The U.S. Postal Service is a key player in a year-long trial of a unique public-private partnership effort that would let citizens securely and voluntarily sign up for online services at multiple agencies using a number of different digital identities. The user would then use whichever password and identity is most convenient – whether the identities are issued by the government or a private company – to log in across multiple government agencies. As the most trusted government agency, and with a 200-year history of security and privacy in delivering mail, the Administration tapped the Postal Service to manage the technology behind the Federal Cloud Credentialing Exchange (FCCX) pilot project. The Postal Service would be taking on a digital version of its role in the physical world, delivering sealed packets of identity data securely between government agencies and identity providers. Press reports on the pilot project suggest that if it is successful, people might one day be able to change an address online by logging into the Postal Service website with the same passcode or smart card that they use to file taxes with the IRS and buy books on Amazon. But to start, the Postal Service is expected to begin working with suppliers to try the service on test customers, ID providers, and government offices. The FCCX will not store any personal data and will be designed to prevent agency personnel and other participants from tracking citizens’ activity across agencies. This effort represents the Postal Service’s first move into supporting federal e-government services, a move it is well-positioned to make. It also could serve as a template for providing other online services that promote security, privacy, and certification. Recent reports of hacking by foreign entities into the data centers of major news organizations and corporations have again reminded consumers of how vulnerable their online data can be. While many of us prefer the convenience of online bill paying, shopping, and communicating, concerns are growing about the threat this poses to privacy and security. How can the Postal Service transfer its trusted role in the physical world to a role in facilitating commerce and e-government services in the digital world? What opportunities might the Postal Service have in providing solutions to these online security and privacy concerns?
Two times a year, we publish a chronicle of our work and activities for a just-ended 6-month period. This Semiannual Report to Congress (SARC) is required by the IG Act, but it’s also a chance for us to share a summary of work with our many stakeholders, including the public. The work reflects...Read More