projects to test the use of cryptography in electronic communications between agencies and citizens. Agencies such as SSA, IRS, and the Department of Education will participate. Citizens participating in the pilot tests will use a personal computer or government kiosk and the Internet to access Social Security information, file income tax forms, orin time apply for a student loan.
In the pilot studies, the U.S. Postal Service (USPS) will be responsible for issuing the digital signatures that will identify users through the use of tokens. It will develop an infrastructure for assigning and maintaining the critical ''certificates" that are needed for proper authentication.17 Many believe that the USPS is a natural candidate for such a responsibility because of its vast network of postal offices and operations that are aimed specifically at providing individual and business services. Furthermore, the USPS is a "trusted" organization that has the backing of legislation to perform its duties, as well as a mature oversight framework.
In addition to the citizen-to-government interactions described above, there is a complete spectrum of cryptographic methods used throughout the government for internal communication and processing purposes. The Treasury Department has long used cryptographic methods for the authentication, integrity, and confidentiality of financial transactions. The Department of Energy has also been a long-time user and developer of cryptographic methods, which are employed to safeguard nuclear control systems, among other things. A number of nondefense agencies have begun to adopt Fortezza PCMCIA cards (described in Chapter 5), including the Departments of Commerce, Justice, Energy, State, and Treasury, as well as the National Aeronautics and Space Administration, the IRS, and the Coast Guard. The broad-based use of this system among civilian agencies is as yet uncertain.18
The effort to make the federal government more efficient often increases the need for and difficulty of protecting copyrighted, private, and proprietary information. For example, improving federal services to citizens by providing them electronically requires more sharing of information and resources among agencies and between federal agencies and state or local agencies. Increased sharing of information requires interagency coordination of privacy and security policies to ensure uniformly adequate protection. During a time of tight federal budgets, information security managers in federal agencies increasingly must compete for resources and support to implement the needed safeguards properly. Agencies must look for the least expensive way to ensure security, and the cost of some encryption systems currently is prohibitive for some civilian agencies.
17 Government Computer News, November 13, 1995.
18 "Fortezza Faces Uncertain Future," Federal Computer Week, November 13, 1995, p. 12.