Embed Size (px)
Citation preview
ChiefInformationOfficer Branch
Gestion dudirigeantprincipal del’information
“We will have a world class public key infrastructure in place”
Prime Minister Jean Chrétien
First Annual Privacy and Security Workshop
November 10, 2000
Security and
Government On-Line
Getting the Model Right
Government of Canada PKI Secretariat
Origin of Government On-Line Initiative
“The Government will become a model user of information technology and the Internet. By 2004, our goal is to be known around the world as the government most connected to its citizens, with Canadians able to access all government information and services on line, at the time and place of their choosing.” (1999 Throne Speech)
PARTNERSHIPS
• inter-jurisdictional sites and services based on client needs
2004 and beyond
Tier Three
ELECTRONIC SERVICE DELIVERY
• key government services on-line
• secure transactions• electronic filing• electronic payments
December 2004
Tier Two
ON-LINE PRESENCE• information on
programs and services
• access to key forms on-line
• a revamped Government of Canada portal
December2000
Tier One
Government On-Line Targets
GOC PKI Secretariat Role
To encourage the implementation of policies, technologies and governance processes in support of secure electronic service delivery and Government On Line.
To contribute to Canada’s position as a trusted partner in the new global economy by helping to promote an e-commerce-friendly environment.
Secure Electronic Service Delivery
As electronic transactions increase in complexity and sensitivity, so too do the requirements for privacy and security
Secure Electronic Service Delivery (SESD) is a critical component of the Government On-Line Initiative
Strategy Development
Typical Federal Services and Associated Security Requirements Information publishing
- anonymous browsing- digitally signed content
Application for program or service, updates and account review- confidentiality- authentication- authorization- non-repudiation- secure end-to-end automated processes
Access to Public Information
Paid Publications
Tax Filing / Benefit Applications
Corporate Form Filing
Access and Changes to Information
TYPICAL ON-LINE SERVICESSECURITY ENABLERS
Public Key Infrastructure
PINs, Passwords,Shared SecretsSSL
Services / Security Matrix
Unrestricted access
Security Options Browsing options
- https Authentication options
- SSL/PINs on a program-by-program basis
- PKI across programs Inclusive approach
possible Options not mutually
exclusive
Canadians’ Expectations of Electronic Service Delivery
They want to use the Internet to access
government services
Government must deliver services in a
secure and trusted environment Government must ensure the security
and privacy of personal information by using the best available solutions
Security Concerns
Private information becoming public
Malicious or inadvertent changes to information
Information ending up in the wrong hands
Information theft and fraud
Policy Framework
Privacy Act- Code of Fair Information Practices
• authorized program• direct collection and informed consent• “consistent” use• right of correction
Treasury Board Policy on Privacy and Data Protection
Privacy Impact Assessment
PKI and Secure Electronic Service Delivery Issues
Privacy Collection and sharing of
information between government services
- registration, directory
Naming of certificates- “distinguished names” - how to prevent data linking and
inference
Single or multiple certificates No key back up
More PKI and SESD Issues
Portability Accessibility Across jurisdictions?
Privilege Management Addressing the need for
distributed privilege management
Distinguishing between identity and authority
Communications Public perception and trust
Guiding Principle of SESD Development
To fully respect privacy principles while
collecting and using personal information for
registration, service requests and help-desk
purposes
Getting the Model Right By . . .
Meeting Canadians’ expectations of Secure Electronic Service Delivery
Supporting departmental services requirements
Building electronic service delivery partnerships with the public and private sectors
Influencing technology development Communicating effectively
Security and Confidentiality
in
the Digital World
Government of Canada PKI
For more information
TBS/CIOB/PKI Web site: www.cio-dpi.gc.ca/pki/pki_index_e.html
GOC PKI Secretariat e-mail: [email protected]
Brenda Watkins (613) 946-5054 [email protected]
