Frequently asked questions about NETFILE -- Security

1. How will you ensure confidentiality for someone who uses NETFILE?
2. Who is responsible for the security of the information after I send my tax return through NETFILE?
3. How can I ensure a hacker does not gain access to personal information stored on my hard drive?
4. If hackers can illegally access high-security Web sites like the U.S. Pentagon's, how can the CRA be so sure it can stop illegal access?
5. What if I have a firewall or anti-virus software?
6. What's the difference between 40-bit and 128-bit security?
7. How can I ensure that I am communicating with the CRA?
8. What can I do to ensure my security during online sessions?

Top of page

1. How will you ensure confidentiality for someone who uses NETFILE?
   We always consider the protection of confidential information to be extremely important. Before we allow individuals to send their tax returns using NETFILE, certain security conditions must be met. The browser on the computer being used must have a minimum of 128-bit secure sockets layer (SSL) encryption capability. This is the most secure form of encryption commonly available in North America. For more information on this subject, see Security.
   
   Before a tax return can be transmitted, our computers will check the level of encryption in the computer's browser. Given the nature and importance of the information (i.e., confidential taxpayer records), we use the highest possible level of security.
   
   In addition, Internet filing will be allowed only after we've determined that the sender has been properly identified using three items of identification, including an access code.
   
   
2. Who is responsible for the security of the information after I send my tax return through NETFILE?
   We accept responsibility for the security of information once we've received it, and we take precautions to ensure the confidentiality of data transmitted using NETFILE. Using 128-bit SSL encryption protects information by verifying the identity of the parties on both ends of the Internet connection before confidential information is exchanged. Your three identification items are positively identified when you log on to the transmission Web page. Throughout the session, we take extensive measures to ensure that security is maintained.
   
   
3. How can I ensure a hacker does not gain access to personal information stored on my hard drive?
   Unless you are using a firewall to prevent hackers from getting personal information from your hard drive, we suggest you remove any personal information, such as your tax information, from your hard drive and store it on diskette or CD. Note that a firewall may not protect you if you install peer-to-peer networking products, like those used at some popular Internet music sharing Web sites. In that case, moving your personal data off your hard drive is the best option. As a minimal precaution, ensure that you are not storing any personal data in a shared folder.
   
   You might need to change the setting on your firewall to allow communications between our server and your computer.
   
   

Top of page



4. If hackers can illegally access high-security Web sites like the U.S. Pentagon's, how can the CRA be so sure it can stop illegal access?
   We're taking every precaution to minimize risk and protect against any action by hackers. Secure sockets layer protocol (also known as SSL) enhances the privacy of the information passing between your browser and our Web servers. SSL protocol provides a safe passage for transmitting and authenticating data by encrypting the information. Data cannot be compromised when SSL is in use. This is the most secure form of encryption commonly available in North America.
   
   In simple terms, the SSL breaks down your income tax information into small, separate packages of information called packets. These encrypted packets are sent to the Internet individually, like pieces of a puzzle, each individually addressed. Once they've all reached the safety of our secure Web server, they're reassembled and decrypted.
   
   Confidential client information is not stored in the Web server environment. As well, sophisticated security techniques, such as firewalls, are used to protect our information. For security reasons, we cannot give more details about these techniques.
   
   

Top of page



5. What if I have a firewall or anti-virus software?
   If you have a firewall, you may have problems connecting to our transmission Web site. You may need to change the settings on your firewall to allow communication and uploading of your tax return between our server and your computer. The same will apply to any anti-virus software you have. The settings may need to be changed to allow communication and uploading of your tax return to our Web site.
   
   
6. What's the difference between 40-bit and 128-bit security?
   According to Netscape, 128-bit encryption is 309,485,009,821,345,068,724,781,056 times more powerful than 40-bit encryption.
   
   
7. How can I ensure that I am communicating with the CRA?
   With most browsers, you can verify that you are communicating with the CRA by clicking on the (key) or the (lock) which can be found either on the top or bottom right of your browser page. This key or lock appears during a secure session. When you click on the key or lock, if your browser permits it, you can verify that you are communicating with the CRA by reading the certificate information.
   
   
8. What can I do to ensure my security during online sessions?
   Clear your browser's cache: most browsers cache images or files that you have viewed and store them locally to improve performance. It is important to clear your browser's cache after online sessions to avoid someone being able to view your information later. Some browsers have an option to not cache encrypted sessions.