MyDigital: New jargon but same ol’ impediments
By Dr Shawn Tan March 3, 2021
- Agency driving digitalisation, digital-first policy, digital signatures are low hanging fruits
- Not short of ideas but need real will to implement Blueprint successfully
THE Malaysian government recently launched the MyDigital initiative, which it says outlines its plans to accelerate Malaysia’s progress to become a “technologically-advanced, digitally-driven, high income nation and a regional leader in digital economy,” and will accomplish this through the Malaysia Digital Economy Blueprint.
RELATED STORY: MyDigital to transform Malaysia digitally by 2030
The 104-page Blueprint is indeed hefty reading so I have selected some quick-win initiatives that I would like to comment on. I consider these as targets with immediate results, as opposed to the lofty goals espoused by some of the grand aspirations in the Blueprint.
Much of what I’ve chosen is government-focused simply because most of the quick-win initiatives involve the government. After all, the Blueprint essentially serves as a mission statement of the government.
Here are three considerations to think about.
Transform Mampu to better drive digitalisation and respond to rapidly evolving digital technologies
This positions the Malaysian Administrative Modernisation and Management Planning Unit (Mampu) as the sole agency to drive public sector digital transformation and will strengthen its capacity and capabilities to facilitate effective change management.
From the wording in the Blueprint, it seems that the government intends to coordinate all public sector digital transformation through Mampu. The agency is expected to be responsible for designing, enforcing, and advising as subject matter experts on government transformation projects. This is similar to Britain’s Government Digital Service unit.
Now digital government services are delivered through software and developing and maintaining complex software requires significant direct involvement.
This will not be achieved by continuing the present practice of outsourcing IT projects to third-parties, which have ‘no skin in the game,’ and which do not have the security clearance nor access to internal information. They also do not possess a full understanding of the whole gamut of government services.
I would even go further and propose that Mampu be charged with delivering government projects. The model that I am proposing is the approach taken by the United States Digital Service (USDS) of shipping code and delivering services to its public. The USDS is made up of technologists from diverse backgrounds working across the government to transform critical services for the people.
It adopts a ‘tour-of-service’ model where it hires technical talents who serve a tour by writing code and delivering actual projects to the government. Doing so is also inline with the thrust to develop in-house technical talent.
The government can start by appointing an engineer/ technologist to lead the unit, someone with actual industry experience and technological expertise, and not a career civil servant/ public administrator.
I am sure that the present Mampu director-general, with a background in economics, is a capable administrator. He has been cited as having “vast experience in various fields including finance, economy and strategic investment”.
But if you actually care about successfully delivering technological change to the government, you would want someone who understands what it takes to design, develop, and deploy real-world software to actual clients.
Introduce a digital-first programme to enhance federal and state levels usage of cloud services
This initiative focuses on two main areas: Reducing the usage of physical storage files by shifting towards a cloud-first strategy and adopting a paperless culture by enabling paper-free workflows and transactions.
The government has targeted 80% cloud storage across the government by 2022. While this sounds like one of the few quantifiable measures specified in the Blueprint, I am puzzled by how this metric is measured.
I doubt that it will be measured in terms of petabytes/ exabytes as this would imply that some bureaucrat has calculated how much data is being stored across the entire government.
While not explicitly mentioned in the Blueprint, additional reporting has suggested that “the government has given conditional approvals for Microsoft, Google, Amazon and Telekom Malaysia to build and manage hyper-scale data centres and provide hybrid cloud services.”
We know the three big cloud providers have existing data centres in Singapore. But they have also omitted Malaysia from their expansion plans in favour of Indonesia.
Then it hit me – maybe our government has set the storage target less as a benchmark but more as an aspiration, namely, to entice these companies to expand their cloud data centres to Malaysia.
I really hope to see this happen as it will give Malaysian companies, including my company, a chance to deploy IT infrastructure locally instead of in Singapore.
However, it would normally take two to three years from announcements to operationalising a cloud data centre. Considering the three multinationals have yet to announce such plans with regards to Malaysia, I am not confident of seeing localised data centres by 2022.
Meanwhile, the government may intend to store our data in other regional data centres before the Malaysian ones are operational.
But this would raise data sovereignty issues if the data is held overseas as our data would be subject to foreign laws. It will also raise privacy issues since the government is the largest collector of personal information and is exempt from the requirements of the Personal Data Protection Act (PDPA) 2010.
Therefore, I believe we may need to expand our PDPA along the lines of the European Union’s (EU’s) General Data Protection Regulation (GDPR) with regards to extra-territorial jurisdiction.
This is to ensure that foreign data processors, which hold our data in foreign jurisdictions, will be liable under our Malaysian laws. This is also in line with the thrust concerning cross-border data transfer and protection.
Accelerate digital signature implementation across public sector online services to enable end-to-end digital transactions
This move will enable end-to-end digital transactions through secured authentication of the signatory to fulfil requirements of confidentiality, identity authentication and integrity of information involving public sector online services.
Malaysia has been ready for this for more than 20 years. Digital signatures that are generated using asymmetric cryptography and verified with a public key listed in a valid certificate issued by a licensed authority are legally recognised under the Digital Signature Act 1997.
Our national identity card – MyKAD – has the capability to store just such a valid certificate and can be used by every citizen to generate digital signatures with a suitable reader and software.
In Estonia, the digital signature system implemented by its government is the foundation for some of its most popular e-services. These include the online registration of a company, e-banking, e-voting and tax filing or any other services that require signatures to prove their validity.
Upon the issuance of identity cards in Estonia, every user receives two certificates: One for authentication, the other for digital signing. However, unlike Estonia, Malaysian citizens do not automatically get issued digital certificates in our MyKAD.
MyKAD owners who wish to have this capability need to do it at a private licensed authority by paying a fee. They will also need to pay every time they renew this certificate.
This increases the cost and slows down the adoption of digital certificates and digital signatures.
I would suggest that our government adopt similar measures to that used by Estonia to ensure full adoption of digital certificates and signatures by all.
By issuing digital certificates to every citizen, the implementation of a National Digital Identity (NDI) will be accelerated, which is another thrust of the Blueprint.
The reason? Our digital certificate is a digital identity and as such, we do not need our government to invent another digital identity – all it takes is to preload it onto our MyKAD.
The Blueprint is however light on the details of this initiative and to make matters worse, treats the digital signature initiative as separate to the NDI initiative, spearheaded by different ministries.
Given that we have already failed to adopt a digital signature standard across government services, I’m not hopeful that this will happen, even with the legal recognition and the technological capability of being able to do so for the last two decades.
The idea of a digital government is nothing new and has been around since at least the inception of Vision 2020.
I am old enough to remember the first and most important of the seven Multimedia Super Corridor (MSC) flagship applications was the establishment of an ‘electronic government,’ led by Mampu.
The jargon may have changed but the goal remains the same. Even two decades ago, it was understood that to digitise the nation, the government must first be digitised.
When it was first announced in 1996, things seemed well planned and within reach. Sadly, after 20 years and then some, we are still trying to launch an initiative to digitise our government and our nation.
I am reminded that someone once said: “Insanity is doing the same thing over and over again and expecting different results.”
I am sure that there are a lot of good ideas and great intentions outlined in the Blueprint.
However, as history has repeatedly shown, neither of those are in short supply in Malaysia. I pray that we have the will to do what is necessary to implement this Blueprint successfully.
Ir Dr Shawn Tan is a registered chartered & professional engineer who has been programming since the late-80s. A former lecturer and research fellow, he minds his own business at Aeste while working on his magnum opus. He designs open-source microprocessors for fun. He can be reached via Twitter as @sybreon.
Related Stories :