Government of Canada
Gouvernement du Canada
Privacy By Design
April 2005
Brenda Watkins
Director,
Policy & Business Strategies
ITSB, PWGSC
Cathy Ladds
Manager,
Public Opinion Research
CIOB, TBS
Government of Canada
Gouvernement du Canada
The Canadian Landscape:
 Recent headlines from Canadian newspapers:
ID Theft Affects one-quarter of Canadians
Stolen laptop exposes data of 100,000
There’s No Safe Place
Hacker alert: Report finds surge in on-line attacks
2
Government of Canada
Gouvernement du Canada
Quotes from Concerned Canadians:

“I don’t think anything electronic is protected or secure, always
hackers somewhere.”

“It’s just like the movies. If someone wants to get your
information it’s not that difficult.”

“The Government has access to more of my private information
than anyone in the private sector – even banks.”

“If NASA can be hacked so can anybody. How can I be totally
sure about the safety of my personal information.”

“As I do not trust government, I would doubt that they are
secure at all. Government is too cheap.”
3
Government of Canada
Gouvernement du Canada
Our Research Approach:
 Over the past 4 years, Government of Canada initiated
both qualitative & quantitative studies related to privacy,
security and authentication issues.
 Senior management recognizes that public attitudes and
awareness needs to be consistently monitored so that
trends are identified and analysed – especially important
is how these attitudes drive behaviours
 Many federal departments have collaborated on national
research studies to support the development of the
Government of Canada’s Secure Channel/On-Line
Authentication Service
4
Government of Canada
Gouvernement du Canada
Privacy, Security and Authentication Research:
 When it comes to these issues, Canadians are strongly
influenced by the media, friends and family.
 Canadians are worried about the safety of the data they
may send over the Internet – in focus groups, we
regularly hear about:






Identity theft
Hacking
Viruses
Government computers being lost/misplaced
Private sector accessing public sector data
Use of biometrics to improve security – 66% of Canadians
agree with the use of fingerprint scan by government if it
means better service and lower risk of identity theft
5
Government of Canada
Gouvernement du Canada
Privacy, Security and Authentication Research (2):
 Ipsos Reid’s Government Services Study found that
maintaining security, confidentiality of personal
information is the most important aspect of Government
of Canada service delivery – 72% considered it to be
very important
 48% of Canadians think it is somewhat to extremely
likely that they will experience a serious invasion of
personal privacy in the next two years
 48% of Canadians think the federal government has one
large database for all personal information
6
Government of Canada
Gouvernement du Canada
Privacy, Security and Authentication Research (3):
 56% of Canadians want to have more than one
electronic passport/password for their dealings with
different federal departments as they do not want any of
their personal information shared between departments
 However, 70% of Canadians indicated they would prefer
to have only one government identity card that
contains their personal information that they could
use in all their transactions with the federal
government
 Impact of privacy policy – 33% of Canadians would be
much more likely to use on-line government services if
there was an easy to understand privacy policy that
clearly spells out how their personal information is
used and what rights they have
7
Government of Canada
Gouvernement du Canada
Citizens’ Expectations for an On-Line
Authentication Service:
 Convenience and speed
 Simplicity and ease of use – language levels, no jargon, KISS
 A system that has world-class security and uses world-class
technology
 Protection of personal information
 Authorized consent before any data sharing takes place
 In most instances – one password/log in for all government
transactions
 Choice – option of being able to work through other channels
 Education and information – to increase awareness of secure service
offerings and to help people use the system
 Access to humans – for help, support, questions, etc.
8
Government of Canada
Gouvernement du Canada
Key Messages From the Research:
 Governments must consider privacy
and security as part of its electronic
service delivery initiatives
 Electronically delivered programs and
services must be well-designed and
easy to use
9
Government of Canada
Gouvernement du Canada
Responding to the Research
How the federal government
developed and implemented a
single, privacy-friendly
authentication service for secure
access to Government On-Line
Services
10
Government of Canada
Gouvernement du Canada
Canadians’ Concerns and Expectations
The research revealed:
 Canadians’ privacy and security concerns
about government electronic service delivery
 Canadians hold government to a higher
standard when it comes to protecting their
information
The Solution:
 An authentication service that provides privacy
and security for GOL transactions
11
Government of Canada
Gouvernement du Canada
Government On-Line Authentication Service
 Ensures that on-line participants are who they claim




to be
Maintains data integrity and confidentiality of
personal information
Provides evidence for non-repudiation
Permits differing levels of authentication for different
service offerings
Provides secure electronic signatures
12
Government of Canada
Gouvernement du Canada
GOL Authentication Service Strategy
 To implement a common authentication service
that:
 Is user-friendly and manageable
 Respects privacy principles
 Supports a range of functional and security
needs
 Is extensible, scalable and interoperable
 Offers simple, efficient registration process
 Is economic and strategic
13
Government of Canada
Gouvernement du Canada
GOL Authentication Service Strategy (2)
 Prerequisites:
 On-line credentials must be secure and
“portable”
 Browser is the client’s preferred on-line tool
 Privacy principles must be rigorously observed
 Phased roll-out
14
Government of Canada
Gouvernement du Canada
Authentication Service – Privacy By Design
 GOL Authentication Service was a PIA Pathfinder
project – privacy was built in from the outset
 Underwent four iterative PIAs:
 Conceptual PIA of vision
 Requirements PIA of proposed architecture
design
 Dataflow – including screen flows and
implementation
 Final PIA on production system
 Demonstrated that Privacy Impact Assessments
are an essential architectural tool
15
Government of Canada
Gouvernement du Canada
Use of Public Key Infrastructure (PKI)
 PKI provides a secure inter-operable infrastructure
but the technologies and processes raise some
specific privacy concerns:
 Bind identity to a digital certificate (distinguished
names)
 Have the potential to reveal information about
user from use of certificate (inference)
 Raise the question of collection and sharing of
information between government services
 registration, directory
 The challenge was to develop an enterprise-wide
PKI-based solution that respects privacy principles
16
Government of Canada
Gouvernement du Canada
epass – A Revolutionary Solution
 Access to GOL services is via “epass” – a secure
electronic credential
 Differs from traditional PKI implementations:
 epass certificate is anonymous – it is not
bound to the identity of an individual or entity
 the only identifying data in an epass is a
randomly generated, unique number (MBUN –
Meaningless But Unique Number)
 Impossible to deduce anything about the
epass holder
 Developed in strict adherence with privacy laws
and policies
17
Government of Canada
Gouvernement du Canada
How epass Enhances Privacy
 Registration process:
 User creates unique user ID and password
 Encryption and signing keys are generated
and stored in double-encrypted profile
accessible only to the user
 The user identifies recovery questions and
answers during registration process
 epass is issued and downloaded to the user’s
browser
 NO identifying information is contained in the
epass – only the MBUN
18
Government of Canada
Gouvernement du Canada
How epass Enhances Privacy (2)
 The program is responsible for authenticating the
epass holder’s identity
 The authentication process is as rigorous as
nature of the transaction dictates
 Once the program is satisfied as to the identity of
the epass holder, the epass MBUN is mapped to
the program information
 Mapping information is kept by each department
or program in a separate secure database
19
Government of Canada
Gouvernement du Canada
epass-enabled GOL Services





CRA Address Change On-line and My Tax Account
HRSD/SDC Record of Employment
Veterans Affairs Pension Submissions Service
CRTC filings (applications)
Atlantic Canada Opportunities Agency grants and
contributions filing service
 Passport Online
 Telefilm Canada – final submissions application
 Health Canada’s electronic regulatory system for
pesticide applications
Over 573,000 epasses issued!
20
Government of Canada
Gouvernement du Canada
Recognition
 For the fifth time, Accenture rates Canada #1 in
e-government maturity – specifically mentioning
epass as a contributing factor
 Four GTEC gold medals since 1999
 Federal Privacy Commissioner
acknowledgement: “…the creative approach they
have taken in addressing many of the privacy
risks associated with more conventional on-line
client authentication models.”
21
Government of Canada
Gouvernement du Canada
GOL – Enhancing Democracy
By implementing responsive, privacy-friendly and
secure electronic access to a growing number of
federal programs and services, GOL strengthens
Canadian democracy by bringing government
closer to citizens
22
Government of Canada
Gouvernement du Canada
For More Information
Cathy Ladds (613) 946-3048
ladds.cathy@tbs-sct.gc.ca
Brenda Watkins (613) 781-7695
brenda.watkins@pwgsc.gc.ca
23