Secure e-transactions – the Government of Canada Leads the Way

Imagine being able to engage in secure electronic transactions with the government - to use your office's credit card to pay on-line for government services such as business incorporation; to transmit sensitive or personal information necessary for eligibility in federal programs; to exchange confidential data with the government knowing that your privacy and that of your clients is being safeguarded by the most rigorous combination of e‑government policies, processes and technologies in use anywhere in the world.

No fantasy, such capabilities are already here, thanks to the federal government's objective of offering its services and programs electronically. This ambitious project, first announced in the 1999 Speech from the Throne, is known as Government On-Line (GOL). GOL uses information and communications technology to provide Canadians enhanced access to improved, citizen-centred, integrated on-line services, in the official language of their choice, whenever and wherever they choose. GOL's goal is that by 2005 Canada will be known around the world as having the government most connected to its citizens.

GOL is not intended to replace nor supersede other service delivery channels; rather, it complements traditional avenues of citizen-government interactions - in person, over the telephone, through kiosks or by mail. However, GOL's implementation does mean that government is rethinking how it develops and delivers services to citizens and businesses.

The new approach is based on "citizen-centred" services that take into account Canadians' needs and expectations. Those needs are the organizing principle around which government now plans its service delivery activities, no matter which delivery channel is used. Changing how it interacts with citizens is also changing government's internal processes and practices. Where appropriate, service and information offerings are being integrated. Business practices are being streamlined. Citizen-government interactions are being made more user friendly. 

Service transformation naturally leads to more "horizontality"; that is, the breaking down of information stove pipes, the development of a common electronic infrastructure to support Canadians and departments, the introduction of improved interoperability between systems, and the reduction of overlap and duplication in federal processes. 

Trust is an essential element of GOL. Canadians and government alike need to establish a degree of trust in the identity of parties involved in on-line transactions. When providing electronic access to its programs and services, government must be assured that such services are being delivered to the appropriate person. Given the inherent openness of the Internet, the government has taken great care to ensure that parties engaged in a federal transaction will be able to have confidence in the identity of those they are interacting with on-line. Potential users of electronic services must also be able to trust that their privacy and the confidentiality of their information is protected in all aspects of this new way of interacting with government.

The Secure Channel is the trusted foundation of the government's electronic service delivery initiatives, providing the government-wide technical and policy infrastructure which permits, among other things, individuals and businesses to register for and gain secure electronic access to a growing number of federal programs and services. 

The government has gone to great lengths to ensure that GOL transactions are protected against the inadvertent or malicious disclosure of personal, private or sensitive information to unauthorized persons. A comprehensive process involving Treasury Board Secretariat's Chief Information Officer Branch, the Communications Security Establishment, Public Works and Government Services Canada, the Canada Customs and Revenue Agency and a private-sector consortium has led to the development of a revolutionary new electronic credential. Known as "epass", this credential allows users to have the same level of confidence in Internet transactions as they have in traditional paper-based transactions. In keeping with the citizen-centred approach, epass-based transactions are initiated by the user, not by government.

Using extremely sophisticated mathematical processes, an epass provides trust, privacy, confidentiality and security assurances in electronic transactions, through: 

• Authentication: the process of establishing an understood level of confidence in the identity of a specific individual. In the epass setting, authentication protects both users and the government. Users can be assured that their personal information will not be disclosed to unauthorized individuals, and government is protected against the fraudulent use of information which is in its safekeeping.
• Enhanced security: epass ensures that electronic transmissions between a citizen and the government are private and cannot be altered during transmission. 
• Non-repudiation: epass prevents parties to an electronic transaction being able to credibly deny their participation in that transaction. 
• User privacy: epass assigns an anonymous electronic credential to a user. Its anonymity ensures that no one can draw any inferences about the individual based on the programs or departments where the credential is used. 
• User choice: users will have the right to choose the same epass to access multiple federal programs, or to use a different epass for each program.
• User-friendliness: registration can be done quickly and easily over the Internet.

The new epass is a secure, privacy friendly, portable common service solution that is helping to standardize electronic service delivery across government. Accessible from any browser, epass provides economies of scale, while avoiding the duplication, overlap and interoperability issues that arise when departments develop customized solutions. 

How an epass works

The first time someone wishes to engage in a secure electronic transaction with a federal program or service, (or if the person chooses to register for a separate epass for each program with which he wishes to have secure electronic transactions), the program redirects the individual to the Government On Line Certification Authority, which issues the potential user an epass. In addition to a user identifier and password created by the applicant, each epass contains a randomly generated anonymous identifier, known as a Meaningless but Unique Number (MBUN). An epass also contains the mathematical formulae for encrypting and decrypting information. Encryption/decryption services protect electronically transmitted data against unauthorized interception or alteration. 

On its own, an epass is meaningless - it is always related to one or more federal programs, depending on whether the user chooses to use single or multiple epasses. Responsibility for validating the user's identity lies with the program. Some programs use a process of "challenge response" to ensure that the epass holder is who he or she claims to be. We are all familiar with institutions asking us questions about our mother's maiden name or our postal code before providing us information over the telephone. To a greater degree, a program uses a similar process to authenticate the identity of an epass holder. The would-be recipient of a federal service must correctly answer questions based on "shared secrets" - information known only to the program and the user. In other instances, the applicant registers in person for the service, providing documentation to prove identity.

Once the applicant's identity has been validated to the program's satisfaction, epass' anonymous identifier is "mapped" or linked to program information. In this way, the program does not have to revalidate the user's identify for each new transaction, and the user can simply access the program using the user ID and password he or she created in the epass issuance process, secure in the knowledge that all aspects of the transaction, from inception to completion, and all intermediary steps, are undertaken in a secure environment. 

While each program is responsible for validating the claimed identity of the potential user, it is the Secure Channel which provides the policy and technical infrastructure supporting epass issuance, recovery and revocation. Managing epasses through a central authority means that departments do not have to devise and implement their own processes and infrastructures for authentication services. Allowing departments to "set the bar" for the level of assurance they require in a user's identity brings great flexibility to the service. More importantly, epass' use of the unique anonymous identifier protects the user's privacy - there is nothing in the epass that reveals the identity of the user, the programs with which he or she interacts, nor the nature of those interactions. Programs hold all personally identifying information, and they are responsible, by law, for protecting the privacy of that information.

Privacy protection has been and continues to be a primary guiding principle in the development of both the Secure Channel and epass. The epass solution not only responds to Canadians' concerns about the privacy of their sensitive on-line transactions with the government, it also satisfies legal and regulatory requirements for ensuring the privacy of personal information in the government's care and control. 

The government has taken a phased approach to rolling out epass. In September 2002, Canada Customs and Revenue Agency (CCRA) became the first department to offer an epass based service to citizens. In CCRA's Address Change On-Line application, taxpayers use epass to securely update their home address, mailing address and telephone number information held in CCRA's files. The first epass-based service for Canadian businesses is the Record of Employment (ROE) on the Web application, offered by Human Resources Development Canada (HRDC). 

After a very successful pilot phase, this service is being rolled out in stages to Canadian employers. The ROE Web application responds to business' criticisms of the burdensome and costly process of reporting employees' insurable earnings to HRDC. By law, employers must issue an ROE so that employees who have quit, been laid off or terminated can apply for Employment Insurance. Each year, up to 1.4 million Canadian employers create over eight million of these ROE forms, at an estimated cost to business of more than $300 million. ROE Web allows employers to electronically submit employees' earnings information to HRDC. This secure and much simpler process provides considerable cost and time savings to employers and government both. ROE Web greatly diminishes the need for HRDC to capture data manually, thus reducing the error rate as well as the incidence of over- and under payments. It also limits the potential for fraud, and will eliminate up to 90 per cent of the paper used by employers and government in the current paper based process.

The government is using experience gained from the Address Change On-Line and ROE Web applications in a number of ways, including the development of a secure electronic credential for federal employees to use for internal to government electronic transactions. To date, over 85,000 epasses have been issued for use in the Address Change On-Line and the ROE Web programs. By 2007, it has been forecast that several million epasses will have been issued to citizens and business so they can have access to an estimated 125 epass-based programs.

In addition to providing privacy protection, epass has also been developed to be portable and reproducible. The federal government is currently in discussion with a number of provincial governments which are considering using epass in the secure electronic delivery of provincial services. While there are many governments in Canada, they all serve the same taxpayers. If other levels of government embrace the epass solution for their own e government initiatives they, and ultimately the taxpayer, would be spared many of the costs of developing an on-line credential solution. Citizens and businesses would also find it much easier to engage in secure electronic transactions with different jurisdictions if they could use epass for those interactions. 

Even if other governments decide to develop their own electronic credential solution, epass can serve as a very useful model for their efforts. This should lead to achieving interoperability of governments' service delivery systems, again reducing costs. Why would it be advantageous for service delivery systems to interoperate? There are many instances of different aspects of a program being delivered by different levels of government. Imagine how much easier life would be for citizens and public servants if these systems worked together seamlessly. 

The epass project has contributed to the competitiveness of government's private-sector partners. In meeting epass' stringent requirements for user friendliness, privacy protection and portability, they have developed innovative products they can now offer to other customers. 

With epass providing secure electronic access to government programs and services, Canada is well on its way to realizing the goal of having the government most connected to its citizens.