2 Summary

2.1.1 Certification Authorities (CAs) issue certificates that are used to authenticate individuals' access to computer systems. A CA approved for government use has the potential to compromise government security.

2.1.2 We could set up government owned and operated CAs and this would minimise security risks.

2.1.3 We already contract the private sector to perform functions that bring them in contact with sensitive material including document destruction, firewall management and building security.

2.1.4 Private sector CAs already provide high quality and targeted solutions to government.

2.1.5 Offshore CAs introduce issues around international relations, trade agreements, performance, service and support. The use of offshore CAs is not recommended unless the CA has a New Zealand office.