Note: This column represents the opinions
of the writer and as such, is not purported as fact
Sponsor's Message
|
It's pretty obvious that, if the government is going to continue down the
road to putting most of its services online, then a robust, secure,
efficient user identification and authentication system has to be part
of the solution.
The last thing you want is someone stealing your identity and then filing
a raft of deliberately incorrect tax returns or proffering false information
that might get you into big trouble with the powers that be.
It was with great interest therefore that I read
this story
from IDG today.
The Aardvark PC-Based Digital
Entertainment Centre Project
Yes, at last, this feature
has been updated again! (31 Mar 2003)
It seems that a mere $2.3 million is about to be spent on developing
such an ID/authentication system.
The government has taken the sensible step of keeping such a system
out of private hands thus, in theory, providing greater control over
who has access to the information stored there.
There's no indication as to exactly how the authentication system
is to work but let's hope that an awful lot of research has been done
into overseas systems and exactly how they've proven vulnerable
to hacking and ID theft.
The thing that worries me most of all however, is that much of the
infrastructure used to build such a system may well come from Microsoft.
Now I'm not about to get into gratuitous Microsoft-bashing, but it has
to be admitted that their track-record in the area of security is
absolutely appalling. I for one would not be at all happy if the
government were relying on an MS-based system to protect my identity
from theft or unauthorised access.
Looking for an example of what I mean?
Well, coincidentally, Microsoft today admittted that it's only just fixed
another long-existing flaw in its Passport online authentication service -- a flaw
that could have allowed hackers to hijack some accounts.
Now how long has the Passport system been running?
How many Passport flaws have been detected and/or exploited?
Well, just a couple of months ago we saw
this
acknowledgement from MS regarding a flaw that left 200 million accounts
vulnerable and there have been a number of others similarly worrying
holes reported in recent years.
Then you can look at the long list of security holes that have appeared
in all of its flagship products, many of these holes providing fertile
ground for worms and viruses to propagate.
No, I'm sorry but something as critical as an authentication system that
holds the key to the identifying millions Kiwis to government organisations
as powerful as the IRD or Department for Courts must be implemented on a platform
that has a much better track record than the one that Billy's offering.
After all, it seems that far too often our government's powerful (almost
omnipotent) departments tend to shoot first and ask questions later
(ref: Couple fined over car they didn't own).
Unfortunately, as witnessed by
recent events,
rather than dive into the slightly more secure world of
open systems, the NZ government seems to have been swayed by Microsoft's
slick sales pitch and promises of access to parts of its source code.
And, if the government needs any further proof that Microsoft's software
is not as secure as they might like you to think, take a look at how the
UK
government was embarrassed through a flaw in MS Word this week.
But maybe I've got this all wrong and Microsoft is the best choice for
keeping your ID safe -- what do you think?
I'm sure most readers will have an opinion on this so share your thoughts
in the forums!
If any Aardvark readers want to share opinion on today's column or
add something, you're invited to chip in and have your say in
The Aardvark Forums or, if you prefer,
you can contact me directly.
Yes, You Can Donate
Although the very kind folks at iHug continue to generously sponsor the
publication of Aardvark, the bills still exceed the income by a fairly
significant amount. It is with this in mind therefore that I'm once
again soliciting donations from anyone who feels they're getting some
value from this daily column and news index. I've gone the PayPal
way of accepting donations because the time involved in processing a bunch
of little credit-card billings sometimes exceeds the monetary value they
represent. Just click on the button to donate whatever you can afford.
NOTE: PayPal bills in US dollars so don't accidentally donate twice
what you were intending :-)
Contacting Aardvark
As always, readers are invited to submit their comments on material covered
in this column. If you'd like your comments published here then please
be sure to use this form and select For Publication.
Other media organisations seeking more information or republication rights
are also invited to contact me.
Add Aardvark To Your Own Website!
Got a moment? Want a little extra fresh content for your own website or
page?
Just add a
couple of lines of JavaScript
to your pages and you can get
a free summary of Aardvark's daily commentary -- automatically updated
each and every week-day.
Aardvark also makes a summary of this daily column available via XML using
the RSS format. More details can be found
here.
Contact me if you decide to use either of these feeds and
have any problems.
Linking Policy
Want to link to this site? Check out Aardvark's
Linking Policy.
|
Did you tell someone else about Aardvark today? If not then do it
now!
|
|
| 
= open in new window