PUTRAJAYA: The Malaysian Institute of Microelectronic Systems (Mimos) clarifies that it will not collect any user data via the MyDigital ID system, stressing that security is a major consideration.
During a media briefing aimed at addressing security concerns surrounding the national digital identification system, Dr Saat Shukri Embong, chief of techno-venture at Mimos, said the system solely verifies a user's identity for logins to government platforms and transactions.
Mimos was appointed by Prime Minister Datuk Seri Anwar Ibrahim to develop the national digital identification system.
"The main thing to keep in mind is that the system itself does not hold any data.
"It only compares the information contained within a MyKad and a user's fingerprints against the existing data held by government agencies like the National Registration Department (JPN).
"When a user registers with this information at a MyDigital ID kiosk, it will only be used for verification, with none of it stored by the system.
"The kiosk only generates the cryptographic identification, consisting of a person's name, their MyKad number, and certification, then transfers it over to the smartphone app via QR code.
"This allows it to serve as online identity verification. Mimos will hold none of this data," he says.
According to Saat Shukri, data breaches are not a concern for the MyDigital ID system, as it doesn’t host a database containing user data.
He adds that the development of this system was not an overnight decision, having been in the works as far back as 2016.
"The code used has all been created by Mimos as a homegrown, original solution for the Malaysian digital landscape without reliance on external vendors.
"We took lessons from the implementations overseas, took their benchmarks into account, and developed it all with local talents.
"This is why we opted for a more secure approach where we do not store any of the data ourselves but instead rely on the existing databases from government departments," he says.
On concerns regarding the possible theft of a device and subsequent compromise of the cryptographic ID, he says that the likelihood of such a threat is minimal.
"Such an incident would require that a user give someone else their device password and MyDigital ID password, which is not to say impossible, but unlikely.
"In such an event, a user would need to reach out to a call centre to unenroll the specific device before enrolling a new one.
"Additional measures are also in place, such as artificial intelligence (AI) detection of user behaviour, which would catch aspects such as login requests at strange times of day," he says.
The MyDigital ID system is intended to unify logins to government services, removing the need for multiple credentials split across various government portals and agency websites.
It is also capable of serving as eKYC (electronic know-your-customer) for private companies that opt to integrate the technology.
Currently, registration for the system is officially open to government administrators and workers.
Though the public is able to register and enrol their devices at MyDigital ID kiosks, they may not be able to fully utilise the system.
Official registration will start once more widespread uses are available, with the next phase being for government beneficiaries such as recipients of eKasih from March 1 and the general public from July 1.
Saat Shukri said there are plans to allow online registration, albeit with a medium security level that does not allow for financial transactions.
The security level can be upgraded to a high level after in-person verification when booking a service at a location such as a government clinic.
He further shares that there has been discussion on the possibility of using the system for the targeted petrol subsidies next year, though no concrete plans for such an implementation have been reached as of yet.