Letters to the Editor
PC switch not certified for secret files
The article 'One card is key to many nets' contained two technical inaccuracies [GCN, Feb. 21, Page 36
First, the National Security Agency did not certify the Voltaire 2in1 PC for use with secret-level networks. An evaluation was conducted by a private laboratory under the NSA's Trust Technology Assessment Program, a commercial evaluation program supporting the National Information Assurance Partnership.
The evaluation validated that the product provided a single PC the ability to securely access two physically separate networks. The product was not certified to handle classified information.
Second, the product was not evaluated against the International Common Criteria, International Standards Organization 15408. This standard specifies a common language for consumers to convey their information technology security requirements to product developers and common evaluation criteria to assess what the developers have produced.
For more information about either NIAP or the International Common Criteria, visit the NIAP Web site, at niap.nist.gov/cc-scheme
.Judith EmmelChief of public and media affairs for the Central Security Service
National Security Agency
Fort Meade, Md.International exchanges require caution
In reply to 'International IT initiatives hold lessons for feds' by Francis A. McDonough and Martha A. Dorris [GCN, March 20, Page 26
]: I agree that the United States can learn valuable lessons from observing the way other countries address some of the public-policy issues raised by new information technologies.
However, it is important to recognize that a country's experience with new technologies takes place within legal and cultural contexts that may be markedly different from what prevails in other parts of the world.
In the column, the authors applaud France's and the Netherlands' centralized approach to data collection, noting that such an approach can reduce the burden on government and citizens. They suggest that the United States could benefit from a similar approach despite the obvious privacy concerns.
Unlike the United States, where states sometimes sell information from driver's license files to bulk mailing houses, the European Union has had strict electronic privacy regulations since 1972.
There, unauthorized release of personal data is a criminal matter. Without similar legislation here, I doubt most Americans would approve of more centralization despite its perceived efficiencies.
The authors also suggest that other countries can learn from the U.S. experience of making government more accessible to the people and making the benefits of business innovation more available to the government.
To this end, they recommend that the United States 'sponsor a conference to teach other nations how to streamline their procurement processes' along the U.S. model. Streamlining has clearly introduced new efficiencies, but it has also made the process less transparent, and in some cases it has reduced competition.
The risk of introducing U.S.-style streamlining into the procurement systems of other nations is that it might well reduce the opportunities for U.S. companies to compete in those markets. It also runs counter to the U.S. position in trade negotiations that increasing the transparency of foreign procurements is the best way to reduce high-level graft and local favoritism.
To avoid unintended consequences, we must consider the context before transplanting our reforms to other markets.Karen D. PowellPartner
Petrillo & Powell
WashingtonGCN welcomes letters to the editor. Letters should be typed double-spaced and must include name, address, telephone number and signature of the author. Send to: Letters to the Editor, Government Computer News, Suite 300, 8601 Georgia Ave., Silver Spring, Md. 20910.