TOOLS FOR THE KNOWLEDGE ECONOMY: AN OVERVIEW

CHAPTER IV
PUBLIC KEY INFRASTRUCTURE, ENCRYPTION, DIGITAL SIGNATURES AND CERTIFICATION POLICIES

"For most of history, cryptography - the art and science of secret writing - has belonged to governments concerned about protecting their own secrets and about asserting their prerogatives for access to information relevant to national security and public safety. In the last 20 years, a number of developments have brought about what could be called the popularization of cryptography." Cryptography's Role in Securing the Information Society National Research Council, Washington, D.C.

Introduction

Canada, the United States, Australia, the United Kingdom and many other countries have passed laws allowing public key infrastructure (PKI). Passage of such laws have been part of the overall strategies of governments to create online climates for e-commerce, so that citizens and businesses alike can operate in secure environments. PKI also contributes to creating a climate of trust for online transactions.

DIGITAL SIGNATURES

For purposes of clarification the following definition of Digital Signature is provided:
"A digital signature of a document is a brief string of data that in some manner characterizes the document. For example, one of the simplest means of generating a signature is to sum all the numbers that make up a document's digital representation, such as the ASCII encoding of a text document. More complex generation methods are used in practice. A signature need not be unique: there may be many documents that have the same signature. However, two important properties of any method used to generate signatures for practical use are that it should be very difficult to generate a document that matches a given signature and that any change in a document should be highly likely to result in a change in its signature. A consequence of these properties is that, given a document and a signature, it is very difficult to change the document in such a way as to preserve the signature."

"One consequence of this is that if we generate a signature for a document, and keep the signature secure, we can use the signature to tell if the document has subsequently been modified: to check if the document has been changed, re-generate its signature and compare with the original signature; if the two are the same, then it is highly unlikely that the document has been changed; likewise, if the document has been changed, it is highly probable that the newly generated signature will differ from the old signature.
Digital signatures can be used to check that important system data has not been changed, say by intruders. In addition, when combined with public key encryption, digital signatures provide a means to add a personal signature to a document, the signature functioning in the traditional manner of verifying that who authored the document or that the signatory has agreed to be bound by some contract laid out in the document.
To understand how this works, first recall that the public and private keys used in a public key encryption system are mutual inverses -- in particular, if a person encrypts a document with his private key, then anyone can decrypt the document using the corresponding public key. So, to add a personal signature to a document, the signatory generates the digital signature (using some standard method), attaches the digital signature to the document, and then encrypts the digital signature using his private key.
When someone examines the document, he can then decide two things: (i) whether or not any named signatory did actually sign the document; (ii) whether or not the document has been altered since being signed.

1. If the named signatory's public key can be used to decrypt the digital signature, then it was his private key that was used to encrypt it, and so it was he who encrypted it (since he is the only one who could have used his private key).
2. A new signature is generated from the document and is compared with the encrypted signature. If the two match, then it is highly unlikely that the document has been changed. For if the document had been changed, then the digital signature would also have changed. Whilst a new signature could have been generated and attached to the document, the new signature could not have been signed using the signatory's private key.

This may sound terribly complicated, but it is all taken care of by software. Adding your personal signature is just a matter of selecting an option and entering your password: the software generates the digital signature and encrypts it. For verifying a signature, all the user needs to do is select an option, and the software will inform the user whether or not a document has been tampered with since it was `signed', and who signed it. (If the user doesn't have the signer's public key available, the software will inform the user who appears to have signed it so that the user can obtain the appropriate public key.)"

In summary:

Electronic signatures can be defined as any symbol or method executed or adopted by a party with the present intention to be bound by or to authenticate a record, accomplished by electronic means. Authentication is generally defined to mean establishing the validity of the identity of a particular entity. Electronic signatures could include a sophisticated bio-metric device, such as a fingerprint computer recognition system or even the simple entry of a typed name at the end of an email message. This definition focuses upon the legal purposes of the signature, not upon the particular technology used to accomplish the signature.

Digital signature technology currently provides a superior means for electronically authenticating an individual. Robust authentication represents the sine qua non for remotely accessing privileged information resources or for making financial commitments across the Internet. In addition, digital signature also provides the means for verifying the integrity of an electronic transaction and attributing contractual responsibility to the smartcard holder. These characteristics are a necessity for ensuring that electronic business transactions will be governed by the same laws that currently apply to paper-based commerce. Dr. Alan Church, Dr. Allen C. Church, Team Leader, Office of Information Technology Office of Government wide Policy , U. S. General Services Administration, April, 1997

Dr. Church also argues that in approaching security for electronic commerce and electronic transaction initiatives, simplicity is the best approach to take. He argues that "…it is widely recognized that implementation of sound information security technology is the big hurdle to moving the Federal Government's business processes onto the electronic highway." He thinks that "… the strongest candidate for satisfying our security needs is technology that is based on the use of public key cryptography. Public key cryptography offers tools both for protecting the confidentiality of information (encryption) and for ensuring the authenticity of parties involved in an electronic transaction (digital signature and public key certificates)."

He takes particular cognizance of two issues that consistently arise during the discussions and debates on digital signatures and PKI - authentication and confidentiality. "Protection of information confidentiality" he writes, " is presently available through the use of commercially available browser and server software that utilizes Secure Socket Layer encryption to protect information as it transits the Internet. This technology is readily available for Federal applications and is already being used by some agencies."

He goes on to observe that " (T)he bigger problem, namely the widespread use of digital signature technology for protection of data integrity and user authentication, depends on the implementation of a public key infrastructure (PKI) that supports the issuance and validation of public key certificates. In terms of the user, a public key certificate consists of a digitally signed file that contains an individual's identity and his/her public key. Certificates are digitally signed by a trusted third party who has identified the individual requesting the certificate and who maintains records regarding the current status of the certificate (e.g., is this certificate currently valid?)."

In short, the primary purpose of a public key certificate is to bind an individual's public key to his/her identity. Since public key certificates and the systems to maintain them are the major roadblocks to greater Federal use of the Internet, it is important that we begin by streamlining their implementation. Dr. Church says that "…a simple public key certificate will be easier to maintain and easier to process (fewer fields to parse). In general, any information that is subject to change should not be included in the certificate. Although there are many attributes that make up an individual's identity, I would argue that we should use the attribute that changes the least frequently, namely, the certificate holder's full name (first name, middle name(s), and last name - 3 separate fields). The combination of a full name combined with a 128-byte public key should be sufficient to uniquely identify an individual. Other essential parts of the certificate would be the issuer's identity, the certificate serial number, the expiration date, an authentication level field (e.g., classic vs. gold; medium vs. high, etc.), the URI for validating the certificate, and the issuer's digital signature. To avoid current Federal policy restrictions surrounding the encryption/key escrow debate, the default use for such certificates would be for digital signature/authentication uses only. This simple approach would yield a public key certificate containing 10 information fields."

Dr. Church concludes his observations by noticing "… it appears that a compliant certificate processing system would need to handle about 70 mandatory and 40 optional information fields. While the contributors should be lauded for producing such a comprehensive document, I believe that it will be necessary to begin a public key infrastructure with a much simpler certificate structure. A simpler approach to public key certificates is likely to promote a faster and less expensive PKI implementation and will cost less to maintain."

A CASE STUDY: PKI AND PUBLIC POLICY

Social Services Administration Agency, Washington, D.C.

The US Government is trying to achieve five main objectives in its cryptography and encryption policy for digital signatures. They want to:

1. Have good security for electronic commerce;
2. Protect individual privacy;
3. Continue to preserve the ability of law enforcement to do its job;
4. Continue the ability to protect national security; and
5. Allow US companies to be able to compete overseas along with everybody else.

These are the 5 objectives the US government are trying to pursue but they do recognize that they can't achieve 100% on any of them, so any solution is going to be a partial solution for each of these objectives. The question then is what is the solution that maximizes these objectives and balances them appropriately to meet what the American people want?

The General Services Administration deals with procurement for the federal government.

The procurement division is basically provides contracts that government agencies can use to provide certificates for citizens who want to interact with the government using digital signatures. How to actually give someone a digital certificate is a big issue. It does appear in the US that the solution to providing digital signatures and getting verification that the individual is who he says he is, will come from building on existing infrastructure. This became clear in studying the Social Security Administration's approach to the electronic delivery of services.

THE SOCIAL SECURITY ADMINISTRATION CASE STUDY

The following case study is a good illustration of how a government agency can use a combination of a system and policies with offline transactions. While this deals specifically with a federal agency, it is a good example of how, with the right policies, an organization can achieve transactions on a site that creates security and confidence in the citizen- the end user. Thus, PKI and Digital Signatures are becoming key elements in the success of the knowledge economy.

The Social Security Administration (SSA) has developed a specific privacy and authentication policy for their Web site. This came after the site was originally put up in early 1997 for people who wanted to go on-line and check the status of their benefits. This was through a program called the Personal Earnings and Benefit Estimate Statement (PEBES). The statement provides wage and benefit information to the individual to help workers and their families to make financial plans for retirement. The Web site for PEBES originated as a result of a law passed by Congress two years ago that said they had to send these statements out to everyone over the age of 25 so they can start to plan for their retirement. SSA decided that mailing them out was a valid method of sending information but that the Internet could be an important tool and that providing it on the Web was more economical. Also, it would be easier for the individual to access the information and enable him constantly to update his pension information. It also meant the individual could verify if the information was correct and, if not, have it corrected. The SSA saw this as providing a public service and making it easy for citizens to receive this information via a web site, accessible from anywhere 24 hours a day.

As soon as the site went up, there was a hue and cry over a potential loss of privacy and poor security because of potential identification fraud. An individual coming into the site has to provide his/her name, address, social security number, birth date, state of birth and mother's maiden name in order to get access to the personal statement. Privacy and consumer advocates and academics argued that this kind of personal information is easy for anyone to obtain. So there could be attempts by people to get access to the information on the PEBES site who shouldn't have it. As a result of the protest, the SSA pulled the site off. They subsequently, in spring 1997, held a series of public meetings across the country to determine what people's concerns were, what kind of protections did they want and how best could the SSA protect personal information while still keeping the site.

This issue of authentication goes well beyond SSA and their PEBES site. Federal government agencies realize that standard terms for authentication need to be developed. The response to the criticism of the PEBES site by the then Acting Commissioner of the SSA, John Callahan, was to hold public hearings across the country and to make the necessary changes and improvements to the site to assuage the citizens' concerns. He viewed this whole area as bigger than simply this particular application. The Acting Commissioner's response, according to John Sabo, Director of Electronic Services Staff, Office of programs and Policy at SSA, was perhaps more strategic and more focused on the broader goals of electronic services to the taxpayer/citizen.

SSA evaluated ways to deal with the problems. One of the biggest criticisms from the privacy and consumer advocates was the nature of the data being provided. It included earnings information, the taxes paid and the actual earnings on which the taxes were paid, that was considered by everybody, as well as the SSA officials, as very, very sensitive. More so than a portion of the information which the individual received online that said if you retire at the age of 65 your estimated benefits would be such and such an amount; if you were disabled it would be such an amount; and if you were a survivor and your spouse got the benefits and died, it would be such and such. Much of this sensitive information has been stripped from the modified online PEBES site slated to be back up later this year.

A series of six panels across the country were convened to determine what the people thought were the problems with this. In most cases they saw the level of information put up on the original site as being too sensitive. When the original site went up a person could come online and provide the five identifying factors for authentication. The information would then immediately be matched with SSA databases and access given. Privacy and consumer critics argued that an individual could know these specific authentication details about another and come online and get another's personal information. The SSA did consider the criticisms of the original PEBES site as being unfair. However, as they wanted to push ahead with electronic services, they did not want to be deterred by the criticisms. A decision was made by the SSA that they would do a modified online service. For the modified service (the PEBES site) they decided two things:
They would eliminate the tax and earning data that was considered most sensitive; and
They would retain the estimate of future benefits. However, if mailed to a person's home through the US Postal Service all the sensitive personal and earnings information would be in the paper statement.

In doing this, SSA desensitized the data to the degree that the five elements talked about earlier: name, mother's maiden name, social security number, place of birth and date of birth, would be considered adequate given the level of sensitivity for this application. In addition, it was agreed that adding an email feature would add two extra pieces of assurance to the public.

It would slow down the browsing if people simply wanted to see an earnings benefit as there was a lot to go through to get at low-grade information. You can't now simply go online to get the earnings benefits. You will need the five authentication elements (as above).

If everything matches with the five elements then you get sent a one-time code to your email address. You pick up the code from email and then you go back to the SSA web site, you enter the five elements and the code and then get access to the benefits information. This process, says John Sabo, will at least establish a bit of an audit trail. It also slows down potential hackers.

SSA ensured there were extensive security measures in place prior to putting up their original PEBES site. (See Social Security: Privacy and Customer in the Electronic Age: Report to Our Customers - Social Security Administration, September, 1997. Site: )

The most important thing SSA did with their PEBES site was desensitize the data. The use of the email code is more of an audit or verification element. It is not considered an entirely secure authentication element, especially if an individual writes in claiming to be such and such an individual but has an anonymous email address. The person might know the five elements, name, mother's maiden name, asked for when they come to the site requesting PEBES personal information. For this reason there are perceptions about email that it is not a secure medium when asking for personal information off the web site.

The use of an email code does not necessarily guarantee it is the right individual seeking the information when the email address is anonymous. SSA has developed a policy paper which says they will not accept email addresses or certain email domains that are clearly anonymous mail sites. Neither will they accept email sites where you can go on the web and get an email account , for example, like email.com where you are anonymous. The SSA will block those. This is primarily to assure the public they know what they are doing and are not going to accept certain practices. There are many users on unregistered email accounts on hot mail that are very legitimate users. They prefer to have the convenience of an email account they can access from any web browser in the world and not tie it in to a particular Internet service provider for any number of personal reasons. For those people SSA will be denying some access as there are public perceptions about security.

For the purposes of SSA an anonymous email address does not work as the individual might be trying to commit fraud or be doing something else. It could be simply a preference for anonymity. But the SSA has no way of knowing that. There is a perception from the public (and government officials) that an anonymous email address might be used for illicit purposes.

Compuserve, for example, is a valid Internet Service Provider (ISP) as is America Online. So if your email shows it being a commercial site, a .gov site, .edu site .com or .net, whatever the designation, they are assuming that those ISP's have a registration process which validates who the person is. They can't check all that. But the public perception is that if it is a known commercial, government or academic domain name, there is some system of registering the individual and that the individual is who he says he is.

This is a small, added incremental feature to an online system which they had already desensitized to a great degree. A strong point stressed by privacy people during the hearings was that as this was an online transaction service it should be made an opt-in service not an opt-out service. In other words the individual does not ask to be taken off the system (or told they had to go to the site to get the information they wanted) but rather the online service is there if they want to use it. The latter is an opt-in option. People, said the advocates, should affirmatively choose to use an online site.

Thus, in the absence of Digital Signatures and Public Key Infrastructure, this provided a bit of the privacy and authentication value. Passwords are not viable because of the volumes of traffic expected coming to the site. Issuing passwords would be too cumbersome and unworkable. The Code process is more manageable. This provides a bit of the value of that feature. Not only do you go online and request to see data you go online and say "send me something I will pick up and use to request the data." To that degree it is analogous to the mail process where a one-time code was mailed to the client at the home where you pick up your public key certificate online.

SSA points out that they have built-in privacy protections in compliance with the Privacy Act, they follow very basic privacy principles and go beyond even the requirements of the Federal privacy law. They outlined their privacy policy in their Report on Privacy and Customer Service in the Electronic Age:

"In making decisions related to PEBES, SSA was mindful of the privacy dimension. These and other decisions involving personal information in SSA record systems routinely give careful consideration to privacy interests as a natural outgrowth of SSA's long and unique experience with fair information practices.

"During the early days of the Social Security program, the public was strongly concerned about the notion of this new agency collecting, housing and using personal information relating to a large segment of the citizenry. Partly to deal with this concern, the Social Security Board (predecessor to the Social Security Administration) issued its first regulation, Regulation No. 1, in 1937 on the subject of privacy. This regulation has been updated over the years and reflects the strong commitment the agency has made to protecting the confidentiality of personal information. (See Appendix A for a fuller account of the history of privacy in the Social Security program. (search for title of Report).

"… SSA, like all federal agencies, is governed by the federal Privacy Act. This law embodies a set of fair information principles that are nearly universally accepted, forming the basis for privacy laws and policies worldwide. SSA has always met or exceeded the fair information practices requirements of the Privacy Act, including the following:

1. The Principle of Openness--SSA publishes descriptions for all personal records maintained in systems of records. The notices are accessible through the SSA Web site at http://www.ssa.gov/OP_Home/bluebook/bluebook.htm. This exceeds the Privacy Act requirement, which only calls for publication in the Federal Register.
2. The Principle of Individual Participation--SSA accepts requests from individuals for access to their own records and for correction of those records. Information about access is maintained on the SSA site at: guide.htm.
   The online PEBES system was designed expressly to allow individuals to have convenient access to earnings and benefits information maintained by SSA. Allowing individuals to have on demand access to their records exceeds the Privacy Act's fair information practices requirement.
3. The Principle of Collection Limitation--SSA collects personal data only by lawful and fair means. As Internet services expand, SSA will be able to extend our ability to collect information directly from the individual in a safe and secure manner.
4. The Principle of Data Quality--SSA maintains personal data with appropriate accuracy, relevance, timeliness and completeness. The online PEBES system was intended in part to permit individuals to review their own SSA files for accuracy and completeness. This is one of the most effective ways to make sure that records are correct and that individuals receive all the benefits they have earned.
5. The Principle of Use Limitation--SSA uses personal records only for lawful purposes as described in Privacy Act systems of records. Internal rules and policies further elaborate on the formal legal requirements.
6. The Principle of Disclosure Limitation--SSA files are disclosed only when expressly authorized by law. SSA has traditionally zealously guarded our records, even when other government agencies request access.
7. The Principle of Security--SSA records are protected by appropriate safeguards to ensure their security and confidentiality. SSA's careful and lengthy review of the security arrangements for online PEBES was in compliance with the security principles of the Privacy Act and the Computer Security Act.
8. The Principle of Accountability--SSA and our employees are subject to criminal and civil penalties under the Privacy Act and under other laws for breaches of privacy. Internal SSA audits and reviews constantly look for inappropriate uses of records. SSA has been diligent in sanctioning or prosecuting employees caught violating privacy rules.

Of these principles, two are particularly relevant in the case of the online PEBES. The first is the principle of individual participation. The online PEBES clearly gives individuals connected to the Internet quick and easy access to a very important and useful part of their SSA record, thereby allowing them to use the information productively, as well as review it and request corrections if suspected inaccuracies are detected.

The other is the principle of security, requiring establishment of reasonable safeguards. This is a significant point that underlies nearly all the criticism that has been directed at the online PEBES test. The exact language of the Privacy Act on this issue is:
'Each agency that establishes a system of records must ... establish appropriate administrative, technical and physical safeguards to ensure the security and confidentiality of records to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience or unfairness to any individual on whom information is maintained.'

Clearly, this language does not require an absolute standard of security but leaves room for interpretation. In the case of online PEBES, did SSA in fact 'establish appropriate safeguards?' Reaction we have received from the public shows opinion on both sides of the question. The way any particular individual sees the issue seems to depend on the relative importance he/she attaches to the need to protect the privacy of his/her data and to the value he/she assigns to easy access to that same data. The challenge for SSA is to achieve the right balance. This report is readily available online. The complete text of all their findings at Hearings across the country and the recommendations made by citizens and groups are also readily available on their site. There are 46 different document sites on the process they went through to ensure they got the privacy and confidentiality aspects of the PEBES system right before going fully back online.

A person can still come to the web site and request an earning statement online that is mailed to the individual by the batch system using the five elements for authentication. What came our in early 2000 was a version where you can get your future estimates and benefits online.

In summary, there is a two-tier approach to the system when one is seeking a personal benefits and earnings statement. First, the person requests it online, the request is authenticated and then it is mailed to the address provided. This system has been running for the past two years. The information is not shown to the individual on the screen but is mailed to him. The second tier, which has been suspended and is not yet online, is the version where the information requested, after authentication, is given to the person online almost instantaneously.

What SSA has done is to develop, in collaboration with programs within the department and other agencies, the mutually serviceable authentication or certificate policy that would allow them to begin exercising public key certificates. They turned to the private sector with the operational assumption that their very large agency (SSA) does not have the resources to provide PKI certificates to the citizen/taxpayer. They are not in the business of authenticating vast bodies of citizens for this purpose. This is true of each federal agency. There is a question of resources and ability to do this; there is the question of what is the best and most efficient method for the citizen and the agency.

What SSA is looking at as a model is setting the policy in place then allowing the testing and usage of certificates by private sector companies for profit. Another possibility is that this process could be administered by financial institutions or government agencies that would want to bear the cost of issuing the certificates. They would accept such solutions as long as it was consistent with their policies of identification.

This is their current policy and the PEBES site would be one of the first to which this would apply.

As to the private sector involvement, their model is this. The SSA and other government agencies would establish as policy what they would deem adequate authentication. For example, an individual would present himself personally across the counter and present pieces of identification. In the other direction, for online registration, not only would the person complete the online form, like the person coming to the counter would do, the online application would hit against a number of disparate databases, as they now do in the financial sector. Through a combination of these hits, an agency could determine that it is quite likely that the person who knows all this disparate information is the person he/she says he/she is. That would be the authentication model. Built into PKI are all these other features. For example, how does the certificate authority communicate back to the individuals? Another step SSA is building into their policy is a requirement that they would have to physically mail through the US Postal Service a letter to the requestor with the pick-up Code. This builds in the online comfort factor that privacy and confidentiality are being protected. As the letter is physically mailed, it is covered by the US mail fraud statutes. The mail is currently seen as a secure way of sending personal information. The individual would come back to the web site and use the Code assigned to him to pick up his certificate from the certification authority.

In the case of SSA, and other agencies, now instead of just using encryption for the online application of the transaction process, the agency would require you to present a certificate. The certificate would need to have been signed by one of the certification authorities with whom SSA (or other agencies) have trust (i.e. a Trusted Third party). SSA can then send it right back into the Trusted Third Party's site and have it verified there and then. That is the proposed model and that was the expert body of opinion from a recent forum (of agencies discussing this). It was decided you really needed to be using PKI as your method of the future in order to provide transactional services. This is because PKI is cryptographically very strong and you must have a private key corresponding to a public key in order to get in. John Sabo recognizes there are vulnerabilities and they all come back to social issues - managing a private key as well as the issue of who other than the agency will have access to the corresponding public key.

In summary, the improvements made by SSA were in response to criticisms that the agency had not gone far enough in protecting personal privacy, especially privacy of sensitive earnings information. The new features for the modified online PEBES were as follows:

1. Modified online PEBES
   
   • All personal PEBES information will be locked out from the Internet unless a member of the public requests his/her access to it. People who 'opt-in' will be informed of the benefits and risks of unlocking their modified online PEBES.
   • Modified online PEBES will provide benefit estimates, number of work credits earned and whether the requester is insured for benefits. It will not show his/her earnings history. The current version mailed to a requester's home will, however, continue to show the earnings history.
   • Delivery of modified online PEBES will be available only to people who have a registered e-mail account, such as one with an employer or an Internet service provider. SSA will use the e-mail address to send the requester an activation code that, together with the five pieces of personal authenticating information described earlier, will unlock a modified online PEBES and:
2. Longer-term PEBES actions on the Internet
   
   • PEBES statements initiated by SSA--The law requires that, by 1999, SSA, on its own initiative, send PEBES statements each year to all workers age 25 and older. SSA proposes to offer recipients of the mailed statements an option to receive their subsequent PEBES statements through the Internet, using a secure authentication procedure."

As a result of the six Hearings across the country SSA planned other steps for electronic service delivery other than the PEBES system.

• SSA will continue its vigilant and active implementation of strong firewall and other systems security measures to keep pace with changing security threats and changing technology.
• SSA will implement additional privacy measures in concert with outside organizations to support our management of Internet and other electronic service delivery initiatives.
• SSA forms and verification letters--In 1998, SSA plans to accept Internet requests from Social Security beneficiaries for individual information. Examples include requests for annual statements of Social Security benefits paid (Form 1099, for the beneficiary's federal income tax return), and for letters verifying the Social Security benefit amount for beneficiaries to use with third-party organizations.
  Initially, SSA will accept the request through the Internet and return the information by mail to an address already contained on our records. Longer term, the entire transaction could be accomplished online, with proper security and authentication procedures in place.
• Secure authentication through public key infrastructure. SSA will begin now to plan, test and evaluate Internet PEBES delivery and additional SSA Internet services using public key infrastructure, an electronic security technique making use of computer-generated public and private "keys" to assure secure Internet transactions between an individual and an organization offering services online. As part of this developmental effort, SSA will adopt policies and operational practices to assure authentication, protect citizens against improper disclosure, and improve privacy protections. In developing a public key system, we will work in partnership with other agencies, both public and private."

For full report see: (http://www.ssa.gov/pebesreport/pebesrp_toc.htm)

SSA believes the solutions set out above for the PEBES issue will allow the agency to prepare for a future that fully uses available technology to serve the public that wish to have Internet services. At the same time they will be providing the highest level of privacy and confidentiality feasible for such services.

In conclusion, SSA is trying to do all this incrementally and also trying to rely on private sector companies. Perhaps one of the biggest dangers is the attempt to try and build a powerful infrastructure before they have had a chance to find out what citizens really want to have online and feel comfortable with. (Issues here are privacy, security and confidentiality, but still maintain open systems to which the citizen can come for both personal and general information.)

The whole process, at SSA, leading up to the changes is a good example of how something can start out having problems but can be resolved by listening to outside groups and the public. SSA held open hearings across the country, listened to the people, brought the consumer advocates, academics, computer and information technology companies, consultants and privacy community on board and proceeded to get it right to the satisfaction of most people. It is a model of how outside groups helped to solve a particular government problem on the Internet.

The experience of the SSA PEBES web site has raised the larger question of how does a government agency deliver government services efficiently and in a cost-effective manner while still protecting the privacy of individuals. The consensus at the moment is that this will be handled on an agency by agency basis. It does raise the inherent question of the right of the individual to have wide access to government information and services while also enjoying the right to privacy. There will constantly be a conflict between the two concepts, as a balance is sought.

In May 1998, Senators John Ashcroft (R-MO) and Patrick Leahy (D-VT) introduced the "Encryption Protects the Rights of Individuals from Violation and Abuse in Cyberspace (E-PRIVACY) Act." The proposed legislation is the latest in a series of congressional measures designed to resolve the debate surrounding current U.S. encryption policy. Like the SAFE Act (H.R. 695) now pending in the House, the E-PRIVACY Act seeks to relax existing controls on the export of encryption products. Controls would be lifted for encryption products that are deemed to be "generally available" within the international market. Exporters would be given new procedural rights to obtain expedited determinations on the exportability of their products.

The bill also contains several provisions that would preserve the right of Americans to use encryption techniques that would enhance the privacy protections currently accorded to personal communications and stored data. Among its positive features, the bill would prohibit government-compelled key escrow and provide enhanced privacy protections for stored electronic data held by third parties, location information generated by wireless communications services, and transactional information obtained from pen registers and trap and trace devices.

This bill has been subsequently passed and enacted at the Federal level in the United States in spring, 2000.