Slashdot Mirror
A Digital Certificate For Every Canadian
thepacketmaster writes "September 27 of this year, the Canadian government took a quiet step into the online world. Called Government Online, this broad project involves giving every Canadian citizen a digital certificate, which will allow citizens to access their personal government records online. So far they only have the Custom & Revenue Agency online with a simple Change of Address, but there are over a hundred more applications from various agencies ready to be put online. Could this be the start of something good, or is this Big Brother? How about voting online?"
"Could this be the start of something good, or is this Big Brother?"
Depends. Yes, it could be Big Brother, if the government is planning on using this as a way to track people. It also could be something very good, in that people could quickly and easily track themselves through the government. Unfortunately, this could also be a means for people to track you quickly and easily....leading to all sorts of uncool cracking/piracy,theft. It's a new tech, gonna have it's problems just like everything else.
Sent from your iPad.
that this is a better idea than what is available here in the US, where you can obtain anyone's private records through a third party, as long as you have money.
this is unnecessary, microsoft already has a system called passport that works even better
why reinvent the wheel?
Any action taken by government *could* be the start of big brother.
Big brother is someone who is always hovering there, waiting to come out. Whenever people permit government, you permit big brother in to some degree or another.
Tha said, as a Canadian, this is cool.
You see, all these records are obtainable now.. but it's a pain in the ass to authenticate yourself to the proper agencies (go there in person, etc). It would be nice to have a lot of stuff online.. and I'd rather the issued me a private digital certificate for access than some dumb authentication mechanism like just my SIN number & birthdate.
As long as they aren't changing the rules reagarding the information they need to know... I'm okay with it.
ie: CCRA doesn't need to know my address if I don't live in the country. In fact, they don't need to know my address at all; all they need to know is where to send the tax forms/refunds/whatever, which does not have to be where I live.
Yeah well they don't have pedestrians being picked off by snipers do they?
I hate to throw cold water on this, but with a digital certificate, are you proving that you are Jean Deau, or that you are sitting at Jean Deau's computer? This distinction isn't that important for, say, your my.excite.com page, but is vital for dealing with the Government. The links provided don't really give much detail on how this will be implemented. Will each Canadian have his own password, eh? Not being a Canadian myself, I am willing to work with the assumptions that a) there is some way of telling John Smith of Quebec from John Smith of Vancouver b) a substantial enough percentage of Canadians have access to the internet to make this not a waste of time and money.
-- I Am Not A Terrorist.
With pgp/gpg and keyservers like pgp.mit.edu, it's painfully simple to create and revoke keys that you control - as long as Canada picks a similar system, the citizens are still in control. If you feel your key has been compromised, revoke it and go create a new one next time you go to the post office or city hall, or however they verify people...
I've *never* felt that having a digital ID was a threat to my privacy - if I control the keys, I can use the ID when I feel like proving who I am.
Nothing stops me from generating a new ket for some other purpose either - I usually create one for each job/work-email that I use. I've had my private one since '96 or so - you can go grab it from my slashdot profile.
Cheers,
Jim
-- My Weblog.
Is Prime Minister Jean Poutine even aware of this initiative?
"You've got bribes!"
!#@%*)anks for hanging up the phone, dear.
Voting online is a bad idea regardless of the software used to implement it. Simply put, there is no guarrantee of privacy. By having people goto public locations with private booths, each persons privacy can be garranteed because there are people there whose job it is to ensure it. At home, an abusive wife can illegally influence her husband into voting for a candidate or issue he would have otherwise not voted for. Corporations or Labor Unions could setup computer voting centers for thier members or employees. What guarrantee is there the persons Boss or Union Leader won't be standing over thier shoulder or there isn't a keystroke capture program installed on the computer or the data stream isn't funneled into another program designed to change votes or somehow invalidate "Wrong" votes.
"Our products just aren't engineered for security,"
-Brian Valentine,VP in charge of MS Windows Development
OS, Web Server and Hosting History for www.gol-ged.gc.ca OS Server Last changed IP address Netblock Owner
:(
Windows 2000 Microsoft-IIS/5.0 12-Oct-2002 198.103.32.172 Finance Canada and Treasury Board Secretariat
NT4/Windows 98 Microsoft-IIS/4.0 5-Apr-2002 198.103.32.172 Finance Canada and Treasury Board Secretariat
NT4/Windows 98 Microsoft-IIS/4.0 23-Jan-2001 198.103.32.142 Finance Canada and Treasury Board Secretariat
It does not look too good to me
The Longitudinal Labour Force File fiasco of a couple of years ago. Of course, it has since been dismantled (or else put in the hands of a government body beyond the reach of the Privacy Commissioner) but I would not put it past the federal government to try this again under a different guise.
Here's a little more info.
---
I didn't want to leave this space blank.
... that the Department of Human Resources created a massive database a few years ago, with something like 1500 pieces of information on each Canadian resident. After denying that the database existed, eventually it was shut down due to public pressure.
I use Macs to up my productivity, so up yours Microsoft!
If they used Macs, that wouldn't be a problem.
You could actually have this and online voting as well - online voting doesn't have to mean from any internet-connected computer at all.
If you voted 'online' at a polling booth terminal, you could gain enormous efficiencies over today's system involving so many bits of paper.
And a digital certificate might be something you take on disk, card or some other medium to a public terminal, but again not use from just anywhere on the internet.
Never trust a man in a blue trench coat, Never drive a car when you're dead
How about voting online?
What is there this mad rush to figure out how to make voting to work on the internet? I mean...you vote very close to where you live...you either care to vote, or you don't, online voting isn't going to change that. The technical hurdles are so big that I can't see how they are justifiable.
Furthermore, Canada already has its own little system of voting (piece of paper, put x in your preferred candidates box) and it's cheap, easy to count, difficult to mess up, et cetera. It's we Americans, obsessed with technology, who have varying levels of expensive technology most of which more or less works the majority of the time. (Unlike the Canadian system which works all the time for pennies per election.)
Is the atom good or evil? Before answering remember that we are all made of them...
What about digital certificates?
Good effects:
A faster and probably more effective way to reach the state institutions.
A more straightforward guarantee that you are treaten as a person and not as one more element of the crowd.
A cheaper and relatively safer way of access.
A possibility for bigger anonymity in certain conditions.
Bad effects:
Big Brother is possible. Someone may try to track your doings by the trace of your digital certificate. Worst, its is also possible complete Chaos as people mess with databases, loose data, steal your information.
In certain cases you may get in a bigger and worser line because someone forgot to upgrade the networks in time and Canada population is not so small as it looks.
State institutions may become more bureaucratic and claim "we don't know you because you don't have your digital certificate with you" or "go to the network and we will talk with you". Besides, certain companies may try to explore this advance and start charging traffic higher and higher.
What will prevail? It does not depend on the digital certificate itself but on the way the infrastructure will be created. Unfortunately, there is a big gap between technics and knowledge among the people. So there is a risk that the negative effects will prevail. As an example I could point a company that decided to fight certain problems with security flaws. Data was being stolen and no one could control it. So they installed a system of magnetic cards. But, instead of stopping the problem, things got worse. First, the system was mainly used to know if everyone comes at 8:00 and leaves at 17:00. It also controlled all moves inside the building. So everyone who came at 8:15 or went to take a coffee in the middle of work, had his salary cut. Meanwhile, data burglary became higher than usual as people became more worried about discipline and not security. Other organisations, with similar systems, didn't suffer such problems, as they were not so attained to such a gulag approach.
As a Canadian I'm apathetic and hopelessly ambivalent. But if it's offered it would be impolite to say no. Queen Elizabeth, now visiting during her Golden Jubilee, during one of her earlier visits to Nova Scotia was presented with a giant, fiberglass lobster. She was given a giant, fiberglass lobster because the fine folks of Nova Scotia found out she didn't have one. I'm sure the federal government in is similar vein is issuing online identity certificates. Remeber, identity is an ongoing national struggle for Canadians so every little bit helps.
"Academicians are more likely to share each other's toothbrush than each other's nomenclature."
Cohen
Why is information garnered by computer somehow more incideous than information garnered by more traditional means?
The government already has the information, or will have recieved it anyway. They are using the certificates to give you access to your information, and not leave it available to other people. Even the information you will give or update would have been given to the government sooner or later.
I don't see a way for the government to abuse your privacy with this anymore than if a data entry clerk had entered your request for a change of address at the local post office.
We're not socialists, we just have some socialist policies. Healthcare may cost a lot in taxes, but at least everyone can be sure to get proper care regardless of income level. This is only because in Canada healthcare is a right, not a priviledge.
To say Canada's crime is skyrocketing is ridiculous. I can walk through downtown Toronto (largest Canadian city) in any area at any time of day or night and not fear for my life at all. There are a couple bad neighbourhoods, but even they are many, many times safer than a bad neighbourhood in a major US city. Per capita there is not a single major US city that has lower violent crime than any major Canadian city. Stick your insanely relaxed gun laws up your ass, Americans, you guys have got it all wrong.
The global economy is a great thing until you feel it locally.
While I appreciate some of the concerns raised so far, I must comment as a developer who works for various Federal Government ministies on a daily basis.
1) GOL, while it is a great idea (offering Online government services in addition to "paper" based serveics) it is currently not much more than an idea. It has some official "GOL" apps, but they ar usually nothing more than internal government web apps redone in the Common Look and Feel. So far, only CCRA has a "real" GOL service and all it is is the Change of Address. GOL has not recieved mush hype or funding in over a year, because of September 11.
2) While the "pie in the sky" view of GOL (which is a LONG way from being reality) MIGHT have the POTENTIAL to be used as a "Big Brother" type of tool, the reality is that this is not likely to ever happen. Why? Most Canadian Federal Government departments don't share data between branches within the same ministry, let alone across departments or across ministries. Changing this attitude is required if "Big Brother" is to become a reality, and if you've ever dealt with the Feds (or the provinces or the city for that matter) you know its not going to change soon. Case in point: the department in our Ministry of Health that deals with First Nations (indians to the Americans) health delivery and funding often can't get information from the Department of Indian and Northern Affairs, a separate ministry. The end up collecting the same data, doubling costs.
And lets give our "Silly servants" some credit. A particular project I am currently working on had it's scope changed because the civil servants in the group refused to create and application that would collect identifying data! We must now create a version of our app that collects no identifying data and still be able to track individual cases for analysis.
3) GOL could in the long term cut government costs, impove efficiency and allow our governmentto govern better - they would have an up-to-date, accurate picture of some aspect of goverment business.
My concern isn't with GOL. I think it's a wonderful idea and will not likely even be designed to allow a "Big Brother" kind of use. My concern is with the calibre of the people who will be in charge of administering the system. In my experience, most sys admins, dba's, and developes in the Feds are old, behind the times, and unaware of the very technology they are to be in charge of (most have had their jobs at various ministries since the old Mainframe days).
Another Case in Point: the other day I saw a live "demo" of CCRA's "Change of Address" application. while it does require a great deal of information to sign up for the program to prove your identity (Name SIN, stuff from your Tax returns etc) once up and running it is only protected by username and password! No certs. No PKI. No "Smart Card". Just username and password (and no self admionistration that I saw).
So don't worry about GOL. It's pretty far off and not likey to be "Big Brother"-ish because of the culture of our civil service. But that same culture means that when it is in place, it will be administered by old-school, 2nd place techies who can't get a job anywhere else (most of the "technical" people I deal with when creating apps for the governement would never be hired by my company - their incompetent. Why? Because that's all the feds can get - they don't pay enough to get the really good people in the private sector.
And I haven't mentioned the Provinces yet. To becme a REAL Big Brother, the Feds would need a great deal of cooperation from the provinces...and any Canadian can tell you that's not gonna ever happen!
Never by hatred has hatred been appeased, only by kindness - the Buddha
Voting commissioners have a hard enough time as it is trying to help voters with the silly punch cards they have in Florida. And you expect them to learn how to maintain a particular software suite? After all, these are going to be the people in charge of trying to figure out why a particular voting booth crashed.
And that's even before we get into how much easier you'd be making it for vote fraud. First rule of network security: If you want to keep your information secure, don't put it on the @#$% network!
A few decades back, Louisiana standardized on voting machines. You go in, pull the lever, flick some switches, pull the lever again, and you're done. And it works. No hanging chads, no unstable operating systems, no Slashdotting. It may be nineteenth century technology, but it works! Why can't you just use those instead? Why does everybody insist on adding more complexity?
Of course, I'm willing to bet officials who are looking for computerized voting are some of the same people who put in the broken punch card system to begin with.
A 64 bits Canadian certificate is equivalent to a 100 bits American one.
Je t'aime Stéphanie
Is stupid.
Go to the polling station.
Mark an X in the circle.
Votes are counted while the scrutineers watch.
Time-honoured, simple, distributed computing system. Works great.
There's no sense in technology for technology's sake. Paper, pen, and people are the appropriate technology for voting in Canada.
Hi,
... and a digital certificate. You can use this card to sign online papers, review your taxes on the internet (and enter them), ...
I am from Belgium and there the eGovernment project is well under way. Every citizen will get a digital passport starting from 2003 on. This passport (kinda smart card) contains basic information like name, address, social security,
Basicly, this card is your entry point to the online government.
The system is highly secured, see Federal ICT Belgium for more information.
How me filling out the same forms online as in the Real World (TM) will somehow make the government know things it wouldn't otherwise know, in a Vast Communist Conspiracy To Rule The World And Keep The Working Man Down!
The rampant knee-jerk paranoia on this site by certain people is just disgusting.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
arrested for owning a gun, charged for saying something 'racist', and imprisoned for WRITING DOWN child porn
Oh my gosh - the Gun Nuts, the Klan, and Child Abusers aren't welcome in Canada? Terrible, who's next? Necrophiles? What about the poor, poor People Who Torture Animals?
Who would want to live in a country where you couldn't do things like that?
This has got to be one of biggest differences between Canadians and Americans. The American stance seems to be that government is bad, the smaller and less invasive they are the better. Conspiracy theories abound, and unfortunately I can't for surely say that they're unfounded. The irony is that instead of letting the government have any control, corporations have managed to gain control. The dollar rules much more in the states than here.
There seems to be a large Us vs. Them mentality between the Government and the People in the U.S. This isn't so in Canada. For one thing, the government is the people, not just in theory but in reality. If the government were to try and take over the country (a common reason for Americans needing their guns) how would they do it? Are you suggesting that my parents and sister (government employees) would take me (non-government worker) hostage? Its ludicrous to be afraid of the government.
So getting back to the main point, I too trust the government more than a corporation, as I think do most Canadians. Corporations have only one goal, and that's to make money, and that's bad. When people talk about privatizing things like jails it truely scares me. I work in private security, and its pathetic. No corner is left uncut. There's no conscience or social responsibility. This is much better left in the hands of government. I personally believe the same holds for most things, like utilities and such. After all, the goverment is basically a gigantic co-operative. Sure the government doesn't always do the right thing, but its rarely a big deal in the long run. My only real complaint about the government is the lack of efficiency that companies have to gain to stay afloat. Of course, a lot of that efficiency is gained through corner-cutting. The trick is to eliminate the bloat without cutting corners.
Anyway, that's my CDN$0.02.
--
"Karma can only be portioned out by the cosmos." - Homer Simpson [1F10]