advertisement

Presentation to T&P Forum Sep 2007

50 %
50 %
advertisement
Information about Presentation to T&P Forum Sep 2007

Published on April 7, 2008

Author: kumar641

Source: slideshare.net

Description

Presentation on privacy protection in Identity Verification Service (igovt) at Technology and Privacy Forum, hosted by the Office of the Privacy Commissioner, New Zealand
advertisement

All-of-government Authentication and Privacy

What is Authentication?

Authentication is… Confirming who you are, i.e. your identity Consists of two different processes: Who you are in the first place Confirming that it’s you each time Identity  Bank Account 

Confirming who you are, i.e. your identity

Consists of two different processes:

Who you are in the first place

Confirming that it’s you each time

What are the Problems?

The First Problem People have to establish their identity with each government agency individually. 1/3      

People have to establish their identity with each government agency individually.

The Second Problem 2/3

2/3

The Third Problem Keeping track of username and password for each online service is bad enough. It will become worse when each online service moves to two-factor authentication: “Necklace of tokens.” 3/3

Keeping track of username and password for each online service is bad enough.

It will become worse when each online service moves to two-factor authentication: “Necklace of tokens.”

What’s Government Doing About These Problems? A systemic problem requires a systemic solution

All-of-government Authentication Programme Part of the E-government Strategy led by State Services Commission. All-of-government approach to develop and implement: Policy work Authentication Standards Shared services Government Logon Service (GLS) Identity Verification Service (IVS) Future online authentication services Multiple government agencies involved, notably Department of Internal Affairs (DIA).

Part of the E-government Strategy led by State Services Commission.

All-of-government approach to develop and implement:

Policy work

Authentication Standards

Shared services

Government Logon Service (GLS)

Identity Verification Service (IVS)

Future online authentication services

Multiple government agencies involved, notably Department of Internal Affairs (DIA).

Privacy Is Critical Inherently involves identity and personal information. Big risks around perceptions: Big Brother National identity card Data matching Loss of personal control Technology solution looking for a problem to solve Online security, “hacking” Identity inflation

Inherently involves identity and personal information.

Big risks around perceptions:

Big Brother

National identity card

Data matching

Loss of personal control

Technology solution looking for a problem to solve

Online security, “hacking”

Identity inflation

Had To Take A Comprehensive Approach Protecting privacy became a central issue, part of the fabric

Protecting Privacy Comprehensive response: Drivers and agenda Legislation Policy framework Public consultation Oversight Independent reviews Architecture Technical design Operational processes and systems Privacy Risk Register

Comprehensive response:

Drivers and agenda

Legislation

Policy framework

Public consultation

Oversight

Independent reviews

Architecture

Technical design

Operational processes and systems

Privacy Risk Register

Privacy Protection Drivers and agenda Strategic outcomes No hidden agenda: the “luxury of physical security” Legislation Work in progress Primarily to enhance trust and transparency Public Consultation First round in 2003 Another round soon

Drivers and agenda

Strategic outcomes

No hidden agenda: the “luxury of physical security”

Legislation

Work in progress

Primarily to enhance trust and transparency

Public Consultation

First round in 2003

Another round soon

Policy Work Policy principles before solution design. Cabinet approved policy principles in 2002: Security Acceptability Protection of privacy All-of-government approach Fit for purpose Opt-in Protection of privacy became part of our DNA.

Policy principles before solution design.

Cabinet approved policy principles in 2002:

Security

Acceptability

Protection of privacy

All-of-government approach

Fit for purpose

Opt-in

Protection of privacy became part of our DNA.

Setting the Bar High Privacy Act- 12 principles Cabinet- 6 policy and 9 implementation principles Good practice- Kim Cameron’s 7 “Laws of Identity” Emerging areas, e.g. “sticky” metadata Sovereignty over data

Our Approach to Online Authentication Separate who a person is (identity) from what they do (activity). Designed to prevent data aggregation. Name = Joe Bloggs Date of birth = 01/01/1970 Place of birth = Wellington Sex = male Username = joe, Password = joeblo22 Identity Verification Service (IVS) Government Logon Service (GLS)

Separate who a person is (identity) from what they do (activity).

Designed to prevent data aggregation.

People Will See An Integrated Service Name?

Data Model Privacy risks are often at the detailed level. We’ll take a detailed look at the information collected and stored over 3 steps: Signing up to the service Using the service to verify identity Using the service for ongoing access to online services I’ve made some simplifications for clarity.

Privacy risks are often at the detailed level.

We’ll take a detailed look at the information collected and stored over 3 steps:

Signing up to the service

Using the service to verify identity

Using the service for ongoing access to online services

I’ve made some simplifications for clarity.

Signing Up To The Service Name = Joe Bloggs Date of birth = 01/01/1970 Place of birth = Wellington Sex = male FLT = 123456789 FLT = 123456789 Dept of Internal Affairs Name Date of birth Place of birth Sex Username = joe Password = joeblo22 Passports

Verifying Identity Name = Joe Bloggs Date of birth = 01/01/1970 Place of birth = Wellington Sex = male FLT = 123456789 Agency 1, say IRD FLT = 123456789 Name = Joe Bloggs Date of birth = 01/01/1970 Sex = male FIT = 678901234 IRD number = 123 456 789 Agency 2, say MSD Name = Joe Bloggs Date of birth = 01/01/1970 Place of birth = Wellington Sex = male FIT = 230987654 FLT = 345678901 SW number = AB345678 Username = joe Password = joeblo22

Ongoing Access To Online Service Username = joe Password = joeblo22 FLT = 345678901 Agency 2, say MSD FLT = 345678901 SW number = AB345678

Other Privacy Protection Features Identity is: verified only at the request of the service user; people in control. data reviewed by the service user before it is sent to agency and active consent required. unique per agency with a different persistent identifier per agency. If a person has multiple names, he/she can choose which name is sent to the agency. Only identity data (out of the minimum data stored) required by the agency sent.

Identity is:

verified only at the request of the service user; people in control.

data reviewed by the service user before it is sent to agency and active consent required.

unique per agency with a different persistent identifier per agency.

If a person has multiple names, he/she can choose which name is sent to the agency.

Only identity data (out of the minimum data stored) required by the agency sent.

Independent Reviews: Multiple PIAs

What We Learnt…Top 3 PIAs provide a fresh perspective that is usually not available from within. In multi-stage, multi-year projects the timing of multiple PIAs is more art than science. Privacy protection is like quality control…PIAs do not substitute “designing in” privacy along the way.

PIAs provide a fresh perspective that is usually not available from within.

In multi-stage, multi-year projects the timing of multiple PIAs is more art than science.

Privacy protection is like quality control…PIAs do not substitute “designing in” privacy along the way.

An International Perspective No single correct way. New Zealand is considered a world leader in authentication and identity. From an European angle, New Zealand is considered to be with France and Austria in the highly privacy-protective category. Our privacy-protective architecture has been praised by international experts.

No single correct way.

New Zealand is considered a world leader in authentication and identity.

From an European angle, New Zealand is considered to be with France and Austria in the highly privacy-protective category.

Our privacy-protective architecture has been praised by international experts.

Questions? Comments? For more information and feedback please contact: Vikram Kumar All-of-government Authentication Programme State Services Commission Website: e.govt.nz/services/authentication Email: [email_address]

Add a comment

Related pages

Presentation "FOLLOW-UP ON THE PREVIOUS ARF SEMINAR ON ...

... Forum Seminar on Narcotics Control 20 Sep 2007, ... Presentation on ... DEVELOPMENT ASEAN Regional Forum Seminar on Narcotics Control 20 Sep ...
Read more

PRESENTATION TO PAKISTAN DEVELOPMENT FORUM

presentation to pakistan development forum ... 2007. 2 unified development of water & power resources ... sep/oct.1979 sep. 2005 original ...
Read more

PowerPoint 2007 to DvD so I can watch on TV - Microsoft ...

PowerPoint 2007 to DvD so I ... How can I record my Powerpoint 2007 presentation on a DvD so I ... http://social.microsoft.com/Forums/en-US ...
Read more

IR Presentations|Resona Holdings, Inc. - りそな ...

Resona Holdings, Inc. ... (Presentation material for "CLSA Japan Forum 2007" held on March 1, ... (IR Presentation for Overseas Roadshow) Sep. 7, ...
Read more

microsoft scom management packs SEPM 12.1 and 11 ...

... //www-secure.symantec.com/connect/forums/integrating-sep-microsoft-scom. ... //www-secure.symantec.com/connect/forums/scom-2007-r2-integration.
Read more

Stephen Lam at the Civil Society Forum, Sep 15, 2007 ...

Stephen Lam at the Civil Society Forum, Sep 15, 2007 by Rubblackboard. Follow 0 0 views . Tweet. About; Export; Add to; Stephen Lam ...
Read more

How to Create a PowerPoint Presentation - Instructables.com

... How to Create a PowerPoint Presentation. ... This tutorial is specifically using PowerPoint 2007. ... Forums; Answers; Sitemap;
Read more

Powerpoint-FAQ - PPT Startseite

Hinweis zum Aufbau der Seiten. Sie finden meine neuen Webseiten für Office 2010 unter. Tipps und Tricks rund um Office 2007 und 2010 . PowerPoint 2007
Read more

Problems when saving powepoint presentation as PDF ...

I am trying to finish up a presentation for class. I am using Office/Powerpoint 2007 on a brand ... Problems when saving powepoint ...
Read more