MS gains blanket strong crypto licence for NZ govt agencies

Microsoft has won a blanket licence from the US government to supply strong encryption products to all New Zealand government agencies. The clearance is a coup for Microsoft - and may speed the introduction of secure, private electronic services from government departments. The broad availability of the technology to encrypt personal information may also could also help meet concerns raised yesterday in a report from the Commissioner of State Services.

Microsoft has won a blanket licence from the US government to supply strong encryption products to all New Zealand government agencies.

The clearance, which was sought as part of projects being mounted by The Department of Inland Revenue and Treasury, is a coup for Microsoft - and may speed the introduction of secure, private electronic services from government departments.

The broad availability of the technology to encrypt personal information may also could also help meet concerns raised in a new report from the Commissioner of State Services this week, which was commissioned to investigate the sale of personal information by staff at Inland Revenue and Work and Income.

The report concluded that although there was no widespread culture of improper use of personal information in the public sector, there was a need to improve the general security of that information.

Microsoft's licence covers three products - Exchange Server, Internet Explorer 4 and 5 and Microsoft's server-gated cryptography, which is already being used by the ASB and New Zealand other financial institutions.

Server-gated crypto was created around the US government's decision to allow export of strong encryption for financial transactions

"Then they had to decide how that could be delivered," says Microsoft New Zealand's technical marketing manager Craig Dewar. "What they did was to say that if you were a financial institution, you could apply to get a special digital certificate from a company like Verisign that actually signed you as being someone who could do these types of transactions.

"What our software does is when the browser connects to the server, it's allowed to switch on strong encryption if it sees one of these certificates at the back end. So what that means, say, for IRD, they're building this application they want strong encryption for, they can develop the application and get it all going, just with 40-bit encryption, and then switch it to 128-bit by putting this certificate into their back end. That will work with either Netscape's browser or ours. Technically, it's quite an elegant approach."

Dewar says the software won't of itself fix privacy issues at government agencies.

"What it does allow them to do is offer electronic service to citizens in a way that is secure and protects the privacy of those citizens. They can build systems that live within the spirit of what they're discussing in [the State Services Commissioner's report]. It's a technology tool they can use to help deliver it, but it doesn't fix their process problems."

Although the original export licence application was for IRD and Treasury projects, Dfewar says Microsoft got "a bit cheeky" and asked for and was granted a blanket licence. Other agencies may now follow.

"In the past, if something was really difficult for the department to do, that might have put them off. Now that it's been done in such a way that all departments can participate, there may be a few projects kicking around that were just looking a bit hard before and that they might now take another look at."

Join the newsletter!

Error: Please check your email address.
Show Comments
[]