Presentation to T&P Forum Sep 2007


Published on

Presentation on privacy protection in Identity Verification Service (igovt) at Technology and Privacy Forum, hosted by the Office of the Privacy Commissioner, New Zealand

Published in: Business, Travel
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Presentation to T&P Forum Sep 2007

  1. 1. All-of-government Authentication and Privacy
  2. 2. What is Authentication?
  3. 3. Authentication is… <ul><li>Confirming who you are, i.e. your identity </li></ul><ul><li>Consists of two different processes: </li></ul><ul><ul><li>Who you are in the first place </li></ul></ul><ul><ul><li>Confirming that it’s you each time </li></ul></ul>Identity  Bank Account 
  4. 4. What are the Problems?
  5. 5. The First Problem <ul><li>People have to establish their identity with each government agency individually. </li></ul>1/3      
  6. 6. The Second Problem <ul><li>2/3 </li></ul>
  7. 7. The Third Problem <ul><li>Keeping track of username and password for each online service is bad enough. </li></ul><ul><li>It will become worse when each online service moves to two-factor authentication: “Necklace of tokens.” </li></ul>3/3
  8. 8. What’s Government Doing About These Problems? A systemic problem requires a systemic solution
  9. 9. All-of-government Authentication Programme <ul><li>Part of the E-government Strategy led by State Services Commission. </li></ul><ul><li>All-of-government approach to develop and implement: </li></ul><ul><ul><li>Policy work </li></ul></ul><ul><ul><li>Authentication Standards </li></ul></ul><ul><ul><li>Shared services </li></ul></ul><ul><ul><ul><li>Government Logon Service (GLS) </li></ul></ul></ul><ul><ul><ul><li>Identity Verification Service (IVS) </li></ul></ul></ul><ul><ul><ul><li>Future online authentication services </li></ul></ul></ul><ul><li>Multiple government agencies involved, notably Department of Internal Affairs (DIA). </li></ul>
  10. 10. Privacy Is Critical <ul><li>Inherently involves identity and personal information. </li></ul><ul><li>Big risks around perceptions: </li></ul><ul><ul><li>Big Brother </li></ul></ul><ul><ul><li>National identity card </li></ul></ul><ul><ul><li>Data matching </li></ul></ul><ul><ul><li>Loss of personal control </li></ul></ul><ul><ul><li>Technology solution looking for a problem to solve </li></ul></ul><ul><ul><li>Online security, “hacking” </li></ul></ul><ul><ul><li>Identity inflation </li></ul></ul>
  11. 11. Had To Take A Comprehensive Approach Protecting privacy became a central issue, part of the fabric
  12. 12. Protecting Privacy <ul><li>Comprehensive response: </li></ul><ul><ul><li>Drivers and agenda </li></ul></ul><ul><ul><li>Legislation </li></ul></ul><ul><ul><li>Policy framework </li></ul></ul><ul><ul><li>Public consultation </li></ul></ul><ul><ul><li>Oversight </li></ul></ul><ul><ul><li>Independent reviews </li></ul></ul><ul><ul><li>Architecture </li></ul></ul><ul><ul><li>Technical design </li></ul></ul><ul><ul><li>Operational processes and systems </li></ul></ul><ul><ul><li>Privacy Risk Register </li></ul></ul>
  13. 13. Privacy Protection <ul><li>Drivers and agenda </li></ul><ul><ul><li>Strategic outcomes </li></ul></ul><ul><ul><li>No hidden agenda: the “luxury of physical security” </li></ul></ul><ul><li>Legislation </li></ul><ul><ul><li>Work in progress </li></ul></ul><ul><ul><li>Primarily to enhance trust and transparency </li></ul></ul><ul><li>Public Consultation </li></ul><ul><ul><li>First round in 2003 </li></ul></ul><ul><ul><li>Another round soon </li></ul></ul>
  14. 14. Policy Work <ul><li>Policy principles before solution design. </li></ul><ul><li>Cabinet approved policy principles in 2002: </li></ul><ul><ul><li>Security </li></ul></ul><ul><ul><li>Acceptability </li></ul></ul><ul><ul><li>Protection of privacy </li></ul></ul><ul><ul><li>All-of-government approach </li></ul></ul><ul><ul><li>Fit for purpose </li></ul></ul><ul><ul><li>Opt-in </li></ul></ul><ul><li>Protection of privacy became part of our DNA. </li></ul>
  15. 15. Setting the Bar High Privacy Act- 12 principles Cabinet- 6 policy and 9 implementation principles Good practice- Kim Cameron’s 7 “Laws of Identity” Emerging areas, e.g. “sticky” metadata Sovereignty over data
  16. 16. Our Approach to Online Authentication <ul><li>Separate who a person is (identity) from what they do (activity). </li></ul><ul><li>Designed to prevent data aggregation. </li></ul>Name = Joe Bloggs Date of birth = 01/01/1970 Place of birth = Wellington Sex = male Username = joe, Password = joeblo22 Identity Verification Service (IVS) Government Logon Service (GLS)
  17. 17. People Will See An Integrated Service Name?
  18. 18. Data Model <ul><li>Privacy risks are often at the detailed level. </li></ul><ul><li>We’ll take a detailed look at the information collected and stored over 3 steps: </li></ul><ul><ul><li>Signing up to the service </li></ul></ul><ul><ul><li>Using the service to verify identity </li></ul></ul><ul><ul><li>Using the service for ongoing access to online services </li></ul></ul><ul><li>I’ve made some simplifications for clarity. </li></ul>
  19. 19. Signing Up To The Service Name = Joe Bloggs Date of birth = 01/01/1970 Place of birth = Wellington Sex = male FLT = 123456789 FLT = 123456789 Dept of Internal Affairs Name Date of birth Place of birth Sex Username = joe Password = joeblo22 Passports
  20. 20. Verifying Identity Name = Joe Bloggs Date of birth = 01/01/1970 Place of birth = Wellington Sex = male FLT = 123456789 Agency 1, say IRD FLT = 123456789 Name = Joe Bloggs Date of birth = 01/01/1970 Sex = male FIT = 678901234 IRD number = 123 456 789 Agency 2, say MSD Name = Joe Bloggs Date of birth = 01/01/1970 Place of birth = Wellington Sex = male FIT = 230987654 FLT = 345678901 SW number = AB345678 Username = joe Password = joeblo22
  21. 21. Ongoing Access To Online Service Username = joe Password = joeblo22 FLT = 345678901 Agency 2, say MSD FLT = 345678901 SW number = AB345678
  22. 22. Other Privacy Protection Features <ul><li>Identity is: </li></ul><ul><ul><li>verified only at the request of the service user; people in control. </li></ul></ul><ul><ul><li>data reviewed by the service user before it is sent to agency and active consent required. </li></ul></ul><ul><ul><li>unique per agency with a different persistent identifier per agency. </li></ul></ul><ul><li>If a person has multiple names, he/she can choose which name is sent to the agency. </li></ul><ul><li>Only identity data (out of the minimum data stored) required by the agency sent. </li></ul>
  23. 23. Independent Reviews: Multiple PIAs
  24. 24. What We Learnt…Top 3 <ul><li>PIAs provide a fresh perspective that is usually not available from within. </li></ul><ul><li>In multi-stage, multi-year projects the timing of multiple PIAs is more art than science. </li></ul><ul><li>Privacy protection is like quality control…PIAs do not substitute “designing in” privacy along the way. </li></ul>
  25. 25. An International Perspective <ul><li>No single correct way. </li></ul><ul><li>New Zealand is considered a world leader in authentication and identity. </li></ul><ul><li>From an European angle, New Zealand is considered to be with France and Austria in the highly privacy-protective category. </li></ul><ul><li>Our privacy-protective architecture has been praised by international experts. </li></ul>
  26. 26. Questions? Comments? For more information and feedback please contact: Vikram Kumar All-of-government Authentication Programme State Services Commission Website: Email: [email_address]