Editorial

Paving the way

Thomas R. Temin

I nominate the Social Security Administration to be the first agency to use the Access Certificates for Electronic Services contract recently awarded by the General Services Administration.

GSA is explicit about the intent of ACES: to provide low-cost digital certificates to secure agency-to-citizen transactions. Low cost means a per-certificate price approaching that of a postage stamp [GCN, Sept. 27, Page 6].
''
So why SSA?
''
I hate to dredge it up again, but the debacle surrounding SSA's attempt to distribute Personal Earnings and Benefits Estimate Statements via the Web has taken on the status of legend.

'Remember PEBES' is the refrain heard whenever an agency proposes or even considers making personal data available online. Although SSA required users to supply five personal identifiers, the agency drew criticism because people such as ex-spouses and employees might also know someone's qualifying information, such as the maiden name of the individual's mother. Ultimately, SSA pulled the plug on the PEBES pilot.

But ACES, if it lives up to its promise, ought to remove user authentication from the list of major obstacles to interactive online transactions.

Longer-term, but equally promising, is research the Army is doing on whether biometrics could replace passwords for system access within the service [GCN, Sept. 27, Page 1]. No technical reason prevents biometrics from being used.

But the Army will need robust databases to store images such as fingerprints or iris scans. More daunting is the lack of installed biometric peripherals and people's discomfort over seeming to be fingerprinted or eye-scanned at each access attempt.

Programs such as ACES and the biometrics R&D effort demonstrate the government's drive to keep up with private-sector technology use, provide interactive online services and protect access to federal data.

Online self-service should be the goal of every agency seeking better and cheaper delivery of services. Federal policies and technology have been removing potential stumbling blocks. The availability of tools such as those offered through ACES will clear another one.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above