolutionise security in terms of online transactions and business processes.
“MyDigital ID is just one part of the equation. The other is the application developed to facilitate online transactions.”
Husin said when the system is ready to be deployed, Mimos could provide a toolkit for relevant parties to integrate it with their existing systems.
“Of course, this new process needs to be agreed upon by Bank Negara Malaysia and relevant financial institutions before implementation. This will ensure that the process is trusted and secure.”
He said all business registration processes could link back to the MyDigital ID process in real time.
“For third-party e-commerce platforms, it is up to them to decide whether they want to use it or not.
“However, should all online transactions require MyDigital ID as the authenticator, the implications are huge as they (transactions) will be traceable and auditable by the government or private sector.”
He said once a person is blacklisted, for example, all MyDigital ID interacting systems would know this fact, as the system’s intelligence would detect it.
Husin added that data privacy regulations and policies should be strictly enforced to ensure that they are adhered to according to the law.
“We need a strong data protection regime and effective enforcement as users’ data are likely to be kept by respective business owners and operators, not in the digital ID itself.”
The roll out of MyDigital ID is slated for July but details on the initial government departments and private sectors adopting the system are yet to be confirmed.
