Reader Comments on Aardvark Daily 15 April 2003

Note: the comments below are the unabridged submissions of readers and do
not necessarily reflect the opinions of the publisher.
 

From: Daniel
For : The Editor (for publication)
Subj: Bank hacking

What I want to know is how did they get the email
addresses of those bank customers???




From: John Elsbury
For : The Editor (for publication)
Subj: e - Goverment

I have been giving this a lot of thought over the years, in
the context of e-voting:  but the same considerations apply
to e-Government as well.

The problems are all in authentication and in maintaining
address / electorate details.  About the only reasonably
secure method I can think of is as follows:

The government sets up e-terminals in every post office and
publicly accessible Government office in New Zealand:
these are all online (via the Internet or whatever) to a
central computer system and linked database.  Let's call
these "e-booths".

Every voter gets issued a smart card with their photograph
on it.  The card has to be reasonably secure and has to be
able to store address details.  The photograph could easily
be stored as a barcode or digitally on the card.  The card
would also need to be able to hold other Government
reference details such as IRD number.

To maintain personal details, the user takes their card to
an e-booth.  A suitably trained person has to match the
user (face) to the card being presented. If the image was
stored in the card, rather than printed on it, then they
have to use an interrogation / display unit to view the
image; and the "verifier" then adds (to the smartcard) a
time-limited "authentication ticket" (say, valid for
presentation in the next two minutes and authorising access
for a set period, depending on what the purpose of the
visit is).   The user then proceeds into the e-booth and
makes whatever changes they wish:  these changes are
confirmed by physical mail or e-mail to the user, offline
and after the transaction is complete.   A further token
would be added to the card at this point, valid only for a
one-shot confirmation visit by the user to actually fix the
cahnged details in place in the master database and in the
card itself.

To vote, the process is as above (perhaps with more strict
control over the verification process).   The electorate
details displayed for candidate selection would (naturally)
depend on the electorate in which the cardholder resides).
Ideally an encrypted record of the vote cast would be
maintained within the smartcard, but could only be accessed
and viewed at a special dedicated terminal (at, say, an
electoral office) and only when authorised by a Registrar
or equivalent.  Alternatively, and for elections only, a
ticket could be printed providing details of the vote cast.

To interact with e-Government online, the process would
work very much along the same lines as are oulined above.

Issuing the cards is a large task but, again, providing
that authentication is carried out independently it can be
managed securely.

Now Have Your Say

Home | Today's Headlines | Contact | New Sites | Job Centre | About