Linux users cry fail over ATO AUSKey compatibility

The Australian Taxation Office is pushing the AUSkey public key infrastructure (PKI) for secure data exchange when submitting tax returns, but Linux users say they have again been left out in the cold.

AUSkey is federal government’s attempt at single sign-on authentication across a range of business and government online services and the ATO has started using it this month.

With AUSkey people no longer need different usernames and passwords for each government agency they have to deal with as one AUSkey “will work for all”.

In the case of tax returns, people can continue to use an ATO digital certificate until it expires – or it is cancelled – and then they will be forced to use an AUSkey. AUSkeys do not expire provided they are used at least once every year.

According to the ATO, it will “no longer issue new ATO digital certificates and renewal and replacement facilities will be switched off. However, you can continue to use your ATO digital certificate until it expires or is cancelled.”

The ATO's Electronic Commerce Interface (ECI) client software uses the common-use signing interface (CSI) for digital certificates which can be either an AUSkey or ATO digital certificate.

The ECI client is available for Windows and Mac OS X from

According to the Department of Innovation, Industry, Science and Research, which runs the portal, using the CSI with unsupported operating systems or browsers “is not guaranteed to work reliably or at all”.

Although unsupported, the necessary files for the installation of the CSI on Linux are available from the ATO’s PKI server at:

However, the compatibility problems Linux users face don’t end with an unsupported CSI. With the introduction of AUSkey, some Linux users are now reporting failures.

Donna Benjamin, director of Melbourne-based open source consulting firm Creative Contingencies, said the forced introduction of AUSkey has resulted in the CSI client not working as it did with the digital certificate.

“For a good long while now I've been happily submitting BAS statements online using Linux/Firefox through the ATO Business Portal thanks to some jiggery pokery on the Mac version of the CSI app,” Benjamin said.

“I went to submit my recent BAS only to discover a new message... along the lines of ‘Computer says No’ go get an AUSkey.”

Benjamin said despite claims it is a standards-based Web application, it is “not all that standard after all”.

“I managed to get registered for AUSkey with no problems whatsoever, but when it came time to download it and activate I met with our dear old friend Mr Fail,” she said.

The following error message was then displayed: “Your browser is unsupported and may not work with the AUSkey plugin. Your operating system is not supported by the AUSkey plugin. A list of supported operating systems can be found in the AUSkey FAQs.”

“So whilst in theory it's a standards-based Web implementation, in practice it's a Web implementation that rejects a free and open source (FOSS) browser and FOSS operating system,” Benjamin said.

Ironically, the CSI client for Linux uses open source encryption software from the Cryptix Project.

“As I understand it, the current system of ATO digital certificates and CSI will be phased out. I'm prepared to acknowledge the ATO does not have the resources to provide technical support for every combination of OS and browser, but I am not prepared to accept that they are not obligated to have a system that we can access.”

Creative Contingencies IT director Peter Lieverdink, said the AUSkey is distributed as a Windows and Mac OS X client, but right now neither will work with Linux.

“I have run the installer on Mac OS X and Windows and on Windows it installs the Java files somewhere in “Program Files”,” Lieverdink said. “It also installs a browser plug-in wrapper (for IE and Firefox) on Windows with DLLs. So they won’t run on Linux.”

On a Mac, Lieverdink said AUSkey installs Java files which can be copied to Linux, but when he pointed Firefox to the AUSkey portal it returned an error saying the browser is not supported.

“I am 99 per cent confident they [CSI] are the same files on Mac OS X and Linux. AUSkey is either doing an operating system check or something else,” he said. “I even tried to set the browser user agent to ‘lie’ that I was using Mac OS X with both Firefox 3.5 and Safari and both didn’t work.”

Creative Contingencies renewed its CSI digital certificate earlier this year, which Benjamin said is set to last two years. With the introduction of AUSkey in around 24 months there will be no more digital certificate users.

“AUSkey is completely different software so it won’t work unless the current CSI for Linux includes AUSkey and to reverse engineer it is illegal,” Lieverdink said.

“At the end of the day the Web has a wonderful solution to this called a browser certificate and I see no technical reason not to use browser certificates. ID authentication can also be done over the Web.”

Benjamin, an Open Source Industry Australia (OSIA) member, said accounting and tax is one of the friction points for small businesses using open source software and that is the “bigger picture” problem.

“This is actually holding back the open source industry in Australia. If software is browser-based it should be standards-based,” she said.

The ATO did not respond for requests to comment.

Copyright © 2010 IDG Communications, Inc.

8 simple ways to clean data with Excel
Shop Tech Products at Amazon