on Feb 25th, 2013 in Ideas Worth Exploring | 18 comments
 

The U.S. Postal Service is a key player in a year-long trial of a unique public-private partnership effort that would let citizens securely and voluntarily sign up for online services at multiple agencies using a number of different digital identities. The user would then use whichever password and identity is most convenient – whether the identities are issued by the government or a private company – to log in across multiple government agencies. As the most trusted government agency, and with a 200-year history of security and privacy in delivering mail, the Administration tapped the Postal Service to manage the technology behind the Federal Cloud Credentialing Exchange (FCCX) pilot project. The Postal Service would be taking on a digital version of its role in the physical world, delivering sealed packets of identity data securely between government agencies and identity providers. Press reports on the pilot project suggest that if it is successful, people might one day be able to change an address online by logging into the Postal Service website with the same passcode or smart card that they use to file taxes with the IRS and buy books on Amazon. But to start, the Postal Service is expected to begin working with suppliers to try the service on test customers, ID providers, and government offices. The FCCX will not store any personal data and will be designed to prevent agency personnel and other participants from tracking citizens’ activity across agencies. This effort represents the Postal Service’s first move into supporting federal e-government services, a move it is well-positioned to make. It also could serve as a template for providing other online services that promote security, privacy, and certification. Recent reports of hacking by foreign entities into the data centers of major news organizations and corporations have again reminded consumers of how vulnerable their online data can be. While many of us prefer the convenience of online bill paying, shopping, and communicating, concerns are growing about the threat this poses to privacy and security. How can the Postal Service transfer its trusted role in the physical world to a role in facilitating commerce and e-government services in the digital world? What opportunities might the Postal Service have in providing solutions to these online security and privacy concerns?

18 Comments

Prior to any one agency having all of my information, I would want to ensure that the Postal Service network is truly secure. How can we be sure that criminials that are a part of organized crime organizations, other countries, and hacktivists cannot hack into the Postal Service's network. Also, I don't think that my personal purchases should be tied into the government! That is toooooo much big brother there. Yes, I know there are ways to do this now but it takes more work, data mining, and cooperation with the private companies - red tape. With this service, everything is tied together. It is a huge problem waiting to happen! Someone is liable to misuse the information!

If the USPS is to facilitate commerce and the use of online government services

- the postal service should be involved in providing Internet service to underserved areas in this country. The USPS legacy is that it serves every address in the USA. Providing a means for "every address" in the USA to join the digital world seems a logical step. Come up with a plan to offer broadband internet in poor and rural communities that broadband providers don't serve or where it is cost prohibitive. This service need not and should not be free - but it can be made available and afforable.

- why don't you offer WiFi service in post office locations? Again, this need not be free - look at what Fedex Office and Staples are doing and do that. It would be a wonderful convenience - again, post offices are everywhere! In urban areas we have options, but in suburban and rural areas not so much.

- mobile payments and digital payments. You already do money orders. I personally am not unbanked but I run a business and occasionally do have a need to send and receive money orders. Many times I have wished I could purchase and send a US Postal Service Money Order from the comfort of my smartphone or computer without having to wait in line. US Postal Service Money Orders are the most trusted brand of money order == why not capitalize on that and become the most trusted brand of electronic payment / money transfer?

e-seller,

Great ideas!!!! I would agree that the Postal Service should offer services like the Fedex Office. I recall talking to someone about this before. The Postal Service could become more of a business center than just mail and delivery stop. It should try to have its customers remain in the stores a little longer. We all know the longer you are in a store, the more you buy. :) I also agree with mobile payments of Postal products and services. Even offering wi-fi or internet service in the rural areas is also a great idea.

The Office of Inspector General appreciates your feedback. Are there other measures you would suggest to enhance services?

I do have a problem with the government being the provider of services that are so vulnerable to mining and abuse of private information and resources, like bank accounts and credit cards.

But, if it has to be done, then I, as a postal employee myself, would submit that the USPS is going to be as secure a resource as any.

We have our own thieves, of course, as does any company, and those that would work for and with hackers and scammers. But surely, these problems should be able to be addressed.

e-seller has good points: Universal service should include availability of the internet to rural and inaccessible areas. Wi-fi at post offices seems to be an awesome idea, and if not free, then very reasonably priced. I like his idea of internet money orders...we already offer click and ship postage, but online money orders would cause a great loss if accessed by hackers.

The OIG appreciates your feedback. Based on your comment regarding the Postal Service implementing online money order options what addtional security controls do you think are needed?

How can the public be so sure "that the USPS is going to be as secure a resource as any?" Government organizations are being hacked quire often. It seems everyday another one is being hacked. I don't want my personal business intertwined. I am not for the service and anyone in their right mind wouldn't want it either. I understand USPS is looking for other revenue avenues but I do not believe this is it. A service as such infriges upon citizens privacy. Supposedly, "the FCCX will not store any personal data and will be designed to prevent agency personnel and other participants from tracking citizens’ activity across agencies"; however, we all know that everything on the internet is cached. Therefore, this information WILL in fact be tracked and retained. I DON'T TRUST THIS SERVICE! NO PRIVACY WHATSOEVER!! MOREOVER, IT IS UNSAFE. Hacking occurs from the inside and the outside, so cyber criminals can be anyone not just those within USPS. Hackers know how to intercept data tranmissions with our without the help of employees. I DON'T TRUST AND I DON'T WANT IT! We need to let the internet remain FREE!

The Office of Inspector General appreciates your feedback pertaining to the Capitalizing on Postal Service Trust and Security Blog. We welcome additional feedback you can provide in this area. Are there certain security measures you feel should be in place for the Postal Service to accomplish this effort?

Like I've said before.
I would be locking the second floor windows if I were you folks.

Thanks everyone. A lot of good points are being made about the Federal Cloud Credentialing Exchange (FCCX) pilot project. Security and privacy is something that the USPS and the OIG take very serious. Remember, this is currently a pilot project. Your comments and concerns are very helpful. What other security and/or privacy concerns are there?

Why not give free access to Wi-Fi and USPS Talk Email accounts if used in the lobby of the Post Office? Sell USPS Communication devices displayed right in the lobby. Make them less expensive than other models. This can allow expansion into other communication forums. Instead of iPhone or iPad, how about a MailReader, similar to other products like “Nook”. Of course, you could funnel a lot of your manpower into scanning documents (that arrived as physical mail) into the database for the owners of these MailReader or MRDRs, so they don’t even have to open the letters, they only have to flick to the correct inbox. Include a SPAM deterent application that allows them to view a list of all mail received, and click on all the boxes they wish to so they can easily delete undesired mail. Instead of listing only one item at a time, make sure they have a list of 25 documents at a time. Add an application that allows them to delete the letters they want and then request that the rest of the letters be scanned in to the MRDR for them by 10:00 am. Give them a choice of requesting certain documents be scanned within the hour (an online version of Express Mail). Put all of your disabled employees to work that you can, IF they can pass the credentialing Criteria. Win-Win!

Please be advised, noted voting via social media support structure particularly will include voting long before the actual election day. When the ballots are created, as similar to voting for NCAA championship’s bracket contests, will determine elections outcome’s, then the 10%-20% actual in-person voters will cast the final tally. As a gesture of participation in a democracy? Seriously, who has the time or actual “energy, as in transportation costs” to cast a physical ballot? The process has become draconian….. If given the opportunity in Pennsyltuckey, I would jump on internet voting. It’s not like I don’t pay enough in tariffs, or fees via the telecommunications act every month.

Actually Mr Day, your post stirs my provocation and thoughts. This, in consideration of the current.... ahem ........ fiscal follies; including the single most misunderstood event since the advent of DHS, a little thing called sequestration!

I simply cannot help but re-iterate this again! What were you guys doing in the years following 2002? I'm assuming you worked at the Post Office in some functional area. I'm guessing engineering? Mmmhhhh?Further, there is no benefit to attempting to dissect the root causes of the PO's crisis. You've already spent countless millions of dollars, and innumerable postal hours doing so. I assuming every organization associated with postal affairs has, as well.
I'm also speculating nearly every outside plant, contractor, or vendor representative has a personal communications device.

If the post office, err, I mean the U.S communications company were to sub-lease XXXX amount of communications space from each of these employees, contractors, vendors devices, think of the possibilities? It's a small privacy price for the employee to pay, and certainly could serve as a symbiotic relationship for improving service, and saving time, and money?

From the sampling observations of employees/stakeholders in the postal network, I have deduced, most utilize a PCD (personal communications device). This asset, is free for the taking, or at least would cost very little to secure. And, you would not need to create an entire new management initiative, with associated team of managers or executive assistants to execute this program. These stakeholders probably wouldn't mind since it would assist in "sustaining their, including, their customer/employers, fiscal viability! Better communications, better bottom line!

Currently, you have a "select" number of "employees who you furnish smart devices, or other supplemental communications tools to. So they can improve efficiency, execute their duties or duplicated duties, fro may observation. Anyway...................

WITH THIS PLAN, EVERYONE IS CONNECTED TO THE POSTAL MATRIX, if you will...
This way you can be leveraging the "communications assets" surrounding you, to create revenue, and reduce expenses. And,as with similar abstract initiative's similar to "crowd sourcing", there will be those who are unwilling to participate, or can't.
They of course can continue to exist in the technical time warp they exist using pay phones, or go to their neighbors house to make a call; because we live in a democracy, and that's aok.
This is not going to cost anything to try!!! You won't need to create a pilot program so "big brother" won't be giving the subject participants bad dreams... You may even find that you can shed a few more of the non useful managers and dregs, (I call them parasites) I see every day, wasting the postal services valuable time and money...

Excerpt: Library of Congress 107th H.R. 5005

In accordance with title VIII, there shall be transferred to the Secretary the functions, personnel, assets, and liabilities of the following entities--
(1) the National Infrastructure Protection Center of the Federal Bureau of Investigation (other than the Computer Investigations and Operations Section), including the functions of the Attorney General relating thereto;
(2) the National Communications System of the Department of Defense, including the functions of the Secretary of Defense relating thereto;
(3) the Critical Infrastructure Assurance Office of the Department of Commerce, including the functions of the Secretary of Commerce relating thereto;
(4) the Computer Security Division of the National Institute of Standards and Technology, including the functions of the Secretary of Commerce relating thereto;
(5) the National Infrastructure Simulation and Analysis Center of the Department of Energy, including the functions of the Secretary of Energy relating thereto; and
(6) the Federal Computer Incident Response Center of the General Services Administration, including the functions of the Administrator of General Services relating thereto.

Thank you all for your comments/concerns. We welcome any additional feedback.

What additional measures would you implement for the Postal Service's Federal Cloud Credentialing Exchange (FCCX) pilot project? What customer accepts would you want to ensure are available?

Well first of all, it’s complex due to harvesting techniques recently revealed in breaches of networks.
That said, social media would be the obvious target. We already use them at fueling stations in the “perks programs”. I’m certain by 2016 many, if not the majority voters will be voting utilizing this “credentialing” technique. There do exist some time zone challenges.

The OIG appreciates your feedback on voting in regards to this blog. Please continue to provide additional feedback on this topic.

Keep up the excellent work , I read few articles on this site and I think that your web blog is real interesting and Power to the People of excellent information.

Add new comment

This site provides a forum to discuss different aspects of the United States Postal Service and how it can be improved. We encourage you to share your comments, ideas, and concerns.

This is a moderated site—we will review all comments before posting them. We expect that participants will treat each other with respect. We will not post comments that contain vulgar language, personal attacks of any kind, or offensive terms that target specific individuals or groups. We will not post comments that are clearly off-topic or that promote services or products. Comments that make unsupported accusations will also not be posted.

We ask that reporters send questions to the USPS OIG Media Office through their normal channels and refrain from submitting questions here as comments. We will not post questions from reporters.

We recognize that the Web is a 24/7 medium, and your comments are welcome at any time. Given the need to manage Federal resources effectively, however, we will review comments and post them from 9:00 a.m—5:00 p.m Eastern Time, Monday through Friday. We will read and post comments submitted after hours, on weekends, or on holidays as early as possible the next business day.

To protect your own privacy, and the privacy of others, please do not include personal information or personally identifiable information such as names, addresses, phone numbers or e-mail addresses in the body of your comment.

Except when specifically noted, any views or opinions expressed on this forum (or any other forums available via an RSS feed) are those of the individual bloggers. The views and posted comments do not necessarily reflect those of the U.S. Postal Service Office of Inspector General, or the Federal government.

Thank you for taking the time to read this comment policy and disclaimer. We plan to blog weekly on as many emerging new media topics as possible. We encourage your participation in our discussion and look forward to an active exchange of ideas.