Evidence of meeting #139 for Access to Information, Privacy and Ethics in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was identity.
A recording is available from Parliament.
4:15 p.m.
Liberal
Raj Saini Liberal Kitchener Centre, ON
But as you said—and I agree with you wholeheartedly—or I think Mr. Anthony said, the population of Estonia is 1.3 million. They had a lot of greenfields. They had no legacy systems from the previous regime that they had under Russia. They have four million square hectares of land, half of which is forest. So they don't have any problems compared to what we have.
However, eventually, we will have to move to some sort of digital identifier. I'm asking you this question, Mr. Boysen, because I know your company. I'm looking at a March 2017 press release. In that press release, you wrote that IBM and SecureKey were working together to enable a new digital identity and attribute-sharing network based on IBM blockchain.
I really don't know what that means—
4:15 p.m.
Some hon. members
Oh, oh!
4:15 p.m.
Liberal
Raj Saini Liberal Kitchener Centre, ON
—but it sounded good. The reason I mention this is that blockchain would be one of those processes we could look at to see if there's any deviation. You mentioned credit cards. I'm a retailer, a pharmacist, so I know how difficult it was even to get credit card machines in my store, because of all the knowledge, all the paperwork and everything that had to be sent to them. Could blockchain, that technology.... Maybe you can highlight, now that you've been working with IBM for a year, how that has come forward. Could the government not adapt that?
4:15 p.m.
Chief Information Officer, SecureKey Technologies Inc.
The short answer is yes. The scheme we're proposing actually sees the government, at both the federal and the provincial level, being a key participant in the scheme. You're required to make it more successful. It could run without you, but it would be way more successful if you participate.
However, your point is right that we already have these documents that we use. We use the documents we have to get the things we want. That's how the current model works. We use the stuff we have to get the new service that we don't yet have and we want.
That's the way the real world works. It's only online where we have this problem because the documents aren't digitize. One of the asks is actually to digitize the government documents so it can participate in the scheme with the banks, the telcos, health care, insurance and the rest of them.
To get to your question about blockchain, there are a couple of things I hear. The first thing I would say is that the best way to be successful with blockchain is not to talk about blockchain, because the problem is that it is very laden. There are a lot of different ideas about what it is and what it isn't.
Secondly about blockchain, one of the things I would bring on is the privacy component. One of the properties and benefits of blockchain is that it's immutable; it will never change. The challenge is that when you put that together with the GDPR, with my right to be forgotten, if I sign up for your service and then say “I want you to forget me”, the only way to honour my agreement is to blow up your blockchain.
Putting personal information on blockchain is a really bad idea. This is standard industry wisdom now. However, what it is good for is integrity proofs.
I want to go back to the credit card example I gave you a few minutes ago. The challenge is, Raj, if I know enough about you today, I can be you on the Internet. The organization that I'm trying to fool is defenceless, because I have all your data. I got it from the dark web.
We don't have that problem in the credit card scheme. There are two types of payments in the credit card scheme. When I go to the store and I pay in person, the risk of fraud is almost zero for the reasons I outlined earlier. However, when I go online and buy something at Amazon, Amazon didn't get to see my credit card, so that transaction is riskier. It's called “card not present”. Today, all e-commerce is “card not present”. It's riskier.
Here's the thing: All identity today is “card not present”. We have no idea if these assertions that are being presented to us at the counter are real.
4:20 p.m.
Chief Information Officer, SecureKey Technologies Inc.
Sorry. I'm just going to answer your blockchain question.
What we're using blockchain for is integrity proofs. We use it as a method to implement triple blinds so the issuer of the data can demonstrate that they wrote the data and that's the same data that they gave to the user to present. The receiver can get the data and know that it hasn't been altered. Then the consumer can have confidence that we're not oversharing data. That's what blockchain is being used for.
4:20 p.m.
Liberal
Raj Saini Liberal Kitchener Centre, ON
Thank you for that point. I appreciate that.
My second point is that the one benefit that Estonia has is that it has a unitary level of government.
Here in Canada, in the region I come from, southwestern Ontario, there are actually four levels of government, because we have a regional government. Now you have the federal government that is a repository of certain information; you have the provincial government that's a repository of certain information; you have a regional government that does the policing and other things, which is another repository of information; and all my property tax and everything is in another level of government, municipal government.
4:20 p.m.
Chief Information Officer, SecureKey Technologies Inc.
As well, you need user IDs and passwords for all of them.
4:20 p.m.
Liberal
Raj Saini Liberal Kitchener Centre, ON
That's fine.
The thing is, though, when you look at taxation or at health, if I have to prove something, I might have to acquire information from different levels of government.
How do you get the interoperability?
It's not just one level of government. You can start off at the federal government level, but eventually, if this is going to work, you should have access to all the information that's reposed, deposited or held through the different levels of government.
4:20 p.m.
Chief Information Officer, SecureKey Technologies Inc.
I'm going to comment, and then Rene is going to add something.
The truth is, the way the world works today, every service makes its own rules. The organizations that you just listed all make their own rules. They want to keep that property. They want to force everybody to do the same thing, because they want to make their own business decisions.
However, what's important, as you said, is that when you talk to the driver's licence folks in Canada, they will tell you that the driver's licence is not an identity document. It just proves that you learned how to drive, yet you cannot sign up for any online service without your driver's licence. It's not an identity card; it just gets used that way.
4:20 p.m.
Chief Information Officer, SecureKey Technologies Inc.
The important thing here is making sure that we can get a scheme that works for consumers across the economy.
I want to get Rene in, so I will just stop there.
4:20 p.m.
Chief Security Officer, SecureKey Technologies Inc.
Briefly, the expectation for this service is that all of these departments and authoritative sources of information participate in this ecosystem so that when I as a user need to share information from these multiple sources, I can do that through the service with no expectation that the service is collecting any of that information to now create this new centralized honeypot that becomes another centre of attack.
The authority of the information is where the information stays.
4:20 p.m.
Liberal
Raj Saini Liberal Kitchener Centre, ON
Okay.
I agree with you on that point. The one thing I like about the Estonian model is the fact that they have an X-Road system, where you have silos of information along the route. I don't know whether that's safe or not in terms of technology. I would never suggest that information be held in one place where it could be attacked, but I think that's what Estonia did. They have this X-Road that everything diffuses into.
Maybe you could comment. Is that scheme the same?
4:20 p.m.
Chief Information Officer, SecureKey Technologies Inc.
The scheme is the same.
4:20 p.m.
Conservative
Jacques Gourde Conservative Lévis—Lotbinière, QC
Thank you, Mr. Chair.
My thanks to the witnesses for being here this afternoon.
The unique digital identifier seems to be a way forward. However, I liked Mr. Anthony's rather moderate position that you have to take the time to do things right, for a number of reasons. First, we already have a digital service infrastructure available to Canadians, unlike Estonia, which started from scratch and went all the way to the unique digital identifier. However, the baby should not be thrown out with the bathwater.
We have already invested a lot of money to build digital infrastructures. Will we have to drop them and gradually replace them with the unique identifier, or will we be able to recover the base of the existing infrastructure? If we have to start from scratch, we will have to spend billions of dollars. Do you have any idea how challenging it is to provide this service to all Canadians across the country?
My questions are for everyone. I'm not sure who wants to answer first.
4:25 p.m.
Vice-President, Security Remediation Services, Herjavec Group
I wouldn't mind answering that question, or at least contributing to the answer to that question. I don't have an opinion about whether it's a private sector or a public sector function to create that single digital identifier. I do know that, when I hear concepts that I'm going to use my bank or perhaps some other identifier, I have to understand that better. I do tend to trust that our public institutions maybe have more information that's more trusted, and might look at that. The scale, though, is immense.
I would start in the federal government at least looking at all of the different identifiers you have now and picking places where you could integrate and create a single authentication system that would allow high-fidelity identification for transactions that are happening within and around the government services. I would start there before I looked outside.
The scale is enormous, and I can't help but hear Andre's comments about how we have a good identifier physically and the problem only exists online. I would argue that our very weak tower of identifiers aggregating into a passport or a driver's licence document are not actually strong authentications. There's very little proof today that I am who I say I am. I am, but there's very little proof of that.
4:25 p.m.
Chief Information Officer, SecureKey Technologies Inc.
I just want to add to that by saying that it's not about having a single identifier; it's about having confidence about who's on the other side of the transaction. I have today already in my real life, both online and in person, lots of identifiers, and what's good about that is it allows me to segment and compartmentalize my life so that I can only share this much information with this organization and this much information over there.
A single identifier will allow somebody to see everywhere that I've gone across the Internet. The service that we have with the Government of Canada is that the thing you originally asked for was a service that had a single identifier. You wanted an MBUN service, a meaningless but unique number that I could use across government, and when we looked at this we said this is a terrible idea because you're going to create a surveillance network. You're going to be able to see everywhere: they went to the beer store, the doctor, the beer store, the doctor, the tax department. You could have followed me everywhere. I don't want this thing. We designed triple-blind privacy to solve that problem. It's not about getting to a single identifier. In government, the service we built actually gives you a plurality of identifiers.
When I go to each government department, I have a unique identifier that I only use there and that's a better scheme because my relationship is contextual. I don't have a global view of my data. I have very contextualized, compartmentalized view of my life and I want it to stay that way. I don't want a big honey pot somewhere. Giving people the tools and the capabilities to do this is important.
I just want to pick up on Mr. Anthony's comments for a moment, though. The passport is not an authentication document. We use it for identity to prove that you're in the government's book of names. Let me just share something that's really important when you get to identity. When you are asking who somebody is, you're asking two questions that have to be answered at the same time. The first question is: Does such a person named Andre Boysen exist? The government, without dispute, is the author of that record and has domain over that record.
The second question has to be answered concurrently: Is he Andre Boysen? If you can't answer those two questions at the same time, you can't do a good job. Awesome authentication that's really strong but you don't know who it is, it's not that helpful. You have to be able to bind it to who did it. If you can combine it with self-interest, then the users will do the right thing when they lose access to the credential, which means the crook gets shut down. An identity is three components and they need to be kept separate.
