Digital Gov

Privacy, security and one login to rule them all?

"One ring to rule them all" - Frodo Baggins looking at the ring of Sauron.

Trust, privacy and security were at the center of a panel discussion Thursday at the U.S. Digital Services’ DigitalGov Citizen Services Summit.

“We can build all the beautiful digital services that we want, but if people don’t trust them, they’re not going to use them,” said the Transportation Department’s Chief Data Officer Dan Morgan.

Could commercial credentials and a new attitude toward privacy be the keys to future success?

The use of “sensitive information” could enable government to provide “amazing” new levels of service, said NIST privacy engineer Sean Brooks, but citizen concerns about privacy – “big brother” tracking them – necessitate a careful balance.

The sheer weight of logins is taxing, too.

The General Services Administration’s Jennifer Kerber lamented the pain of creating unique usernames and passwords for each government service online.

“What if I had the opportunity to bring a credential I trust to the government?” she queried.

It’s exactly what she and her GSA colleagues are working to create with, a service that allows users to connect with government using private credentials they already have and trust, such as through Google or PayPal.

Agencies don’t track which particular credential is provided, nor do they track the digital exhaust so often used for marketing purposes, Kerber said. They simply know the person’s identity has been verified by a trusted third party, saving users hassle and government money.

It’s still in the early stages and only a handful of agencies are integrating the service, but it holds potential.

“If you’re a consumer, you don’t care [about technicalities],” Kerber said. “You want convenience and you want trust.”

NIST’s Brooks said privacy, security and the ways agencies and people talk about them all need an overhaul.

“If I could eliminate the word creepy from all future conversations about privacy I would,” he said, noting that the word is often used in privacy/security conversation, but it doesn’t address the real problems and challenges.

When it comes to credentials and digital services, “privacy, security, interoperability and user friendliness,” should be the guiding principles, all considered and built into digital services from the ground up, Brooks said.

Both Brooks and Kerber noted that the “5,000-word privacy statement that makes the lawyers happy” is not a good model for the future of digital services – organizations need to shoulder responsibility for privacy and security, rather than shunting it onto users’ backs.

In pursuit of better practices, Brooks noted, NIST will be  releasing a draft privacy engineering document for public comment “soon.”

He said he hopes to get input from the people currently getting their hands dirty in the field: “People who are actually trying to build stuff and do things.”

About the Author

Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.

Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.

Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.

Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.


Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.