NPR's biggest obstacle to IT
- By Heather Harreld
- Sep 07, 1997
The government's inability to ensure the security and privacy of information exchanged electronically between individuals and the government is "the single biggest problem in delivering on the promises" of the National Performance Review according to the program's deputy director Greg Woods.
Although many security experts agree that the technology now exists to secure transactions between the public and the federal government politics have hampered a solution. Law enforcement agencies the information technology industry and privacy advocates have been unable to agree on how to structure a system of digital signatures that would guarantee the identity of the sender of an electronic transmission and verify that the message has not been altered.
"The major issue is pure fear of calling anything a national ID card " which liberals and conservatives oppose as giving too much power to the government said John Pescatore senior consultant with security software vendor Trusted Information Systems Inc. "The easy way [to use passwords] is not secure enough the harder way involves a card you're going to give every citizen. Anyone who touches [the issue] gets electrocuted and shrivels up and dies."
Agencies are in the midst of many pilot projects testing various digital signature schemes. But Santosh Chokhani a consultant and member of a federal advisory committee on security said he is not sure agencies "fully understand and appreciate" the importance of having a public-key infrastructure which is the framework for using digital signatures. "A public-key infrastructure isn't in place and there is a lack of understanding on the part of the NPR and the agencies on how to achieve it."
Woods said public-key cryptography is not the whole answer however. Instead he said government officials need to develop a "hierarchical view of service delivery" applying different technologies - such as smart cards or a Personal Identification Number system - where different levels of security are needed."The whole thing ought to be based on choice. Whatever level the public ought to be able to opt in at the level they think is appropriate " Woods said.
Agencies meanwhile are proceeding cautiously particularly when it comes to Internet transactions. Last year the Internal Revenue Service killed a project called Cyberfile which would have allowed the filing of tax returns by modem or the Internet in part because the project came under fire for not including sophisticated security safeguards. And this past spring the Social Security Administration unplugged a World Wide Web service that provided individuals with their Personal Earnings and Benefit Estimate Statement because of public complaints that the service did not adequately protect unauthorized access.
"There's been a natural reluctance of many agencies to use Internet services for legitimate security and privacy reasons " said Ray Wilburn the re-invention coordinator at the Department of Veterans Affairs. "It's [a question of] just how soon will we be comfortable and how soon will the public and the Congress accept that type of [electronic] access?"