10 Summary of issues

10.1 Private Sector

Issue / risk: Need to trust non-public servants. Mitigation / precedent: Contractual agreement, just as we do for security guards, document destruction, and outsourced IT operations.

10.2 Offshore operations

Issue / risk: Difficulty of vetting overseas operations Mitigation / precedent: CAs can be independently audited to standards like ISO17799 and CA Trust.

Issue / risk: Foreign CAs may have governing law outside NZ Mitigation / precedent: Have CA change CPS so that New Zealand law governs certificates issued to New Zealanders.Decide on a case-by-case basis whether particular jurisdictions are acceptable.

Issue / risk: Performance and reliability dependent on Internet links outside NZ Mitigation / precedent: Demonstrate good Internet connectivity.

Issue / risk: Political disturbance Mitigation / precedent: Consider stability of region on a case-by-case basis.

10.3 Completely offshore

Issue / risk: Difficult to contractually bind to NZ law Mitigation / precedent: None

Issue / risk: User registration, support and relationships harder Mitigation / precedent: None