REACH (Telegram) 47 -  What are your thoughts about the proposed unmasking of NRIC numbers? What more can be done to ensure that NRIC numbers are correctly used as an identifier instead of being used for authentication? How can we better protect ourselves through the proper use of authentication and passwords?

(SK)

16 Dec 2024 (10am - 7pm)

REACH (Telegram)

REACH Singapore, [16/12/2024 11:45 AM]

Dear contributors,

Welcome back! 😊

⏰ We will be opening the chat from 12pm to 7pm today. ⏰

House Rules (short version of our Terms of Use) to keep in mind:

1. Be kind and respectful. We all want to be in a safe space to share our views. 

2. Any and all threatening, abusive, vulgar or racially, religiously and ethnically objectionable content is prohibited. 

3. Consider the quiet ones among us and give them a chance to comment. 

4. No need to repeat your comment or in differnet forms (including caps) - we heard you loud and clear the first time. 

5. Let's protect each other's privacy and keep contact details in this group what it should always be - confidential. 

Full set of Terms of Use: https://www.reach.gov.sg/Participate/reach-telegram-group/REACH-Telegram-Group-Chat-Terms-of-Use/

We will strive to uphold these rules to ensure this is a safe space for all. 

Please be assured that the points made by participants during the chat are aggregated and shared with relevant agencies. 

The topic will be posted shortly. 

Thank you. 

Megan 😊

REACH Singapore, [16/12/2024 12:00 PM]

📢 Topic 📢

On 14 Dec, the Personal Data Protection Commision (PDPC) announced that it would be updating its guidelines based on the Ministry of Digital Development and Information's (MDDI) statement that there should not be any sensitivity in having one’s full NRIC number made public, and that the Government would move away from the practice of masking NRIC numbers. PDPC added that they would not be making any further changes until completing consultations with industry and members of the public.

💬 What are your thoughts about the proposed unmasking of NRIC numbers? What more can be done to ensure that NRIC numbers are correctly used as an identifier instead of being used for authentication? How can we better protect ourselves through the proper use of authentication and passwords?

This issue arose on 9 Dec, when the Accounting and Corporate Regulatory Authority (ACRA) launched its new Bizfile web portal, which allowed people to view the full NRIC numbers of others, using a search function for free, without having to log in. However, after members of the public raised privacy concerns, the function was temporarily disabled on 13 Dec.

MDDI said: "The Government’s intent was to change the existing practice of masking the NRIC number only after explaining the issue and preparing the ground. We acknowledge that co-ordination could have been better so that ACRA’s move would not have run ahead of the government’s intent. We apologise for this mistake and for causing anxiety to the public."

In response to queries, MDDI released a statement, stating that NRIC numbers are meant to be used to identify individuals. As a unique identifier, the NRIC is assumed to be known and there should not be any sensitivity in having one's full NRIC number made public. It added that it has been a practice for some time to use masked NRIC numbers. One could make a good guess at someone’s full NRIC number from the masked number using basic algorithms, “especially if one also knows the year of birth of the person”. As such, the ministry said, “there is no need to mask the NRIC number, nor is there much value in doing so”. This is why public agencies are phasing out the use of masked NRIC numbers, so as to avoid giving a “false sense of security”, said MDDI.

A problem arises when the NRIC number is used incorrectly. For example, when organisations rely on it as a form of authentication to access privileged information of perform privileged transactions. MDDI recognises that some people have long treated the NRIC number as private and confidential, and will need time to make adjustments. In 2025, MDDI and the PDPC will be carrying out public education about the purpose of the NRIC number and “how it should be used freely as a personal identifier”. They will also aim to educate people on how they can protect themselves through the proper use of authentication and passwords.

👉🏻 https://www.channelnewsasia.com/singapore/pdpc-nric-numbers-personal-data-protection-4807096

👉🏻  https://str.sg/vHTW

👉🏻 https://www.pdpc.gov.sg/news-and-events/press-room/2024/12/pdpcs-reply-to-media-queries-on-the-use-of-nric-numbers

👉🏻 https://www.mddi.gov.sg/mddi-s-reply-to-media-queries-on-disclosure-of-nric-number-on-bizfile-system/

----

Jun Ming, [16/12/2024 12:17 PM]

Gov also use nric to authentication. For example giving freebies such as mask.

Jun Ming, [16/12/2024 12:19 PM]

Collecting of documents gov also use nric to collect

LCL (Danny 心), [16/12/2024 12:20 PM]

1. I think there are 3 things that can uniquely identified a person.

a. IC number 

b. Handphone number 

c. Name (sometimes can be duplicate - as some people may adopt the same name).

2. If any of the above is revealed, a person can be uniquely identified.

3. Using any of the above as online credentials to login to perform authentication sign-in is definitely unsafe - as user ID, password and 2nd factor authentication rightfully should not be revealed to the public.

Daniel, [16/12/2024 12:22 PM]

I think the reasoning makes sense. I feel however, that this should have been communicated ahead of rolling it out. In the past years, there has been a lot of talk about companies not collecting IC numbers, so I think a lot of people were confused last week.

Jun Ming, [16/12/2024 12:23 PM]

Gov is making easy for crime to thrive?

LCL (Danny 心), [16/12/2024 12:23 PM]

4. Hence depending on the scenario, if a person want to remain anonymous, all the above a. b. and c. - should not be revealed.

5. But if a name need to be revealed, then revealing IC number is as good as revealing the name.

6. But as for handphone number, I prefer not to be revealed because I won't want scammers to call me.

Kai Bin, [16/12/2024 12:28 PM]

I would suggest that additional privacy measures could be implemented if the authorities want to unmask the NRIC numbers.

Jun Ming, [16/12/2024 12:28 PM]

Imagine a Scam call interpersonal authorities stating your ic and the authorities ic.

Jun Ming, [16/12/2024 12:31 PM]

This is the Singapore police force. I am io xxx. May I speak to xyz.  Is xyz ic this number....

LCL (Danny 心), [16/12/2024 12:32 PM]

1. When a bank call online to check credentials, bank do ask a few questions to verify the person identity eg:-

a. Name

b. IC number 

c. Date of birth 

d. How many credit card you have with the bank

Etc 

For example.

2. The more information is revealed to the public, the more the scammers can scam the victims.

zoee, [16/12/2024 12:37 PM]

Many things can be done/accessed when you have both a person's IC and date of birth. Usually many people will already know your date of birth, so IC needs to be kept private to prevent unauthorized access.

LCL (Danny 心), [16/12/2024 12:43 PM]

1. Also I noticed when go Polyclinics or government hospitals - when collecting medication, the pharmacist will always ask 3 things to check the patient credentials:-

a. What is your name?

b. What is your IC number?

c. Any drug allergy?

2. Then pharmacist will dispense the medication.

3. So indeed IC number is used as identifier for the patients before dispensing medicine.

Jun Ming, [16/12/2024 12:45 PM]

It's feel like gov trying to cover up the mistakes or glitches that acra made

LCL (Danny 心), [16/12/2024 12:48 PM]

No need to 2nd guess and pin it as conspiracy theory.

Just voice our opinions and let the government consider the pro and con of any changes to the policies.

Don't erode the public trust of the government.

Sometimes all humans make mistakes.

We need to be forgiving.

Steven Ong, [16/12/2024 12:48 PM]

Will there be an option for individual to decide what info to be presented to the public? We should be able to exercise our own judgement on the amount of info to be available to the public.

Jun Ming, [16/12/2024 12:49 PM]

Cause nric is link to many things. If a police got your nric he knows where you stay and everything.

Jun Ming, [16/12/2024 12:50 PM]

It cannot be just a number...

LCL (Danny 心), [16/12/2024 12:50 PM]

On hindsight, we may not have a complete picture of everything or future plans - in which we may only see one side of the coin.

Thus voicing our immediate concerns and let the government weigh the pros and cons - and when all concerns are considered, then the final policy will be more water tight.

Jun Ming, [16/12/2024 12:50 PM]

Same to other organisation

LCL (Danny 心), [16/12/2024 12:51 PM]

Agree with the statement.

Jun Ming, [16/12/2024 12:53 PM]

We masked nric for reasons though. Last time we didn't mask nric.

speedperry 耘瑞, [16/12/2024 1:11 PM]

Feels like the netizens think this is a U-turn or should be explained and communicated as one. That’s all

Adam, [16/12/2024 1:12 PM]

The thing is that nric is just a unique identifier. It does not have to be private... somewhat. But somehow so much service use this thing as a password

Adam, [16/12/2024 1:13 PM]

Why? Maybe gov need to regulate nric usage by orgs. It can be something to identify. But it cannot be used to authorise

bao, [16/12/2024 1:13 PM]

I think masking the nric was a reactive measure implemented because of how everyone wrongly use IC as a identifier to privileged information. so revealing the IC clears this up.  now I'm just worried how the re education of the people will turn out cus the perception of safety matters just as if not more than objective safety

bao, [16/12/2024 1:14 PM]

we are already panicking, imagine when it rolls out completely

Adam, [16/12/2024 1:16 PM]

Maybe saying identifier is also inaccurate. Nric is the indentity of the person or account but cannot be used as the identifier of the person who makes a call on the phone

Adam, [16/12/2024 1:16 PM]

We will know after some intl syndicate scrapes the database for all the info and we get mass scams

bao, [16/12/2024 1:20 PM]

I'm also finding it hard to understand the necessity behind this change. what benefits does having everyone's IC out in a publicly searchable database bring?

LCL (Danny 心), [16/12/2024 1:21 PM]

1. Recently, I have a good experience crossing our immigration checkpoint.

2. I use egate - only need to scan my passport - that capture my credentials through the microchip and then open the 1st gate.

3. 2nd factor authentication is when the biometric scanner scan my facial and iris biometric - and then open the 2nd gate.

4. The authentication is a breeze.

5. During my return trip, my son use myica mobile apps QR code to clear the 1st gate, no need to use passport - faster than egate.

6. Then do biometric facial and iris biometric scan. Breeze through the 2nd gate.

7. User ID, password, 2nd factor authentication sign-in - not needed.

IC number also not important.

8. In future if banking and all online transaction if use such authentication, then revealing IC number no longer an issue - because ic number will not be used for identity check.

Jun Ming, [16/12/2024 1:23 PM]

I usually don't use nric as passwords because my nric is too easy to remember. But... A lot people use nric as passwords for different things

Jun Ming, [16/12/2024 1:23 PM]

So if revealed it's easily get hacked

bao, [16/12/2024 1:24 PM]

yes I understand that the IC number should not be used to verify identity and will surely slowly phase out in the future. however

1. why is it necessary to push out this policy change now before most services made the transition, as there are still many that still make phone calls and uses your NRIC to identify you? and before the public is educated 

2. is there a guideline on what the alternative will be for organizations?

Adam, [16/12/2024 1:24 PM]

I dont think prople use nric as pw but some places treat it as such. Same for phone number. Probably can redeem free meal at some places if you know a person phone number and dining habit

Jun Ming, [16/12/2024 1:26 PM]

My parents use it as passwords. Got 2 letters and numbers that is so convenient to meet the requirements of one capital letter and one small letter

Adam, [16/12/2024 1:26 PM]

Lol didnt know it was that common

bao, [16/12/2024 1:28 PM]

even in the future when we all switched to other forms of verification , what good to society does revealing everyone's NRIC bring?

Jun Ming, [16/12/2024 1:28 PM]

Then they just throw some of their accounts to me to manage. As they always tell me I am digitally stupid.

bao, [16/12/2024 1:29 PM]

I find the move absurdly unnecessary

bao, [16/12/2024 1:29 PM]

if not broken why fix

LCL (Danny 心), [16/12/2024 1:30 PM]

1. But if biometric scan if to use for online authentication, biometric data need to be kept centrally only in one place (concept similar to Singpass).

2. Because decentralization of biometric data is very risky if commercial firms are unable to secure customers biometric data.

3. Once stolen, the person biometric credentials will be lost forever unless the person change his face, his eyes, his fingerprints, his DNA or rebirth.

Else scammers will always possess his biometric data to steal away all the life savings - because biometric data cannot be changed once stolen.

4. Currently biometric data is securely stored in ICA central database secured by a private network.

5. If biometric data is to be used for banking or other commercial online transactions in similar Singpass concept - then government need to open and connect the biometric database to the Internet (a public open network that come with cybersecurity risk).

Securing the biometric database and internet connection will become increasingly important and critical.

Hanny, [16/12/2024 1:31 PM]

Gov needs to make it clear that ic number is only an identifier. Authentication is via another mechanism.

People also need to be clear of the difference between the two.

Jun Ming, [16/12/2024 1:31 PM]

I think the singpass is using your phones biometric data

G, [16/12/2024 1:32 PM]

Govt made mistake. Effectively tell us sorry but not sorry. 

Then want to educate us on NRIC next year? Classic holier-than-thou nonsense

Somemore say want to protect people from scams, then now make it so easy to let others know NRIC details. This govt is a facilitator of scams!

Jun Ming, [16/12/2024 1:33 PM]

Maybe taking of photos need to link up biometric data with ica

LCL (Danny 心), [16/12/2024 1:33 PM]

Singpass capture our biometric facial and iris with a camera.

I think Singpass then check with the backend biometric database not our phone biometric data - because I don't login my phone using my biometric.

G, [16/12/2024 1:33 PM]

No. Wasn't Tan Kin Lian's singpass locked out because some people mischievously made multiple unsuccessful log in attempts?

They used his NRIC to log in

Jun Ming, [16/12/2024 1:34 PM]

But I thought just finger print to log in from phone

Adam, [16/12/2024 1:35 PM]

Singpass app can use phone biometric to log in. It does not have your biometric

Adam, [16/12/2024 1:35 PM]

Im sure the ica biometric is something else

bao, [16/12/2024 1:35 PM]

but singpass also verifies face data esp during registration and I think that's stored serverside

LCL (Danny 心), [16/12/2024 1:35 PM]

Yes.

I think this is the probable back end biometric check.

Because only ICA capture the population biometric data for making IC and passport.

No other government agencies capture the population biometric.

Adam, [16/12/2024 1:36 PM]

Thats for first time i think. After you can log in normally. Probably there so some scammer wont log you in new phone

Jun Ming, [16/12/2024 1:36 PM]

For new phones too

bao, [16/12/2024 1:36 PM]

yea so it shows singpass do store your data

bao, [16/12/2024 1:36 PM]

however for efficiency I believe, subsequently it just trusts your phone

G, [16/12/2024 1:37 PM]

Some mistakes cannot be forgiven. Especially if they come from the govt

LCL (Danny 心), [16/12/2024 1:37 PM]

Don't know.

But Singpass does backend checking if the login user is that person.

The first time I put on mask to hide my face, Singpass registration fail - because it say that I don't match that user identifity.

Hanny, [16/12/2024 1:38 PM]

Singpass is an excellent Authenticator.

bao, [16/12/2024 1:38 PM]

they are subject to scrutiny, more than any average joe

bao, [16/12/2024 1:38 PM]

that's their job

Adam, [16/12/2024 1:38 PM]

Must explicitly ask for apology or they say noone ask

G, [16/12/2024 1:38 PM]

And can be misused by mischievous people who want to lock people out of their singpasses

G, [16/12/2024 1:39 PM]

Just vote Josephine out. No need apologise

Jun Ming, [16/12/2024 1:40 PM]

I not in their GRC cannot vote for her haha

Adam, [16/12/2024 1:41 PM]

Can only imagine if the amount of mps follow the ratio of the total vote

G, [16/12/2024 1:42 PM]

@reachsg2 Is this part of the govt's damage control measures?

To try and gauge people's sentiments, and tick a checkbox and say already did "public consultation"? 

So that next year can boast about already did public consultation then follow up by shoving down your "education campaign" to educate Singaporeans on NRIC?

Hanny, [16/12/2024 1:42 PM]

Singpass model of authentication is the most secure n practical currently. It is used by many platforms such as AWS.

G, [16/12/2024 1:44 PM]

Thankful that people like Bertha publicly exposed this. 

Now Singaporeans know that our personal data have been sold by our own govt for measly $33

Adam, [16/12/2024 1:44 PM]

Good luck educating older gen on nric

Jun Ming, [16/12/2024 1:44 PM]

But seriously as what people have say 脱裤子放屁。taking out his pants to fart, a bit additional

Jun Ming, [16/12/2024 1:45 PM]

To reveal nric. Keeping it status quo will be better. Save resources on mrt breakdowns

bao, [16/12/2024 1:47 PM]

hear hear!

bao, [16/12/2024 1:48 PM]

吃太饱

Jun Ming, [16/12/2024 1:48 PM]

I think opposition will bark on this in parliament and Louis Ng might also ask questions

Hanny, [16/12/2024 1:48 PM]

Given the current IT security threat, ic number can no longer be used for authentication.

Jun Ming, [16/12/2024 1:49 PM]

But not actually reviewing to everyone who can search for it

Hanny, [16/12/2024 1:49 PM]

We need to move on to better model. The current model depends too much on trust.

And trust is very much lacking nowadays.

Adam, [16/12/2024 1:51 PM]

I hope this will spell the death of phone banking and whatever needs phone to authorise

Adam, [16/12/2024 1:51 PM]

Too much headache they force you to navigate through menus and then ask for nric

Adam, [16/12/2024 1:52 PM]

Why do this insecure mechanism when the secure way cannot make the changes i need?

LCL (Danny 心), [16/12/2024 1:52 PM]

The Singapore NRIC number algorithm involves a combination of birth year, month, day, and random numbers, along with a checksum calculation.

Here's a simplified breakdown of the algorithm:

1. *Birth Year Code*: First two digits

    - 1-9 for 1900-1999 (e.g., "S" for 1990s, "T" for 1990s, etc.)

    - "F", "G", "H", "J" for 2000-2099 (e.g., "F" for 2000-2009, "G" for 2010-2019, etc.)

2. *Birth Month and Day Code*: Next two digits

    - Coded values representing birth month and day (not a straightforward calculation)

3. *Random Number*: Next four digits

    - Randomly generated

4. *Checksum*: Last digit

    - Calculated using a weighted sum of the previous digits

Here's an example:

Suppose we have a person born in 1995, with a birth month and day code of "43", and a random number of "2198".

The NRIC number would be:

S95432198

The checksum is calculated as:

Checksum = (3 × S) + (2 × 9) + (7 × 5) + (6 × 4) + (5 × 3) + (4 × 2) + (3 × 1) + (2 × 9) + (1 × 8)

Checksum = 9 (in this example)

The final NRIC number would be:

S95432198 9

Please note that this is a simplified explanation, and the actual algorithm used by the ICA might involve additional steps or variations.

Source :- Meta AI

LCL (Danny 心), [16/12/2024 1:53 PM]

I have just generated an IC number using Meta AI.

Hanny, [16/12/2024 1:55 PM]

IC number was created at the time when IT security is not an issue. It’s just like voice network was created when security is not a concern.

Adam, [16/12/2024 1:56 PM]

Oh god imagine if they make a singpass 2.0 and get the lowest bidder to implement like erp2

Hanny, [16/12/2024 1:57 PM]

I believe Singpass is developed by in-house developers.

Hanny, [16/12/2024 1:58 PM]

You don’t want the case like Boeing where lousy codes were the result of outsourcing.

Moses Kor kwang loong, [16/12/2024 2:00 PM]

Is best to have 1 hard copy and 1 soft copy

LCL (Danny 心), [16/12/2024 2:01 PM]

1. Singpass through digital token is safe provided:-

a. Your handphone with digital token is not stolen by scammers.

b. No malware that can take control of your handphone is downloaded.

2. Because no data is transmitted through the comms line - backend computation are done. Scammers cannot do man-in-the-middle attack.

3. Just like a physical token in your possession.

Unless your physical token is stolen by scammers.

Moses Kor kwang loong, [16/12/2024 2:02 PM]

Another thing is that I would like to add-on but before that,I would like to say a word of sorry if I were to off-record a little and if I'm rude and offensive first

LCL (Danny 心), [16/12/2024 2:04 PM]

Btw, Singpass use to outsource to 3rd party.

1st vendor is crimson logic.

2nd vendor is a MNC (cannot remember the name)

3rd vendor (authentication part) NAF (national authentication framework) is awarded to ST Electronic.

Singpass version 1.0, 2.0 and 3.0 managed by iDA.

Now Govtech take over if I am not wrong.

Moses Kor kwang loong, [16/12/2024 2:12 PM]

Recently in-parliament implemented better protection regarding security officers,I would like to add-on bestowing more authority and more power towards security officers

Juz like environment officers got warrant cards,example if security officers worked as bodyguards,bouncers etc and isn't it better right for a certain period of time or maybe on the spot get a warrant card better isn't it as good as one stone kill 2 birds??,this is juz my personal opinions and will be better get more protection and authority isn't it??

LCL (Danny 心), [16/12/2024 2:15 PM]

So now the Singpass is not Singpass 2.0 - could be version 4.0?

Don't know, lose touch already.

LCL (Danny 心), [16/12/2024 2:19 PM]

Btw, Singpass 3.0 is awarded to the lowest bidder - that design the 99.99% network uptime and reliability.

And 99.999% uptime for authentication.

No failure throughout the lifespan of Singpass 3.0.

Able to withstand a Data Centre failure - with no single point of failure.

LCL (Danny 心), [16/12/2024 2:27 PM]

Also Singpass 3.0 is securely protected - no report of hacker breakthrough since its inception.

The defence-in-depth superbly hold up - despite international hackers try to breach it everyday.

Every hacking is monitored online, realtime.

Hence Singpass is a reliable source of authentication for many online transaction.

Singpass is also size up to handle the very high volume of transactions per day in authentication - because the backend capacity to handle the volumes are huge.

LCL (Danny 心), [16/12/2024 2:28 PM]

Use not only by the government agencies, but also public agencies, commercial banks and financial institutions, and even private enterprises.

Ginie/Komal ZENDORA J, [16/12/2024 2:37 PM]

Agree

Ginie/Komal ZENDORA J, [16/12/2024 2:39 PM]

Infact now face id also very dangerous.  With our pics everywhere.  Even more easy gor scammers.

Ginie/Komal ZENDORA J, [16/12/2024 2:40 PM]

Sg small country.  We should have more security in place. Giving out our details so easily.  No wonder nowadays get so many scam calls

LCL (Danny 心), [16/12/2024 2:41 PM]

1. Having say so, there are many future plan to secure the identity and online transaction of Singaporeans and residents.

2. Singaporeans will not have the complete picture of what our government has planned for us in the future.

3. With limited knowledge on the hindsight, I can only express my immediate concern for the government consideration.

4. While planning for the future, the government will have taken our feedback into the drawing board when drafting the future plans and addressing our concerns.

5. Who knows, the future plans and technology would have make our immediate concerns about IC number non consequential.

6. My inklings is that a secure foolproof biometric authentication will make this possible.

7. But I am not preaching this solution - as the government needs to fully test and ensure it is failsafe - with the advent of quantum computing that can crack all current cybersecurity.

REACH Singapore, [16/12/2024 2:46 PM]

📢 Topic 📢

Ginie/Komal ZENDORA J, [16/12/2024 2:48 PM]

Even when downloading apps. For security reason, to allow view our contacts, pics and videos should not be allowed at all.

Ginie/Komal ZENDORA J, [16/12/2024 2:49 PM]

https://www.straitstimes.com/singapore/askst-are-e-sims-safe

LCL (Danny 心), [16/12/2024 3:00 PM]

Concerning ERP, let see how foreigners rate us huh ..

LCL (Danny 心), [16/12/2024 3:00 PM]

https://www.nst.com.my/news/nation/2024/12/1148499/bus-drivers-praise-singapores-erp-system

"Malaysia Bus drivers praise Singapore's ERP system".

LCL (Danny 心), [16/12/2024 3:02 PM]

The United States has indeed taken notice of Singapore's innovative Electronic Road Pricing (ERP) system. Singapore's ERP system has been studied by transport planners and managers from around the world, including those from the US ¹.

In fact, Singapore's ERP system has inspired other cities to adopt similar congestion pricing schemes. For instance, London's Congestion Charge Zone was introduced in 2003 after London officials studied Singapore's ERP system ¹. Similarly, Stockholm's congestion tax was implemented in 2007, and other cities like Dubai, Milan, and Jakarta have also adopted similar systems ¹.

The US has also explored the idea of congestion pricing, with cities like New York and San Francisco considering implementing similar systems ¹. While there hasn't been an official statement from the US government praising Singapore's ERP system, the fact that US cities are exploring similar solutions is a testament to the system's effectiveness.

Singapore's ERP system has been successful in managing traffic congestion, with studies showing that it has reduced traffic volume and increased average road speeds ¹. The system's use of Radio Frequency Identification (RFID) technology and gantries to automatically collect fees from vehicles has also been praised for its efficiency ².

Source:- Meta AI

LCL (Danny 心), [16/12/2024 3:05 PM]

Hence credit must be given when due.

As common man in the street, we have limited knowledge of what our government has done and plan for us.

And how the world rate us.

Discrediting our government good work and eroding the public trust on our government - is as good as shooting ourselves on the feet.

Finally, the real people who suffer are ourselves and our children.

𝐘𝐞𝐰 𝐇𝐰𝐞𝐞 𝐎𝐧𝐠, [16/12/2024 3:13 PM]

Yep, but not all the Gov does is perfect, that is why check and balances must be implemented, there are no shortages of academics, scientists and social scientists in SG, if the common people have limited knowledge on public policy making, then the Gov should comprehensively consult academics, who can have the responsibility to research and ensure that laws and policies are extensively vetted through before implementation, and to communicate the laws and policies to the common people before implementation.

𝐘𝐞𝐰 𝐇𝐰𝐞𝐞 𝐎𝐧𝐠, [16/12/2024 3:17 PM]

But of course this means that academics should have a certain degree of intellectual independence from Gov Influence as well.

Moses Kor kwang loong, [16/12/2024 3:39 PM]

Talking about identification paper,two should be more than enuff

REACH Singapore, [16/12/2024 4:03 PM]

📢 Topic 📢

Jun Ming, [16/12/2024 4:11 PM]

But will there be faking identification.

LCL (Danny 心), [16/12/2024 4:18 PM]

1. Agree that the government should work with academic, R&D, universities and IHL.

2. In fact, I think government is consulting widely, including REACH that not only make up of common man in the street but include people with the relevant background.

3. Also professional institutes, business and expertise in various fields.

4. As well as government R&D agencies and expertise in the respective fields.

集思广议。

5. Tapping the minds of everyone to come out with the best solutions.

LCL (Danny 心), [16/12/2024 4:20 PM]

And I believe, the outreach to the various groups are independent of the government, intellectually or politically.

Eg. REACH are tapping the feedback of individuals - including critics.

LCL (Danny 心), [16/12/2024 4:36 PM]

Faking identification is what scammers try to do - using AI deep learning, deepfake.

Hence cybersecurity must be failsafe.

With quantum computing, the stake is even higher.

As it uses qubits (versus binary in traditional computing).

Hence protecting and securing a person identity requires very good cybersecurity.

And only the government resources with worldwide collaboration can ensure that.

And it is always an ongoing process.

IC number - crack already.

Generative AI - eg. Meta AI crack it in less than 1 minute.

Garion Chan, [16/12/2024 6:00 PM]

Sadly the current ATO that I am learning uses Learners' last 4digit of IC and 1st four of handphone..... Citing conveniency and my course is on Cybersecurity 😂

REACH Singapore, [16/12/2024 6:00 PM]

📢 Topic 📢

Garion Chan, [16/12/2024 6:15 PM]

Sorry all. Can I check on something which I was told long time ago at home and in School. I cannot loose my IC. As there are penalties to it.., like paying fine? Isn't fine a form of petty crime? Does this valid and have stand? If have,  then revealing IC without permission means a 'crime' am I wrong on this?

LCL (Danny 心), [16/12/2024 6:23 PM]

If I am not wrong, if you lose your IC, you need to replace your IC.

And need to pay the replacement cost.

It is not a fine.

LCL (Danny 心), [16/12/2024 6:26 PM]

It is also not a petty crime if you lose your IC. 

But you need to file a police report so that if anyone use your IC illegally to masquerade you for unlawful purposes, than that person will be charged for forging identity of another person.

LCL (Danny 心), [16/12/2024 6:28 PM]

In acra case, if I am not wrong, the business owner want to register his company.

Other business partner or customer who need to check the validity of his business will search his business credentials and is it register under his name on acra - to ensure it is a legitimate, legal business register in Singapore.

Hence his name, his company name and his IC that uniquely identified the registered business need to be revealed if people do an acra search.

LCL (Danny 心), [16/12/2024 6:31 PM]

So revealing the IC or name is not a crime.

Unless the business owner don't want to register his business in Singapore or do business with partner and customers.

Else how do customers know who are the business owners?

Khairil Baharudin, [16/12/2024 6:39 PM]

I think we’ve always seen the NRIC as a private document, with the details on it being confidential. But with the recent changes, the Government seems to be moving away from that idea—basically acknowledging that in today’s digital age, a simple 7-digit identifier can’t realistically stay confidential anymore. The rise in global cybersecurity threats just makes that even clearer.

To me, it feels like this is more about a legislative shift—where the aim is to make the NRIC number less of a “confidential” thing over time. Honestly, it’ll probably take a generation for people to get used to this change.

Khairil Baharudin, [16/12/2024 6:41 PM]

The change management from the Government has to be spot on—everything from clear communication to public education needs to be well-executed. Otherwise, it’s going to create a lot of confusion and pushback.

Khairil Baharudin, [16/12/2024 6:43 PM]

Look at it this way—even without the NRIC numbee being involved, people are still falling victim to scams. It shows that the problem isn’t just about the confidentiality of the NRIC number, but a bigger issue around cybersecurity awareness and how personal information is being used or misused.

Khairil Baharudin, [16/12/2024 6:43 PM]

*number

LCL (Danny 心), [16/12/2024 6:43 PM]

Spot on.

REACH Singapore, [16/12/2024 6:49 PM]

Dear Contributors,

⏰ We will be closing the chat in 15 minutes ⏰

Thank you very much for being part of our Telegram chat and participating actively.

Goodnight!

Megan 😊

Khairil Baharudin, [16/12/2024 6:49 PM]

I like how apps like Singpass have moved to facial recognition and platforms like ICA are using unique QR codes. These are solid enhancements to tackle cybersecurity threats. When you think about it in the context of the NRIC number, it makes sense why the Government is rethinking its confidentiality. With advancements in technology, relying on a static 7-digit number for security just isn’t enough anymore. That said, even with these improvements, no system is entirely foolproof, and there will always be loopholes to address, unfortunately.

LCL (Danny 心), [16/12/2024 6:51 PM]

Correct.

REACH Singapore, [16/12/2024 7:01 PM]

Dear Contributors

We will be closing the chat for today.

Thank you very much for being part of our Telegram chat and participating actively.

Goodnight!

Megan 😊

====