First published: 04th March 2003
A bill that will have a significant impact on the development of the knowledge-based economy is quietly passing through the Legislative Council.
The bill aims to encourage taxpayers to file tax returns through the Electronic Services Delivery Scheme. It may come as a surprise, therefore, to those who see it as a worthy move that Hong Kong's professional information technology (IT) bodies are opposing it. The bill goes by the snappy name of the Inland Revenue (Amendment) (No 2) Bill 2001, and the IT bodies are right to oppose it because, although its aim is good, it will have an effect opposite to the one desired.
An electronic signature can replace a handwritten signature. A digital signature is one type of electronic signature defined in the Electronic Transactions Ordinance. It is valid in Hong Kong when supported by a digital certificate from a certification authority, such as Hongkong Post (who call their digital certificates e-Cert).
Since January 2001, citizens have been able to submit their tax returns electronically by using their digital signatures. Unfortunately, few have applied for an e-Cert, and fewer use them. People are discouraged by such issues as the lack of user-friendliness, the need to renew the e-Cert every year, and the application fee.
The amendment aims to provide an easier way to submit tax returns by allowing the use of a six-digit password as an electronic signature. But passwords are weak. A six-digit number can only have one million different values - a small number to today's computers. People often mismanage their passwords: they write them down, or choose an "obvious" password, or use the same password more than once.
There is no such thing as a perfect security system. Each must be evaluated in terms of the risks involved. The worst-case scenario here is that an attacker could submit an invalid tax return for a victim. There would be no tangible benefit to the attacker, so minimal security is required, and the proposed system provides that.
The amendment does not propose an isolated system, but one that will affect the adoption of e-government and e-commerce throughout Hong Kong. It will be detrimental to the promotion of e-government, e-commerce law, promotion of IT usage, the competitiveness of Hong Kong and bridging the digital divide.
This password scheme will make it easier to submit a tax return, but when you want to use another e-government service you will need to register for that service and choose a different password. Passwords will make e-government services more accessible, but they will damage overall progress. The commercial sector will, to some extent, follow the government's lead, so allowing a password as a signature for tax returns will encourage companies to use similar methods.
The IRD amendment also sets the precedent that a "shared secret" can be used for non-repudiation. A "shared secret" is a code known by both the authorised user and a third party. Non-repudiation means that it is not possible to later claim that the signature was invalid. This makes no sense: a number known to both the taxpayer and the IRD when attached to a tax return cannot "prove" that the taxpayer intended to make that tax return.
In the context of a tax return, it does not matter much. In a social context, the precedent is dangerous: lazy system designers can use it to justify bad designs and judges could be persuaded by arguments based on it.
The IRD amendment will not help promote IT usage or bridge the digital divide. Promotion of IT usage is not an end in itself. The intention must be to leverage IT to achieve other improvements.
We should not lead IT users into the dead-end of password overload. Many technologies could be used as electronic signatures. An evaluation must be made on the merits of the technology, and we should promote the best available. Today, this is digital signatures.
The amendment will hurt the competitiveness of Hong Kong. Digital signatures are difficult to understand, but their benefits are seen as more parties are dealt with. You can use a digital signature to sign a document and the recipient can use the certificate to prove who signed it. Digital signatures enable an electronic marketplace by enabling trading between parties. A population that understands digital signatures can enter the global electronic marketplace faster and more smoothly.
The government is also contradicting it own advice and that of the United Nations. During the Public Comment period on the Electronic Transactions Ordinance (ETO) in late 1999, the Information Technology and Broadcasting Bureau said digital signatures were preferable to passwords or PINs because they were "the only technically mature technology that provides the security service of ensuring integrity and non-repudiation in an open network environment".
The ETO allowed the use of other technologies when they became more mature, but there have been no advances in password security. Quite the opposite, passwords are increasingly seen as a weak link in security.
The United Nations Commission on International Trade Law has set out guidelines for electronic signatures to be considered reliable. The IRD's proposal fails to meet those guidelines.
The ETO is a good piece of legislation, but there has been a failure in following it up with effective promotion of digital signatures. This bill only addresses the symptoms, but not the root cause of the problem. The Smart ID gives the government a second chance in making e-Cert work in Hong Kong.
Allan Dyer is president of the Association of Anti Virus Asia Researchers and chief consultant of Yui Kee Computing