Singapore—Call it a failed experiment, but former presidential candidate Tan Kin Lian may not agree. On Monday morning, May 27, Mr Tan posted on his Facebook account the following personal data:
And Date of Birth.
He said in his post, which he took down after the unexpected happened, that he posted this important information because he finds “that the paranoia about the privacy of the NRIC and contact details to be overblown.”
Okay, we can almost see a whole generation of digital natives shaking their heads in disbelief.
Little did he know the kind of hot water he would get into afterward.
A few hours after his first post, he posted on Facebook again, this time to say that he had been blocked from accessing his SingPass account login.
I want to share the latest information about my NRIC.One mischievous person took my NRIC and tried to log into my…
And why? As Mr Tan wrote, “One mischievous person took my NRIC and tried to log into my SingPass. He tried six times but could not get through.”
This led GovTech, which is responsible for SingPass, to block his account and request him to change his password. But naturally, he realised this would not solve his problem.
“I sent an email to GovTech to tell them that after I change my password, this mischievous person can try to log into my account again and make another six failed attempts to block my account.
It happened to me because I publicised my NRIC.”
According to Mr Tan’s line of reasoning, GovTech should not block SingPass accounts even if the bad actor tries to hack them “100 times or maybe 1,000 times.”
His solution, “Why not just block his attempt using the same device?”
After all, he wrote, “If he manages to get the correct password, he still needs to go through my 2FA, which is now converted into my thumbprint. This is already secure.”
Long story short, Mr Tan was not happy with GovTech, whom he told to review their process, which he called “stupid”.
He also made comments such as “There goes our Smart Nation. It is run by people who are not so smart.”
Mr Tan ended his post by writing, “Govtech justify their action with this common excuse – for security. I do not see how they can make SingPass by secure by locking out people unnecessarily.”
In another post some hours later, Mr Tan called GovTech “the accomplice of the mischievous actor.” This is because “Instead of stopping the mischief, GovTech gave trouble to me. Their excuse – for the sake of security.”
But this was not the end of Mr Tan’s troubles. A short while after this, he wrote that “A mischievous person told Facebook that I want to change my password. He did that 20 times.”
But he did not encounter with Facebook the same problem he had had with GovTech, “Facebook said OK, we keep your password. They got the sensible approach.”
In the past 24 hours, Mr Tan has posted about his NRIC and other matters related to it over 10 times, sometimes re-posting what netizens are telling him about the matter.
This has prompted netizens to help Mr Tan get a reality check as to why protecting his data is so important.
Netizen Alex Tan commented on Mr Tan’s page, “your NRIC number can be used in government and police data systems to retrieve all kinds of sensitive information about you. Your residential address, every police report you have ever lodged, every case you have ever been involved in, details private or confidential, they can all be retrieved. corrupt and vindictive civil servants can also use the system to change your government registered residential address. you will never receive any letters of importance from any government agency again after that. if the state court or supreme court sends you a notice to attend court, you wont receive it either. you miss the date, you become a wanted man for failing to attend court. oh, the personal details of all your immediate family members can also be retrieved from your NRIC number. your wife, your daughters, your granddaughters, their residential addresses, occupations, workplaces… the list goes on. you think there aren’t corrupt civil servants in this country? read the news. even if a corrupt civil servant doesn’t do it, a skilled hacker can hack the government information systems and obtain the same information, perform the same actions.
and that’s just the beginning. you made your full name, NRIC number and date of birth public. once a person obtains your residential address, they can use an edited photo of you found online to create a bogus identity card. with a copy of your identity card, people can do anything they want with it. they can assume your identity. they can borrow money from ten different loansharks. The loansharks will set your house on fire in your sleep for defaulting loan repayment, and you wouldn’t even know why and who would you blame after that? The police, for not being efficient enough to prevent them from setting your house on fire. but you invited trouble in the first place by being the hero that publicised all his personal information.”/ TISG