More and more state governments are expressing enthusiasm for electronic commerce, fueling a growing state-level market for information security products.
GTE CyberTrust of Needham, Mass., is hoping to get a foot in that market door by providing the tools to allow banking officials to securely file interest rate updates via the Internet to the state of Massachusetts' Division of Banks. Before, the information was sent via fax.
With GTE CyberTrust's "Digital Certificate'' program, about 200 financial institutions will get certificates that will allow them to submit and verify interest rate information on the state's World Wide Web site. GTE Cybertrust is a business unit of Stamford, Conn.-based GTE Corp.
The information provided to the Division of Banks includes interest rates from banks, credit unions and mortgage lenders. State officials hope it's only the beginning for secure electronic transactions and communications.
"The interest here is finding ways to conduct interactions with citizens and businesses in a way that's going to cost less and do it in a way to enhance service quality,'' said Daniel Greenwood, deputy general counsel for the state's information technology division. "Technology offers promise for that, and there are some we are interested in. With [digital certificates], we needed a legally binding way and secure way to accept communications from outside entities.''
GTE CyberTrust will kick off the year-long pilot program in June at no cost to the state. GTE is providing the technology free of charge for marketing purposes as it seeks an edge on competitors for more widespread transaction-security business in Massachusetts and other states.
"I think there's going to be a significant use of this technology with the states once they get an understanding of how and when it can be used,'' said Joe Vignaly, marketing director for GTE CyberTrust. "That's our initial focus with Massachusetts. We have to prove to them how this can be used, and we can use this association as an example for other states.''
The technology is most commonly referred to as digital signatures, a high-tech version of the old-fashioned "John Hancock'' on a dotted line to ensure authenticity. Controversy in recent months over the Social Security Administration home page has drawn national attention to the need for safe online transactions.
In the growing arena of encryption - where sensitive electronic information is jumbled and then snapped into place like pieces of a jigsaw puzzle - digital certificates play a pivotal role in allowing products from rival companies to work together. They give each partner in the Internet-based exchange assurance to prove their identity in a faceless, electronic exchange. Commonly working along with this technology are digital signatures, which provide a legally binding electronic signature to complete deals.
The identification and signature information cannot be altered or forged. A third party, the certification authority, distributes the signature and assures its security with a series of network keys that code and decode the transaction information.
In the world of state and local governments, the time could be right to launch efforts similar to GTE CyberTrust's.
While the federal encryption market is as large as $100 million a year, the state and local government market is estimated at about $5 million a year, according to International Data Corp., a Framingham, Mass.-based market research outfit.
"There's tremendous growth potential,'' said Milford Sprecher, the program director at IDC who tracks state and local government technology use. "You're just beginning to scratch the surface of opportunity in state and local government here.''
The National Association of State Information Executives, based in Lexington, Ky., is currently promoting a nationwide hookup of interstate electronic commerce using digital signatures as a way to promote free exchange among state governments and private industry.
As part of this, NASIRE, the National Association of State Purchasing Officials and the National Association of State Comptrollers are seeking industry proposals to establish accreditation standards for cer- tification authorities issuing digital signatures.
The idea is to avoid having states individually develop their own accreditation systems, thus creating state-by-state bu- reaucratic obstacles for streamlined exchange.
"The states, like many others, are on the cusp of an explosion in electronic commerce,'' said Carolyn Purcell, who is president of NASIRE. "Digital signatures will help facilitate that explosion. That's why the states want to look into it.''
Individually, several states are taking the lead with their own initiatives.
Purcell is also executive director of the department of information resources for the state of Texas, where Legislature members are considering allowing the use of digital signatures by state agencies and local governments.
In Massachusetts, state officials are working on legislation to further open up the use of digital signatures among public agencies and private businesses. In Utah, a vision of a paperless state court system resulted in state lawmakers passing a groundbreaking digital signature act in 1995 to pave the way for the needed technology.
Because the Utah law was passed with no funding attached for the court system, the program has been slow to get started, but is likely to get off the ground this year, said Gordon Peterson, chief information officer for Utah. Peterson sees more opportunity in digital signatures than simply translating legal paperwork to the Web.
"What it really can do is open up the whole world of electronic commerce,'' he said.
Company executives in the information security industry say interest level among state governments is in the early stages and looks promising. But it will take time. Although VeriSign Inc., of Mountain View, Calif., has talked to several interested government officials, no states have signed on as customers yet.
"Most of them are in the kicking-the-tires mode,'' said Bob Pratt, a product line manager for VeriSign.
"They're interested in pilots now. But I don't think they're looking at starting anything major up in the next month or two, like a large project to issue massive amounts of these certificates,'' he said.
Likewise, a company like Security Dynamics Technologies Inc. eyes the state and local government market as untapped opportunity. Based in Bedford, Mass., Security Dynamics Technologies expects to be marketing its own version of digital signatures within a year.
"Like organizations in the private sector, [states] are going to face serious issues with securing information with the heavy use of the Internet,''said Dave Power, senior vice president of marketing for the company. "It's worth observing, as far as states are concerned, that the federal government has been a major customer of security products to date. States have the same security concerns, with state income tax returns and birth records."