On Sat 09 Jun, Robert Shiels wrote:
> Assume for a moment that I'm using lynx on Linux, and I want to send the
> government my tax return securely. What are the security implications, can
> it actually be done. I don't want to go off half-cocked and complain about
> something when I don't fully understand why the alternative is better.
>
> Could someone explain it to me, and give me an address to send my complaint
> to, and I'll definitely do it.
As someone else has pointed out, this derived from a Linuxuser article at
http://www.linuxuser.co.uk/articles/issue11/gateway.html
This points out that most Government IT is now contracted out and this is
so far as I am aware correct. Most departments appear to have *no*
professional computing staff.
(Some months ago I converted a Court Guide prepared by a judge into HTML.
The intention was that this should be put on the Court Service site.
Unfortunately Court Service had had its site "redesigned" -- white text
on a purple background, etc -- and so the 39 files needed to be topped
and tailed with their standard templates. When I suggested that this
would not take even me more than an hour to do with Perl I was told
by the Court Service IT department "We use DreamWeaver, we have no
need for Perl." The Guide -- complete with meta tags on each page saying
<meta name="author" content="The Court Service Publications Branch"> --
appeared on the CS site about 6 weeks later.)
One of the main outside companies used by Departments is EDS. So far as
certificates are concerned, at a meeting I went to a week or so ago the
chairman, who is employed by another "legal" government department, handed
round a message to him from a colleague saying that all contact with
outsiders would require the use of digital certificates. The message was
accompanied by a Paper which gave the impression of being written by someone
in the department. In fact it was a topped and tailed copy of a paper
written by one of the certificate suppliers, Entrust, on PKI (public key
infrastructure?)
http://www.entrust.com/resourcecenter/descriptions/152.htm
Unsurprisingly it claims that digital certificates are essential.
I note that the whole idea of PKI has been questioned:
http://www.counterpane.com/pki-risks.html
Another series of Articles from the Register show that EDS in NZ have
dropped the idea in relation to their Revenue. If it is not essential there
presumably it is not essential here. See the three links at the end of
http://www.theregister.co.uk/content/4/19340.html
But how one persuades the civil service of that I don't know.
Roger H
--
Roger Horne, 11 New Square, Lincoln's Inn, London WC2A 3QB
mailto:[EMAIL PROTECTED]
http:www.hrothgar.co.uk/