Understanding the issues
- Within this section:
- Why online authentication is important
- What has happened so far
Why online authentication is important
"By June 2004 the Internet will be the dominant means of enabling ready access to government information, services and processes."
(see e-government mission)
To deliver some kinds of services online, government agencies need a way of ensuring that these services are going to the right person. Electronically verifying that people are who they say they are and providing protection for your privacy will achieve this. This is what we mean by online authentication.
The E-government Unit recently found that about one-third of the services currently available through the new government portal require some kind of authentication. For example, to register a birth, make an ACC claim or get a replacement driver's licence you need to prove who you are. Not all services that require authentication are currently available online but it is highly likely that more services from more government agencies will become available over the Internet in the next few years. It is also the case that some government agencies may still require you to register in person for some services.
Government agency
"Government agency" does not just mean large departments like Inland Revenue or the Ministry of Transport. It could in time include your local and regional council and many other organisations like District Health Boards or the Land Transport Safety Authority.
The "service" and "authentication agencies" in this document are government agencies.
You can use most online government services without any kind of authentication, including getting access to a vast amount of information that is freely available online, such as education review reports on schools, health and safety information or the opening hours of your local public library.
What has happened so far
The E-government Unit has been working with a range of public interest groups and agencies to examine what online authentication might mean for New Zealanders dealing with government agencies. We have analysed which services provided by government agencies in New Zealand require or are likely to require online authentication. We have also looked at overseas examples of online authentication both for government and commercial services.
You can read more about the work so far on the e-government website www.e-government.govt.nz/authentication/.
What is 'e-government'?
E-government is all about government agencies working together to use technology and the Internet so that they can better provide people and businesses with government services and information.
It is not a massive Information Technology (IT) project.
Much of it is about establishing common standards across government, delivering services more effectively, and providing ways for agencies to work together using technology.
As a result of this work, in April 2002 Cabinet established a set of policy and implementation principles to guide the development of online authentication.
Policy principles
Security
Suitable protection must be provided for information owned by both people and the Crown
Acceptability
Ensuring that the proposed authentication approach is generally acceptable to potential users, taking into account the different needs of people and emerging industry standards, and avoids creating barriers
Protection of privacy
Ensuring that the proposed authentication approach protects privacy appropriately
All-of-government approach
Balancing public and agencies' concerns about independence with the benefits of standardisation while delivering a cost-effective solution
Fit for purpose
Avoiding over-engineering, recognising that the levels of authentication required for many G2P [government to people] transactions will be relatively low
Opt-in
Ensuring that members of the public retain the option of authenticating their identity and carrying out transactions offline and are not disadvantaged by doing so. However, it will not be possible for an individual to conduct secure online G2P [government to people] transactions without the use of the appropriate authentication process.
Implementation principles
User focus
Ensuring the recommended solutions are as convenient, easy to use and non-intrusive as possible
Enduring solution
Providing a solution that is enduring yet sufficiently flexible to accommodate change and a wide range of current and future transactions
Affordability and reliability
Ensuring the recommended solutions are affordable and reliable for the public and government agencies
Technology neutrality
Ensuring a range of technology options is considered, and as far as possible avoiding 'vendor capture'
Risk-based approach
Providing an approach based on agreed trust levels that protects identity and personal information
Legal compliance
The solution must comply with relevant law, including privacy and human rights law
Legal certainty
Relationships between the parties should be governed in a way that provides legal certainty
Non-repudiation
The issue of non-repudiation must be considered for those transactions that require it, so that the risk of transacting parties later denying having participated in a transaction is minimised
Functional equivalence
Authentication requirements should be similar to those that apply to existing transactions except where the online nature of the transaction significantly changes the level of risk
[ Previous | Next ]