Government online, or e-government, refers to the electronic delivery of government services to citizens. In the past decade many governments have established an online presence by providing non-personalized information and services over the Internet.
Two critical next steps are personalization of online service delivery and online data sharing between government departments. These objectives require:
- A scalable solution for online client authentication that (1) gives clients a single sign-on experience, (2) is secure against online attacks such as phishing, and (3) can prevent clients from transferring identity credentials.
- A scalable solution for sharing identity-related information across service domains that gives clients appropriate degrees of control over the release of information about them.
Enterprise identity systems are not designed to meet these requirements:
- Privacy legislation, policy instruments, and citizen concerns guide governments away from rolling out unique citizen identifiers. Federated enterprise identity systems, however, rely on central identity providers that link all of a client’s identifiers, in effect creating a system-wide identifier for each client.
- With enterprise identity systems, any identity-related information shared across domains can readily be associated with the identity of the data subject: users cannot present identity attributes that cannot be traced back to their identity. Data protection legislation considers such data to be personal information and as a result restricts the right of government departments to share it.
- The identity providers in federated enterprise identity systems house the capability to instantaneously and automatically trace, profile, impersonate, and falsely deny access to any user. This capability can be misused not only by insiders but also by hackers and viruses.
- Enterprise identity systems typically do not prevent users from passing copies of their electronic authentication credentials to other users. In the context of government online, this enables users to obtain new credentials they are not entitled to. Relying on tamper-resistant smart cards or Trusted Computing to prevent transferability would create new privacy-invasive powers.
- Enterprise identity management systems require central parties to be present in each and every session between a government department and a user; this does not scale well for the population sizes that governments must accommodate.
With U-Prove, governments can overcome these seemingly conflicting security, scalability, and privacy challenges: see our white paper and the accompanying animated PowerPoint slides.