HSPD-12 card opens door for digital signatures

The Government Paperwork Elimination Act (GPEA) may have been one of those laws that came too early. The 1998 legislation called for agencies to do many things to eliminate how much paper they process, including using electronic signatures.Although few agencies instituted electronic signatures, departments are laying the foundation for not only electronic signatures, but digital signatures using public key infrastructure technology through the implementation of Homeland Security Presidential Directive 12.Electronic signatures serve as a legally-binding counterpart to handwritten signatures when it comes to electronic documents. Digital signatures, on the other hand, provide additional security measures, making it possible to authenticate the identity of the person applying the signature and to ensure that no one has tampered with the data.Judy Spencer, chairwoman of the Federal Identity Credentialing Committee in the General Services Administration, said every agency she has talked with is adding all four digital credentials on the HSPD-12 card despite being required only to have one.HSPD-12 requires the Personal Identity Verification credential and leaves three others as optional — digital signature, key management and card management.And because they are doing that, GPEA, along with about five other governmentwide security mandates, the widespread use of digital signatures is not far off, she said.“With GPEA, the problem has been that PKI is so hard so few agencies, but ones like DOD, actually implemented, it,” Spencer said today at a conference on ID management in Washington sponsored by the Information Technology Association of America. “With HSPD-12, agencies are recognizing the potential of the card and the credentials and they realize if they don’t put all four credentials on the card now, they may kick themselves later.”Spencer added that the cost to put four credentials on the card is nearly the same for one.“There is no excuse not to use digital signatures because everyone will have a card in their pocket,” she said.Spencer also said the HSPD-12 Executive Steering Committee is reconvening the architecture working group to address four or five new issues, including interagency information interoperability and recommendations for how to ensure interoperability between federal cards and state, local, business and international cards.The sharing of information between agencies centers on the standards of back-end attribute exchange. The exchange will define the data that agencies will share when federal employees can visit other departments.“We want to keep the information exchanged as minimal as possible to create the trust model,” she said. “Agencies may need an interagency agreement.”The working group initially developed consensus around card issuance standards for areas such as the data exchange between the identity management system and the enrollment station.Spencer said these governance issues are among the steering committee’s highest priority.