Mock-up image from Facebook.
According to the news, the Malaysian government has decided to approve a project to give every Malaysian above 18 years of age, an official email account for government correspondence. The news goes further to say that the RM50 million project is being managed by Tricubes and will be using Microsoft software.
I will leave the political commentary to others more suited to do so. I will also leave out the wisdom of awarding the contract to Tricubes, whom I have had the opportunity of dealing with previously. Rumours are that they are about to be de-listed from the stock-exchange and this news boosted their share price up from 9.5sen to 16sen. Hallelujah!
However, as a truly technical person, I would like to talk about the technical issues. The path of least resistance would be to take Windows Live/Hotmail and just point our 1Malaysia domain name at it. Otherwise, the next possibility is to setup our own email infrastructure, which would be a dumb idea since it will be re-inventing the wheel and not be very cost effective.
However, I would like to question the selection of Microsoft technology for this. FISMA – Federal Information Security Management Act – is a United States federal law that, “recognises the importance of information security to the economic and national security interests of the United States and requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.”
Google Apps, which also includes an email service, is FISMA certified. Windows Live is not FISMA certified. I would not build an email system for official government correspondence, on an uncertified system.
Next, I would like to question the logistics behind running this programme. In order to access an email account, we would normally be asked for our credentials. If Tricubes wishes to pre-generate our credentials for us then the question is how are they going to send us our credentials. It would not be feasible to send it to our registered IC addresses as many people do not live at their official addresses.
If they wish to use our MyKAD as an authentication mechanism, then everyone needs to be supplied with a smart-card reader, which might be their game plan since Tricubes does sell a MyKAD reader. You can actually see some of their readers at the local banks.
If they want to have every Malaysian aged 18 and above sign up for voluntary registration on-line, then they will miss out a lot of people who are not bothered to sign up for such an account. I already have a dozen email accounts to manage. I do not need another one, especially an insecure one provided by the government.
Besides a branding exercise and a way for helping Tricubes sell more MyKAD readers, I do not really see the rationale behind this project. Everyone who needs the email, already have a number of free emails provided by Microsoft, Yahoo, Google, etc. There is no reason to re-invent the wheel and it is far easier for the government to have people opt-in and have them register their email addresses if they wish to correspond on-line.
As for the argument of this being a secure method of communication – NO EMAIL COMMUNICATION IS SECURE. Email is, by definition, transmitted in the clear. That is why we have technologies such as PGP to help protect the privacy of our conversations. Geographical location is not a factor in this. There is no way that the government can build a secure email system unless they use PKI. Incidentally, all the 64K MyKADs can be loaded with a certificate that can be used for this purpose. The story deepens.
title: ‘1Malaysia Email’,