top of page

Opinion: Balancing Public Trust and Cybersecurity

Future Forum's junior research fellow, Siek Ramekh, was published in Kiripost on March 16th, 2024. Check out the original article here, and read it below!

 

Imagine a Cambodia where our health records are available to us online, where all government services are available to us via smartphone apps, and crime is prevented by a network of smart technology.


This is the appealing vision of the ‘Smart Nation Drive’, promising efficiency and accessibility. However, while racing toward a digitalised future, one critical impediment stands in our way: Trust.

Although technology is embraced by many nations for vital tasks, such as disease surveillance, smart traffic management, or social welfare registration, anxieties surrounding data privacy and security threaten to obscure this path.


Subsequently, this disrupts adoption of these systems and holds them back from achieving their full potential to truly benefit society. Understanding and addressing the issue of public trust is imperative if Cambodia is to unlock the complete potential of digitalisation and forge a future that works for everyone.


The context


In October 2021, the government launched the Cambodia Digital Economy and Society Policy Framework, which serves as a long-term strategy for guiding the country's digital transformation.

The framework is a comprehensive roadmap to build a vibrant digital Cambodia by 2035. By fostering digital adoption across government, businesses, and citizens through three main pillars: digital government, digital business, and digital citizens. It envisions a future driven by innovation, economic growth, and improved social well-being.


This ambitious framework sets the stage for Cambodia to leverage the power of technology and secure its place as a leader in the regional digital landscape.


However, according to a 2020 survey by Konrad Adenauer Stiftung on Cambodian trust in e-government services, the government has yet to win over the public’s trust. Researchers found that 39 percent of respondents trust government agencies in general, 47 percent trust state government agencies to carry out online transactions, and only 13 percent feel safe interacting with them online.


These findings highlight public concerns about the handling of personal data by e-government tools and platforms.


Given these findings, the Cambodian government should elevate the enhancement of public trust to the forefront of its agenda. This is particularly important if the government is set on transforming Cambodia into a vibrant digital society, especially when it comes to cyber security.

Public trust in government is crucial for effective governance and public cooperation. Lack of confidence in the government's ability on cybersecurity issues, in particular, can spark a range of unintended consequences, including disengagement, instability, and even national security threats.

Loss of trust in government institutions can lead to a host of consequences, including a reduced willingness to participate in government cybersecurity initiatives and low participation in government-organised cyber awareness campaigns, making individuals and organizations more vulnerable to cyberattacks.


Cambodia would be well-advised to learn from case studies in other countries within the region, where cybersecurity breaches of governmental data have led to a loss of public trust.


Learning from our neighbors


The Singapore TraceTogether case, for example, presents a valuable learning opportunity for Cambodia. In 2021, Singapore, known for technological advancements, faced a significant challenge of trust surrounding its contact tracing programme, TraceTogether, in response to the Covid-19 pandemic.


Launched on March 20, 2020, TraceTogether utilised a mobile app and wearable token to gather data on individuals' movements and potential contacts. In November 2020, however, initial public trust in the programme began to erode after the government announced a controversial revelation.

The Ministry of Home Affairs confirmed that data could be accessed by the police for criminal investigations. Following this admission, a minister revealed that such data had, in fact, already been used in a murder investigation. This amendment directly contradicted earlier promises that the data would be solely used for contact tracing purposes.


This policy shift sparked public outrage. Citizens felt misled and betrayed, questioning the government's commitment to data privacy and fearing potential misuse of their personal information.


The subsequent decline in public participation in TraceTogether hampered the programme's effectiveness, and Singapore's reputation for strong data governance took a significant hit, attracting negative international media attention. The case also ignited crucial public discussions on data privacy and government transparency in the digital age.


While the government attempted to address concerns by providing further clarifications, regaining public trust remains an ongoing challenge. The Singaporean TraceTogether programme offers valuable lessons for governments worldwide.


Building and maintaining public trust in data collection initiatives requires clear communication, a commitment to data privacy, and adherence to initial assurances. This case highlights the importance of these principles for ensuring public cooperation.


In another similar case study, in July 2018, a massive data breach in Singapore occurred, marking the worst breach of personal data in its history. Hackers had stolen personal data from 1.5 million patients from SingHealth, a large healthcare group in Singapore. This included the data of Prime Minister Lee Hsien Loong.


The Singapore government responded quickly by taking actions, such as convening a Committee of Inquiry to investigate the cyberattack and to find ways to improve the security of public sector IT systems. The government also took immediate action to block suspicious connections and changed passwords. They imposed a temporary internet surfing separation on its 28,000 staff work computers.


Cybersecurity experts were concerned about the attack, but they praised the Singapore government's swift response. They acknowledged that Singapore is a leader in cybersecurity, and that other countries should follow their lead in transparently disclosing data breaches.

This response by Singapore highlights the importance of transparency, which is of the utmost importance in breaches of public data. Transparency around security breaches is rare amongst regional governments, according to a report on Chinese cyber-spying and its impact on Southeast Asian government data.


Important consequences


Loss of public trust in e-government institutions also has the potential to result in increased vulnerability to disinformation and misinformation. According to research in 2022, people who do not trust the government are more likely to believe disinformation and misinformation, such as conspiracy theories and propaganda.


For instance, consider the case of the 2020 US election, where widespread distrust in the electoral process and media fuelled the spread of misinformation about voter fraud, undermining the legitimacy of the election results and exacerbating societal divisions. This example highlights the critical role of public trust and underscores the need for transparent and accountable institutions to combat the harmful effects of disinformation and misinformation.

Trust scarcity also has the potential to fuel public reluctance to share personal information with government agencies. This reduces data availability, hindering government agencies' ability to track cyber threats and has the potential to impact national security, according to the Atlantic in 2017.


For example, the NotPetya cyberattack of 2017, which targeted Ukrainian government government agencies, banks, hospitals, and critical infrastructure, remains a stark reminder of the devastating potential of digital threats. The NotPetya cyberattack caused major disruptions in Ukraine. The attack encrypted vital data, leading to widespread shutdowns and financial losses estimated at billions of dollars.


One of the reasons is that the lack of information sharing between government agencies and private companies hindered response efforts and highlighted the need for improved communication and collaboration. This makes it more difficult for the government to track and respond to cyber threats effectively due to the lack of information sharing between government agencies and private companies.


Cambodia's Digital Economy and Society Policy Framework offers a promising path towards a technologically advanced future. However, as the Singaporean, Ukrainian, and American cases demonstrate, a trust deficit can significantly obstruct such advancements.

To bridge the trust gap and ensure the success of digitiation efforts, the Cambodian government should prioritise transparency and openness. This includes promptly disclosing any cyberattacks or data breaches to the public following best practices, and clearly outlining the purpose and security measures of data collection initiatives.


The government should also prioritise personal data privacy by enacting robust and clear data protection laws and regulations that grant individuals control over their personal data, including the right to access, rectify, erase, and restrict processing.


Last but not least, the government can instill a culture of trust by fostering public dialogue and promoting digital literacy. Such mechanisms build trust, demonstrate accountability, and foster a collaborative environment for navigating the digital landscape.


A person check Facebook page of Anti Cyber Crime Department on August 1, 2022. (Kiripost/Siv Channa)

 



Comments


bottom of page