SSA testing digital certificates

The Social Security Administration has taken another step forward in its efforts to make wage reporting easy and electronic for the nation's 6.5 million employers.

SSA this month began testing a new software application from Digital Signature Trust Co. (DST) that enables employers to sign electronically the wage reporting forms -- W-2s and W-3s -- they file with the agency. This pilot project builds on a program tested last year that allows employers to file the forms online using a personal identification number and password.

The new application, called SimpleSign, uses digital certificates to bind the employer's identity to the file uploaded to SSA, said Keren Cummins, DST vice president of government services. The certificates store a user's authentication and authorization information, and any attempt to alter the data in a file after it leaves the employer's control automatically triggers an electronic query of whether the certificate is valid. If it isn't, the file will not be accepted, Cummins said.

"This is like a numeric fingerprint," she said. SimpleSign, which DST announced Jan. 7, creates "not just a higher measure of authentication for the document employers are sending [to SSA], but also higher measure of protection for the document."

Even though the PIN-and-password system provides a high level of security, SSA decided to try digital certificates in order to re-assure employers still squeamish about online transactions.

"We're trying to encourage [even] those people to report to us electronically," said Marti Eckert, a computer specialist in SSA's Office of Electronic Services. "This new service allows a data file to be signed prior to sending it to us, and allows us when we receive it to verify that nothing happened to the file along the way.... We didn't do that as part of our pilot last year."

The digital certificates that SimpleSign relies on are provided through the General Services Administration's Access Certificates for Electronic Services (ACES) contract, designed to provide public-key infrastructure products and services to agencies doing business with the public. DST holds an ACES contract, as do AT&T and Operational Research Consultants Inc.

In addition to testing the popularity of digital certificates among employers filing wage data, SSA also has mounted a pilot program in which it will accept the digital certificates issued by Washington state, said Chuck Liptz, SSA management analyst.

The pilot program is designed to investigate the interoperability of the certificates -- whether one government agency, state or federal, can accept security certificates issued by another agency, Liptz said. SSA is accepting the Washington digital certificates during the tax-filing season, which runs until April 1.

"Everyone talks about interoperability, so we wanted to see for ourselves whether it works as easily as the vendors have said it would," Liptz said.

Washington officials began issuing digital certificates late last year to businesses and individuals conducting frequent Web transactions with state agencies.


  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.