Introduction

This paper assesses threats on the Internet as they relate to e-government, and considers whether the government should do to more protect the use of the Internet for e-government purposes. It is intended to guide policy.

Background

The e-government programme aims to improve the delivery of Government services and information by using information technology and the Internet. A specific goal of e-government is that, by June 2007, networks and Internet technologies will be integral to the delivery of government information, services and processes. To meet this goal, the New Zealand government is making substantial investments in putting its services online.

The e-government programme was created as a way of exploiting the many benefits that technology, including the Internet, can offer, the better to serve New Zealand people. In principle, people should be able to interact with government using the same technologies as they do with many private companies. Beyond this, the Internet has the potential to enhance the application of democracy through greater access to information and wider consultation. The E-government Strategy develops these ideas more fully.

However, as well as benefits the Internet harbours threats. It has a dark side. Newly purchased computers fall victim to attacks in a matter of minutes when connected to the Internet. [For instance Windows XP: Surviving the First Day SANS Institute Internet Storm Center, 23 November 2003.] Dealing with the latest software flaw has become the stuff of mainstream news reports. Spyware, worms and spam have gone from mere nuisances to being tools of organised crime.

It would not be surprising if people's concerns about the problems associated with the Internet made them more cautious about what they do online. This is largely a good thing, provided that it focuses correctly on high risk behaviour and does not lead to a blanket rejection of doing business online, of e-mail in general or even of the whole Internet. Yet the negative experiences many are having when connecting to the Internet may cause such a withdrawal.

Surveys in 2002 and 2003 showed that there is a challenge ahead in making people feel safe about using the Internet and e-government. The challenge is to control the problems that people face on the Internet, to ensure they know how to use the Internet without adverse effects, and to help people recover from problems such as computer viruses and identity theft.

This project has sought to understand the issues affecting trust and security on the Internet as they affect e-government in New Zealand, and makes recommendations for government action to mitigate some of the issues.

Scope

In scope:

• Explore the link between security and use of Internet-based online services.
• Assess perceptions versus reality of security around online services.
• Assess the risks of security failures to damage uptake of online government services.
• Assess technical, educational and legislative options to improve security (real and perceived) on the Internet.

Out of scope:

• Dealing directly with government security issues.
• Assessing government personnel risks ("insider risks") which are already the focus of the SSC standards, values and ethics project.
• Detailed financial modelling (if the project identifies a potential measure whose costs and benefits require detailed analysis, this will be proposed as a recommendation).
• Other factors affecting trust in e-government such as fulfilment failure.
• Other risks online that would be characterised as 'personal safety issues' as opposed to security risks, such as cyberstalking, 'grooming' of children in chatrooms etc. These situations may also contribute to a lack of trust in the Internet.

Approach

Steps on the way to this report:

• A preliminary assessment of the threats.
• Consultation with Internet players (InternetNZ, ISPs, telcos) on the extent of threat and possible solutions.
• Preliminary analysis of potential government responses.
• Consultation with government agencies.
• This final report.

Digital Strategy

In June 2004 the Government released a draft digital strategy for consultation

This report is listed under the Safety and Security section of the Draft Digital Strategy as the Trust and Security e-government project. In that section, the draft strategy notes the concerns of businesses and consumers that restrict their use of the Internet due to concerns about virus attacks and people trying to break into their computers.

This report agrees with the draft Strategy that business and consumers require adequate legislation, self-regulation and education to protect them from attacks and fraud via the Internet. The recommendations of this report are consistent with the actions listed in the draft Strategy to address the challenges it identifies.