• on Feb 25th, 2013 in Ideas Worth Exploring | 18 comments

    The U.S. Postal Service is a key player in a year-long trial of a unique public-private partnership effort that would let citizens securely and voluntarily sign up for online services at multiple agencies using a number of different digital identities. The user would then use whichever password and identity is most convenient – whether the identities are issued by the government or a private company – to log in across multiple government agencies. As the most trusted government agency, and with a 200-year history of security and privacy in delivering mail, the Administration tapped the Postal Service to manage the technology behind the Federal Cloud Credentialing Exchange (FCCX) pilot project. The Postal Service would be taking on a digital version of its role in the physical world, delivering sealed packets of identity data securely between government agencies and identity providers. Press reports on the pilot project suggest that if it is successful, people might one day be able to change an address online by logging into the Postal Service website with the same passcode or smart card that they use to file taxes with the IRS and buy books on Amazon. But to start, the Postal Service is expected to begin working with suppliers to try the service on test customers, ID providers, and government offices. The FCCX will not store any personal data and will be designed to prevent agency personnel and other participants from tracking citizens’ activity across agencies. This effort represents the Postal Service’s first move into supporting federal e-government services, a move it is well-positioned to make. It also could serve as a template for providing other online services that promote security, privacy, and certification. Recent reports of hacking by foreign entities into the data centers of major news organizations and corporations have again reminded consumers of how vulnerable their online data can be. While many of us prefer the convenience of online bill paying, shopping, and communicating, concerns are growing about the threat this poses to privacy and security. How can the Postal Service transfer its trusted role in the physical world to a role in facilitating commerce and e-government services in the digital world? What opportunities might the Postal Service have in providing solutions to these online security and privacy concerns?

  • on May 29th, 2012 in Strategy & Public Policy | 1 comment
    When online, how do you know who you’re really communicating with? Does that affect your shopping or banking habits? Do you know people who don’t use the Internet much because they are afraid of identity theft? The latest statistics from a Pew Research Center study demonstrate the pull of the Internet: •80 percent of Americans are users, whether through personal computer, tablet, or smartphone; •many of those users do not conduct any kind of commerce; •30 percent have not made a purchase online; •and 40 percent do not bank online. Would a more secure approach to online identity raise those figures? The Office of Inspector General’s new paper Digital Identity: Opportunities for the Postal Service examines the world of digital identity as well as many existing digital authentication solutions, including pilot projects, and potential roles for the Postal Service in the digital identity ecosystem. The paper posits that there is a need for a trusted and neutral body to identify, authenticate, and certify users in a straightforward manner that reduces sign-up friction and maintains privacy with very clear, concise, and enforceable policy guidelines. The Postal Service, given its national presence, physical infrastructure, and history of protecting privacy, could operate in a number of roles: •As a Trusted Third Party Online – The Postal Service could verify individual or business addresses (with permission from each user) for other organizations to facilitate eCommerce or other online transactions. •As an Identity Provider – The Postal Service could offer its own digital identity service, an opt-in service verifying attributes of consumers, businesses and organizations. •Providing in-Person Verification Services – The Postal Service could expand the work it already does for passports and offer in-person verification of mailing addresses through its network of post offices and postal carriers. What do you think? Is there a role for the Postal Service in digital identity? Share your thoughts below!
  • on Aug 1st, 2011 in Ideas Worth Exploring | 7 comments
    In December 2009, the Universal Postal Union (UPU) obtained exclusive rights to the “.post” top-level domain for the postal community from the Internet Corporation for Assigned Names and Numbers. The .post domain joins existing prominent top level domains (such as .com, .edu, and .org), along with recent additions (such as .museum, .biz, and .aero.) The .post domain is intended to provide a secure space for members of the postal community to develop and deploy digital products and services. The .post domain is expected to be available for use by private postal operators, regulators, suppliers, vendors, trade unions, and trade associations. By linking well-established national networks, the UPU hopes .post will allow postal operators and customers to reap the benefits of a global physical/digital network that permits postal service providers and end users to connect quickly and securely to other end users around the world. The .post domain could be an appropriate platform for a variety of services. Common suggestions include: a global track and trace system linking the existing systems of the posts; the creation of an accessible database holding a universal and global addressing system; and a feature allowing consumers to decide whether to have an item delivered to a physical address or an electronic address. One approach, at the core of the OIG Risk Analysis Research Center's (RARC) digital strategy paper, Expanding the Postal Platform, would be to give every postal customer an e-mail address and digital ID. The .post top level domain could be a platform to support implementation of this strategy. The development of the .post top level domain raises a number of interesting questions: •Should the U.S. Postal Service use .post as a platform for offering digital services? •What are the advantages and disadvantages of using the .post domain, rather than .com or .gov? •Are there potential applications for .post that the postal media has not addressed? •Would .post improve the Postal Service brand by helping differentiate the Postal Service from other services in the digital space? •Does the choice of domain name affect the quality of service provided or the effectiveness of marketing such services? Let us know what you think! This blog is hosted by the OIG’s Risk Analysis Research Center.