Feds test PKI promise for privacy
Agencies are conducting dozens of experiments involving publickey infrastructure to assure the privacy of egovernment
For electronic government to work, federal IT managers know they must assure
the public that business conducted over the Internet can be kept private.
More than a dozen agencies are working to solve that privacy problem,
said John Dyer, senior adviser to the Social Security Administration commissioner.
The most promising answer so far, he said, is PKI — public-key infrastructure.
PKI enables individuals to encode messages and transmit them so that
only the proper recipient can receive and decode them.
"Several dozen" PKI pilot projects and experiments are under way in
agencies ranging from the Social Security Administration and the Defense
Department to the Federal Aviation Administration, Dyer told members of
the Armed Forces Communications and Electronics Association Nov. 20.
About a half-dozen agencies already routinely use PKI to transmit data
securely, he said. The Federal Deposit Insurance Corp., for example, encrypts
data it transmits to its employees, and the Patent and Trademark Office
encrypts correspondence with attorneys.
PKI also is being adopted outside government by banks, hospitals and
insurance companies, he said.
While initial successes are encouraging, the plethora of different PKI
systems being developed is likely to create a whole new set of compatibility
problems.
"The technology itself is straightforward," Dyer said, but getting different
systems to work together is not.
The key concern confronting agency information technology managers is
how to adopt PKI so that individuals do not need a separate key for each
agency or department within agencies that they deal with.
To solve that problem, several agencies are attempting to develop "an
operational bridge" that will make different PKI systems work together,
he said. Such a bridge could be ready later this year or early next year,
Dyer said.
NEXT STORY: GAO reports on IRS lapses