Government On-Line officials poke at security holes

OTTAWA — The transformation of Canadian government into an electronic entity may be on track, public sector officials told the 15th Annual Canadian Information Technology Security Symposium Thursday, but public confidence in online services is not.

Discussions at the conference centered around

how personal information can be protected once it enters the public domain electronically. The volume of private information passing through the Internet is expected to increase considerably as Canada completes its Government On-Line (GOL) project, which Canada’s CIO Michelle D’Auray told attendees is right on schedule.

The GOL goal is to have all key services online and to increase public satisfaction with electronic service delivery (ESD) by 10 per cent by 2005. The federal government expects that goal will be met, although the number of services expected to be online by target date is smaller than originally thought. That’s due to the fact that upon inspection, D’Auray said, many services seemed prime candidates for consolidation. Now the expectation is to have 130 services, spanning across 30 departments, online by 2005.

Although the project is generally moving forward as planned there are obstacles being met along the way. Some of them have to do with security and privacy issues, D’Auray said.

“”As we move services online we are finding that some of the critical components to information security and to meeting our obligation of maintaining citizen privacy are impediments to a positive user experience,”” she said.

Work is now being done to address that problem, she said. The challenge is arriving at a balance that would make government sites easy to use but safe enough to put the public’s concerns about safety to rest.

It’s a problem Canada’s provinces say they know all too well. Joan McCalla, corporate chief strategist with Ontario’s CIO office, said the province is also well on its way to meeting its e-government goals.

Ontario has a deadline to build up a significant portfolio of electronically delivered services by the end of this year. McCalla defined ESD as a way of allowing access to government services online, by fax or through interactive active voice response systems. More than 70 per cent of Ontario’s services are available electronically now, she said. That number continues to increase.

Homes in Ontario are largely wired, making ESD a logical step, she said.

“”We’re fortunate in that the public is ready for these services,”” McCalla said. “” Not only that, but they’re telling us that they want to use the Internet to access government services. Surveys are telling us that.””

Those same surveys, however, are showing that the majority of Ontario residents concentrating on information searches, rather than pursuing transactions. Though all steps are being taken to ensure gathered data is safe, the public is still not comfortable accessing government services online, she admitted. They’re afraid information they supply could be lost, stolen or shared without their knowledge.

Larry Korba, a researcher with the National Research Council of Canada, said work is being done to increase online privacy protection. As part of the NRC’s Institute for Information Technology’s network computing group, Korba is involved in the Privacy Incorporated Software Agent, or PISA project. The project’s goal is the development of privacy-enhancing technologies for an online transaction environment.

The PISA project is testing how different approaches, such as the creation of mixed networks that essentially camouflage online traffic, make it harder to intercept data, Korba said. Work is also being done on adapting digital rights management technologies to privacy rights management. Korba also mentioned that the group is working on developing technologies that would insure privacy in the peer-to-peer environment.

The balance between user experience and security is also being sought at PISA, since security features tend to slow systems down, he said.

“”Security-aware technologies exist,”” he said, “”but they are not being used as much.””

Korba pointed to a major obstacle to increasing security and privacy online: In most cases, he said, the user does not want to pay.

And while the NRC is facing commercial success challenges for its work, D’Auray said the federal government’s online venture is stumbling over miscommunication and difficulties with definitions. Right now, for example, the federal government has 17 different definitions of “”disability,”” which can complicate how data is handled in secure systems, she said.

“”Right now our ability to move quickly is impeded by our inability to cooperate at many levels and even understand, from a management perspective, what we’re talking about,”” she said.

The search for a common language and consolidation of services are two major areas of work going on to ensure that the GOL project continues to move ahead on schedule, D’Auray added.

Comment: info@itbusiness.ca

Share on LinkedIn Share with Google+