Connect.gov is latest attempt to get buy-in to online ID management

The General Services Administration officially has launched Connect.gov, giving agencies a new tool to make online services easier and safer for citizens.

Two private-sector vendors are providing identity management services.

Jennifer Kerber, the director of Connect.gov in the GSA’s Office of Citizen Services and Innovative Technologies, said Verizon and ID.me received the first of what is expected to be many contract awards to provide third-party digital credentials at all security levels.

“We are open for business,” Kerber said in an exclusive interview with Federal News Radio. “So now any agency that wants to use the Connect.gov program can access all four levels of credentials needed.”

Advertisement

Connect.gov, which recently changed its name from the Federal Cloud Credentialing Exchange (FCCX) program, is trying to do what several previous initiatives failed at doing: Create a one-stop shop for identity management across government, which would make it easier for agencies to interact with citizens and businesses.

Previous initiatives, such as e-Authentication and the Federal Public Key Infrastructure (PKI) Bridge, saw limited or no success over the last decade.

Kerber said GSA, and the Obama administration more broadly, have more confidence this time around for several reasons.

“I think what’s different right now is the time and era that we are in. We are moving so much more online now, and we are seeing the fraud and the hacks, and there is a concerted effort about how we move beyond username and password and how we put more transactions online,” she said. “We have a whole generation of people growing up that have no idea about paper-based transactions or how to use a map, or do any of this. It’s part of where we are today and I think it’s the evolution of identity. I think we may have been a little early with e-Authentication.”

White House cyber coordinator Michael Daniel said in June that he wanted to “kill the password dead.” Daniel said Connect.gov was one of his top priorities.

ID.me and Verizon will issue electronic credentials to users who then could log in securely to any of the federal services participating in the Connect.gov program.

“To date, government agency identity proofing has typically been done in a silo, with each agency developing and managing its own verification solutions — making it both inefficient and cumbersome for both agencies and end- users,” said ID.me chief product officer Ryan Fox in a press release. “The Connect.Gov initiative allows individuals verified through ID.me to utilize one set of digital credentials across a broad network of commercial and public sector resources, which will both reduce the burden placed on agencies and improve the user experience.”

Plug and play

The departments of Veterans Affairs and Agriculture are part of the Connect.gov launch, while the Postal Service hired SecureKey Technologies in 2013 to create the backbone infrastructure in the cloud.

“That platform helps ensure the security is built into the system. The enhanced privacy metrics are built into the system,” Kerber said. “That platform will allow us to plug a bunch of different things on it in the future.”

Kerber said she didn’t want to name the other agencies taking part in the Connect.gov launch.

“We have the platform. They are integrating to the platform and will be putting applications up for their user base throughout the year,” she said. “As they start to use it, we will get some of the testing data and work on how we refine the user interface and activities there. We are working closely with them, trying to help solve some of their credentialing issues and ours. I think at some point later in the year we will be able to give you a better idea about usage and some of the applications. We still are in the early stages, but we have several agencies that are working with us on that and are testing all different levels of authentication in their applications.”

Kerber said the end goal is for agencies to integrate to one platform and provide citizens and businesses with access to more complex and highly valued data.

Kerber said GSA, the National Institute of Standards and Technology and the White House hope more agencies over the next year will join the Connect.gov effort to offer more applications and take advantage of the shared service.

“We have to socialize this with users. Users have to get used to being able to provide a digital credential they own and being asked for more information for secure, trusted transactions,” Kerber said. “But in a year from now, there’s all kinds of new technologies. What if I could interact with government using my biometric on my phone to authenticate me on some level? There’s a whole world of changing technologies out there, and if we can just try and solve a little bit of the identity issue and the security issue, there are all kinds of interactions we could have with government.”

Education, building trust are key

Kerber said GSA knows the education component will be vitally important for Connect.gov’s success.

A recent report from Forrester Research found that trust is a huge challenge.

“One-third of respondents in a recent Forrester consumer study said they aren’t interested in being issued a central federal identity for three reasons: They don’t trust the government to keep their personal data safe; they don’t perceive a need for another form of identity, and believe it would be inconvenient to manage; they feel that the government already tracks enough of their personal information,” Forrester said in a release.

Kerber said GSA is working with 18F experts on user testing. They are looking across all sectors and internationally to find the best way to gain widespread acceptance.

“Everyone loves to have the same username and password. They don’t like to change their password so how do we change behavior?” she said. “There’s a lot that goes into change management. We will be doing agency days, industry days and we are working on our website, on video and on user and agency testing. It’s a lot like cloud, where it’s a slow adoption and people have to get comfortable with it. Once they get comfortable with it and understand the capabilities and the benefits, then you have a large take-off.”

RELATED STORIES:

Cloud is the next chapter in the government’s identity management saga

Inside the Reporter’s Notebook: USPS cloud credential exchange almost ready; Flood of GSA contract protests

White House cyber czar’s goal: Kill the password dead