Rep. SSA in PEBES spat
Rep. Jim Bunning (R-Ken.) chairman of the House Ways and Means Committee's Subcommittee on Social Security and John Callahan the acting commissioner of the Social Security Administration have squared off over the security of SSA's new service to provide Internet access to benefits information.
In a Sept. 5 letter to Callahan Bunning wrote that he was "not convinced that the [SSA] has reached a safe balance between user privacy and easy access to records."
In a Sept. 10 letter Callahan fired back "Your point regarding achievement of a balance between user privacy and access was the focus of the six national forums the SSA held over the past few months." Callahan said more than 70 experts and members of the public proposed options and solutions that were considered. Bunning has yet to schedule any hearings about SSA's online service.
In April SSA was forced to close its online access to the Personal Earnings and Benefit Estimate Statement service in which people could use the Internet to access their earnings history as well as their current and estimated future Social Security cash benefits. News reports indicated that anyone who knew basic information about someone else could access that person's private earnings records.
Under the new system SSA will remove earnings and tax information on the site. Also the new system requires the user to give detailed personal information. The new PEBES is scheduled to go online by the end of the year.
House passes security act
The House last week passed a bill designed to provide strong guidance to agencies on computer security and to encourage agencies to use commercial security tools.
The Computer Security Enhancement Act of 1997 which would revamp the 10-year-old Computer Security Act taps the National Institute of Standards and Technology as the lead agency for information security. It also requires NIST to promote the use of commercial off-the-shelf security products.
The bill also enhances the role of the independent Computer System Security and Privacy Advisory Board in NIST's decision-making proc-ess. The board made of representatives from industry and agencies will help NIST develop standards and guidelines for federal systems.
New encryption deadline set
NIST last week set a June 1998 deadline for the submission of new encryption standards that will replace the aging Data Encryption Standard.
DES is the required federal standard for the protection of all encrypted data that is characterized as sensitive but unclassified.
NIST began the search to replace the 20-year-old DES in January.
According to a NIST statement the agency wants a replacement standard with a strength equal to or better than Triple DES or three operations of the 56-bit DES.
In the event that more than one algorithm is received that officials determine is significantly better NIST may consider recommending more than one standard.