Simon Moores is amazed that nothing has been done to shore up the crumbling foundations of e-government security policy.
E-government isn't working - and I've been saying this since last October, when I gave a speech at Westminster.
“We’re either an online society or we're not and, without an architecture of trust and a readily available authentication capability more elaborate than a simple password or Pin, we are most definitely not in danger of becoming the first world knowledge economy that I imagined two years ago," I said at the time.
I am referring to the unholy mess that surrounds the government’s plans for digital certificates and PKI. One government-related publication commented this month:
“Although PKI (public key infrastructure) and digital certificate technology has played a major role in leading projects such as the Government Gateway, there is now growing recognition that it is unsuited for wider public use”
Government has known for at least a year that its PKI strategy wasn’t going to work. As far back as November 2001, in my role of "advisor", I passed on the concerns of local government in a memo to the Cabinet Office and the e-envoy. “All fur coat and no knickers” was one of the comments.
This month, one official is quoted as saying, “"Trust and authentication has been a huge problem for us. We haven't got a solution for authentication. We've been trying with PKI for about 10 years now and it's not working because it's a pain to implement and to use. We've been looking to take the pain out of PKI.”
But it’s the next quote that I find really interesting:
“What we are saying with authentication is that if another trusted organisation, such as a bank, can provide proof saying you are who you say you are, that should take the need away for digital certificates."
This isn’t a startling revelation and it's hardly a radical way of solving the authentication problem. It’s been on the table for at least a year, through conversations with APACS, Identrus, Quizid et al. It’s just that the government has taken this long to accept the inevitable, that someone else, through a public-private partnership, can rescue them from the hole that they’ve fallen into.
So, the good news is that government appears to be out of its denial phase where its PKI strategy is concerned, although I doubt very much that anyone is going to stand up and take responsibility.
What should have been simple and cheap has now become endlessly complicated, prohibitively expensive and stands in the way of both progress and the political agenda.
What do you think?
Are you happy with the security that PKI provides? Tell us in an e-mail >> ComputerWeekly.com reserves the right to edit and publish answers on the website. Please state if your answer is not for publication.
Setting the world to rights with the collected thoughts and opinions of leading industry analyst Dr Simon Moores of Zentelligence.
Acting globally, Zentelligence (Research) advises governments, suppliers, business and the media on the evolution, application and delivery of leading-edge technologies and specialises in the areas of eGovernment and information security.
For further information on Zentelligence and its research, presentation and analyst services visit www.zentelligence.com