Agencies face winding road to EC, digital signatures

If Rep. Anna Eshoo (D-Calif.) has her way, federal agencies are in for a major
change in lifestyle. Eshoo represents Silicon Valley in more ways than one. Her bill, the
Electronic Commerce Enhancement Act, HR 2991, mandates electronic forms and digital
signatures for applications and communications with federal agencies.


For harried information technology managers, passage of the bill would be a mixed
blessing. True, we would get a charter to implement modern technology over the objections
of conservative program officials. But we would also get a lot more work for our shrinking
staffs—just as we’re beginning to deal with the magnitude of the year 2000
problem.


Eshoo’s bill has passed the House with bipartisan support. The Senate version also
has strong support on both sides of the aisle. Industry and the Clinton administration
have endorsed it. Unless something squirrelly happens, the bill should be on the
president’s desk early this fall.


Recently, the Senate Commerce Committee held a hearing on its version of the Eshoo
bill, S 2107, the Government Paperwork Elimination Act. No witness raised any
insurmountable objections. Sen. Ron Wyden (D-Ore.), a co-sponsor of S 2107, challenged the
administration’s concern that the timetable for the bill would place undo strain on
federal IT managers trying to cope with the 2000 problem.


He argued that the two efforts complement one another—a position that mystifies
me. Implementing electronic forms can only draw resources away from meeting the 2000
deadline.


The bill gives the Commerce Department a year to identify a Digital Signature Standard
agencies can use. Sen. Spencer Abraham (R-Mich.) criticized the federal government for
impeding the growth of digital signatures. Abraham needs to tread lightly here because
federal resistance to commercial standards was a policy begun under Republican
administrations.


The Defense Department and the FBI strongly oppose the use of encryption methods they
can’t easily crack.


The bill also requires that, no later than 36 months after enactment, each federal
agency make its forms available electronically and accept electronic submissions from the
public.


The forms must be available for electronic submission, when necessary, using DSS. And
they must be available on a Web site controlled by the federal government. I presume that
this provision is to ensure that personal information remains under the control of federal
agencies, not private sector companies that offer the forms in return for data on
citizens.


The electronic forms must mirror their paper counterparts. When citizens submit a form,
it is to be “acknowledged upon receipt by an agency through prompt issuance of an
electronic receipt.” To comply, agencies will need to ask people to include


e-mail addresses on their forms. Because the Office of Management and Budget requires
agencies to get approval before obtaining data from citizens, you can expect that agencies
will have to get all new forms approved by OMB.


The bill further specifies that “forms shall be available for electronic storage
by employers that are required by law to collect, store or file paper versions of forms
completed by employees.”


Forms also must be available for downloading and printing.


This simple requirement also presents problems. Some agencies are known to use
proprietary formats they buy at attractive rates—formats for which citizens wanting
to use electronic forms would need to buy readers.


Citizens will properly resent having to purchase proprietary software and will complain
to Congress. So Eshoo should have Commerce establish forms standards, too.


The Social Security Administration’s experience with privacy and online data
suggests that the next three years will be difficult ones. Many agencies are reluctant to
even make electronic versions of their forms available, much less accept electronic input
from the public.


We’ll need to stick with dual-track data flows as we wrestle with new and
unfamiliar technology. We’ll need to modify legacy systems to accept the new input
and build a new infrastructure to certify digital signatures.


Given the complexity of the task, agencies must push hard if they hope to meet this
aggressive timetable. Some will be eager to do this, but others may not even try. Most
will muddle through as best they can.


Eshoo, Abraham and Wyden will have plenty of grist for their oversight hearings. n


Walter R. Houser, who has more than two decades of experience in federal information
management, is webmaster for a Cabinet agency. His own Web home page is at http://www.cpcug.org/user/houser.


Walter R. Houser, who has more than two decades of experience in federal
information management, is webmaster for a Cabinet agency. His own Web home page is at http://www.cpcug.org/user/houser.
 

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above