“Ask Once” Policy for Canadian Digital Government

To: Marc Brouillard, Chief Technology Officer of Canada
From: Jeremy Ney, Sr Associate at Harvard Digital Government

Subject: “Ask Once” Policy for Digitization of Government Services
Date: September 14, 2020

Issue: The Canadian Government has the opportunity to move the country towards seamless digital public services. Should the government prioritize and implement an “Ask Once” policy?

Interests and Priorities:

Serve Citizens Seamlessly — The Canadian Government’s Policy on Service and Digital says that the country has an obligation to advance the delivery of services and effectiveness of government whenever possible. “Ask Once” would allow allowing the Canadian Government to collect and integrate citizen data across federal departments and databases. Accordingly, the Canadian Government has:

• A national interest in strengthening Canada’s place in North America
• A very important interest in creating stable and dependable IT systems
• A very important interest in delivering government services to its citizenry

Background and Analysis:

Security is our key risk. As Singapore has shown, concentrating data leaves governments vulnerable to hacks on centralized institutions. While limiting interoperability and data sharing may curtail government services, it ensures ring fencing that protects data in the event of a breach.

Service delivery is our key opportunity. Nevertheless, several other countries have been able to mitigate these risks. Specifically, Netherlands and Estonia’s e-Governance policy and X-Road has been highly effective in delivering services while ensuring that each agency holds onto its own data, thereby mitigating concentration risk.

Criteria:

• Keep Costs Down — Digital transformations are costly in the short-term but may cut costs in the long term. The UK government has announced £3.56 billion in savings over 3 years, but data is sparse on the costs of such efforts. Canada will need to either hire new staff internally or contract externally with an IT business.
• Save Time — Any policy change should create net-net time savings solutions for both government and citizens alike. While any IT investment will cost time and resources, there must be time saved on the back-end.
• Promote System Security — Privacy and security will be critical to maintain. Citizens and officials must trust in their government and its services, otherwise our social contract breaks down.

Options:

1Absolute Access for All (AAA) — The AAA approach will focus on mass interoperability across all government agencies. This approach will include (a) an identification mechanism and (b) a data sharing mechanism that will allow agencies to share all pieces of information on a single citizen.

• Pro: AAA aligns with Canada’s Digital Charter, which was announced in May 2019. The 10 Principles of Canada’s Digital Charter call not only for universal access, but also a level playing field that does not exclude any agency, business, or consumer from this mandate.
• Con: Absolute access comes with absolute risks. Naeha Rashid put it best in her 2020 article, “These risks stem from the fact that [once-only-policy] gives governments the ability to stitch together sensitive information about an individual and conclusively link it to a single profile, thus making users permanently visible to and trackable by the government.”

2 Ask Occasionally — Integrating all of Canada’s 178 Federal agencies will be an incredibly time consuming and expensive venture. Accordingly, the Canadian Government can concentrate its digitization efforts on just a few agencies to improve interoperability.

• Pro: This is more similar to the UK model. In a global Accenture survey, only 51% of respondents said they would increase their use of government services if they became digital and only 22% of UK respondents say they access digital government services. Accordingly, the Canadian Government can concentrate its digitization efforts on just a few agencies to improve interoperability.
• Con: Canada may hamstring its efforts to create a government platform by selectively including and excluding certain agencies. Moreover, this may create more confusion and frustration amongst citizens if they cannot make sense of why some government services are included in the data-sharing agreements while others are excluded.

3 Invest in Cybersecurity First — Despite the possible time and cost savings that Ask Once may provide, the Canadian Government may not be able to promote sufficient security measures at this time. The Canadian Government would thus be better off investing in cybersecurity practices now to ensure sufficient standards at all our agencies and only afterwards can we move towards an Ask Once policy.

• Pro: An 800 page report from Conservative MP Dean Allison indicates that the Canadian Government already cannot handle digital citizen information and mishandled personal information for 144,000 citizens from 2018–2020.
• Con: Advanced Persistent Threats (APTs) and nation state hackers will often find a way with enough time and energy. The Canadian Government has already done a strong job of implementing ISO-27001:2013 and ITSG-33 and thus we should trust our cyber systems. The 2018 budget committed $507M to cybersecurity.

Recommendation:

Absolute Access for All — the Canadian Government has strong cybersecurity measures, has a government mandate to accomplish this work, and has strong rule of law that will ensure privacy. Canadians need better access to digital services, and this is the best path forward.

Implementation Timeline:

Richard Pope: “A Working Definition of Government as a Platform,” Medium, July 29, 2019