Feds test PKI promise for privacy

For electronic government to work, federal IT managers know they must assure

the public that business conducted over the Internet can be kept private.

More than a dozen agencies are working to solve that privacy problem,

said John Dyer, senior adviser to the Social Security Administration commissioner.

The most promising answer so far, he said, is PKI — public-key infrastructure.

PKI enables individuals to encode messages and transmit them so that

only the proper recipient can receive and decode them.

"Several dozen" PKI pilot projects and experiments are under way in

agencies ranging from the Social Security Administration and the Defense

Department to the Federal Aviation Administration, Dyer told members of

the Armed Forces Communications and Electronics Association Nov. 20.

About a half-dozen agencies already routinely use PKI to transmit data

securely, he said. The Federal Deposit Insurance Corp., for example, encrypts

data it transmits to its employees, and the Patent and Trademark Office

encrypts correspondence with attorneys.

PKI also is being adopted outside government by banks, hospitals and

insurance companies, he said.

While initial successes are encouraging, the plethora of different PKI

systems being developed is likely to create a whole new set of compatibility

problems.

"The technology itself is straightforward," Dyer said, but getting different

systems to work together is not.

The key concern confronting agency information technology managers is

how to adopt PKI so that individuals do not need a separate key for each

agency or department within agencies that they deal with.

To solve that problem, several agencies are attempting to develop "an

operational bridge" that will make different PKI systems work together,

he said. Such a bridge could be ready later this year or early next year,

Dyer said.