RealTime IT News

Australian Government Leaves Security to Private Sector

The Australian government has given up on direct public sector involvement in the emerging digital certificate industry, leaving the lucrative field to corporate partners after a failed attempt at a government solution.

Senator Richard Alston, federal minister for Communications, Information Technology and the Arts, admitted that the pace of change in technology had made government strategies obsolete in less than a year.

"You can move too quickly on regulation, and the corporate sector is quick to develop its own solutions," he said.

Senator Alston was speaking at the launch of an electronic company registration (ECR) service, an example of the way the private sector is now being incorporated into the public service's projects for electronic service delivery.

The ECR service was developed for the Australian Securities and Investments Commission (ASIC) by Rotek Consulting and TransactionSite, but will be administered not by ASIC, but through around 100 "intermediary" resellers of the service like accountants, solicitors and specialist registration companies.

These intermediaries, in an industry worth AUS$70 million (US$47 million) in annual revenue, will use one of four interface programs to the central ASIC application, developed by Corporate Express, BGL, Kooyong Computing and Solution 6.

Senator Alston also announced that the KeyPOST service, an ambitious attempt by national postal service Australia Post to establish a digital certificate authority for ordinary citizens, would be resurrected by Secure Network Solutions.

Australia Post dropped KeyPOST earlier this year due to lack of take-up by Internet users.

Secure Network Solutions was involved in both deals, as it also owns Rotek.

ASIC's ECR service is one of the first to give a glimpse to what the eventual model for the Australian government's public key infrastructure might look like, which is still being developed by a cross-government committee under the banner of Project Gatekeeper after years of discussions.

Authentication at the reseller end is handled through X.509 digital certificates stored on smart cards, although ASIC said the system would be open to any Gatekeeper-compliant certificate authority.

The central ECR system runs on an Apache Web server and uses the Australian-developed cryptography freeware SSLeay for session encryption and "digital certificate functionality", according to ASIC.