Business in Cyberspace: US Tests ID Card System
| BOSTON
While private companies bicker over industry standards for making the Internet secure enough for commerce, the federal government is emerging as a pacesetter: Uncle Sam is poised to begin issuing Net users their own "driver's licenses" for identification on the information superhighway.
In the real world, when you pay by check, you must identify yourself, usually with a driver's license. In cyberspace, there is no generally accepted way to prove who you are.
This problem of authentication, in addition to security and privacy, are considered to be major roadblocks to conducting business on the Net.
Today the US government is expected to unveil a pilot program for its paperless transactions system. In a test involving 1,000 to 2,000 people to begin later this month, the US government will distribute software and a specially coded floppy disk that will serve as an ID card for cyberspace.
In the first phase of the test, individuals who have the special disk will be able to use the Internet to look up personal tax, Social Security, and federal payroll information without worrying that someone else could capture and read their information. By fall, the test will be expanded, enabling them to send electronic messages that can be read only by the person meant to read them and to send money electronically to federal agencies without being compromised by on-line thieves.
"It's a significant step," says Ted Julian, research manager for Internet commerce at International Data Corporation, a computer-research firm in Framingham, Mass. "This is uncharted territory, and the government is taking an approach."
"The government is sort of authenticating the concept of electronic transactions where privacy and security are paramount," says Erv Bluemner, vice president of engineering at Frontier Technologies in Mequon, Wis. As people grow accustomed to using the Internet to conduct business with the federal government, they will begin to ask for the same capability from private industry, he adds.
Five years ago, such a move by the federal government would have had a major impact on the standards adopted by industry. Today, the private sector is trying to set its own course. Most of the major computer companies, as well as electronic-data firms, banks, and credit-card networks, are scrambling to come up with their own ways of ensuring privacy, security, and authentication for Internet commerce, which is expected to explode into a multi-billion marketplace by 1998.
Security is key. In a survey last fall, three of every five people cited security as their primary reason for not buying things over the Internet. So far, companies have not agreed on a standard way to implement this security.
In the pilot program, Frontier Technologies is making the Internet software for both the federal government's hub computers, known as servers, and the individuals' computers that will interact with the servers. In June, the firm will start marketing a commercial version of its system.
Officially, the pilot is administered by the Federal Security Infrastructure Program. The program was chartered a year ago in response to a September 1993 speech by Vice President Gore, who envisioned a businesswoman walking into a post office and electronically signing and sending a contract to a federal agency. The post office plays a key role in the pilot program. Just as people today go there to apply for passports, the government employees and private citizens who will test the system will use post offices to prove their identity and pick up their special disks. Post offices may also sport kiosks so that even people without computers will be able to use the system, say, to find out what welfare benefits they're entitled to receive.
The ID disk is actually a computer chip that carries someone's name, or "digital signature." Even if the disk is lost, the information is encrypted so that no one else can read it. Users must have the correct password and the special software to unscramble the data.
Once on-line, the system not only verifies the identity of a person, it encrypts the information before he or she sends it. This makes it very difficult for anyone to read a message or electronic contract except the federal agency that is supposed to receive it.
"Where the commercial folks are going is still somewhat unclear," says Mr. Julian. The federal test is significant because it sets a course, he adds.
