Projects:2016s1-160b Cyber Security - e-Government and Network Security

From Projects
Jump to: navigation, search

Using Internet Protocol Packet Visualization to support debriefing

Group members: Johann David Krister Andersson
Supervisor: Dr. Matthew Sorell

Description:
NATO's Operation Locked Shields (LS) is a yearly network defence exercise which aims to test and train network security professionals. The after action debriefing are challenging as it is difficult to explain how exactly an attack occurred without looking at Internet Protocol packet flows. It has been proposed to use packet visualization techniques to support the debriefing, however, existing visualization tools lack important features such as IPv4 and IPv6 hybrid support and application layer support. The present study aims to provide recommendations for upgrades and changes to existing tools that are needed for them to be used to support debriefing.

Introduction:
Public facing networks are likely under regular attack and attacks are constantly evolving. Several existing packet visualization tools exist. For example, Okada proposes a 2Dto2D method that displays packet captures over time by source and destination address and port. Muelder describes a layered method. On the highest layer a statistic is shown over the whole packet capture interval such as connections per port. This layer is intended to be used to pick a particular time for further investigation. The second layer breaks down the statistic by ports which is intended to be used to pick a particular port for investigation and the third layer shows various statistics for the selected port.

These methods were developed for the purpose of attack forensics. For example, Okada's method is useful for detecting DoS, DDoS, port scanning and covert communication channels. However, these tools are not developed for the purpose of debriefing which requires additional features, not all of which are relevant to network forensics. Particularly challenging, and chronically under supported by existing tools, are attacks on networks with transition mechanisms. These attacks take advantage of the transition methods implemented to support the transition from IPv4 to IPv6, such as flood router6 and Smurf6. For debriefing it is also important to filter out irrelevant packets. For example, during the LS exercise background traffic is generated to hide malicious traffic, as would be expected during network security events outside of defence exercises. However, during debriefing background traffic is unwanted noise that should be filtered out. Existing tools focus on the lower level of the Internet stack, particularly on the network layer. However, attacks, such as those on outdated browser version such as CVE-2014-1510 and CVE-2014-1511, occur at the application layer.

The present study aims to review several existing tools in the context of post defence exercise debriefing. The needs of the debriefing and the attacks used during the defence exercise will be discussed with several professional from Tallinn University of Technology and NATO who are involved in the LS exercise. Of particular focus is the extension of existing tools to support the analysis of attacks on networks in transition, adding support for the application layer and investigating filtering methods to reduce noise. Additionally the attack methods specified in the after action report will be reviewed and recommendations for visualization methods that explain how these attacks take place will be made to support the LS exercise in 2017.

Progress report:
Complete document: [1]


Critical Analysis of Australian eGovernment Identity

Group members: Pumuditha Osura Jayasundara
Supervisor: Dr. Matthew Sorell

Introduction

E-Governance is the utilization of Information and Communication Technology (ICT) to convey nationals of taxpayer driven organizations, online exchanges and coordination of different stand-alone frameworks. Binding together the administrations into a multi-reason distinguishing proof gives accommodation and an expanded level of security. This conveys the capacity to digitally sign records and contracts simply. The present study expects to give suggestions to upgrading the current e-Government framework and base a strong stage for future potential outcomes after breaking down the qualities and shortcomings of these proposals.


Problem Statement

Australia shares a common road when it comes to privacy and personal information. The citizens are under the assumption of the government and other agencies collecting private data to provide certain services, this is true to some extent. The citizens are informed why the government collects private information and how it is used to provide the service, in return the citizens give up their ownership and control of their own personal information . This opens up the issue of the society not trusting the government with their personal information and yet they trust an international organization like Facebook to hold their information.

The Census 2016 was supposed to be a statistical collection campaign undertaken by the Australian Bureau of Statistics (ABS) to produce a snapshot of Australia's growth and change over the years. The unexpected series of events that took place during the day lead the Census to be a failure. Claims were made for alleged breach of the server by overseas hackers, it was also claimed that no personal information were taken but this debacle has created issues and controversies amongst the public.

Central Argument

The central argument for the present study is based around a digital identity eAustralia Card to provide confidentiality and privacy along with convenience for government service use. The existing system do not provide a unified solution and essentially leaves with minimal levels of privacy and ownership of identity. The consumer market strives for simplicity in day-to-day life and would expect their government to provide government service accessibility with minimal hassle and ease of use. The DTO's new scheme on a new eGovernment system aims to provide a similar product as of UK. The central argument of this study will be based around taking advantage of this new solution and identifying strengths and weaknesses to provide an eAustralia card solution.

Current Condition

Many governments around the world are incorporating an e-government setup, Australia being one of them. The current system in Australia (myGov) involves a government website which has a simple online registration process and links to other government services such as Taxation office, Medicare and Centrelink[1]. The registration process uses an email address and by using a confirmation code forwarded to the email, an account can be set up without the use of personal ID verifications.

The current Australian identity system was developed by the Department of Human Services (DHS). This is particularly used for transactions with Centrelink and Medicare services[2] as mentioned previously. A point to emphasize on is the Australia Taxation Office (ATO) linked to the myGov system. The service offers a central and secure inbox where the owner of account can receive messages from the respectable services (Medicare, ATO, Centrelink, Child support and the like), these messages include letters, statements and other necessary information[2]. As expected, the profile allows you to freely manage your personal details and fill in other criteria.

Citizens are expected to visit local branches or call necessary services prior to gaining such service[3]. Only after this one can have the facility to link via myGov to access and secure these services.

In terms of its security, there is a 2 factor authentication (2FA) process where the server will send an SMS code after the password has been entered. This is fairly secure but there is also an option to turn off the 2FA if not preferred. This just essentially means your account is vulnerable for attackers, simply guess a password and you are in.

When establishing an account, the user is required to provide an email address, phone number, and 3 secret questions and corresponding answers (standard procedure). The profile retrieves other data of you (DOB and Name) when you successfully connect with a public sector service. This essentially means the government sends your information to member services to undertake an authentication process.The authentication process is usually done automatically via the government or by an authentication code issued to you by the respective service. Your myGov information will be shared with linked participating member services when using the myGov update detail service.

The Australian government takes responsibility for the security of your privacy as any other government would. The privacy notices states that the department have the rights, through myGov service to collect your information and how the department disclose, store and secure your information[4].

Necessary steps taken to ensure security include storing electronic files in secure facilities, encryption of data, conducting regular backups of data, using audit and logging mechanisms and having physical access restrictions in place. Personal information is destroyed if verified to be no longer needed[4].

How is Australia tracking with the digital transformation?

According to statistics provided by the Digital Transformation Office (DTO), there are more than 4100 government websites currently in Australia and over 55% of users have difficulties on finding the information they are seeking[5]. The message automatically sent by this is to essentially make government websites easier to use and ultimately have these services under one simple (.gov) domain.

The transaction between the government and its citizens becomes the most important success metric for most countries. For example, if a citizen were to apply for permanent residency, success would be much shorter processing time[5]. This is something important that the government consider along with cultural change and staffing that goes with the assistance.

Digital transformation often becomes difficult for businesses to keep track of due to new programs and innovations that emerge on a regular basis[6]. Public sectors in Australia are struggling with the transformation, 70% of the public sector organizations lagging behind their private counterparts[6]. To better prepare for digitalization, there will be massive up-shifts in commitments to cloud platforms.


Currently used procedures

As we know, Australian e-Government is a long way behind many other developed nations. It appears that the national leadership failed to understand the importance of making e-Government a priority a long time ago. Thus, our existing solutions seems to have inconsistent approaches, and making it frustrating for Australians to use.

Every missed opportunity sets back the public trust online government services. This is to be further looked into later in this study.

The three most important factors to the delivering of e-Government are usability, reliability and security.

The above listed services can primarily be accessed via the myGov portal. The services however can also be accessed bypassing the myGov portal requiring a different pass-phrase/password verification method. To be able to access these services, accounts must be created with the respective service prior to linking with the portal which requires further verification of the user. The digital identity of these services allows you to submit claims, access tax records and find relevant information for simple enquiries. Along with the above services, one can access Department of Veteran Affairs, e-Health, and Disability Care accounts.

The Australian Taxation Office also provides an online data entry. This is not necessarily digital identity, but rather just entering your data online with inadequate explanatory guidance. The ATO website also consists of obsolete information which makes matters very inconvenient and also risky for usage.

As a developed nation, it would be ideal if this digital identity procedures list goes on, but dejectedly these are the only mainstream services that are accessed with the use of an “online identity”. Even with these available services, none provides the capability to prove who you are online, simply create an account with an email and password and you are set.

The main issue to be established is that the digital identity of an account must truly belong to the physical person and no one else. The ability to access personal health records, social security payments and tax details provides an opening to identity theft[7], and by above analysis, it seems that the myGov verification process is rather weak.

Outside of the government, the sign up procedures varies from service to service. Several services required a verification procedure such as 100-point ID check. This is a process that is very open to interpretation that a person is required to provide more proof of identification to rent a house than an entry back into the country after being overseas. The problem is, how long can the "100 points of ID" last? And also, where do all these photocopies of user information such as birth certificates, driver’s license and passports end up?

Strengths & Weaknesses

While distinguishing the strengths and weaknesses of the digital identity circumstance in Australia, we search for the level of security in an individual's data on the web. A national must have the capacity to claim their personality and can demonstrate who they say they are on the web.

In terms of strengths of Australian digital identity, there are notable security protocols taken to protect your information. Firstly, the 2-Factor Authentication is a widely used verification process that requests for a password and a secret sequence of characters sent to your mobile or email address, but for the purpose of myGov, the secret characters are sent to your phone.

Another notable strength of the digital identity in current eGovernment system is the simplicity to use the available services with a simple few clicks. While this provides easy access the portal and hence the services, this also leaves user data vulnerable to possible attacks as mentioned earlier.

It is however unclear that if the DHS has undergone a security threat assessment to understand the gradient of possible attacks to citizen data. This also then becomes the weakness of the eGovernment solution. The 2FA authentication system is widely used around the world, such as the Google authenticator. However, for the use in government services it is important to consider the most common attacks on 2FA. Some attacks include; key logging and redirection, man-in-the-middle attacks, man-in-the-browser attacks, account recovery procedures and third party applications. The fact that there hasn’t been a significant threat to the system blindfolds the citizens to assume that their data is secured and safe.

The mailbox system in the myGov portal is also a very inconvenient system. This is used as a middle point communication system where a service attempts to communicate to the citizen regarding certain issues.

The first problem with this is that, the respective service sends electronic documents to the myGov mailbox, however, two- way communication is not possible through this service. Since there is no two-way communication capability, if the user is required to give the email as an identity, why isn’t the documents sent direct to the private email. The uncontrollable privacy and security nature of the private email would be the only reason this does not occur. Raising the initial point, if the service wants to communicate with the citizen via the myGov mailbox, what is the purpose of it if the user cannot communicate back.

Ultimately the biggest weakness of the digital identity of myGov is the lack of services provided by the “eGovernment” of Australia to take advantage of a solid digital identity framework that does not exist as of now.

The Census debacle and public trust

The Census 2016 were greatly expected to be completed digitally, and for the majority of the process, it lived up to its expectations. The application could either be submitted via digitally or by paper form.

To ensure the expectations of at least 65% of the population, the ABS counted on International Business Machine (IBM) to provide the server for the Census day, 9th of August. The IBM- built $10m worth server was capable of handling up to 1 million page loads per hour and 260 Census submissions per second.

The expectations were not able to live up to its name as major server interruption occurred during the Census night. There were some percentage of the population which have already completed the forms before the website shut down.

The series of events shows the lack of reliability of a government service and also vulnerability of the digital environment for attackers. The events showed that there were multiple attacks (4 attacks) occurred from overseas throughout the night. The attacks were supposedly have come from the United States. The ABS however stated that no privacy has been breached by the attacks as it appeared to be re-routing the internet traffic through America causing the website the shutdown with a large number of users attempting to submit forms.

The unawareness of the citizens about extended deadline for the census also created tension amongst the population for possible consequences faced due to incomplete Census form.

The server attack has different perspectives from different parties. The system was built to handle 1 million form submissions per hour, but if you think about suddenly 4 or 5 million Australians are going to use the website at the same time, it is then going to look like a denial-of-service (DoS) attack. This leaves with three possible scenarios of the website shut down: 

    1. A distributed DoS attack caused the problem
    2. Too many uses concurrently overloaded the system, or
    3. A combination of both scenarios.

The likely analysis of this case is that IBM may have failed to mitigate against a predictable DoS attack. This fails to abide by the basic principles of information security; Confidentiality, integrity and availability. This was also a good “wakeup” call for security threats against the myGov system.

The point that this is trying to get across is “How are the Australians keep on going to TRUST the government”.

This issue has created a lot of controversy around the public and the trust in government are gradually decreasing. The attack left the citizens thinking that their private information is at risk of being exploited and being publicly available.

A progress report that ABS has gathered back in 2013 has also showed that there has been minimal progress with government trust over the years. The taken statistics showed that in 2010, 54.1% of Australians agreed that most people could be trusted which was the same percentage 4 years before in 2006.

The level of summed up trust is viewed as a decent measure of advancement for trust in Australian organizations and administration forms since it catches whether individuals in the group feel that they can believe each other. While there are numerous individual and fortuitous variables that impact the level of trust individuals have for each other, administration frameworks in the public eye are prone to likewise assume a part because of the noteworthy impact they have over numerous parts of individuals lives. In the event that individuals feel that administrations and private establishments need trustworthiness and have poor administration, then this is likely, at any rate to a limited extent, to be reflected in summed up levels of trust.

In saying this, the public participation in government based processes is also very important. It is important that everyone has the opportunity to participate in decision-making that affect their lives. Australians could take an interest in and impact how society is overseen by going to group gatherings, talking or keeping in touch with legislators, marking petitions, voting in decisions, and in other numerous different ways.

To establish an empowerment model for the eGovernment of Australia, it is important that citizen rights and responsibilities are protected by national laws. This then conveys that good governance is effective and efficient.

Digital Transformation Office

Digital Transformation Office is an administration organization that was built up to convey taxpayer driven organizations for Australians. This area investigates their computerized personality proposed arrangements of the models, strategies and norms. The measures are broken down to perceive how the native center fairs against a typical government centered methodology.

The DTO is a government organization established in July 2015 as a proposition to lead the transformation of government services to deliver a better experience for Australians.

The current situation as addressed in the literature review is the main reason for this agency to build up initially. The majority of the Australian population rely on government information and services online, this totals around 324 million transactions a year[8]. It is calculated that roughly half these people will encounter a problem while using the services and resources online.

Aims, Objectives & Strategy
The DTO was a proposition laid out by the Malcolm Turnbull’s government. The establishment of the DTO is due to many reasons, these include[9]; 

    1. Majority users of government services are choosing to use government services through digital means, either by PC, tablet or smartphone
    2. The inconsistencies of government services in digitizing the service.
    3. Users expectation of accessing government service using one portal and not multiple different agencies.


Aim:
The simple aim of the Digital Transformation Office is to transform government services, making services available digitally from start to finish, essentially making them simpler, clearer and faster to use. They will also aim to work with government’s customers – the public and the business to design services of appropriate standards.

The DTO will be responsible for all the delivery of digital government services. It aims to lead and coordinate the government’s digital transformation and work with public and private sector services to invest in the technology that will underpin digitalization.

The digital delivery of all government services is very much needed for the citizens of Australia. The current stage has many inconsistencies within the services and it also puts the citizen identity on the line for possible identity theft. The DTO’s secondary aim should be the actual security of the information stored. Any service storing such highly sensitive personal information needs to be backed up by strong authentication procedures. This would mean that stepping away from the current 2-Factor Authentication method that myGov provide and produce a better "SecureID" verification method. It seems that the 2FA is a very dated method and is ineffective against modern day online threats.

Objectives:
The objectives of the DTO were set out to be to create the Front-end and Back-end of an eGovernment solution. The unified services are set to go under a single government agency which allows the citizens to access them with simplicity and conveniently.

The priorities of the objectives are to: 

    1. Transform services
    2. Build a beta of GOV.AU
    3. Build an identity alpha
    4. Create a digital marketplace
    5. Build a performance standard
    6. Create cloud.gov.au
    7. Support delivery of the digital transformation agenda projects
    8. Create digital communities of practice
    9. Continue iterating the digital service standard


In order to revamp and transform the eGovernment system in Australia, $254million has been budgeted over the course of 4 years. Putting into perspective, this is less than half of the cost to build the Adelaide oval. This set of priorities were set in 2015 when the organization began and were expecting beta and alpha versions of the GOV.AU and identity by August, 2016 respectively. As of October, 2016, we are still waiting for a release on the beta and alpha versions of the prototypes.

Strategy:
The strategy of the DTO is to ensure that the full control of existing myGov digital services portal belongs to them initially. This allows them to maintain the system and to integrate it into the new GOV.AU portal once released.

The strategy will then be entirely based on their digital service standards.

Prototype - alpha System
The DTO is expected to release the alpha and beta systems of digital identity and GOV.AU respectively. These are released in these stages to allow for citizen feedback and make appropriate adjustments necessarily. The prototypes are modeled to have proper functioning of services without an end submission. This will give citizens an idea of what to expect in the future and if changes are need to be made, feedback is provided.

The digital identity proposition is aimed to provide citizens with an identity solution to prove who they are while using government services online. This is a solution where citizens are expected only establish their identity once for multiple government service use[8]. This is what the citizens are begging for, this essentially eliminates the point of signing up for multiple different services with different verification of your identity. The existing identity framework, which is very inconsistent from service to service, can be unified by this scheme and allow for a much simplistic and secure solution for the users.

The prototypes are built around user’s needs, rather than the government standards. The different stages of the prototypes can be used to get feedback from citizens and adjust as necessary. The inclusion of private sectors and working alongside them will come with a great benefit to get outside expertise on the prototypes.

The individual in charge of the digital identity sector of DTO said that the aim was to create a “genuinely whole-of-government” digital identity solution that could link together with existing identity credentials from business and agencies of federal or state governments[10]. It is great that the proposition is made to unify the existing identity credentials, but do people really want the digital identity or do they just want to get something done as soon as possible.

The details of digital identity alpha prototype were to be published on the 29th of August. As of October, the details have yet not been published and is behind schedule. Digging through the DTO website, there are very minimal information about the digital identity prototype and so it is difficult to analyse what this means for the future of Australia.

The advantage of establishing a digital identity in Australia is that it allows you to be anonymous while being online. Even though you provide your real details to establish an identity, you don’t have to disclose any further information when accessing services like you have to currently.

The biggest concern is the issue of identity theft, and by the establishment of digital identity, the possibilities are minimized. This also helps against issues such as welfare fraud as it allows the government to track down under the single identity credentials to ensure that there are no frauds.

The possible disagreement of citizens not wanting a digital identity raises a few issues. In comparison to the current state of identity handling in Australia, the use of digital identity provides a trusted foundation so citizens can prove who they are without giving away unnecessary amount of personal information that is stored in many places such as hospitals, doctors, banks, insurance companies and others. This also gives the freedom to actually control their identity and decide when they want to present their credentials and when not to.

Something to consider for this process is the issue created by the Census failure of overloading the servers which led to a shutdown of the service. Having the services unified and a digital identity solution to use through one portal, the possibility of server issues is still open. Statistically, most Australians run into an issue while accessing a service or finding government information online currently. If these simple issues are not looked into right now, if the roll-out of a digital identity ever begins, the process will be miserable and probably embarrassing.

While on the topic of rolling out the digital identity to the citizens, the existing identity credentials and stored private information needs to be transferred over to the new system or completely destroyed to ensure that any privacy information are not accessible by others.

The release of digital identity alpha prototype did not occur due to the release of a digital marketplace prototype. This is established to help businesses to develop whether it may be a small or large business. This marketplace will act as a portal where government buyers and sellers can connect and have the procurement interactions they need.

The DTO is also developing a Trusted Digital Identity Framework (TDIF) to make it easier for government organizations to work together with the DTO. This is a service that will verify the identity of individuals so they can access government services via a “federated verification product”[11]. The Australian Privacy Foundation (APF) has however raised concerns about the way DTO wanted to proceed with the TDIF scheme. It is concerned that Australian citizens will face serious risks using this scheme. It is noted that the government agencies would benefit more from this and also the possibility of security breaches both by insiders and outsiders.

Its main concern is that the DTO has not started an ‘engagement’ with the civil society despite the fact that it is nearing the alpha phase. The number of failures in the past would mean that it is expected for public distrust of the machinations of federal government agencies.

Government Focus vs Citizen Focus:
Every one of the choices made with respect to eGovernment has been produced using an administration point of view. The nationals had negligible say on this respects and the main decision they had was to vote in favor of the individual picked party and acknowledge the progressions they make.

Turning government focus into now citizen focus eGovernment solution can have both benefits and negatives about it. The major benefit is that the citizens get what they ask for and this is also the major negative as it is impossible to get a 100% voting on a solid foundation.

Citizens today expect more transparent, accessible and responsive services from the public sector. Having a government focused standard would simply mean that the citizen have to adapt to the system and it is entirely up to the government to produce a reputable eGovernment system.

Having a citizen-focused standard allows the government to ask what aspects of service delivery are most in need for improvement. At this stage it may be a clear answer of every service needing improvement, however asking the citizens to rank the importance of the service allows the government to prioritize and improve accordingly.

This also benefits the cyber security sector as it gives an opportunity for outsiders to give their opinion on possible security breaches. The gradient of security threats hasn’t been a concern greatly for Australia, but moving forward it is important to maximize the protection of citizen private information.

Analysis: e-Estonia Digital Identity

This area takes a gander at the center of Estonia's advanced digital identity arrangement and recognize the conventions and techniques used to confirm character online while furnishing an improved arrangement with an opt out system. The Australian current and proposed digital identity arrangements are then contrasted with the Estonian counterpart and dissect conceivable outcomes.

The Estonian government had a simple mindset when laying the foundation for e-Estonia.

They decided on the principles:

Decentralization, this means that there are no central database and ultimately means that, every stakeholder, whether it may be the government or a business, they get to choose their own system at a time they please. This gives the freedom to work at your own pace, having a centralized system would force you to commit to certain things that weren’t initially planned for.

Interconnectivity, this means that all the services and other elements in the system have to be able to work smoothly given the fact that it is a decentralized system. This is very important to consider as unresponsive and “buggy” elements of the server would lead to great frustration for citizens.

Open platform, this means that any institution can take use of the Public Key Infrastructure.

Open-ended process, this means basically having a source code open to the public and establishing the project being continuous and plan to grow and improve over time. This allows the infrastructure to develop further and be at the top of digital 5 consistently.

Comparative analysis with the prototype Australian Identity by DTO Now the Estonian identity services are compared to the system propose by the DTO and is analysed what Australia can further learn from Estonia.

Table2.PNG

Comparing the existing and proposed systems, it is clear that DTO is pushing for more digitized services.

Initially, the first major difference is that DTO is attempting to create a centralized system to allow for all the e-Services under GOV.AU. The authentication protocols are likely to be 2FA carrying on from the myGov tradition. However, DTO is attempting to establish an opt out/once off information submission.

Without addressing in depth details on individual services, it is still however unclear how the citizens would be verified to use these services transition from the existing digital services, i.e Centrelink. Whereas all of the Estonian services are used with the use of either the ID card or mobile-ID by using your PIN1 and PIN2 depending on the service used.

An interesting announcement by the DTO was featuring a biometric identity framework. The head of digital identity has established that the verification framework that the commonwealth identity service will use needs “well anchored” biometrics without specifying what biometric data to be used[8].

While biometrics are considered to be the world’s most reliable and secured source of verification, it also has its own downside. Regardless of how great the biometric scanner is, there will always be some form of imperfection that leads to inaccuracy and thus resulting in an invalid reading for authentication purposes. This would result in re-submitting your biometric data more often which is a hassle for a large country like Australia.

The intended transformation by the DTO appears to be quite the reach, especially with a budget less than half of the cost of Adelaide oval over the course of 4 years. The delay of both alpha & beta prototypes also concerns the budget and the time given for the complete transformation. The ambitions of being able to be a part of the digital 5, essentially making it digital 6 seems like a long stretch after being compared with the leading government focused on digital services.

With that being said, biometric verification is exactly what the DTO had planned. It would be an opt in system rather than compulsory. The chances of selling this to the public is very minimal especially after the Census debacle and this could create more problems with privacy issues than what it already is.

Even though biometrics can add an extra layer to the security, adding this to the existing or upcoming framework can be nearly impossible to initially convince the public. The public trust is already at its lowest point due to the census and certain metadata collection concerns.

The last element from the table to be noted is that Australia do not hold a physical object, i.e ID card that can be interconnected with authenticating the citizen with government services. Australia has had its opportunities with Australia card and an access card but could not turn into a great deal due to the public and government unhealthy relationships. Having said that, this might just be the time for an “e-Australia Card” and allow full control of citizen identity and not having to have the ubiquitous driver’s license as your main form of identity along with stacks of other cards to use for other services.


e-Estonia Card

The Estonian identity card is a smart card that is issued by the Police and Border Guard Board in Estonia. This card can be legally obtained by all Estonian citizens and permanent residents from the age of 15. As of 2012, more than 1.1 million people in Estonian hold an ID card (roughly 90% of the population)[10]. This card is essentially used as a personal identity document and also as a travel document.

The Estonian ID card is regularly used:

    1. As a national ID card for legal travel within the EU and Schengen area
    2. As proof of identification using e-Banking, telecom and other private sector services
    3. As a customer loyalty card, library card, public transportation card
    4. For accessing ALL government services and data to check one’s medical records, to file taxes, etc
    5. For picking up e-Prescriptions
    6. As a national health insurance card
    7. As a driver's licence
    8. For digital signing
    9. For i-Voting

The physical characteristics of the Estonian ID Card:

Labelid.png

  • The personal identification number is used by governments of many countries as a means of tracking their residents for the purposes of work, taxation and other government related functions. The Estonian personal identification number is defined as a number formed on the basis of the sex and date of birth of a person. It is in the form GYYMMDDSSSC, where ‘G’ shows the sex and century of birth (odd number male, even number female, 1-2 19th century, 3-4 20th century, 5-6 21st century), ‘YYMMDD’ is date of birth, SSS is a serial number to differential residents born on the same date and C is a checksum[12].

The Australian equivalent of the personal identification number is your Tax File Number (TFN). It does not have a specific form however as it will be easy for others to identify your TFN to possible take your information.

All the other characteristics of the ID card are typical; the chip however is where it matters the most.

Comparative analysis with identity in Australia
The comparison between identity elements of Estonia and Australia are very different and significantly underdeveloped for the Australian counterpart. The main form of identity used in Australia is the driver’s license followed by the passport. The driver’s license holds no relevance to government services apart from using as a form proving your identity.

To be able to obtain a driver’s license, one must be 16 years of age along with 3 forms of proof of identity followed by a learner’s test. The reason that the driver’s license is used as the main form of identity is because of the information it shows.

The driver's license displays characteristics similar to the Estonian ID card, except this has your residential address. This form of identity is normally used with the 100-point ID check for most verification processes. It is also the only identity that one needs when applying for certain telecommunication services. Apart from these ordinary tasks, there are no special factor for the driver's licence.

The drivers licence number holds no relevance to the government services, it is produced uniquely to represent the vehicle class that the licence is allowed to drive. The driver's licence should only stand for one purpose and is for certification that you are qualified to drive.

For citizens not holding the driver's licence or residents residing in Australia simply using international driver's licence, the procedures get a bit more frustrating. They would be required to present passports, along with utility bills, bank/credit cards to prove their identity. Even though the citizen does not accept this as a great concern, it still opens up privacy issues every time the information is given for the respective service.

Passports are a form of identity that is very precious and is not carried around by people regularly. For people not having driver's licences, this is very inconvenient and frustrating.

Any of the existing forms of identity holds no connection directly to online services that allows for verification of your identity. To be able establish a centralized eGovernment system, it is essential that there are other forms of identity solutions that can also be used to use the services instead of a normal 2FA authentication procedure.

Where Australia Stands with the Digital 5

By the brief look up on the digital identity services provided by the other countries of the digital 5, the government organizations are working together to provide citizens of easy and secure use of government services. The identities are either proved by unique resident numbers or a certain application such as UK.GOV Verify and RealMe.

The main reason that most of these countries have been able to implement such eGovernance with significance is due to high connectivity rate in their country. This allows the majority of citizens use these government services while also being ensured that their identity is secure.

Using some statistics shown by the ABS, roughly 86% of households has access to internet[13]. This is about 15% increase from 2008, which in comparison does not seem to be that much. Even with the connectivity rate back in 2008, Australia had a good chance to develop a solid eGovernment system to get the citizens at least involved in digitized services.

Not having internet for the remaining 14% of households does not exactly mean that the residents do not have access to internet. Judging by current technology status, there are higher chances compared to 2008 that people has more access to the internet either via their smartphone or laptops at educational institutions (i.e. Universities or libraries).

Overall, the point is that Australia had a decent connectivity level even dating back to 2008 and the issue was that Australia had not made the most use of it to produce an eGovernment, whereas Estonia made full use of the technologies during its infancy stages.

So where does Australia stand amongst these countries? It is hard to point a finger to a specific aspect in the system. However, the proposition by the DTO looks promising but there still remains questions about user security, especially when the services are expected to be used by a simple 2-Factor Authentication process. Australia still has quite the reach from these countries and it will be some time before Australia to be considered as “digitally focused”.

eAustralia Card

This section is focused on identifying necessary information from all the previous sections and propose an e-Australia Card taking inspiration from the e-Estonia Card. This section does not aim to go into in depth details about every aspect of the Australia card, it is a recommendation to apply after analyzing the successful infrastructure established by Estonia during the previous sections of this study.

It is time to bring the Australian digital identity up to date with other developed nations i.e. "Digital 5". Australia currently have the in-person processes in the form of a 100-point check for financial service providers such as banks and multiple identity documents for passports.

At this stage Australia can either just watch the neighbors New Zealand consistently improving their system and increasing user-base with their "RealMe" solution and UK with the UK.GOV Verify or Australia can step with a unique solution as a start up to ensure that all the citizens are on the same page and following the simple procedures to ensure simplicity and convenience of using e-Services.

Previous Proposition
In 1985, there was a proposal for a national identification card for Australian citizens and resident foreigners, i.e. Australia Card. However, this proposal was abandoned in 1987. Had this not been abandoned, this would have easily been used for identification instead of the Drivers licence and would have had a greater chance in forming an eGovernment around a possible unique number given to each issue Australia Card.

The card was initially proposed to unify other government identification systems and act against tax avoidance, health and welfare fraud. As of 2016, there are still these issues occurring regularly and multiple welfare fraud cases. It has been easier for some people to commit tax avoidance and welfare fraud quite frequently. Due to the fact that such aspects are not unified, it allows people to put false details on things like income and assets to get more money in from welfare[14].

After allegedly seeing some flaws in the legislation in this proposal and mixed signals from different parties, the government at that point abandoned the idea of the Australia Card.

Following the abandoning of the Australia card, the government expanded the tax file number (TFN) scheme to enable cross-referencing benefits received and tax paid by individuals.

More recently in 2006, the Howard government proposed an Australian Access Card which was a non-compulsory electronic ID card. This card was essentially proposed to use the services provided by the Department of Human Services.

The Recommendation
The final stage of the study is looked at into integrating a smart card (eAustralia Card) into the existing or yet to be transformed infrastructure. The ideas and other certain elements gone into the process are inspired from the Estonian ID card. It is then checked for validity with current situations and how the public and government would accept such a change.

Currently in Australia, the most common form of identity used is the drivers’ licence. This card has enough information to confirm your identity such as your photo ID, signature and name. This card however, do not hold any electronic capability to be used to prove your identity online, instead the card is scanned in and uploaded as an image format for certain 100-point checks online.

For this instance, a smart card can be implemented with a built-in microprocessor that has a credit card like form factor. This card will replace the existing number of cards a regular citizen carries in their wallets and have capabilities to prove your identity for using the online eGovernment services.

To be able to verify your identity online using the card, there must be at least one of the following need to be implemented into the system; 

    1. A microchip card scanner must be given to all the card holders to be able scan the chip in the card and verify their identity using a password or PIN number along with a mobileID for extra convenience. Or;
    2. An online account must be registered using a possible unique number given to each citizen that is also written on the card to allow for verification. This means that whenever the unique number is used with the set password, the respective service would cross-check with the government database to verify the identity. This essentially means having a centralized system where all the government services are possibly under a single database.
    3. Finally, an application such as “RealMe” or “UK.GOV Verify” should be implemented where it uses external sources to verify your identity.

Since the smart card is created with embedded integrated circuits, certain information can be stored in the microchip. However, it is important that the stored information is at its minimal and only provides one thing and one thing only, that is to authenticate the user.

If we consider the Australian national identification number, it would be the Tax File Number. Having an ID card with a unique number would mean that the TFN will be disregarded and have the "unique number" as the national identification number. However, it is being mentioned that the TFN should not be disclosed to anyone and should be kept very privately. If the “unique number” had the same impact as the TFN did, then it would not be a good idea to have that displayed on the ID card. To counter this issue, it is best to use both numbers and have the TFN serve its only purpose to manage taxation elements and have the “unique number” displayed on the ID card as the top priority to be used with all the other services.

Overall the physical characteristics should display at least the following; 

    1. Name
    2. Date of Birth
    3. Expiry Date
    4. Unique ID*
    5. Signature
    6. Photo ID
    7. Microchip
  • the unique number needs to be considered very carefully as some citizens may not agree with the fact that it would show information such as birthplace, birthday and gender. Being a multicultural country, the inclusion of birthplace can be disregarded. Having a population of 24 million, it is important to set the ID number to be complex enough to not be able to randomly guess someone’s ID. Considering these aspects, the ID number could be set similar to the form “DDMMYYSSSSCC” where the first 6 digits is your birth date followed by 4 ‘S’ used as a serial number to differentiate persons born on the same date and ensuring that the serial number is not close to the next person on the list and finally the last two ‘C’s set as a checksum.

The eAustralia card must be considered for use with the non-citizens of Australia as well, i.e. permanent residency holders. This can be a similar card to the above specifications except have fingerprint images similar to the Residence permit card in Estonia. This will allow both the residents and citizens to take full use of the government services and receive government benefits whereas currently some benefits are only restricted to citizens of Australia only.

Information and Certificates integrated into it
The idea is to have the minimal amount of information actually stored in the card. In saying that, it means that the government database should be capable of holding all the other relevant information to be able to provide for the necessary services.

Taking ideas from the Estonian ID card (section 11.2.1) , it would be ideal to have the same forms of certificates integrated to the smart card. In saying that, the government needs to develop a digital identity service that approves digital signatures for certain services. This is a planned objective by the DTO and the use of an ID card with integrated certificates will function smoothly provided a successful transformation.

These certificates can then be used in conjunction with set passwords/PIN’s to verify your identity online.

The authentication certificate on the ID card should contain a relay element such as the e-mail address on the Estonian ID card that forwards emails to a real email address to notify users about content. The address can be set up as a two-way communication gateway between the government and the user. This offers a better usability in comparison with the redundant inbox provided by the existing myGov portal.

Design

The design of the eAustralia card would have the typical credit card like design with the integrated chip. The figure below shows a simple representation of the information physically shown on the eAustralia Card.

Ausid.png


The design, as seen above is very simplistic and gives away minimal information about the person. This implementation to the eGovernance system in Australia would be impractical if the eGovernment system currently or proposed is not up to par with integrating an eAustralia Card. These factors were considered initially to provide a recommendation of an eAustralia card. The potential procedures of how this can be interconnected with either the existing system or the prototypes are listed in section 15.

Looking at the card, the only set of information that are displayed is your Name, D.O.B, Unique ID (i.e National Identification Number), expiry date, photo ID and your signature. These set of information is sufficient to verify your identity when signing up for non-government services. Provided that this card does not have the citizen address, the ID number should allow the government to release that information upon user’s agreement. This ensures that scanned copies of your ID card is not left around revealing your residential address.

Service accessibility and what it provides to the public
The purpose of having an electronic identity card is to allow citizens to access government services easily. For that purpose, the citizens would be allowed to use eAustralia card as a form of proving your identity either online or in person whether it may be the existing eGovernment or the prototype by DTO.

Going by the existing infrastructure, the government service access would most likely be limited to the services provided by the Department of Human Services. This will allow the user to protect their identity and also eliminate some of the cards that needs to be carried around to use the services i.e. Medicare and concession cards.

At the end of the day, we have two choices; an eAustralia card that would offer great security, flexibility and simplicity while eliminated number of cards from a typical wallet; or we can watch other develop countries move forward with technology (i.e. New Zealand).

Conclusion

The recommendation of an eAustralia card would raise several issues, especially for abandoning previous proposals. However, it is currently at a time where people are connected to each other via technology and majority of the population being tech savvy. It is important to make use of this and allow for innovation and make a change.

Australia is so far behind technology and has reached the point where we are swallowing our own pride and watching New Zealand be a better part of the Digital 5. Australia has been lucky in terms of cyber threats to the existing eGovernment and this allowed the government to have less focus on this system assuming it has perfect functionality.

The current government has established the Digital Transformation Office with a digital focused strategy. The recommendation of an eAustralia card well supports the government focus and making now the best time for a change in the system.

References

[1] "About Mygov - Australian Government Department Of Human Services". Humanservices.gov.au. N.p., 2016.

[2] Sorell, Matthew. "It's Time For An Eaustralia Card". The Conversation. 2015.

[3] "Register For An Online Account". Human Services

[4] "Mygov - About Mygov". My.gov.au.

[5] "How Is Australia Tracking With Digital Transformation Agenda? | The Mandarin". The Mandarin.

[6] Room, FastTrack. "Digital Transformation: Are Organisations Up To The Task?". FastTrack Recruitment Software.

[7] "The Case For A Digital Identity Card In Australia". Business Insider Australia

[8] InnovationsAus.com. (2016). DTO eyes biometric identity system. [online] Available at: http://www.innovationaus.com/2016/08/DTO-eyes-biometic-identity-system

[9] Malcolm Turnbull MP. (2016). FAQs: The Digital Transformation Office | Malcolm Turnbull MP. [online] Available at: http://www.malcolmturnbull.com.au/archive/faqs-the-digital-transformation-office

[10] Lepp, Hille. "E-Estonia - Estonia.Eu". Estonia.eu

[10] Easton, Stephen. "National Digital Identity Framework Prototype Only Weeks Away".

[11] Palmer, Daniel. "APF Concerned About DTO's Identity Framework Project | Delimiter". Delimiter

[12] Wikipedia. (2016). National identification number

[13] Abs.gov.au. (2016). 8146.0 - Household Use of Information Technology, Australia, 2014-15. [online] Available at: http://www.abs.gov.au/ausstats/abs@.nsf/mf/8146.0

[14] En.wikipedia.org. (2016).Australia Card


A Critical Review of Australian e-Government Architectures

Group members: Nenin Hadzic
Supervisor: Dr. Matthew Sorell

Introduction

Online Government is a way for citizens and non-citizens to access Government services through a single login into a Government page. Australia's solution to online Government was previously myGov, a website attempting to unify Government services such as Medicare, Centrelink, etc. Unfortunately, the website itself was not secure and did not protect user identity. Therefore the plans for a new system were released, promising improved security and ease of use and connectedness amongst services compared to myGov. Along with the prototype system release, there is an alpha for an identification verification system being tested simultaneously.

Aim

Due to the unsecure nature of Australia's current e-Government system, myGov, users are prohibited from certain high risk online services, such as online voting, selling property, etc. In response to the uselessness of myGov, a new department was established in Government. The Digital Transformation Office (DTO) was established in July 2015 with the purpose of transforming Government services in order to deliver a better experience for Australians[1].

Part of DTO's long term plan is the creation of a new e-Government initiative known as GOV.AU, in hopes of replacing myGov and it's known security issues. The aim of this project is to acquire an appropriate amount of knowledge in the field of e-Government so that a critical analysis of the current GOV.AU beta may be undertaken. The desired outcome will be a comparison of the beta to other successful e-Government initiatives from around the world, as well as myGov. Along with the comparison, there will be recommendations as to what could be further improved.

Motivations

Reasoning
The primary motivation for undertaking this project is the high level of risk associated with myGov and its unsecure nature. The system is open to a variety of cyber attacks that can leave users identities compromised[2]. It does not contain many forms of security related to protecting users identities, primarily as logging of when data is accessed seems to be optional amongst different services and that there is no definitive way to prove that you are the person you're claiming to be. As user identity protection should be at the forefront of online Government, myGov is not secure enough to handle further advancement into high security risk operations. The motivation of this project is to make recommendations for the development of GOV.AU so that it does not carry on the errors and flaws present in myGov.

Demographic
The main demographic for this project is the Australian Government, particularly the DTO. They may pick up interest into the project if the recommendations provided will be useful to the future development of GOV.AU. It may also be a further push to not delay the project due to myGov being so unsuccessful, and needing replacement.

Generated Knowledge
The knowledge generated by this project can be used as a guide if a system like this is ever to be put in place. This project can provide a preliminary outline of the specifications required for such a system. Benefits of the new system would be seen by a wide variety of people, primarily the citizens. They would be able to access much broader services online that weren't possible before due to security risks. Other entities such as banks and utilities can benefit from having a much simpler way to connect with their customers and keep their identities safe.

Significance

This project is extremely significant, as Australia is currently falling behind other developed countries technologically with its online Government, as there have not been any recent improvements. This project will show examples of other successful e-Government initiatives around the world in order to show what makes them work so well. This data can then be used to further guide the development of GOV.AU so that it is successful itself, thereby putting Australia on the path to becoming a more technologically advanced country. Citizens would also greatly benefit from a more advanced e-Government as it would make their lives more convenient when it comes to Government services such as Centrelink, or other services generally deemed as being tedious.

Research Methodologies

Online Research
The initial research for the project will be looking at the background and technical knowledge that will be required to undertake this project. This knowledge will come from extensive literature reviews, focusing on the background knowledge surrounding e-Government initiatives, current online e-Government systems available (primarily myGov and e-Estonia) and also the security architectures put in place to make e-Government secure for the users. The primary source of this information will be the internet, as e-Government itself is a modern concept, and most information about it is primarily online.

Initial research will be what e-Government actually is, the advantages it brings and the barriers that must be overcome for it to be put in place. At that point research will head into the direction of specific e-Government systems already being successfully used, and what makes them successful. The systems that I plan to research are e-Estonia, GOV.UK and ICT.Govt.NZ. These systems will be compared to myGov as well as the GOV.AU beta in order to create the comparisons recommendations that form the outcome.

Travel to Estonia
In the winter break of 2016, I traveled to Estonia with the rest of my research group. In my time there I tried to gain as much knowledge of e-Estonia as possible from the various people I met. The best learning experience I had related to my thesis whilst over there was a visit to the e-Estonia showroom, where we were given a presentation about the history and future plans of e-Estonia. This knowledge was heavily influential to my thesis and will make up a large amount of the content in the technological background section of e-Estonia.

At the showroom I was also able to take quite a few information brochures and books about e-Estonia which have proved to be quite useful in the research sections for the thesis. Parts of my research have come from literature reviews based on the content of these brochures and books as they provide quite an extensive overview of the history of e-Estonia, it's current state as well as multiple future plans for creating a more connected country. It is through reviewing these sources that I may provide an extensive comparison of e-Estonia, myGov and the plans for GOV.AU.

Deliverables
The final deliverable of this project will be a comparison of myGov, e-Estonia, GOV.UK, Govt.NZ and the prototype and plans for GOV.AU. Furthermore, will be recommendations for what may need to or should be changed about GOV.AU to make it more successful in line with the researched e-Government initiatives.

Technical Background (Condensed)

e-Government
e-Government is the unifying of Government services on an online system[3], it is the use of information and communication technologies by Government agencies to better manage interactions with citizens, businesses and other Government agencies. A user will have access to a majority of their Government and Public Sector services from one location. In some cases, unified identity is built into these systems e.g. e-Estonia, meaning that once a user logs into the e-Government system, they will not have to log into further independent Government agency systems.

Below is a diagram of a simple e-Government layout showing key stakeholders involved with using the system[4].

E-Government-Layout.png

There are three main advantages present with the use of e-Government, these are the improvement of government processes, connecting citizens and building external interactions.

Improving Government Processes
In general the improvement of Government processes leads to cutting processing costs, be that time or financial costs. Other improvements include the ability to manage process performance (something that is difficult with physical processes) through the digital system and also the ability to connect different Government agencies and data they may share with one another, in order to increase the efficiency of workflow when data sharing is required.

Connecting Citizens
Apart from the advantages for Government, many advantages are also present for citizens. Advantages include the Government being able to directly take opinion from users on the effectiveness and usability of the e-Government system and services, as well as the sub-systems associated with public sector agencies, this leads to quality and cost improvements within public services. Further advantages include making citizen life easier, previously tasks that had to be done in person at a Government building can now be completed from the comfort of ones home.

Building External Structures
The use of an e-Government system will greatly improve interactability between Government agencies other institutions, such as other Government agencies, private sector institutions and community organisations. This ultimately builds a community of agencies, institutions and citizens all connected on a single network. This makes life easier for citizens when they need specific businesses, and also gets businesses more customers. Another positive aspect to this is the ability of data sharing. If for example citizens need their Government based data for some private type business, the data can be requested directly by the private business from the shared data centre, only requiring the citizens verification (biometric or other).

Current e-Government Systems

myGov
myGov is the current Australian solution to online Government and was first released in May 2013, as a replacement for australia.gov.au. It attempts to unify a small number of Government services listed below[5].

  1. Department of Veteran's Affairs
  2. My Health Record
  3. National Disability Insurance Scheme
  4. Victorian Housing Register Application
  5. Medicare
  6. Centrelink
  7. Australian JobSearch
  8. Child Support
  9. My Aged Care
  10. Australian Tax Office

As can be seen, the system is primarily made up of social services designed to cut down on welfare fraud and decrease lost Government money, which is the primary reason for the inclusion of the ATO, but makes no attempts at properly securing user data. The system is extremely flawed due to multiple security downfalls[2], in which security emphasis is primarily placed on Government systems and money, and not on user identity. The primary reasons for this are due to myGov being owned and controlled by the Department of Human Services (DHS) and therefore only services related to that department are offered. It was adopted by the ATO, with Government funds and data being the primary protection target.

Security Weaknesses
The focus on protection of Government funds leads to a disparity between how some services treat user identity. Some services will track when identity information is accessed, some will not, and it's due to simple flaws such as this that lead to an overall unsecure system. Other system weaknesses include 2FA being completely optional at the time of writing[6], meaning it can be quite easy to sign up as someone else, using details that can be stolen from the person's mailbox. It is also possible to hack the 2FA security if it is implemented using the hacks explained previously, as the myGov codes are sent via text message, and phone numbers can quite trivially be activated to a different SIM card.

Another possible hack was having users simply visit a website containing malicious code designed to extract specific information when the user visited myGov. Furthermore a link could be sent directly to a user that runs the exploit code[2]. These two attack types are possible if 2FA is not enabled on the account, which is entirely possible with myGov. Due to the weakness of myGov security, the online services are limited, and high risk operations are not feasible, leading to an e-Government system that doesn't really provide much service for its users.

GOV.UK
Launched in late January 2012, GOV.UK is the United Kingdom's e-Government system. Originally launched as 'UKonline.gov.uk' in December 2000[7], it has since gone through many stages of evolution, adding more services and security measures for users throughout the years. The plan for the site was to be used as a replacement for the hundreds of individual websites of Government and public sector agencies by 2014. It is noted however that as of March 2015, only 8 of the 25 guaranteed exemplar services were functional, and on a limited basis[8].

Security
Recent achievements have been the implementation and integration of a new system for verifying user identity, called GOV.UK Verify. Being built for three years, it was introduced to general users on the 14th of October 2014. The way in which the system works is by checking user identity details against a variety of sources, including credit agencies, utility bills, driving license records and mobile phone provider bills. The checks that are performed are based on the level of assurance (LoA) required by the service, therefore users are not checked on more than is required. The system does not retain the information, and the agencies for which data is checked are unaware what service is being used. The only retained information is the users mobile or landline number[9].

This system is similar to a 100-point check that one might come across in Australia, where essentially your identity is proven through you having multiple documents bearing the same identity. This system is more secure than text message 2FA, as you have to have a history with the companies that are being contacted to verify your information, which is difficult to fake. There are however certain privacy issues faced when collecting data such as this, which can ultimately lead to unrest within the public[10].

e-Estonia
Established in 2001, e-Estonia is a unified system of public and private services all online, accessible any time, and a prime example of a successful e-Government initiative[11]. The reason this system can operate in such a reliable way is through a series of crucial security features. The security features include smart card authentication, card scanning authorisation levels and the X-Road architecture holding everything together. Due to this higher level of security, users connected to e-Estonia can perform tasks such as online voting, opening bank accounts and also maintaining online medical prescriptions. As of 2013, over 2000 services are connected to e-Estonia through the X-Road architecture.

GOV.AU

Digital Transformation Office
The Digital Transformation Office (DTO) was established in July 2015 with the mission of transforming Australian Government services in order to deliver a better experience for Australians. In a given month, one in eight Australians aged 14 and over will attempt to utilise Government information and service online, bringing in a total of 324 million transactions within a year, with more than half of the users experiencing problems with the online services[1].

It is a belief of the DTO that when people are able to easily find the information they are searching for, and are able to use Government services without needing to know Government structure and which department does what, they will have a better experience. This streamlined process will also have less impact on user's time and come with a lower cost to the Government. This brings the reason of creation of the DTO, to work directly with agencies, users and private sector partners to create services that are streamlined, efficient and more clear to use.

The Need for Something New
From the research that has been conducted, it is clear that Australia has fallen behind other developed countries in terms of e-Government. It is also clear that myGov is not an appropriate solution for e-Government. These two facts seem to be the driving force behind the development of GOV.AU, a new e-Government initiative for use within Australia, and due to be released by 2020. Currently there is an online prototype of GOV.AU that is designed to show the services available online in the context of a character 'Matt' wanting to open a bike shop.

The prototype allows the user to experience the basic of how GOV.AU will function when built and gives the user three possible scenarios to play out. The scenarios are 'Matt starts a business', 'Matt finds staff" and 'Ken comes to work in Australia'. These three scenarios are meant to emulate the scenarios of starting a business, hiring from overseas and applying for a visa, respectively.

Because the layouts are generally similar, for the case of this analysis we will only look the 'Ken comes to work in Australia' case, which is basically applying for a work Visa. Once a user decides that is the service they are looking for, they are taken to a page that shows all the necessary requirements to fulfill their application. The website is simple to use and the information is displayed clearly. Expanding the drop down menus on the to do list reveal to the user the ability to complete their services right then and there, all online. Some tasks also come with a link that gives the user more information about certain forms or policies if it may be required. Overall the experience is extremely intuitive and user friendly.

Recommendations for GOV.AU Development

Identification Verification
Not much is known about the proposed identity alpha, so therefore it is difficult to make recommendations. However it is probably in the best interests of the Government to stay with a strategy similar to that of the UK or NZ, as something as advanced as the Estonian ID card or Mobile-ID may not be feasible in such a short term or for as large a population as Australia is. Using the 3rd Part verification like that of NZ and UK also gets rid of the rollout challenges that will be faced if trying to equip 20+ million Australians with a physical ID token.

Registration Process
If possible the registration process would benefit users from being completely online, as it means people are not inconvenienced by having to go to Government centres to create or authorise their account. However, if a higher level of security can be achieved by integrating a physical aspect to the registration process, it should definitely be included.

i-Voting and Digital Signatures
Due to the extreme shift of digitising services, it would only make sense that we include such advancements as i-voting and digitial signatures. These two services do require quite a high level of security, however the benefits they bring about far out weigh the costs.

Speed Up Release
As mentioned previously, it would be of great benefit to speed up the release of GOV.AU (without compromising on build quality) as Australia is already technologically behind other advanced countries. From what can be seen on the DTO website, there are currently no services being built or transformed right now, and this needs to change.

Conclusion

In conclusion, GOV.AU is looking extremely promising from what I have researched on the DTO website and seen first hand with the prototype. There most likely will be issues with how long the planned release is going to take as Australia is technologically behind other countries. Much care has been put into the standards that are being used for the transformation of services, and the outcome is a beta set of services that look and feel uniform, and are easy for almost any user to navigate. The GOV.AU prototype is extremely user friendly and intuitive, and the simple decluttered look goes far in making this feel like a truly professional solution to the problems found littered through myGov.

References

[1] Dto.gov.au. (2016). About us | Digital Transformation Office. [online] Available at: https://www.dto.gov.au/about/

[2] Grubb, B. (2014). Revealed: serious flaws in myGov site exposed millions of Australians' private information. [online] The Sydney Morning Herald. Available at: http://www.smh.com.au/it-pro/security-it/revealed-serious-flaws-in-mygov-site-exposed-millions-of-australians-private-information-20140514-zrczw.html

[3] "eGovernment for Development - What is eGovernment? - eGovernment Definitions", Egov4dev.org, 2016. [Online]. Available: http://www.egov4dev.org/success/definitions.shtml.

[4] "Developing an Open Source Content Management Strategy For E-Government | Urban Insight", Urbaninsight.com, 2016. [Online]. Available: https://www.urbaninsight.com/articles/developing-open-source-content-management-strategy-for-e-government.

[5] "myGov - Login", My.gov.au, 2016. [Online]. Available: https://my.gov.au/mygov.

[6] Humanservices.gov.au. (2016). Create a myGov account - Australian Government Department of Human Services. [online] Available at: https://www.humanservices.gov.au/customer/enablers/create-mygov-account

[7] {epractice2014}"eGovernment in the United Kingdom Factsheet", epractice.eu, 2014. [Online]. Available: https://joinup.ec.europa.eu/sites/default/files/98/c1/99/eGov%20in%20UK%20May%202014%20v.16.0.pdf.

[8] "Gov.uk", Wikipedia, 2016. [Online]. Available: https://en.wikipedia.org/wiki/Gov.uk.

[9] C. Arthur, "Gov.uk quietly disrupts the problem of online identity login", the Guardian, 2014. [Online]. Available: https://www.theguardian.com/technology/2014/nov/06/govuk-quietly-disrupts-the-problem-of-online-identity-login.

[10] Gov.UK Verify identity management system riddled with 'severe privacy and security problems', w., reading, F. and news, M. (2015). Gov.UK Verify identity management system riddled with 'severe privacy and security problems', warn UCL academics. [online] http://www.computing.co.uk. Available at: http://www.computing.co.uk/ctg/news/2414194/govuk-verify-identity-management-system-riddled-with-severe-privacy-and-security-problems-warn-ucl-academics

[11] story, T. and society, D. (2016). Digital society - e-Estonia. [online] E-estonia.com. Available at: https://e-estonia.com/the-story/digital-society/

Retrieved from "https://projectswiki.eleceng.adelaide.edu.au/projects/index.php?title=Projects:2016s1-160b_Cyber_Security_-_e-Government_and_Network_Security&oldid=7362"