Skip to content.
|Networking government in New Zealand.
You are here: Home » Services » Authentication » Resources » News - @your.service » 2002 » April 2002 » Media statement - Authentication

Media statement - Authentication

Media statement

Authentication policy principles for e-government

28 April 2002

Enabling New Zealanders to have ready and secure online access to government information, services and processes is a step closer, State Services Minister Trevor Mallard said today.

Trevor Mallard said Cabinet has agreed the policy principles for electronic authentication of individuals carrying out online transactions with government agencies.

Authentication is the process of confirming the identity of a person. It covers the initial enrolment of a person and the online verification of identity.

Only some online government transactions will require prior authentication of identity but it is necessary for any electronic interactions involving the sharing of personal information, for example, income tax queries, student loan applications or fine payments.

"When the e-government programme moves into its online transaction stage, New Zealanders must have confidence that their personal privacy is not being breached, and agencies must have confidence that they are delivering information and services to the correct person," Trevor Mallard said.

As authentication involves personal privacy issues, the development of the authentication policy principles followed a careful and gradual approach. This included consultation with community, public sector and industry groups and the involvement of the Privacy and Human Rights Commissioners, as well as international research.

The consultation process has led to the development of principles for the authentication of individuals carrying out online transactions with government agencies (see below).

"The project team will now build on these foundations by designing an authentication process for e-government services. This developmental work on the authentication solution will be undertaken over the next 15 months by a project team based in the State Services Commission E-government Unit. The team will report back to Government in June 2003.

"The development of a trustworthy authentication process is a necessary step in achieving the Government's desire to harness online technologies to deliver better quality, cheaper and faster services to its citizens," Trevor Mallard said.

Contact: Moerangi Vercoe (press secretary) 04 471 9080 or 021 270 9194

Questions and Answers

What is authentication?

It is the name of the process requiring the verification of a person's (or agency's) identity before delivering certain information across the internet.

Why do you need an authentication process?

An authentication process is required to make sure that government services delivered over the internet go to the intended person, that people are who they say they are, and that privacy is protected at all times. It is key to people feeling confident about dealing with Government online and an essential part of the security infrastructure needed for the safe delivery of online services.

What authentication process will the Government's programme to deliver information and services over the internet (e-government) follow?

The Government has agreed policy and implementation principles for electronic authentication of individuals carrying out online transactions with government agencies.

What are these key principles?

Policy Principle Explanation
1. Security Suitable protection must be provided for information owned by both people and the Crown
2. Acceptability Ensuring that the proposed authentication approach is generally acceptable to potential users, taking into account the different needs of people and emerging industry standards, and avoids creating barriers
3. Protection of privacy Ensuring that the proposed authentication approach protects privacy appropriately
4. All of government approach Balancing public and agencies' concerns about independence with the benefits of standardisation while delivering a cost-effective solution
5. Fit for purpose Avoiding over-engineering, recognising that the levels of authentication required for many Government to People transactions will be relatively low
6. Opt-in Ensuring that members of the public retain the option of authenticating their identity and carrying out transactions offline and are not disadvantaged by doing so. However, it will not be possible for an individual to conduct secure online Government to People transactions without the use of the appropriate authentication process.

 

Implementation Principle Explanation
User focus Ensuring the recommended solutions are as convenient, easy to use and non-intrusive as possible
Enduring solution Providing a solution that is enduring yet sufficiently flexible to accommodate change and a wide range of current and future transactions
Affordability and reliability Ensuring the recommended solutions are affordable and reliable for the public and government agencies
Technology neutrality Ensuring a range of technology options is considered, and as far as possible avoiding 'vendor capture'
Risk-based approach Providing an approach based on agreed trust levels that protects identity and personal information
Legal compliance The solution must comply with relevant law, including privacy and human rights law
Legal certainty Relationships between the parties should be governed in a way that provides legal certainty
Non-repudiation The issue of non-repudiation must be considered for those transactions that require it, so that the risk of transacting parties later denying having participated in a transaction is minimised
Functional equivalence Similar authentication requirements to existing parallel transactions should exist except where conducting the transaction online changes the level of risk

What if I don't want to give private information out over the internet?

You don't have to, but it might mean you can't access particular services on line (see Opt-in policy principle).

How will you guarantee that my personal information will be kept private?

Protecting privacy is one of the key principles of the authentication process (number 3). The Office of the Privacy Commissioner has been extensively consulted regarding the development of the authentication process.

Will verification of my identity be required for all online transactions with government agencies?

Only some transactions will require an authentication process, usually those that involve the sharing of personal information.

What happens next?

A project team will develop a solution, or solutions over the next 15 months, based on these key principles. Following approval by Government, the authentication process will be adopted by the e-government programme and implemented by government agencies. Taking a whole-of-government approach will ensure a common 'look and feel' to authentication processes for different agencies, making it easier for people to access their required information or services.

What do authentication processes look like overseas?

There are many models; the most universally adopted is a process similar to that seen in the New Zealand banking system. Many countries (including the UK and the USA) have opted for graduated authentication systems, using a simpler approach for transactions where the risks to both the user and provider are lower and a more intensive approach for high-risk transactions. A similar approach is proposed in New Zealand.

What is e-government?

E-government is the programme changing the way government works. It will enable the delivery of information and services in ways that better reflect what people want. Its vision is to have the Internet as the dominant means of enabling ready access to government information, services and processes, by 2004.

To learn more about the e-government programme, visit www.e-government.govt.nz

The full text of the Cabinet paper is also available on this site.