FEDERAL CONTRACT LAW
Davis bill would give IT czar carrots, but no stick
Joseph J. Petrillo
Barely five years after the demise of the Brooks Act, Rep. Tom Davis (R-Va.) has proposed a statute to govern federal information technology, HR 5024.
Given Davis' background in the computer industry'he was a vice president at Litton PRC Inc.'and his Northern Virginia constituency, this bill deserves serious consideration.
HR 5024 would appoint a federal computer czar, a chief information officer for the entire federal government. This official would report directly to the president. As envisioned by Davis, this person is supposed to assume leadership over agency IT use.CIO would bypass OMB
The bill seeks to establish the governmentwide CIO as a new focal point for IT policy, bypassing the Office of Management and Budget's Office of Information and Regulatory Affairs, where this responsibility now resides.
Under the Davis bill, the federal CIO would develop and implement uniform policies for the management of information resources.
These duties would include the collection of information from the public and dissemination of information to it. The governmentwide CIO is supposed to make these processes more efficient by promulgating common standards for information collection, storage, processing and communication, including standards for security, interconnectivity and interoperability.
Not only that, the CIO would need to figure out how to archive information kept in electronic format, which is rapidly overtaking the volume of information on paper.
This is a tall order.
But there's even more. The governmentwide CIO would have the additional pressure of an Oct. 1, 2003, deadline to ensure that when practicable, agencies provide for electronic filings and disclosures in lieu of paper, including, as the bill states, 'the use and acceptance of electronic signatures.'
The CIO would also be asked to jump-start a stalled initiative supposedly mandated by the IT Management Reform Act, namely the use of performance metrics to assess systems costs, benefits and risks.
ITMRA's framers intended that these metrics would be key factors in managing IT resources and justifying new investments.
The federal CIO would also take over as chairman of the CIO Council. The governmentwide CIO could call on the council for assistance with duties, such as developing common performance measures for agency IT activities.
A special concern of the CIO would be governmentwide information security and privacy concerns. The bill would set up an Office of Information Security and Technical Protection, under the federal CIO's authority, to handle these issues. This new office would even get a nifty acronym, INSTEP.
It is tempting to compare this bill with the Brooks Act, which the passage of ITMRA in 1996 specifically repealed. The now-legendary Brooks Act also had sought centralized control of federal IT. Its method was to vest the IT procurement function in the General Services Administration.
Experienced agency program managers remember well the dreaded delegations of procurement authority.
The Davis bill borrows the Brooks Act definition of IT, right down to the old Warner Amendment exemption for military mission-critical systems.
But the difference between the two is the matter of enforcement. The Brooks Act gave the GSA administrator exclusive authority over IT procurement. Although this power was rarely used and GSA delegated the authority to the agencies, the administrator could stop any procurement dead in its tracks by revoking a DPA.All bark
The new governmentwide CIO would have the power to make regulations and procedures, but enforcement appears to be only hortatory. If an agency refuses to do its part, the bill says the CIO should ask the OMB director to cut that agency's IT budget. But HR 5024 gives the final word on enforcement to OMB, not the IT czar.
This is a major shortcoming of the Davis bill. It would give the new IT chief enormous responsibility, but very little power to make things happen.Joseph J. Petrillo is an attorney with the Washington law firm of Petrillo & Powell. E-mail him at email@example.com.