CitationDownload as .RIS
Emerald Group Publishing Limited
Copyright © 2003, MCB UP Limited
As part of the modernisation and e-government agenda for UK local authorities, citizens must be able to access their own personal data and perform transactions against such data. This obviously places a strong responsibility on such authorities to protect those data so that they are accessible only to the authorised individual once he/she has been authenticated.
The citizen also needs to have confidence that the Web site he/she is connected to is genuine and not some bogus site set up to extract improper "taxes" from unwitting surfers.
Southampton City Council has established a Pathfinder Project, which seeks to address these issues – the Smartpath Project. This builds on an existing Smartcard scheme to provide secure access to online services.
The project involved the implementation of a public key infrastructure. Citizens are issued with a digital certificate that is stored on their Smartcard after they have been through a formal registration and validation process. This digital certificate authenticates the user and enables the individual to perform secure transactions at a variety of public access points, including kiosks and libraries.
The card is fully integrated with a Web browser and, when activated using a PIN, the digital certificate and public and private keys are unlocked. The certificate is synchronised with the user directory and controls what transactions a citizen can perform.
During any transaction, any data transmitted are encrypted using a secure sockets layer. Additionally, the city council has implemented a comprehensive firewall infrastructure, including a demilitarised zone in order to protect its internal network.
Similarly, to protect the citizen, the city council has acquired server certificates which validate it as a bona fide organisation – the individual can be assured that it is Southampton City Council at the end of their connection.
The project has not been without its problems. There were issues relating to card and Web browser integration and it was necessary to develop custom software to enable this. Other problems (not applying to most IT projects) included deliberate damage caused to Smartcard readers.
The pilot stage of the project covered housing repairs. This was seen as a low risk area. Success here means that more services, including benefits applications, will come within the scope of the project.
Both the individual and the city council gain from this project – both can be confident that personal data are secure and transactions are bona fide. This builds confidence in the citizen and helps increase the take up of electronic service delivery.