Economic Infrastructure, the digital economy and the future of our cities
The Australia Government is committed to building world class infrastructure to improve the competitiveness of our businesses and quality of life in Australia’s cities and regions. Our priorities for advanced infrastructure include modern, safe and efficient freight and passenger transport networks, a high speed National Broadband Network, and reliable water and energy infrastructure. World class broadband infrastructure alone could add $20 billion to the Australian economy each year according to some estimates. Modern infrastructure is critical to reducing costs for business and building the platforms for future economic growth.
The Australia 2020 Summit will examine ways to:
- Boost public and private investment in economic infrastructure
- Improve planning and coordination of infrastructure investment across different levels of government and the public and private sectors (including maximising the most efficient future design of our cities)
- Ensure that digital technologies are harnessed to improve consumer services, business productivity and the delivery of government services.
Use this online forum to contribute your ideas to the Summit.
Printer friendly version
Comments
More Public Transport Needed
Man does this annoy me, we’ve got a rail line running through our suburb that is never used, while I spend almost an hour getting into the city in the bus every morning because the traffic is so bad. When are we going to stop listening to the petrol companies and start looking after our own people and invest in public transport.
Private cars need to by systematically removed from the roads, they are clogging up our transport system and polluting our planet. But you can only remove cars if the public transport alternatives are available. Some capital cities are heading in the right direction, but Sydney is a complete basket case!
Public Transport is a complicated process
I have experienced most forms of transport in Sydney - I've caught buses, trains on several different lines and sat in my car in horrific traffic conditions regularly. I think an improvement in the quality of public transport services in Sydney will only occur if we stop looking at it as a "City Rail" or "Sydney Buses" or "RTA" issue.
For example, the new bus lanes on Epping Road. Bus lanes are a great solution to getting public transport users to work on time - but only if there are enough buses to accomodate the number of people. There are not. Therefore, drivers think to themselves "why would I leave my car at home when it might take me half the morning to get on a bus?" Sure, it might be cheaper, but some would prefer to pay extra money if it means they won't be stranded at a bus stop for half an hour, only to watch multiple buses pass them because they are full.
Another example is reducing Epping Road to one car lane because the Lane Cove Tunnel is now available to use. People can't understand what is so wrong with having two functional roads working with drivers not against? Wouldn't it be handy to have a spare route if one is closed for some reason? Can you imagine the chaos if there is an accident in the tunnel in peak hour and all traffic diverts onto the single car lane Epping Road? Shudder.
If we want to improve Sydney's transport issue we have to look at it from a wider perspective. Modifying train timetables, purchasing new environmentally friendly buses and proposing new routes that will take years to come to fruition are not going to fix the problem on their own.
Some thoughts on the digital economy
In recent years, Australia has fallen behind other OECD countries in the development of the digital economy. In part this is due to delays in broadband implementation but better use of existing technologies such as smartcards could also improve productivity. In this connection, the following suggestions are put forward for consideration.
It is important to define the objectives in advance.
While this may seem obvious, there is an evident tendency on the part of many technologists to propose a solution first and then to look for problems to fit it.
As a first step in settling a list of objectives, priorities among the following list could be established:
Some of these objectives could only be met through adoption of smartcard technology.
The range of possible applications to fulfil these purposes could include use of a card to establish eligibility for welfare benefits and for banking and other financial services. In addition, the card could be engineered to facilitate electronic authentication through a Public Key Infrastructure system so as to access online services and to replace various existing cards. It could also be used in a variety of circumstances to mitigate risk. Within technical limits, applications can be designed to accommodate whatever policy choices are made.
From the cardholder's perspective, the advantages on offer would lie in multiple applications and a possible reduction in the number of cards currently carried. To address privacy concerns, measures could be taken to make some applications optional and to design effective privacy protection into the card. A growing consumer concern about online security issues provides some indication that the pressures for improvements to security will continue to grow. Certainly, law enforcement and security agencies are seeing a rapid growth in high-tech crime, a good proportion of which is based off-shore
Applications need to be developed consistently with Privacy Principles
Smartcards have been adopted in other countries that have privacy laws at least as comprehensive as those in Australia and there is no privacy reason why they should not also be adopted here. The information that would need to be collected depends on the objectives of any particular scheme. It may also be appropriate to develop procedural rules to ensure that privacy principles are observed, and even that privacy protection is enhanced, in the use of any particular card. In this connection, a range of options is available. In Hong Kong, for example, a privacy code has been developed by the Privacy Commissioner under the authority of privacy legislation. That code allows a merchant to require the production of a card for a major transaction but not for minor ones such as video rental.
Particular measures that might be considered in designing a privacy enhancing card include:
Fleshing out smartcard benefits
Peter Ford's thoughts about smartcards are refreshing. He embraces technology, grounding it in real objectives and without descending into techno babble. I think it's fair to say that many of our economic and societal challenges will only be resolved with the correct application of certain technologies, and so it's tragic that information technology has got such a bad name, typified by the objection that so many IT solutions are simply looking for problems. Because when it comes to safety and security in the digital economy, not all information technologies are equal. It is high time that we took a critical look at the technologies that will work to safeguard identity and privacy, and move to reject those that have reached their use by dates.
As Peter Ford says, we need to be clear up front about priorities and objectives, some of which he says might "only be met through adoption of smartcard technology". I agree, and I'd like to expand on Peter's account, to join the dots between objectives and solutions. It is important that we appreciate just what it is about "smart" cards that sets them apart from other options. We seem to be awash with competing security technologies, and in a "technology neutral" environment it is too often the case that we are led to ignore technology details.
The pivotal thing about smartcards -- what makes them "smart" -- is that they can tell what's going on around them. They can be programmed to respond dynamically to varying circumstances, so as to protect the interests of their owners, their issuers, and other stakeholders. They can detect what they're being used for, what sort of terminal equipment they're connected to, what their recent pattern of use has been, and so on.
Peter's list follows in bold, with my annotations in blue:
* Provide access to specific government services Certain new services -- especially electronic health functions -- raise the bar quite dramatically in respect of safety and security. ID theft is booming in financial services but it is relatively easy to recover monetary losses. On the other hand, the stakes are much higher when it comes to healthcare. If my medical records are breached, I may never recover my privacy. So when we start to make widespread use of Unique Health Identifiers, there is no room for error. These will require more robust protection against ID theft than anything in use today.
Moreover, we really have to do something to stop phishing and pharming. It is bad enough that today there is no dependable way to tell if you are at a genuine banking site or not, but in future when we are routinely consulting doctors online, visiting social security sites and electronic health record services, self managing superannuation, conducting electronic conveyancing etc., we will need much higher levels of safety against fake websites. More on that below.
* Provide greater security in internet banking and ...
* Promote electronic commerce. The scourges of phishing and pharming (i.e. fake websites, as opposed to fake emails, that dupe people into divulging their personal details) continue to inhibit e-commerce and internet banking. In particular, they have prevented full and proper use of e-mail for communications; governments and banks alike tell their customers not to trust e-mails. But if we want to, for example, reduce the tens of millions of letters sent out by government agencies every year, then we need to restore confidence in e-mail and other online technologies, like IM and VOIP. In this context, smartcards are important because they provide "mutual authentication": they can tell, on the user's behalf, if a website or an email is genuine, by checking all the complex buried security codes, a detailed task simply beyond the capacity of even expert human users.
Indeed, the power of smartcards in this regard is recognised by the US Federal Government which reckons that smartcards with PKI are “the only practical solution today” to combat account hijacking, eavesdropping, Man-in-the-Middle attack etc. (Reference: Electronic Authentication in the U.S.Federal Government, http://asia-pkiforum.org/feb_tokyo/NIST_Burr.pdf).
* Combat fraud on the revenue. Consider card-not-present (CNP) fraud, now the most prevalent form of credit card fraud. Paradoxically the risk is ballooning because consumers have become more comfortable using their cards online, and in the process are divulging more and more personal details which now are being used against them by cyber criminals.
CNP fraud amounted to $40 million in Australia last year, represents the biggest slice of payment card fraud, and is up 46% on the previous year (see www.apca.com.au). The raw materials for CNP fraud –- credit card details including “CCV” numbers and personal data –- is being stolen on a massive scale, aggregated and traded on international cyber crime bulletin boards. Current strategies to deal with CNP fraud requires merchants to ask their customers for increasing amounts of personal detail to try and establish ownership of the credit card.
Collecting more card holder details in an effort to curtail CNP fraud only makes cyber crime easier. It’s like trying to put out a fire with gasoline! But smartcards could reverse this trend, if they were used to safeguard bona fide personal financial details to prevent theft and replay.
* Assist citizens and residents to establish their identity for general purposes should they wish to use a card for that purpose and ...* Assure governments and business of the identity of individuals. The combination of Anti-Money Laundering regulations plus the business imperative for more flexible online financial services (including purely electronic account origination for banks with no physicial branches) produces obvious challenges. When a customer seeks to present their bona fides electronically, agencies and institutions relying on those details require much greater assurance than is available using traditional technologies. Smartcards can protect the pedigree of personal data. Moreover, they can encapsulate personal data in fine grain chunks, so that users only let out what relying parties need to know. Their data can be protected against theft and replay. And smartcards provide the added benefit that they can tell if the receiving party is for real, to protect the card holder against Man-in-the-Middle and similar scams.
As Peter Ford stressed, the use of smartcards to protect one's identity information must remain optional. Users must be allowed to reach their own conclusions as to the relative merits safeguarding their privacy on paper, or online, using tools like smartcards that can act on their behalf, and are no more difficult to comprehend than SIM cards.
Hopefully that hasn't been too arduous a technology lesson! It does seem necessary to me that the discourse over security and information infrastructure be taken one or two levels deeper in terms of what these technologies actually do.
If the digital economy is as important as we think it is, then surely people participating in it deserve uniform, long term, dependable and truly effective means to protect themselves. We take physical security seriously in the real world -- we lock up our homes, our cars, our offices and our garden sheds. But online we have yet to treat security as seriously, so we continue to fumble around with thoroughly antiquated password methods, and institutions still experiment with a bewildering array of two factor authentication gadgets, which at best are only stop-gap measures, and at worst are just toys, ineffective against phishing and ID theft.
My vision is that governments and industry work together to build the sort of shared robust long term infrastructure, based on smart technologies that actively safeguard the interests of their users, enabling all of us to properly participate in the digital economy, without the constant fear of crime and fraud that comes from the historically ad hoc approach to safety online.
Stephen Wilson
www.lockstep.com.au
-------------------
Lockstep Consulting provides independent specialist advice and analysis
on authentication, PKI and smartcards. Lockstep Technologies develops
unique new smart ID solutions that safeguard identity and privacy.
Small business and creating technology ignored by Summit
Having just had my knee operated on last week I spent a good deal of my weekend looking in at the summit on ABC2. It was clearly a wonderful exchange of ideas amongst a well informed and diverse group of people.
The medical book (as in facebook) idea to share medical information with those who you choose was a clever twist on a proven idea that could solve the problem of the universal medical record that is consuming millions of dollars around the world.
It was not so much an event to create new ideas (they don't seem to come when requested) but rather a powerful way to sift and sort the best ideas to help create a longer term agenda. I think this was acheived and will prove a substantial challenge for the Liberal Party in the coming few years.
Nelson did hit on the obvious weakness in the selection of summtteers. In the entire broadcast I did not hear one single speaker raise issues impacting small business. The Productivity stream often spoke of business issues and on business but it was either educators, researchers or big business and they were as was specifically identified in their idea only thinking of the "top 100" businesses in Australia!
Small business (<200 employees) will provide the majority of new jobs and will be the core innovators in the next decade. Yet when i scanned the invitation list I did not see one single small business peer I knew from Victoria. All the people I knew were academics, consultants to government or big business or the arts. It is clear the Rudd Government (who I support in many of their objectives) is much more comfortable dealing with big institutions, big unions and big business. This contradicts what many of the best thinkers are saying is going to drive the next couple of decades.
Russell Yardley
proposal to ease longterm rental for public housing
To eliviate the chronic housing shortage in Australia I propose a system where public investments is tied to public realestate, where industries and companies who flote a share issue on the stockmarket are required to invest a fixed percentage of the raised capital into realestate for public rental purposes. ownership is retained as part of their assetts and maintaind to be available for public rental on longterm leases.This could be handled through real estate agents in competition with the private speculative rental housing market, at the same time the negative gearing concept should be reviewd and public rental tied to the CPI index.