• on Oct 18th, 2013 in Strategy & Public Policy | 1 comment

    Last month, the U.S. Postal Service awarded the contract for a pilot program for a cloud-based identity management system called the Federal Cloud Credential Exchange (FCCX). Using a closed communications network, or "digital pipelines", the Postal Service will deliver digital packets ("envelopes") of secure identity data between government agencies and private or public identity providers. The idea is that a person could use an identity from one of many providers, such as a financial institution or utility, to access different government websites, as long as the identity met a required level of security. This should be far more convenient than logging in to separate services with multiple identities and passwords.

    Government and identity provider participants in FCCX have not been finalized. But the Veterans Administration is on board, and other potential participants, such as the Internal Revenue Service, Department of Education, and Social Security Administration, have been working with the Postal Service on the requirements and standards for the pilot.

    Once the digital pipelines have been established, they can be applied to a number of processes that require secure communications. For example, the Internet of Things, the networked interconnection of everyday objects, may include high-risk communications, such as between medical monitors and medication dispensers, mobile payment sites and financial institutions, or electric meters and power companies. The Postal Service recognizes the potential value of playing an enabling role and has made a move to secure a position in the digital world. Nextgov.com reports that the Postal Service has recently filed for a number of digitally oriented trademarks to cover services in data encryption, secure communications, and electronic document management.

    What do you think? Can the Postal Service bring greater security and privacy to online communications and transactions?

  • on Feb 25th, 2013 in Ideas Worth Exploring | 18 comments

    The U.S. Postal Service is a key player in a year-long trial of a unique public-private partnership effort that would let citizens securely and voluntarily sign up for online services at multiple agencies using a number of different digital identities. The user would then use whichever password and identity is most convenient – whether the identities are issued by the government or a private company – to log in across multiple government agencies. As the most trusted government agency, and with a 200-year history of security and privacy in delivering mail, the Administration tapped the Postal Service to manage the technology behind the Federal Cloud Credentialing Exchange (FCCX) pilot project. The Postal Service would be taking on a digital version of its role in the physical world, delivering sealed packets of identity data securely between government agencies and identity providers. Press reports on the pilot project suggest that if it is successful, people might one day be able to change an address online by logging into the Postal Service website with the same passcode or smart card that they use to file taxes with the IRS and buy books on Amazon. But to start, the Postal Service is expected to begin working with suppliers to try the service on test customers, ID providers, and government offices. The FCCX will not store any personal data and will be designed to prevent agency personnel and other participants from tracking citizens’ activity across agencies. This effort represents the Postal Service’s first move into supporting federal e-government services, a move it is well-positioned to make. It also could serve as a template for providing other online services that promote security, privacy, and certification. Recent reports of hacking by foreign entities into the data centers of major news organizations and corporations have again reminded consumers of how vulnerable their online data can be. While many of us prefer the convenience of online bill paying, shopping, and communicating, concerns are growing about the threat this poses to privacy and security. How can the Postal Service transfer its trusted role in the physical world to a role in facilitating commerce and e-government services in the digital world? What opportunities might the Postal Service have in providing solutions to these online security and privacy concerns?