The US Federal PKI and the Federal Bridge Certification Authority

The goals of the U.S. Federal PKI are to create a cross-governmental, ubiquitous, interoperable Public Key Infrastructure and the development and use of applications which employ that PKI in support of Agency business processes. In addition, the U.S. Federal PKI must interoperate with State governments and with other national governments. Our goals recognize that the purpose of deploying a PKI is to provide secure electronic government services utilizing Internet technology, not only to satisfy the little hearts of a dedicated cadre of techno-nerds and paranoiac security gurus but to serve the citizenry. While it is fair to say that PKI technology today is powerful and deployable, nobody who is even the least familiar with it would claim that it is simple and straightforward to implement, let alone structure an aggregation of PKIs. Which leads us to ask the question: Why a U.S. Federal PKI? The simple answer is that U.S. Federal Agencies are mandated by the Government Paperwork Elimination Act of 1998 to begin providing electronic government services by October 21, 2003. While this Act does not require us to implement PKI – the law is technology neutral – it is clear that PKI, especially coupled with biometrics and hardware tokens, offers higher levels of identity security than can be provided by handwritten signatures or any other electronic signature alternative at the present time. For a good, brief comparison of electronic signature alternatives currently available I recommend that you look at the guidance provided by the U.S. If you look behind the bureaucracy of the Act – and of several like bills under consideration by the U.S. Congress at the present time – you discover that there is a strong belief on the part of legislators and economists that government productivity may be dramatically improved by replacing people and paper processes with electronic processes. While there is much truth to this assumption, we must be candid and admit that the transition to electronic processes entails substantial investments of time and money, especially where we are implementing a new technology that is unfamiliar and complex, and which challenges preconceptions about law and security. Nevertheless, the public wants more and better government services at lower cost with greater security, and for all practical purposes only electronic government, with security provided by PKI (and in some cases by other means) can hope to satisfy those requirements. Notwithstanding privacy concerns, the public increasingly buys …