Welfare agency Centrelink has decided to make an internally developed smart card and ID authentication protocol freely available to external organisations.
Dubbed the Protocol for Lightweight Authentication of Identity (PLAID) smart card authentication, the protocol will firstly be used in conjunction with Centrelink ID cards to secure staff access to buildings and IT systems. The agency has around 26,000 employees.
In a statement, Human Services Minister Joe Ludwig claimed existing technology in this field had been "at risk of breach by hackers", but PLAID would prevent the cracking of authentication systems and foil smart card cloning, at Centrelink and other groups.
"The idea is that commercial operators will build on PLAID by developing security software and hardware for other organisations to purchase and use," he said. "Centrelink will save money buying an ID authentication system, rather than building and maintaining a system in-house."
The Federal Government's GovDex site claims in an overview of the project that PLAID was "cryptographically stronger, faster and more private, than most or all equivalent protocols currently available either commercially or via existing standards".
The terms of the licence under which the technology is distributed specifies that its intellectual property rights remain the Federal Government, but the government grants users a perpetual, irrevocable, worldwide, non-exclusive, royalty free and no-charge licence to use, reproduce, communicate, sub-licence, incorporate into other products and distribute PLAID and its source code, subject to the inclusion of a copyright statement.
Please explain to me why is the Australian government, in this case Centerlink of all agencies, is wasting tax payers money on developing secure authentication protocols for contactless smartcards- I mean is this really their job??? Why do they think they should be doing this??? Firstly, it is the role of private sector and IT industry to provide such solutions to meet the requirements of clients such as the government. It is inappropriate of government agencies such as Centerlink to think they can make up protocols, and then ask industry to implement in their products and adopt them as a standard so they can say it�s a COTS solution. Who do they think they are? They have no understanding of the commercial realities of vendors who provide these solutions. No mention of who is actually going to implement this protocol to provide the return on the investment made by the tax payer, and which they have decided to give away for free! Secondly, I would like to know what the actual requirements were, and the justification they have for approving the funding and developing of such technology. I don�t believe Centerlink has any reason what so ever to be developing smartcards with the level of security they are suggesting. Even the Defence Department does not have this type of technology, but at least they would have a justification. Even if there were really requirements for such a secure protocol for contactless smartcards, then there s a number of other far more superior and suitable agencies who have greater mandate and resources to research and develop this solution, namely CSIRO, DSTO, or one of the many CRCs and universities. ...just another example of agencies with not enough accountability overstepping the mark of responsibility