Sponsor's Message

Yes, they want to move as much as possible of the interaction between government and the people of New Zealand to the Net -- and that's not such a bad idea.

However, the single most critical aspect of such a move is that of providing a simple yet reliable method of identifying people.

At first glance this might seem a fairly trivial problem -- just give everyone a login ID and a password right?

BZZZT -- wrong!

An ID/Password system is one of the least secure and most easily outwitted identification systems you can imagine.

For a start, if the password is sufficiently long and random to reduce the risk of it being guessed, it's also probably very difficult to remember.

Don't even think about using your car's registration number, your birth-date, your daughter's middle-name or anything like that. Those are probably the first things that a would-be hacker or impersonator would try.

Readers Say (updated irregularly) Bank hacking... - Daniel e - Goverment... - John Have Your Say

Password/ID systems are also vulnerable to cunning tricks such as the one that has been used for some time on the Net and most recently saw a number of Australian bank customers conned out of thousands.

If an evil sod wants your ID/Password, first they simply set up a website that looks just like the one you normally visit -- your online banking site, the IRD, or whatever.

Then they send you an email -- faking the "From" field to make it look as if it's come from the bank or the relevant government department.

In that email they request that you visit their site and confirm something or other. Of course to perform the requested action, you'll have to enter your ID and password right?

The cunning trick is that the email sent includes a link which purports to be to the relevant website (for the user's convenience you understand).

However, instead of taking the targeted user to the *real* bank or government website, it actually takes them to the fake site the "evil sod" has created.

And what happens next?

That's right -- the unsuspecting user effectively hands over their ID and password which is delivered right into the arms of the waiting crook.

As soon as there is some benefit to be had by impersonating someone on an e-Government site, this scam *will* take place and people's privacy and security will be compromised -- of this there can be no doubt.

So what's required for a safe and secure e-Government is something far more effective -- but what?

There are some very effective alternatives that can provide hugely increased levels of protection, let's hope they use one of them.

Well I guess we won't know the answer until government has finished considering the options before it. However, if we do end up with a simple password/ID system then I would say it's time for everyone to start being very worried.

Xtra: More Proof? (part 2)
The jury may still be out as to whether Xtra's recent bad press stems from avarice or incompetence -- but here's another piece of evidence for your consideration.

Although I suspect they'll have fixed this up pretty damned quickly after today's column hits the web, I invite you to take a look at the comprehensive XtraMSN guide to "Protecting Intellectual Property". (screenshot).

Yes, check out the title of that page and check out how keen they are to arm customers with the advice they need to ensure that nobody infringes their intellectual property rights.

This is easier than shooting fish in a barrel :-)

And of course if any Aardvark readers have an opinion on today's column or want to add something you're also invited to chip in and have your say.

Contacting Aardvark
As always, readers are invited to submit their comments on material covered in this column. If you'd like your comments published here then please be sure to use this form and select For Publication.

Other media organisations seeking more information or republication rights are also invited to contact me.

Just add a couple of lines of JavaScript to your pages and you can get a free summary of Aardvark's daily commentary -- automatically updated each and every week-day.

Aardvark also makes a summary of this daily column available via XML using the RSS format. More details can be found here.

Contact me if you decide to use either of these feeds and have any problems.

Linking Policy
Want to link to this site? Check out Aardvark's Linking Policy.

Did you tell someone else about Aardvark today? If not then do it now!