No risk, no gain

What if they had a procurement and nobody came?

To some extent, that is what is happening at the General Services Administration. It is
trying to launch a national digital certificate project, Access Certificates for
Electronic Services. No vendors are clamoring to bid on ACES even though GSA has made many
revisions to its request for proposals. The haggling dates back nearly a year. The need
for a uniform approach to digital signatures in the government dates back far longer than

Vendors consider ACES risky for many reasons. Would-be bidders said they would prefer
signing on as subcontractors rather than leading a team.

In uncharted waters, such as a national digital certificate service, it’s easy to
see why vendors don’t want to lead with their chins. With ACES, the usual financial
risks, as GSA has acknowledged, are compounded by the liability exposure of vendors
holding citizens’ digital keys.

The result? GSA has had to stall ACES again as it tries to craft an RFP someone will
bid on.

Worse, though, is that vital services agencies want to do online also are on hold.
Notable among these is the Personal Earnings and Benefits Estimates Statements program.
The Social Security Administration urgently wants to issue PEBES online. SSA’s last
attempt fell victim to privacy concerns—some say hysteria—even though the
authentication factors required of a citizen to get a PEBES online matched those of
getting one conventionally. For political, if not technical, acceptance, online services
require encryption such as ACES would supply.

ACES is what the government needs, but vendors have valid objections. Let’s hope
the companies forcing GSA officials to jump through hoops to get the RFP right will reward
the agency with bids.

Thomas R. Temin
[email protected]


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.