Good afternoon. My thanks to the chair and vice-chairs and the members of the committee for the opportunity to speak today.
My name is Ira Goldstein. I'm the senior vice-president of corporate development at the Herjavec Group. I've spent the last decade working in information security to help companies and governments secure their most critical digital assets.
I'm joined by Matt Anthony, our vice-president of security remediation services at Herjavec Group, whose remarks will follow mine.
Herjavec Group was founded in 2003 by Robert Herjavec, who immigrated to Canada with his parents from eastern Europe. A dynamic entrepreneur, Robert has built Herjavec Group to be one of the largest privately held cybersecurity firms in the world. Our experience includes working with private and public sector organizations in complex multi-technology environments to ensure their data security and privacy.
We are honoured to address the committee today on behalf of Robert, Herjavec Group and our fellow Canadians.
Our statement will address two subject areas related to the committee's study. First, I will outline why digital identity is a key building block in the transformation of government services. I will then outline steps to manage, govern and secure our digital identities.
My recommendation is for the government to tread lightly on the broader transformation path to ensure that privacy and security are top priorities. In parallel, the government should move quickly on a pilot project to expand the existing success of Canada's digital presence.
Digital government services must be built on a foundation of good identity governance. If our identities are to be digitized and managed by government, citizens expect a system that ensures security and privacy. Our identity attributes are assumed to be protected by the issuer, our federal government. In any system, physical or digital, fraud is a risk that must be mitigated through effective and ongoing assessment.
These concepts are not far from realization. When a baby is born or a new immigrant arrives, individuals may request their identity documentation online. Ultimately, physical artifacts are issued as proof of identity, but the fact that we have an online portal today to provision identification means that we have the foundation to leverage that data for use in digital government services.
Several government services are already online. One of the most critical functions of government, tax collection, is digitized through Canada Revenue Agency's EFILE system. Presumably the push to EFILE was supported by efficiency outcomes and stands as a successful case of digital transformation.
Any further steps to digitize citizen identity must consider the perception of the impact on individual privacy. Individuals may perceive digital identity as a threat to privacy despite the expected benefits. One recent example is the speed at which public perception soured over Statistics Canada's plan to collect personal financial information. Despite the involvement of the Privacy Commissioner and plans to anonymize the data, perception quickly turned negative toward this prospect.
The contrast between CRA's EFILE success and Statistics Canada's attempt to gather financial information is a guiding light for the committee. Digitizing government services will be welcomed by the public if managed and messaged thoughtfully. The upside of this effort is more access for historically marginalized groups and geography, so the opportunity cannot be ignored.
Historically, identity-proofing has required a trusted centralized authority to govern provisioning and usage. If I want to prove who I am, I need to show government-issued identification. I foresee this authoritative proof as a permanent feature of modern democracy, so despite the advances in decentralized identity, the government has an important role to play in identity management.
In sum, I strongly recommend that the committee seize the opportunity to further digitize components of citizen identity to enable the efficient and secure delivery of government services, while being cautious in the line that we must draw between centralizing data and ensuring that individual privacy is maintained.