Article - AGIMO rolls out e-Authentication Framework to individuals (January 2006)
On the 5th of December 2005, the Special Minister of State, Eric Abetz announced the proposed extension of the Australian Government e-Authentication Framework to individuals. The original Framework was used to facilitate and manage the risks involved with the electronic transactions between business and government via the use of electronic authentication. It constituted a whole-of-government approach to managing these risks, as first acknowledged by the Australian Government Information Management Office (AGIMO). By extending AGAF to individuals, (hence AGAF(I)), simple transactions such as change of address or name could be spread throughout all government organisations from a central point without having to individually notify them all. It is hoped that the use of electronic channels would provide greater convenience to individuals and value for money for the community. As noted by AGIMO, the convenience of replacing multiple transactions with different agencies with one transaction is appealing, as long as individuals’ privacy is protected.
Whilst in the past, the Framework was limited to bilateral transactions between business and government, the roll-out to individuals is seen as a far more important and arguably from a privacy point of view, problematic extension. Issues such as function creep, the access or modification of personal information in transit, or the solicitation of personal information constitute a far greater risk when dealing with individuals. The sheer number of possible transactions and the ability to gain access to higher levels of personal information once simple information is found, either by way of brute force, or social engineering attacks increases security risks. This is also compounded when one takes into account the fact that individuals might be less vigilant when choosing or withholding passwords than a business may be. To counter these problems, in the lead up to the discussion paper AGIMO convened a Privacy Impact Assessment Consultative Group (consisting of privacy and public policy advocates) to explore privacy issues around e-authentication.
AGIMO has released a discussion paper in order to outline the proposal generally, as well as to inform the public of the their ability to share their views on the appropriateness of the framework. Issues such as user control, risk apportionment, infrastructure and potential services are also discussed. The paper also offers an interesting analysis of other e-authentication frameworks throughout out the world and compares and contrasts the salient privacy features of each. Among these are the Canadian Authentication principles, the New Zealand Policy and Implementation Principles for online authentication and the Microsoft Laws of Identity.
Media release available at:
Discussion paper available at: