GPEA is a giant step toward hassle-free government
The passage of the Government Paperwork Elimination Act means that major changes are in
the wind for federal information technology.
Despite a lack of fanfare, this legislation promises to be as significant as the Brooks
Act of 1965, the Paperwork Reduction Act of 1980 and its 1995 amendments, or the
Information Technology Management and Reform Act of 1996.
From the point of view of citizens, GPEA is far more significant; it is a milestone
toward what the National Partnership for Reinventing Government calls hassle-free
government. Previous acts changed how government conducted its internal business, but GPEA
will transform how federal agencies deal with the public.
Taking advantage of this falls rush to recess and re-election, a number of
forwarding-thinking members of Congress set an aggressive IT agenda for agencies. Based on
electronic commerce legislation originally proposed by Rep. Anna Eshoo (D-Calif.), the
GPEA was sponsored by Sen. Spencer Abraham (R-Mich.) and incorporated into S 442, the
Internet Tax Freedom Act. The House added S 442 as an amendment to HR 4328, its omnibus
appropriations bill, and passed it on Oct. 20. HR 4328 was signed soon after by President
Clinton, making GPEA the law of the land.
GPEA sets ambitious deadlines for online application submissions for federal programs
and benefits. It further requires the federal government to set standards for and then use
electronic signatures for forms submitted online.
The act contains privacy provisions designed to protect the personal information of
people using electronic signatures.
It requires the Office of Management and Budget, in consultation with the National
Telecommunications and Information Administration, the private sector and state
governments, to set procedures within 18 months for use and acceptance of electronic
signatures by federal agencies. The act also gives OMB the same amount of time to develop
procedures to permit private employers to store, and to file electronically with federal
agencies, forms pertaining to their employees.
Federal agencies will in five years be required to accept those electronic submissions
except when they are impractical or inappropriate.
If recent history is any indication, these deadlines will be difficult to meet.
Although GPEA and its congressional authors made a point of using technologically
neutral language, public-key and private-key encryption is seen as the likely route to
secure documents and signatures.
For the past two decades, the National Institute of Standards and Technology, sister
agency to NTIA, has had the governmentwide lead on security standards.
However, the nearby National Security Agency has outspent NIST to the point that the
Defense agency has dominated federal digital signature standards. Commercial and
international enterprises have objected to DODs insistence on weak algorithms and
back-door keys to permit law enforcement agencies to unlock encrypted messages.
The designation of strong encryption as nonexportable munitions, plus two decades of
bureaucratic bickering, have stifled electronic commerce and hobbled federal-sector use of
the technology. OMB is therefore unlikely to accomplish in 18 months what NIST has not
been able to do in 18 years.
NTIA, also part of the Department of Commerce, assigns radio spectrum and handles other
telecommunications concerns. NTIA would seem a strange choice for this new task, as it has
had little visible activity in digital signature technology. Although NTIA is in Colorado,
far from NSAs Fort Meade, Md., headquarters and the Pentagon, its naive to
think the geographical distance will prevent DOD from applying its considerable resources
to shape NTIAs recommendations.
On the other hand, Denver is experiencing a major boom in high technology, so perhaps
GPEA advocates expect NTIA to favor commercial interests over those of Defense. This may
be true initially, but given the clout of DOD relative to Commerce, Defense will prevail
unless Congress intervenes.
So OMB has lots of regulations to write, and agencies will have to comply with
themall against a backdrop of uncertainty over how to handle electronic records in
the first place.
This just begins to describe the implications of GPEA. The privacy implications rival
those of the Privacy Act of 1974. More on this to come.
Walter R. Houser, who has more than two decades of experience in federal
information management, is webmaster for a Cabinet agency. His own Web home page is at http://www.cpcug.org/user/houser.