Who's Hiding Behind that PC?
s agencies increasingly use the Internet to offer services and provide personalized information, they face a new challenge: How to ensure that the person at the other end of the transaction is who he or she claims to be. Or to paraphrase that often-cited New Yorker cartoon showing a dog sitting at a PC: "The nice thing about the Internet is that no one knows you're a dog."
Let me betray a strong bias at the outset. The real potential power of the World Wide Web is in its use to deliver services. Users can do real work from their PCs; they're not just one-way outlets for delivering general information like television sets. To realize this potential, agencies must develop truly interactive systems that allow people to get information about themselves and/or submit sometimes sensitive data. As the Social Security Administration learned from its painful experience with public electronic access to the Personal Benefits and Earnings Estimate Statement (See "Ideas for Better Service Worth the Risk," July 1997), two things are required to transmit sensitive data:
- The agency must reasonably ensure (note the use of the word "reasonably") that the person to whom sensitive information is disclosed is authorized to receive it.
- The public must be confident that using the new technology does not jeopardize personal rights.
Several models can make this work. Each agency could issue its own certificate. Remember when you had to have a separate credit account with every store in town? This is costly to the service provider, which must set up the entire validation infrastructure, and a real nuisance to the consumer who may have only occasional transactions with an agency. A popular option is to use third parties as certification and authentication authorities, much like the large credit card systems for Visa and MasterCard. Organizations such as banks, telecommunications companies and even the U.S. Postal Service already have infrastructure in place that would make this a logical adjunct to their current business.
The third-party model could use a single authority or a multiple-provider model. Imagine the power of a certificate authority if you had only one ID card and the authority knew every time you engaged in an electronic transaction.
Breaking New Ground
To address the operational need, several agencies have jumped into the fray. Most prominent is ACES (Access Certificates for Electronic Services), a General Services Administration effort to set up a series of contracts with certificate authorities that all federal agencies could use. The consumer probably would not pay for the ID, but the agencies would pay each time they asked for authentication. A key aspect of ACES is multiple certificate authorities, and an individual could have multiple IDs or digital signatures. GSA officials understand that their agency is breaking new ground and, to their credit, have been consulting with interested parties to ensure they fully understand the policy consequences. GSA plans to release a request for proposals in the fall.
The Next Step
Given the turmoil and uncertainty of electronic access and authentication, what is a manager to do?
- Keep pushing the envelope. The public expects and deserves a government that is more accessible, and electronic service delivery is a critical component of a more accessible government.
- Set up reasonable safeguards. Protect personal privacy and consult with your constituencies to ensure they are comfortable with what you are doing. There are no absolutely secure systems. Safeguards need to be commensurate with the risk and consequent harm of someone's misusing the system. A public that understands the opportunities and risks will be a supportive partner in your endeavor.
- Offer choices. Not everyone will have the necessary access to or feel comfortable with using electronic access and digital signatures. Do not inadvertently disenfranchise or disadvantage those who prefer another way of doing business with you. And give customers the choice of having multiple signatures.
- Honor anonymity. Not every transaction requires you to know who is asking. A request for a form, for example, should not entail identity verification or any tracking. The existence of identity verification technology does not give you license to demand an electronic strip search of everyone who visits your agency Web site.