Will digital signature buy draw any bidders?

The General Services Administration might have customers in hand for its digital
signature project, but the Access Certificates for Electronic Services project is a
procurement looking for contractors.


Nearly a month after GSA issued the ACES request for proposals (see story, Page 14),
few big-name vendors seem interested in vying for the project to create a governmentwide
digital certificate service. At a recent preproposal conference, several vendors—even
some big companies such as Electronic Data Systems Corp.—said they were looking to be
subcontractors, not the prime contractor.


At the conference last month in Washington, GSA officials said the Social Security
Administration has agreed to use ACES for its Personal Earnings and Benefit Estimate
Statements online program. SSA has been looking for a way to relaunch the online
initiative. It pulled the pilot program off its Web site in the spring of 1997 after
privacy advocates argued that it would be too easy for someone to access another
person’s financial data.


SAA “is counting on us coming up with a viable, affordable alternative,” said
Judith A. Spencer, ACES program manager and director of GSA’s Center for
Governmentwide Security. GSA has also received letters of intent from GSA itself and the
Treasury Department. The Education Department also has said it will use ACES for a planned
student Internet services project.


Despite the letters, there are serious questions about whether ACES can be a viable,
affordable alternative, vendors said. “This is a cart with two wheels,” said
Edward J. Appel, vice president of government sales for CertCo Inc. of New York. “It
will roll, but to work it’s going to need something.”


Compared to the draft RFP issued earlier this year, “they do have a better concept
of what they’re looking for. Whether anybody is prepared to deliver that is a
question,” said Patricia N. Edfors, director of government operations for GTE
Cybertrust of Needham Heights, Mass.


A significant issue is liability. GSA officials opened the conference announcing that
liability was not going to be addressed at all. Instead GSA will deal with it in an
amendment to the RFP later this month, said Melanie H. Lewis, contracting officer for
GSA’s Office of Information Security.


“That really is the big issue,” said Edfors, who until last year was the
security champion for the Government Information Technology Services Board and chairwoman
of its Public-Key Infrastructure Steering Committee.


“The liability associated with this is serious,” she said, because vendors
are assuming some of the responsibility of having a citizen’s digital signature.
Vendors are not seeking to avoid liability, but they want to share it, she said.


There are also important questions about how citizen certificate data would be
maintained. Although the contract specifies that ACES vendors will maintain the
information, vendors at the conference questioned whether Privacy Act requirements would
therefore extend to ACES vendors.


Another concern is the ACES business model and whether a vendor can turn a profit on
the project. The RFP guarantees only a $25,000 return, and vendors said they would lose
money on the contract over the short term. Vendors estimated it would cost $1 billion to
implement the digital certificate service.


G. Martin Wagner, associate administrator of GSA’s Office of Governmentwide
Policy, said there is an aggressive race to be the second to develop a public-key
infrastructure. The steep costs will be borne by the company that develops the first PKI,
he said. The next one is ostensibly free, Wagner said.


Answering vendors’ questions will likely result in GSA delaying the Feb. 19
deadline for proposals, Lewis said.


Despite their criticisms, vendors also lauded GSA. “My hat’s off to them for
trying,” Appel said, because the ACES team is dealing with complicated issues. 



inside gcn

  • network

    6 growing threats to network security

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group