4 February 1999
Doug Timmins
Assistant Auditor General of Canada
Madam Chair, thank you for this opportunity to present the results of our audit of Electronic Commerce, Conducting Government Business via the Internet, as reported in Chapter 19 of our 1998 Report, tabled on 1 December.
In 1995, the government committed itself to making electronic commerce the preferred way of doing government business by 1998. Budget constraints, the desire to provide Canadians with better service, and fast-growing access to the Internet for many Canadians have increased the importance of electronic commerce in government.
As defined by the government, electronic commerce involves all manner of commercial activities and transactions using computer-based information and communications technologies. It runs the gamut from electronic mail and faxes to payments, electronic fund transfers and income tax filings over dedicated communication lines, and now over open systems such as the Internet.
Our audit objective was to assess the progress of this initiative and to highlight any important challenges and risks the government may be facing in advancing the use of the Internet in it’s operations, both internal and external.
We selected three key areas to audit: the development and implementation of a public key infrastructure for the federal government as a measure for secure electronic commerce; the review of and changes to the legal framework in support of transacting business electronically; and the implementation of common infrastructures to support government administration, operations and delivery of services via the Internet.
There are many other areas involved in electronic commerce that are developing quickly and that we did not examine. In particular, we did not examine privacy issues, on which your Committee has recently been deliberating. While privacy deals primarily with the way information is used and shared once it has been received, we focussed on the security means offered by the public key infrastructure being developed by the government, including protecting the confidentiality and integrity of the information as it is exchanged between parties to a transaction.
Overall, we concluded that the government is making progress in all three areas we examined and, by addressing barriers to electronic commerce, is moving forward in the area of conducting business via the Internet.
For example, good progress has been achieved in the two main elements of the public key infrastructure: a cryptography product and a management framework to support the use of public keys in government.
As of July 1998, an interim technology product had been developed to provide for the secure management of public and private keys. In late 1998, it was in the process of approval and endorsement by the Communications Security Establishment. A final product supporting all levels of assurance across multiple organizations is expected this summer and the government’s final acceptance and approval by the end of the year.
As for managing the public key infrastructure, a Policy Management Authority committee has been established to set policies for the Government of Canada Public Key Infrastructure and to provide a management framework for government entities participating in the project. In early 1998, a Senior Interdepartmental Lead Committee of senior government managers was also struck to take on an advisory role to the Policy Management Authority.
The public key infrastructure still has to face two important challenges. First, in order to take full advantage of the technology, departmental applications have yet to be developed. The other challenge is determining how the public will obtain certificates to deal with the government and who will bear the cost. The risk is that the public key infrastructure may be underutilized for some time.
With respect to legal issues, we noted during our audit that the government had identified the need to update the legislation to make statutes media-neutral, ensure the recognition of electronic signatures and revise the rules of evidence for electronic records. Parts two and three of Bill C-54 address these very issues. Nevertheless, the government needs to ensure that issues of potential liability are identified and addressed as new electronic initiatives are introduced.
For the government to meet its stated goal of making electronic commerce its preferred way of doing business, departments and agencies need to be able to communicate easily across various technology platforms and citizens need to have seamless access to services. In our audit, we noted that two and a half years after a policy statement on electronic commerce, there is no senior sponsor to set future direction and many issues remain to be addressed in order to achieve the common infrastructures needed.
Our report recommended the appointment of a senior sponsor with sufficient authority to set direction, develop strategies and oversee the progress of electronic commerce in government. We also recommended accelerated action in setting the technology standards necessary to support the interoperability of systems across government, including the new public key infrastructure that will soon be ready to be deployed.
As we looked at various electronic commerce initiatives in government, it came to our attention that a wealth of experience exists in government that could be analyzed and shared across government for good practices and lessons learned. The Treasury Board Secretariat’s Pathfinder Project is a commendable step in that direction.
As a last comment, I want to say that the government is making progress in the areas we examined but it needs to take further action on its commitment to make electronic commerce its preferred way of doing business and becoming a model user of the information highway by 2000.
Madam Chair, that concludes my opening statement. We would be pleased to answer your Committee’s questions.