It has been a slow week for news from the CRTC, so I happened to take a little extra time reading the notice at the top of “Today’s Releases” on the Commission website:
The Government of Canada is replacing Access Key with two new cyber authentication programs: Sign-In Partners and GCKey. After September 22nd, 2012, Access Key will no longer available and users will have to register with one of the two new cyber authentication programs. Visit Cyber Authentication Renewal Initiative Frequently Asked Questions for additional information.
On that page, I thought I would read about a new federal initiative for cyber authentication. Of course, one might think that such an initiative would be part of an overall national digital strategy, but we have written extensively about the embarrassingly long delays in getting that consultation completed.
What I found was somewhat surprising.
“[T]he Government of Canada is leveraging these investments made by financial institutions for secure online environments.” In other words, it appears that the government is going to outsource its online authentication to the banks, starting initially with TD, BMO and Scotia.
For users of SecureKey Concierge, the identity of the financial institution will not be shared with the Government of Canada. Similarly, no information about the government service being accessed by the user will be shared with the user’s bank.
Apparently, the banks will not be charging a fee to users – “this is part of the service your bank offers its customers.”
It has some genuine appeal. After all, there are all sorts of “Know Your Customer” rules in place for the banks which have required bank employees to verify that the person standing in front of them is really the person they claim to be. The banks have zillions of pre-screened online banking users. In effect, the government’s SecureKey Concierge program is catching a free ride on the back of bank investments in personal authentication. It isn’t a bad idea, but it is yet another tactical move made without a clear statement of a cohesive digital strategy.
I just hope your online banking password is really, really secure.