View Header


Office of the Vice President

For Immediate Release September 1, 1993

Reengineering through Information Technology-- Part 2

IT06: Establish an International Trade Data System

We've Got Fresh Tropical Fruit

Imagine this: A local businessman operates a specialized market in selling fresh tropical fruits and vegetables that have an extremely short shelf life. His business was made possible thanks to the new international trade data system that eliminates duplicate import forms and allows speedy preclearance of international exports and imports.

The United States is competing in a global economy. The volume of goods traversing international borders continues to grow. Over 40 federal agencies collect, process, analyze, and disseminate vast amounts of international trade data to accomplish various trade-related governmental functions, which include the collection of duties and the enforcement of trade and contraband statutes. To accomplish its mission, the U.S. Customs Service developed and operates the Automated Commercial System (ACS). Today, this computer system collects complete trade data on 95 percent of all U.S. import transactions, facilitates the movement of goods by means of electronic releases, and interacts with more than 1,500 trade participants.[1]

Using ACS, Customs has established information-sharing capabilities with several agencies including the Fish and Wildlife Service, Food and Drug Administration, Internal Revenue Service, and Department of Transportation. Work is in process to develop data exchange capabilities with the Food Safety Inspection Service; Environmental Protection Agency; and Bureau of Alcohol, Tobacco, and Firearms. Additionally, data exchange capability exists with some foreign governments, such as Canada and Singapore, for trade statistics and visa verification. Canada, Mexico, and the United States are developing ways to develop uniform trade documentation and procedures among the three countries.

Trade data information requirements are growing. For example, in 1986, one ocean carrier began receiving bill of lading and manifest data electronically. In 1993, 76 carriers electronically supply ocean bills of lading for 80 percent of all ocean import tonnage. In 1984, brokers and importers represented 8 percent of all Customs data entries. In 1993, 1,324 brokers and importers provide 93 percent of the data entered into ACS. They use the system to obtain release of cargo, pay duties, update importer data, and carry out many more functions. ACS maintains 855 million trade records. On a daily basis, there are over 350 million requests for information, and 600,000 transactions are processed.[2]

The Office of the United States Trade Representative, Department of Commerce, International Trade Commission, and other agencies have access to a number of other trade databases to support the development of trade policy and the conduct of international trade negotiations. These have been maintained on computer facilities operated by the National Institutes of Health (NIH). However, NIH has advised these agencies that new computer facilities need to be located to support these databases. This presents an opportunity to revise and integrate these databases for governmentwide access.

The U.S. Customs Service and other trade agencies have implemented electronic systems to interface with the private sector for business transactions. However, two different information-sharing standards are now in use--the American National Standards Institute Accredited Standards Committee X.12 and the United Nations Electronic Data Interchange for Administration, Commerce, and Transport (UN/EDIFACT). The UN/EDIFACT standard is a compromise between the U.S. standard and the European Transportation standard.[3] In late 1992, the American National Standards Institute voted to migrate to the EDIFACT standard by 1997.[4] Close coordination of this migration effort among federal agencies is needed to facilitate electronic commerce and the development of interoperable computer systems.

Need for Change

A basic problem in today's trade environment is that various government agencies tend to develop costly systems and procedures on the basis of their individual needs for trade information. In many cases, individual agencies require duplicative reporting, resulting in enormous and unnecessary costs to those U.S. interests involved in international trade. In addition, the approach to system standards within the government is fragmented.

Federal trade agencies and the private sector must have access to trade data rapidly and accurately not only to enforce compliance with existing laws and to account for revenues, but also to support U.S. efforts effectively in a global marketplace. The executive branch uses trade data in determining duty ratios, and Congress uses trade data to make trade policy determinations. Although ACS maintains 95 percent of current import data, there is not a similar reliable source of export information. The Office of the U.S. Trade Representative, for example, may have to go to 11 sources other than the U.S. Customs for necessary trade information. There is no single source of reliable, accessible trade data.

Without a single source, the same information is often entered on many different forms during many different processes. For example, one customs broker estimates that there are 14 different processes now required for an import transaction. The number of required processes depends on the type of goods coming into the United States.[5] For some goods, multiple agencies must be notified and provide approval. Paperwork related to export shipments is also very costly to the private sector. It is estimated that for a single export shipment as many as 40 different paper documents may be required. The total cost of these documents is estimated at between $150 and $200 per transaction, or higher.[6] A customs broker is responsible for the import transaction declaration on goods, which may be likened to a tax return being filed for all imports.

In addition to Customs documentation, other government agency regulations require the submission of forms for foreign trade transactions. The Fish and Wildlife Service, the Environmental Protection Agency, and the Department of Transportation, for example, require large volumes of forms. At one time it was estimated that in excess of 4 million trade-related documents are submitted annually to government agencies other than Customs.[7]

Since the import and/or export data must be entered on each form, often manually, delays are frequent. The result can be missed delivery, spoiled goods, and lost windows of opportunity (especially when trading with other countries). These actions result in lost revenue both to U.S. businesses and the government.

Federal agencies must provide or make available selected trade information to partners of the United States. These partners include the trade community (brokers, importers, exporters), the transportation community (carriers, freight forwarders, couriers, the Bureau of Transportation Statistics), and foreign governments. Other major users of comprehensive trade data are the Trade Policy Committee and various congressional oversight committees.

Existing agency databases and computer systems are limited in their ability to integrate and disseminate trade data since none were designed to support such a broad community of interest. For example, limitations to ACS include difficulty in retrieving information, costly hardware expansion, and 10-year-old software programs that are difficult and expensive to maintain. Customs has established a Future Automated Commercial Environment Team (FACET) to address these shortcomings and chart a course for a future system.

An International Trade Data System, an expansion of the current U.S. Customs Service ACS, is needed to provide the following enhancements:

---more accurate and complete trade statistics and data,

---standardization of both import and export data collection,

---reduction of government and trade community processing time and costs,

---knowledge to promote informed compliance with trade statutes,

---elimination of duplication and unnecessary reporting,

---enhanced fraud detection capabilities,

---improved financial controls, and

---immediate access to trade data.

The existence of a reliable and easily accessible source of both import and export trade information would streamline the trading process, eliminate duplication and unnecessary reporting, and enhance American competitiveness in the international marketplace. All the trade data users will benefit from such a system; examples of its applications include the following.

---ACS is accessible via Treasury's Consolidated Data Network, which offers the potential of a single communications network to link the various law enforcement agencies responsible for guarding against money laundering, the export of controlled high technology, and the importation of narcotics, hazardous waste, and other contraband.

---With an electronic means of using export data in one country as import data to another and the corresponding rapid access of information, a Customs official could evaluate a shipment before its arrival at the border. Additionally, the system could provide information to analyze and reject risky cargo and accept non-risky cargo.[8]


Develop and implement a U.S. Government International Trade Data System. (2)

By April 1994, the Secretary of the Treasury should begin developing an International Trade Data System. The Treasury should seek technical support for the project from the United States Trade Representative; the International Trade Commission; the Departments of State, Labor, Agriculture, and Commerce; and other stakeholders. An implementation plan should be completed by January 1995, and submitted to the Government Information Technology Services Working Group for approval.

This project would be accomplished by establishing an integrated database for the collection and dissemination of all international trade data through the expansion and redesign of the U.S. Customs Service Automated Commercial System. To implement the recommendation, Customs should expand FACET and make the team responsible for developing a system design for a commercial environment that will reflect the future needs of the U.S. government and the trade community.

The federal government must provide leadership to develop and pursue a coordinated national electronic data interchange (EDI) policy for interacting with domestic and international organizations. To date, there has been no U.S. effort to assess the political and business requirements for developing a comprehensive approach for the use of EDI. Migration to EDIFACT as a standard is now endorsed, although questions still exist regarding its management and use--particularly its relationship to other standards and responsiveness to regional and national concerns. As a part of its trade data system infrastructure, the federal government should provide proactive leadership in supporting worldwide EDI policy and standards. Specifically, it should designate a single government entity as the EDI policy and coordinating body.

Cross References to Other NPR Accompanying Reports

Department of the Treasury, TRE10: Modernize the U.S. Customs Service.


  1. U.S. Department of the Treasury, Customs Service, "Automated Commercial System Fact Sheet," February 1993, p. 1.
  2. Ibid., p. 3.
  3. UN/EDIFACT, Introduction to UN/EDIFACT (April 1991.)
  4. See ASC X12 EDIFACT Alignment Task Group, "EDIFACT Alignment Ballot Results," June 29, 1993.
  5. Telephone interview with the Chief Executive Officer of the Fritz Company, New York, July 1993.
  6. Lavery, Hank, "Crossing the Ocean of Paperwork," Global Trade and Transportation, vol. 113, no. 4 (April 1993), pp. 31-32.
  7. Telephone interview with FACET Study Group, U.S. Customs Service, Washington, D.C., August 25, 1993.
  8. Ibid.

IT07: Create a National Environmental Data Index

Finding Out Which Way the Wind Blows (and the Rain Falls, and the Earth Quakes)

Imagine this: A prospective homebuyer is looking for a location for her home. She goes to an information kiosk at her library, where she gets a printout of statistical probabilities of floods, earthquakes, and major storms in various geographic areas. She is particularly pleased to note the information provided about relative heat, humidity, and pollen counts, since she suffers from various allergies.

Environmental data and related information are created by several federal agencies. For example, the Department of the Interior has databases developed from biological surveys; the Environmental Protection Agency collects information through the Environmental Monitoring and Assessment Program; the National Aeronautics and Space Administration collects satellite data; and the National Oceanic and Atmospheric Administration (NOAA) collects vast quantities of oceanographic, atmospheric, and geophysical data. The data collected from these various systems are usually acquired for a particular purpose, but frequently have multiple uses, such as the use of weather data to investigate global climate change.

Innovative use of these available environmental data through integrated data analysis and interpretation can be facilitated by knowing what information is available and the source. There are many potential government and nongovernment users of these databases in addition to the agency collecting the data. Among these users are the general public, the business community, the international scientific community, and researchers and government policymakers concerned about the global environment.

The nation's investment in environmental data collection is very high. For example, NOAA spends approximately $350 million a year to support its satellite observing systems.[1] Similar high-dollar amounts are invested in the satellite observing systems of other agencies, as well as those on the ground and at sea.

Need for Change

In spite of the amount of dollars invested in the observing systems, it is difficult for a user to find out what data exist, where they are located, and how to gain access. For example, ocean temperature data are critical to the study of climate, but there is no central focal point where researchers can determine where the primary data are located and where related data reside for correlation. At least 4 agencies and 10 data centers are involved in holding and archiving environmental data.[2] One report concluded: "Scientists face major obstacles in finding out what data are available."[3] Additionally, most data have been collected without the benefit of data standards and existing data may be of poor or unknown quality.[4] NOAA is the major holder of federal environmental data. Its weather satellites, for example, have collected over 150 terabytes (150,000,000,000,000) of data.[5]

Since most agencies are currently developing separate indexes of their data holdings, integrating the information into a common index of systems should avoid duplication and not be difficult. This common index would provide a comprehensive mechanism to integrate the individual agency data holdings into a cohesive system in the future. By using electronic data interchange, users requiring the data would benefit from easy location and access to the data. The index would allow citizens, industry, and academia to locate and access needed information.

The creation of a unified environmental data index--an environmental data "yellow pages"--will result in substantial progress toward making environmental data acquired by the government available to the many users that require or desire the data.


Organize the implementation of a National Environmental Data Index. (2)

By July 1994, the Government Information Technology Services Working Group should direct NOAA to organize the implementation of a National Environmental Data Index. An implementation plan, including the establishment of data standards, should be completed by November 1994. This plan should recognize environmental data as a public resource to be shared and not treated restrictively as the property of the scientific community. The plan should address the frequency and method of updating the data index.

NOAA should coordinate closely with the Environmental Protection Agency, NASA, and the Departments of Energy, Defense, Interior, and Agriculture to ensure unity of purpose. To implement the index, these agencies should provide descriptions of their databases to NOAA. These descriptions should include items such as type of data held, geographical area, data elements available, and access arrangements including methods for automating access.

The first phase in implementing this index is to coordinate the development and use of environmental data gathered by government agencies. The second phase will be to coordinate the indexing of nonfederal and international environmental data.


  1. Telephone interview with T. McGunigall, Program Manager, Geostationary Operational Environmental Satellite and Polar Satellite Systems, NOAA Systems Program, August 17, 1993.
  2. Telephone interview with W. Turnbull, Executive Officer, Environmental Information Services, National Environmental Satellite Data Information Service, NOAA, August 17, 1993.
  3. National Research Council, Committee on Geophysical Data and Committee on Geosciences, Environment and Resources, Solving the Global Change Puzzle: A U.S. Strategy for Managing Data and Information (Washington, D.C.: National Academy Press, 1991), p. 24.
  4. Ibid., p. 4.
  5. Telephone interview with W. Turnbull.

IT08: Plan, Demonstrate, and Provide Governmentwide Electronic Mail

Faster Than a Speeding Bullet(in)

Imagine this: A citizen walks into a government office for job counseling and information on training programs. Unfortunately, the local counselor is not familiar with her particular job category. He sends an e-mail message to an expert at the regional office. A few minutes later, the counselor is sharing a detailed reply from this expert with the jobseeker. In fact, he gives her an e-mail address she can use to continue to communicate with the expert from her home computer.

In 1969, the Advanced Research Projects Agency Network (Arpanet) was created so that researchers at universities and other facilities might share data and computational resources.[1] Soon these scientists developed ways to use the network to transmit messages, known today as electronic mail or "e-mail." Universities and regional networks then connected their own systems to Arpanet, creating Internet. Today, this cooperative network of networks links millions of computers throughout the world. Moreover, e-mail on Internet and other networks has become an important tool for industry and a growing market driver for commercial networks and software suppliers.

E-mail has many applications. It provides rapid communications among individuals or groups. Workers in an organization, within a building or throughout the world, can use e-mail over local area networks, telephone lines, or specialized data networks such as Internet for easy, rapid interaction. The delays and frustrations of "telephone tag" disappear, and many people can simultaneously interact. In effect, workers can assemble and interact as teams without concern for location.

E-mail permits easy access across agencies and bureaucratic boundaries. As such, it breaks down barriers to information sharing. This can be as important within an agency as across agency boundaries. Barriers to vertical communications are lowered by removing hierarchical controls to communications.

E-mail can also minimize the need for personnel transfers or expensive temporary assignments. For example, 53 engineers at Digital Equipment Corporation (DEC)--spread across Massachusetts, Arizona, Colorado, Singapore, and Germany--collaborated on a design project but had never met and had talked on the phone rarely. DEC estimates that this group finished its project one year sooner, and needed 40 percent fewer people, than a team assembled in one building.[2] E-mail is also cost-effective. According to Hewlett-Packard's calculations, a two-page electronic mail message between any two HP employees worldwide cost on average $0.22; a letter $0.51, and a fax $1.66.[3] And e-mail is faster than all other methods, especially when more than one addressee is included.

The infrastructure needed for supporting e-mail is widely in place in universities and research establishments; most agencies that do business with universities--notably those supporting research and education--are major users. Agencies with e-mail capability use it for rapid interaction with the public. Some have incorporated e-mail into processes for grant and contract proposal reviews, saving the time and expense of conventional mail for receipt of comments from expert reviewers of proposals.

Using e-mail, agencies working jointly on national research initiatives, such as the High Performance Computing and Communications Program and the U.S. Global Change Research Program, "meet" and exchange information needed to manage complex cooperative programs. As the infrastructure, personal computers, user-friendly software, and telephone-based access have grown, some agencies have opened facilities for general interaction with the public.

Need for Change

Presently, over a dozen agencies, and (experimentally) the White House and parts of both Houses of Congress are "on-line." Ultimately, most federal employees should be reachable by e-mail. However, much work needs to be done before this can happen. Issues of standards and compatibility must be resolved. Additionally, many agencies desire applications that are still not fully developed, such as file transfers and multimedia mail. Many agencies have electronic mail, but few make it available throughout an agency or use it to maximum advantage. The federal government as a whole has an often incompatible mix of systems. As the utility of linking internal systems together to conduct agency business became apparent (and linking agency internal systems with more global systems), several ad hoc interagency groups were formed to examine various problems related to implementation. However, none of these groups has the authoritative charters to accomplish the myriad tasks that must be completed to optimize e-mail use.

In addition, several potential barriers of "traditional practice" must be dealt with. The most difficult is a lack of understanding about the various potential uses of e-mail. In addition, messages created in the e-mail environment are treated by senders and receivers in much the same way as telephone conversations--privileged personal communications. But messages, unlike telephone calls, are inherently archival, which introduces records management, security, and privacy concerns. The Federal Records Act (FRA) requires that agencies document work that is used to transact official business--regardless of the medium. Because official agency business will be conducted over electronic mail systems, agencies must take steps to ensure that the recordkeeping requirements of the FRA are met.

Guidance for agencies in meeting this requirement is not adequate and should be strengthened and extended to reflect changes in records management, privacy, and computer security.


  1. Improve electronic mail and messaging among federal agencies. (2)

An existing interagency task force established by the Office of Management and Budget's Office of Information and Regulatory Affairs (OIRA) should be charged to report by April 1994. The Department of Health and Human Services presently chairs this interagency working group, the E-mail Task Force, supported by the General Services Administration. As authorized by the Paperwork Reduction Act, OIRA is overseeing the task force's work and coordinating it with other initiatives. The task force is drawing expertise from existing interagency information technology groups such as the Federal Information Resources Management Policy Council, the FTS2000 Interagency Management Council, and the High Performance Computing, Communications, and Information Technology Subcommittee of the Federal Coordinating Council for Science, Engineering, and Technology. Four goals for this group include:

---Identify support for, provide advice to, and evaluate the results of e-mail pilot programs currently underway. These pilot programs should establish electronic mail capabilities among departmental science and technology advisors and the White House Office of Science and Technology Policy; departmental legislative affairs offices and the Legislative Liaison Office and parties in the alternative dispute resolution process of the Administrative Conference of the United States.

---Develop and issue a Request for Information to the private sector. The Request for Information will outline the challenges faced by the federal government in its progress toward electronic mail interconnection and solicit possible technical solutions. The task force will evaluate industry responses and use this information to fulfill its other goals.

---Analyze the current use of Internet by federal agencies and its potential contribution to both near and long-term e-mail requirements. Coordinate proposals for improving mail interoperation with the High Performance Computing and Communications Initiative via the High Performance Computing, Communications, and Information Technology Subcommittee of the Federal Coordinating Council for Science, Engineering, and Technology.

---Develop a near-term program plan, including financial and technical resource requirements, to assist agencies in improving their capabilities for electronic mail.

2. Issue a governmentwide e-mail records management policy. (1)

In consultation with OMB, agencies, and the National Archives and Records Administration (NARA) should issue a governmentwide e-mail records management policy by April 1994. Some issues that NARA should consider in revising its policy should include records management, privacy, security, and permissible use.


  1. Arpanet was established by the Advanced Research Projects Agency of the Department of Defense.
  2. Perry, Tekla S., and John A. Adam, "E-mail: Pervasive and Persuasive," IEEE Spectrum (October 1992), p. 24.
  3. Ibid., p. 26.

Establish Support Mechanisms for Electronic Government


Electronic government requires an information infrastructure. This infrastructure consists of the technologies needed to allow information to flow smoothly, as well as the operational policies, procedures, and standards that support electronic government applications.

An effective government information infrastructure will lead to complementary and cooperative interagency programs and an integration of databases among these programs. Therefore, privacy and security issues have the greatest priority. The public requires assurance that controls exist to guarantee the integrity, security, and privacy of the information the government maintains.

The government needs to improve the way it buys information technology (IT). Additional Accompanying Reports of the National Performance Review, titled Reinventing Federal Procurement and Reinventing Support Services, contain specific recommendations on improving IT acquisition.

The initiatives in this section of the report require the support and backing of federal, state, and local government as well as industry. Incentives are needed to reward federal managers and private sector contractors for innovations that result in successful reengineering programs.

Although the recommended actions in this report offer potential savings in the billions of dollars, there will be some initial start-up costs for innovative interagency projects. Certain measures can be taken to finance pilot programs. These include creating a governmentwide venture capital fund, initially seeded by taking a small percentage from existing agency IT budgets to avoid the need for new spending appropriations; multi-year funding of IT programs; and retaining savings from IT projects for reinvestment in new IT initiatives.

A key element in realizing the vision of an electronic government is government's approach to improving human resources for IT management and use. Keeping pace with the service demands of citizens and the advances in technology requires a full-scale shift from minimal training to continual strategic learning.

IT09: Improve Government's Information Infrastructure

Riding on the Information Highways

The vision of an electronic government requires computer hardware, software, and telecommunications equipment to make data flow smoothly across the nation's information highways. It also requires policies, procedures, and standards to support the development and operations of services that use the physical technology components. Practices and standards, for example, ensure that newly acquired hardware and software are compatible with existing equipment and interoperable with other systems to which they must be linked. Privacy and security practices, methods, and standards ensure adequate user protection and systems integrity.

An effective information infrastructure requires high levels of interoperation and integration among diverse users. For example, a large enterprise might require high-capacity, high-performance, and expensive technology, such as a fiber optic line leased from the phone company at a cost of several thousand dollars per month. An individual, on the other hand, could link to the same information infrastructure--at lower capacity, lower performance, and lower cost--via a residential telephone and a modem for a minimum access charge. Technical requirements are based on the amount of information transmitted.

The computer and communications industry is in a period of rapid technological innovation producing a continuous revolution in information processing capabilities and products. Notable among these are (1) vast improvements in the ratio of price to performance in integrated circuit design and manufacturing; (2) improvements in userfriendliness and the automation of complex procedures; (3) enhanced interoperability among multi-vendor systems; and (4) universal access to computer networks by both wireless and land-line connections. At the same time, the telecommunications industry is creating new integrated voice and data communications networks. These networks will provide the critical underlying structure for rapidly accessing and receiving information from assorted sources, rapidly coordinating actions, and sharing resources across diverse, geographically distributed organizations.

Elements of a nationwide information infrastructure are already being incorporated into baseline federal, state, and local government operations, based on capabilities provided by the private sector. The federal government has contracts in place to take advantage of existing telecommunications infrastructure for voice, video, and some data communications services. The standard vehicles for agencies to acquire these services are the FTS2000 contracts awarded to AT&T and Sprint by the General Services Administration (GSA) in 1988. FTS2000 provides the basic intercity telecommunications infrastructure for the federal government. The various services available under the present contract make it possible for a given agency to craft its own network services based on its own requirements.

In addition, Internet is a basic data communications infrastructure for (computer-based) communications for some federal agencies and much of the rest of the nation and the world. Today, this cooperative "network of networks" links millions of computers throughout the world providing the framework for an information highway. Over 17,000 networks are linked in 102 countries, and many of these networks contain thousands of computers.1

Internet makes possible collaboration and resource sharing among millions of government workers, academics, educators, and researchers, and a growing list of commercial organizations and services. Nearly half of the presently attached networks are nonacademic in nature. It is a rapidly evolving testbed for new information-based services. Private citizens and business can gain access to Internet for a monthly fee. The Internet is a common ground for linking governmental, academic, and commercial networks for electronic mail. Most of the major commercial on-line information and electronic mail services (Prodigy, CompuServe, MCI, and AT&T) provide gateways to Internet. Major segments of the U.S. component of Internet are funded by the Department of Defense (DOD), National Science Foundation (NSF), Department of Energy (DOE), National Aeronautics and Space Administration (NASA), and other agencies that are involved with research and development programs.

Federal agencies such as DOD, DOE, Department of Commerce (DOC), and NASA are in the process of shifting their scientific and technical information (STI) programs from paper-based operations to electronic digital libraries. These electronic digital libraries will contain vast quantities of agency-generated STI which can be accessed over the National Information Infrastructure (NII). Test-bed electronic libraries of STI are currently being developed using wide area information servers, graphical user interfaces, and Internet connections. Common policies and standards regarding federal STI will be essential in simplifying the use of these databases and in providing one-stop shopping for NII users.

Recent federal initiatives improving access to government information in electronic form--e.g., Office of Management and Budget (OMB) Circular A-130 and the GovernmentPrinting Office Electronic Information Access Enhancement Act of 1993--will accelerate the need for electronic connections to the outside world for most agencies and Congress. A wide variety of access methods will need to be supported, including connection to publicly available communications networks, such as Internet, Prodigy, and CompuServe, as well as dial-up access to government-sponsored bulletin boards. Agencies must ensure that their formats for information storage and linkages for interconnection are compatible with these access methods.

Telecommuting is a potentially important application of the infrastructure. Concepts include working from home or from facilities located at the outer edge of large metropolitan areas, dividing time between a regular office and a remote workplace, and combinations that involve using remote or roving workplaces.[2] Recent action by Congress directs GSA to facilitate the development of three pilot federal telecommuting centers in Maryland and Virginia.[3] Telecommunications to the base office will require high-speed data links for workflow and videoconferencing to promote office interactions, training, and business meetings. These inter-workplace telecommunications facilities will merge with government's evolving information infrastructure and the more widespread NII, thus blurring the workplace/home distinction.

State and local governments are moving forward on their own plans to use advanced telecommunication systems. An example of one approach is the Iowa Communications Network. It is envisioned as an advanced information network providing voice, data, and video information services to state and local agencies, libraries, local schools, community colleges, and universities within Iowa. The state has been coordinating its efforts with GSA, the Department of the Treasury, the Department of Veterans Affairs, and the U.S. Postal Service to investigate how such a comprehensive network could be used to integrate the delivery of federal and state government services.[4] California, North Carolina, and Texas all have major initiatives underway with local telecommunications carriers.

The government's strategy for using information technology will be refined and improved in the future as the national strategy, vision, policies, and technology for the NII emerges. The government needs to take action to ensure the compatibility of intergovernmental systems with this evolving infrastructure.

Need for Change

The underlying technologies for the information infrastructure are evolving rapidly, and no one can accurately predict the technology of choice for the year 2000. The government must develop a coherent information infrastructure to evolve with technology and support electronic government. A cross-government coordinated plan for infrastructure deployment is needed to reduce duplication, system redundancy, and costs.[5] Significant opportunities exist for sharing existing data and computing resources, reengineering delivery of government services, improving the quality of service, and decreasing costs. No single data center or single communications network can serve all government information needs. The flexibility afforded by highcapability networking and new computing technologies can, however, offer significant opportunities for cost savings by facility sharing and "rightsizing" of local systems.

The government must position itself to take advantage of the evolving infrastructure by taking steps today to coordinate its existing "components" of infrastructure--e.g., data processing centers and basic function applications.


  1. Develop government's information infrastructure to effectively use government information resources and support electronic government applications. (2)

The Government Information Technology Services (GITS) Working Group should coordinate the development of the government's information infrustructure in order to help implement the strategic vision and policy directions of the Information Infrastructure Task Force.[6] This infrastructure should be developed as a joint partnership between government, national laboratories, and universities on the one hand, and the nation's information technology industry on the other; and in coordination with the nation's broader research and development initiatives (e.g., the NII initiative and the federal High Performance Computing and Communications Program).

The Interagency Management Council--chaired by the Associate Administrator of the GSA for FTS2000 with membership including senior information resources managers of various government agencies--is currently planning for the future replacement of the FTS2000 contracts. This planning effort should include the transport requirements for the government's information infrastructure and ensure the replacement to FTS2000 supports the development of the NII.

A key role that government can play is to require greater interoperability among government systems. This can be facilitated by focusing the FTS2000 replacement and individual agency procurement requirements on systems that can interoperate, by working with industry to explore partnering opportunities, by promoting standards, and by identifying and removing regulatory barriers that may hinder development of the NII.

2. Consolidate and modernize government data processing centers. (2)

The GITS Working Group should develop a governmentwide data processing modernization plan by December 1994. The plan should complement the working group's strategic information technology vision for government resources and provide a road map for reducing the number of data processing centers within two years of the plan's approval. OMB should review the plan to ensure that these targets are met, and should require special justification of new requirements for stand-alone data processing installations.

OMB, in cooperation with the GITS Working Group, should update and review the plan annually from a cross-government perspective in conjunction with agency budget submissions. Additional opportunities for consolidation and downsizing should be proposed by the working group and incorporated into annual government data processing modernization plans. For example, DOD developed a consolidation and modernization plan--now being executed--that will consolidate over 100 data processing installations into 16 efficient centers.

3. Reengineer basic systems for improved delivery of government services. (2)

The GITS Working Group, by July 1995, in cooperation with OMB, should develop a governmentwide plan addressing basic functions and services to be reengineered, both within and across agencies.[7] The plan should also include plans for interoperability among basic administrative functions such as payroll, personnel recordkeeping, management information systems, and financial and general ledger accounting.

An example of reengineering would be to have current agencies continue to set policies for specific benefits programs, with one agency handling administration and coordination of integrated benefits delivery. Another example of reengineering that will reduce cycle time, steps, and pieces of paper handled is incorporating use of automationbased geographic information systems (GIS) data--such as streets, property boundaries, parks, and police reporting districts--into revised workflows and processes. The City of Minneapolis saved approximately $40 million in street design costs through integration of GIS into its design process.[8] The City of Phoenix is extending its GIS-based access to property records data from one department, where savings of over $100,000 in recurring costs are expected, to all departments and customers.[9] These revised process flows will yield increased service, additional savings, and opportunities for cost recovery.

Reengineering will also allow many government administrative support services to be streamlined. These services presently include systems for payroll, personnel recordkeeping, grants, loans, procurement, project management, management information, budgeting, and financial accounting. Smaller administrative systems, such as correspondence control, audit tracking, and legislative information systems, should also be addressed. OMB should prioritize the phased consolidation and standardization of selected integrated systems for governmentwide use.

OMB, in cooperation with the GITS Working Group, should update and review the plan annually from a cross-government perspective in conjunction with agency budget submissions.

4. Consolidate and integrate federal government private networks. (2)

The GITS Working Group should compile an inventory of private telecommunications networks currently in use within the federal government by December 1994. The working group should evaluate this inventory to identify opportunities for consolidating, sharing, and interconnecting network resources among government agencies.

Cross References to Other NPR Accompanying Reports

Department of the Interior, DOI03: Establish a National Spatial Data Infrastructure.

Reinventing Human Resources Management, HRM07: Enhance Programs to Provide Family-Friendly Workplaces.

Department of Transportation, DOT13: Create and Evaluate Telecommuting Programs; and DOT14: Improve DOT Information Technology Management.


  1. Broad, William J., "Doing Science on the Network: A Long Way from Gutenburg," The New York Times (May 18, 1993), p. C1.
  2. U.S. Department of Transportation, "Transportation Implications of Telecommuting," April 1993.
  3. Public Law 102-393.
  4. Interagency Information Resources Management Infrastructure Task Group, "Iowa Communications Network Study," April 1, 1993, pp. 1-2.
  5. A recommendation for securing this plan was described in the Leadership section of this report.
  6. See IT01: Provide Clear, Strong Leadership to Integrate Information Technology Into the Business of Government.
  7. For additional information on this subject see Thomas A. Stewart, "Reengineering: The Hot New Management Tool," Fortune, vol. 128, no. 4 (August 23, 1993), pp. 41-48.
  8. Telephone interview with Brad Henry, Engineer, City of Minneapolis, August 17, 1993.
  9. City of Phoenix, "Geographic Information System Implementation Plan" October 26,1992.

IT10: Develop Systems and Mechanisms to Ensure Privacy and Security

Business Relies on Secure Communications

Imagine this: A businesswoman walks into a post office, presents a picture ID, and is given a "public key." Using this key card, she electronically signs a federal contract and transmits it over the National Information Infrastructure to a contracting agency. The transaction is valid, secure, and paperless.

Automated teller machines (ATMs) are one of the most successful examples of using information technology to improve service. Viewed with skepticism at their introduction, they are now the principal means used to conduct routine banking transactions.Fundamental to their success is public confidence in the trustworthiness of the electronic banking system. Indeed, people's chief anxiety about using ATMs is the fear of being robbed while making a withdrawal.

A new type of crime is the "high-tech mugging," in which ATM access information is stolen and used to make unauthorized withdrawals. In a recent Brooklyn, N.Y., case, crooks used a hidden video camera to look over the shoulders of people withdrawing money at ATMs. The camera recorded their personal identification numbers (PINs); later the thieves matched these with discarded receipts to withdraw money illegally.

In another ATM caper, crooks placed a bogus ATM machine in a Connecticut mall. The bogus machine not only recorded hundreds of PINs, but also read the private account information stored on each ATM card. The bogus ATM machine returned cards to the unsuspecting owner and displayed a message indicating that the transaction could not be completed. These criminals later used the information to withdraw money. In both of these crimes, the crooks succeeded in stealing over $100,000.

These cases illustrate real money loss by exploiting system security vulnerabilities. However, they also illustrate the real potential for a loss of public confidence in electronic government.[1]

Unless the information systems and electronic services delivery systems protect the information being processed and the privacy of the individuals using them, electronic government will not work. Government is beginning to use the recent advances in information technology to lower costs; increase efficiency and productivity; and collect, use, and analyze far more information, much of it personal.

As government use of electronic services and information systems grows more extensive and widespread, government and citizens will demand continued confidentiality and integrity in the information processed. Also, as government, businesses, and other organizations rely more on electronic records and information, they will also demand more access to diverse, interconnected databases. Information technology can provide tremendous benefits in improved service and, used properly, enhanced privacy and security. But without proper attention, it can also permit inappropriate, unauthorized, or illegal access to information.

Furthermore, new electronic government applications--particularly those focused on service-to-the-citizen programs--present nontraditional challenges and vulnerabilities regarding accuracy, authentication, privacy, and security. These challenges and vulnerabilities are both technical and policy-related.[2]

Although overcoming the technical challenges is straightforward, a tradeoff must be made between cost and risk. Information technologybased solutions and prototypes (cryptography, digital signatures, security protocols) for protecting distributed internetworked systems will soon be available. The implementation of these solutions should be weighed against all identifiable risks.

Overcoming the political and policy challenges, however, is not straightforward. Prominent among these today is the appropriate role of the federal government in privacy and security. Examples of particularly challenging policy issues include balancing national security interests with private sector business interests, and maintaining a balance between individual privacy and governmental efficiency.

The American people want trustworthy, readily available information, and computer systems that are user-friendly, secure, and protective of individual privacy. These systems must:

---safeguard information, facilities, information systems, and networks against illegal or unauthorized access, modification, or disclosure;

---balance access to agency information and records with appropriate privacy controls;

---respect private ownership of information and be subject to policies and disclosure procedures for government use of individual information; and

---incorporate privacy and security safeguards early in the design of the system.

Finally, as the nation develops information highways and expands the national information infrastructure, systems should be designed and used within a framework that

---protects national security interests,

---permits legitimate law enforcement activities,

---enhances global competitiveness and productivity for U.S. business and industry, and

---ensures the privacy and civil liberties of all citizens.

Need for Change

Public acceptance and reliance on electronic information and data requires

---striking the proper balance between an individual's personal privacy and the government's need for information,

---providing a high degree of security against unauthorized access or use, and

---maintaining the accuracy of the information stored or processed.

Need for Privacy.

Americans are becoming increasingly concerned about threats to their personal privacy resulting from wider use of information technology to collect, maintain, and manipulate personal information. A poll conducted in 1970 showed that only 33 percent of respondents were concerned about personal privacy.[3] By 1990 polls, that proportion had risen to 79 percent.[4].

Although advancing technology can create new opportunities for misuse, the real problem lies in the lack of adequate management controls over those with access to personal records. For example, in a recent well-publicized case, the U.S. Attorneys announced the arrest of over two dozen individuals who engaged in schemes to buy and sell information from Social Security Administration (SSA) computer files.[5] Most of those arrested were current or former employees of the SSA or the Department of Health and Human Services' Office of Inspector General. This case brought to the public's attention the fact that SSA employees in over 1,300 offices all across the country have unrestricted access to over 130 million records on working Americans. In another case, HHS's Inspector General found social security number fraud: An SSA employee had used social security numbers taken from the SSA records to obtain and establish credit.[6]

Giving increased attention to personal privacy policies and procedures would allow the federal government to better represent American business interests abroad, particularly in Europe, where privacy protection approaches differ from U.S. approaches.[7] Information, and the records associated with this information, is a global commodity, which readily flows across international borders. Trade conflicts and issues may arise for U.S. businesses when dealing with the privacy laws of other countries, such as the recent privacy laws advocated within the European Community for transborder flow of information.

Need for Security.

As society becomes more dependent on computers and computer communications systems for the conduct of business, government, and personal matters, it relies more on the availability, confidentiality, and integrity of the information these systems rocess. Information security has become especially important for applications such as electronic transactions where accuracy, authentication, or secrecy are essential.

OMB estimates that by 2000 approximately 75 percent of public transactions will be processed electronically.[8] The private sector already uses electronic transactions widely. One trillion dollars in worldwide banking and financial transactions occur each day.[9] Yet the best security systems in use today lose money, credit and financial reports, and private and proprietary data due to electronically perpetrated theft and unauthorized browsing. For example, in the United States, computer crime losses alone total $15 billion per year.[10] These losses are minor when compared to potential losses from harmful and illegal acts such as service disruption, terrorism, and industrial espionage. The cost could be billions for a single debilitating disruption of service or criminal act.

More than dollar losses are at stake. In distributed, electronically based information systems, if access controls and security concerns are not addressed as government proceeds with reinvention, vulnerabilities to U.S. national security may be inadvertently created by making information readily available to foreign governments, competitors, or criminals.[11] Finally, large-scale service disruptions could adversely affect recipients of federal benefits and information-based services of all kinds.


A division between sensitive unclassified and classified information is statutorily mandated by the 1987 Computer Security Act. The following actions use existing privacy and security boards, councils, and groups. Exceptions are two near-term task forces to develop high priority, essential standards or generally acceptable principles needed for rapid progress in creating an electronic government.

  1. Establish a Privacy Organization. (3)

The President should direct the Information Infrastructure Task Force to advise on the establishment of a Privacy Organization within the executive branch to serve as a focal point for both public and private sector privacy issues. Such an organization would advise the President on privacy issues and concerns affecting Federal agencies; assist Federal agencies in identifying and resolving privacy issues related to the implementation of their programs; coordinate U.S. privacy policy with international organizations and foreign governments; and assist and advise State, local, tribal governments and private sector organizations with privacy issues and concerns.

The IITF should provide the President with specific recommendations about the placement, membership, authority, powers, duties, (including budget and legislative relationships), and staff size of such an organization. If establishment of such an organization can be accomplished by executive order, the IITF should create a draft executive order for presidential approval. If specific legislation is needed, the IITF should provide a draft of such proposed legislation. In developing either/or both methods of establishing such an organization, the IITF should seek comment from experts in both the public and private sectors.

2. Establish uniform privacy protection practices and generally acceptable implementation methods for these practices. (2)

The IITF by July 1994 should direct the creation of an interagency task force to create uniform privacy protection practices for information systems and generally acceptable implementation methods for these practices. The task force should include membership from the Departments of Justice, Treasury, Commerce, Defense, Energy, Health and Human Services, Education, and State, OMB, and the Office of Science and Technology Policy and should solicit participation and input from groups such as business, consumer, computer science, telecommunications, civil liberties, and state and local governments.

OMB should have a coordination and advisory role, and the chair should be selected from the participating federal agencies. The task force should be directed to prepare a report within 12 months following its creation that details uniform privacy protection practices and provides generally acceptable implementation methods for these practices. Methods for implementing the uniform privacy protection practices may differ by sector, e.g., health care, personnel, or law enforcement. These practices and methods should be viewed as the recommended privacy standards federal agencies will follow and the private sector will consider.

The direction to the task force should require that the generally acceptable implementation methods aggressively use information technology--including the use of distributed interconnected systems--and should effectively use technology to balance government's responsibility to provide individuals a reasonable degree of control of information about themselves and appropriate confidentiality with government's desire for efficient and high-quality recordkeeping; detection and prevention of fraud, waste, and abuse; and effective law enforcement investigations.

OMB should issue new guidance (e.g., a circular), within six months of receiving the task force's final report. This guidance will adopt, for use governmentwide, uniform privacy protection standards and generally acceptable implementation methods as set forth in that report.

3. Develop standard encryption capabilities and digital signatures for sensitive unclassified data. (2)

The National Institute of Standards and Technology (NIST), in coordination with OMB and with technical assistance from the National Security Agency (NSA), should issue a final digital signature standard by December 1994. NIST, in coordination with OMB and with technical assistance from NSA, should also create opportunities for industry to develop the encryption capabilities required for protection of networked distributed systems. NIST should then make that information available to federal managers. A high priority should also be given to finalizing and promulgating digital encryption standards and security protocol standards.

4. Develop generally accepted principles and practices for information security. (2)

NIST, in coordination with OMB and with technical assistance from NSA, should plan and coordinate the development of generally accepted principles and practices for information security which are to be applied in the use, protection, and design of government information and data systems, particularly front-line systems for electronically delivering service to citizens. Draft guidance should be issued by September 1994. More than one set of generally accepted principles and practices may be required for the affected communities.

5. Develop a national crisis response clearinghouse. (2)

By September 1994, NIST, in coordination with OMB and with technical assistance from NSA, should promulgate better security information to the existing group of agency crisis response teams. This clearinghouse should address security problems including collection, analysis, and technical vulnerability assessment. It would also disseminate information about incidents governmentwide. The mission of this clearinghouse would be to serve as a broker of computer security crisis information and of computer security resources. This can be accomplished by expanding the role of the NIST program and by formalizing Memoranda of Agreement that facilitate networking and coordination among various existing independent crisis response bodies.

6. Emphasize the need for information security in sensitive unclassified systems. (2)

OMB and NIST, with technical assistance from NSA, should (1) improve planning capabilities for security by requiring an information security plan to be part of each agency's strategic IT plan; (2) identify computer security as a material weakness in the Federal Managers Financial Integrity Act report if it does not meet established thresholds; (3) require employees and contractors to complete awareness and training; (4) improve planning for contingencies; and (5) establish and employ formal contingency response capabilities. These requirements should be included in future revisions to OMB Circular No. A-130, Management of Federal Information Resources, to be issued no later than December 1994.

7. Reevaluate security practices related to national security data. (2)

By December 1994, the PRD Task Force--chaired by the Information Security Oversight Office, in cooperation with the Joint Security Commission, and the National Advisory Group for Security Countermeasures--should aggressively pursue a reevaluation of information security and information systems security practices. These groups should also examine classification and safeguard practices for the purposes of improving security within rapidly changing technological and threat environments. This reevaluation should be accomplished within the context of the Presidential Review Directives on national security information and advanced telecommunications and encryption, as well as the Presidential Decision Directive on public encryption management.

8. Foster the industry-government partnership for improving services and security in public telecommunications.[12] (2)

Since government relies heavily on public telecommunications systems (e.g., about 90 percent of DOD's telecommunications are provided by public carriers), improved security, integrity, and assurance of services is crucial. Electronic government will rely even more heavily on public carrier telecommunications for services. Fostering this relationship includes the following:

---The voluntary and cooperative development of a unified concept of operational security for new technological developments such as universal personal telecommunications. The universal personal telecommunications concept provides personal telecommunications services regardless of location, terminal or network access point. For example, individuals are assigned a unique personal network number so that services may reach them anytime and anywhere in the network. Within this context, the standards community needs to address the issues of national security, emergency preparedness, priority, access, fraud, and information privacy. The National Communica-tions System should work through the National Security Telecommunications Advisory Committee, with technical assistance from NSA and NIST, to foster government and industry liaison for developing security for Universal Personal Telecommunications capabilities and ensure National Security/ Emergency Preparedness.

---The development and issuance of appropriate technical information bulletins for shared industry use that address security assessments of wireless access to commercial systems. The National Communications System and the Federal Communications Commission, working with public telecommunications services providers, should ensure information bulletins address all telecommunications threats.

---Working with industry to cooperatively improve security, integrity, and availability of the public switched network (PSN) provided by the telecommunications industry. The National Communications System and industry, through the National Security Telecommunications Advisory Committee and its supporting groups, should foster conducting vulnerability assessments, sharing lessons learned, identifying improvements in legislation to protect PSNs, reporting on vulnerability incidents, and research on telecommunications security areas.

9. Implement the National Industrial Security Program. (2)

The Information Security Oversight Office, currently in GSA, should aggressively continue to work with industrial organizations under contract with the government to ensure the protection of classified information while reducing costs and redundant requirements and improving efficiency as described in Executive Order 12829, January 8, 1993, National Industrial Security Program (NISP).[13] This office, along with the Secretary of Defense, Secretary of Energy, and Director of Central Intelligence, should continue to work cooperatively with industry to implement the NISP. The following should be considered as a minimum: publication of a NISP operating manual; development of cost collection and tracking mechanisms; development of governmentwide standardized background investigation forms and processes, as appropriate; standardized policy on reciprocity of investigations and inspections; portability of security clearances across agencies; development of uniform, standardized training and education requirements for industry and associated curricula and competency evaluation for government industrial security representatives; and the implementation and enforcement of NISP standards.

10. Develop a comprehensive Internet security plan. (2)

The existing interagency team, the Federal Networking Council, chaired by the National Science Foundation (NSF), should, in consultation with NIST and OMB, develop and promulgate a Federal Internet Umbrella Security Plan, by November 1994, for interconnecting the federal IT community with appropriate state, local, commercial, public and private, and foreign government activities. Such a global architecture should allow for security differences between networks. Use of layered protocol standards and techniques can be employed with a range or set of security service standards with appropriate gateway protection devices so that small restricted communities and large open communities can safely interoperate. The security architecture should identify, as a minimum, the grades of services offered, how each is implemented and assured, how interconnections between networks should be made, and what can be done for those users not adequately served by any of the agreed-upon standard grades of service.

11. Coordinate security research and development. (2)

The GITS Working Group should direct NIST, in coordination with OMB and with technical assistance from NSA, and the Office of Science and Technology Policy's Federal Coordinating Council on Science, Engineering, and Technology, to coordinate the development of a governmentwide plan for security research and development (R&D). The plan should be completed by December 1995. It should provide a baseline assessment of the current R&D investment in privacy and security. The plan should address development and prototyping of the next generation of information systems within the context of appropriate, adequate security and individual privacy features. The plan should also describe a process for continuous technology improvement or advancement, which includes evolving basic research into technology development and prototyping initiatives followed by the introduction of mature features into operational systems. Finally, the plan should recommend prototyping experiments to accelerate use of new technologies in trusted systems and systems having individual privacy protection features.


  1. "On PINs and Needles Over ATMs, "Washington Post (May 21, 1993), pp. G1, G8, and "ATM Scams; High-Tech Caper Prompts Banks to Step Up Security," The Hartford Courant (July 11, 1993), p. D1.
  2. U.S. Congress, Office of Technology Assessment (OTA), Federal Government Information Technology: Electronic Record Systems and Individual Privacy, OTA-CIT-296 (Washington, D.C.,June 1986); The Report of the Privacy Protection Study Commission, Personal Privacy in an Information Society (Washington, D.C.: U.S. Government Printing Office, July 1977); and U.S. Congress, Office of Technology Assessment, Defending Secrets, Sharing Data: New Locks and Keys for Electronic Information, OTA-CIT-310 (Washington, D.C., October 1987).
  3. Piller, Charles, "Special Report: Workplace and Consumer Privacy Under Siege, "MacWorld (July 1993), pp. 1-14.
  4. See Weston, Alan F., and Louis Harris and Associates, The Equifax Report on Consumers in the Information Age (Columbia University, 1990).
  5. U.S. Congress, House, Committee on Ways and Means, Subcommittee on Social Security, "Illegal Disclosure of Social Security Earnings Information by Employees of the Social Security Administration and the Department of Health and Human Services" Office of Inspector General: Hearing," 102th Congress, 2nd Session, Serial 102-131, September 24, 1992.
  6. Ibid.
  7. Congressional Record-House, H755-757, January 29, 1991.
  8. U.S. General Accounting Office, Comptroller General's 1989 Annual Report: Facing Facts (Washington, D.C.: U.S. General Accounting Office, 1990), p. 28.
  9. Adam, John A., "Special Report: Data Security," IEEE Spectrum (August 1992), pp. 18-44.
  10. Illustrative Risks to the Public in the Use of Computer Systems and Related Technology, vol. 18 (Menlo Park, CA: SRI International, undated).
  11. See OTA, Defending Secrets, Sharing Data: New Locks and Keys for Electronic Information, and Department of Defense Security Institute, "Security Awareness News: A Compilation of News Articles on Counterintelligence and Security," Richmond, VA, May 1993, pp. 2, 23.
  12. The Office of the Manager, National Communications System, Technology and Standards Analysis Report, "Concept of Operations for NS/EP Applications of Universal Personal Telecommunications," May 1993.
  13. Executive Order 12829, "National Industrial Security Program," Federal Register, vol. 58, no. 5 (January 8, 1993), pp. 3479-3483.

IT11: Improve Methods of Information Technology Acquisition

Purchasing Power to the People

Imagine this: A government manager has a top priority special project with a very short lead time. On top of that, the project depends on use of a just-released proprietary software package. The manager dials into an "electronic information technology marketplace" and purchases the software on-line. The package is delivered within an hour, and the project is under way.

Most Americans are used to the annual model change in the automobile industry inspired in the 1930s by Alfred P. Sloan, Jr., of General Motors.[1] The extraordinarily rapid pace of technological change in information technology (IT) hardware and software creates the equivalent of three to five model changes each year.[2] The microprocessor--the engine of IT change--is the driving force behind the exponential rate of change.[3] Despite this rate of change, federal government IT acquisition processes remain based on hierarchical approval processes and dollar thresholds established in the 1960s when computer systems were costly, often complex, frequently custom-designed resources, available only from a limited number of vendors. Application software was also expensive then, and typically available only from a few vendors or developed by centralized in-house personnel. The IT acquisition rules and regulations of this era were written to encourage competition, control large dollar expenditures, and avoid waste when buying uniquely designed systems.

Unlike the private sector, most government IT acquisition processes also involve excessive layers of management oversight and regulatory rigidity. These add to procurement costs by requiring vendor and government teams to remain in place for lengthy periods and by ignoring the short technology life-cycle of many of the items being procured. It is not uncommon for the hardware and software ultimately delivered to a government agency to be immediately upgraded--or need to be upgraded--to stay current with commercial standards.

An excessive part of the government IT acquisition process is devoted to obtaining approvals in advance of actual IT procurement. Existing agency standard authorization levels from the General Services Administration are far too low--currently $2.5 million per individual acquisition. Even government credit card purchase authorization levels are so low--$500 in some agencies--as to preclude their use in purchasing even simple personal computers and associated items. A reasonable increase of card purchase authorization levels for IT items would instantly reduce the time required by procurement processes and allow government managers to implement new programs quickly and responsively. Private sector IT acquisition personnel, who generally have the flexibility and skills to deal efficiently and effectively with the rapidly changing IT market, save money for their employers. Real taxpayer savings can result from not wasting valuable government staff time on process issues.

Another of the most time-consuming and costly aspects of the current government IT acquisition process is the use of paper documents in preparing and exchanging solicitation, proposal, and negotiation information and subsequent contracts, reports, invoices, and payments. Many vendors feel that the IT acquisition process is more focused on the production of documents than the acquisition of IT goods and services. The importance most government acquisition staffs place on bureaucratic process issues delays the solicitation process and raises vendor costs. The emphasis on process also deflects vendor efforts away from providing the best IT products at the lowest price. An important part of the IT acquisition function is to facilitate industry access to agency IT buying plans and requirements as well as facilitate agency access to industry IT product and service offerings and technology plans in an arena where short technological life-cycles have demonstrated the need to fundamentally change acquisition processes. For more effective government IT acquisitions, there needs to be an improved ability to better differentiate state-of-the-art from state-of-the-practice technology.[4]

A number of private sector firms--particularly in the automobile manufacturing sector--have begun to integrate information systems with those of their suppliers.[5] This approach virtually eliminates all paper involved in the acquisition process and facilitates close and continuing information exchange between buyer and supplier throughout the product acquisition life-cycle.

With IT hardware and software technological life-cycles now frequently measured in periods as short as a few months, existing IT procurement processes (such as the GSA Multiple Award Schedule system with its infrequent updates) simply cannot keep up with new product introductions or price reductions for products achieving unusual marketplace success. In addition, IT product offering and price comparisons between different vendors' products are difficult to make rapidly and easily when large numbers of individual paper documents are used, thus reducing competition. The slow change process of the GSA schedule precludes government agencies being able to take advantage of the often lower street prices for many IT products. Great effort is frequently expended to justify going "off schedule" to obtain desired products at lowest cost. When program funds exist, the government should buy off-the-shelf and commodity-type IT products in the same manner as do commercial firms and private citizens: This will dramatically shorten the IT acquisition process and result in considerable savings.

Finally, unlike the private sector, there are virtually no mechanisms that allow government IT procurement officials and their staffs to see how IT acquisition process documentation and time delays represent real, quantifiable costs. The government does not use accounting practices that would allow these costs to be reflected as part of the total recorded cost of the IT goods or services being acquired. Knowing how acquisition process costs inflate overall IT costs will permit program and line managers to take action to reduce total IT expenditures.

Need for Change

The basic rules of the road for IT acquisitions are found in the Federal Property and Administrative Services Act of 1949, as amended.[6] When IT acquisition provisions were originally added to the act in 1965, the only IT items being purchased were large, expensive, mainframe computer systems. Although computers are now more widespread in government offices than typewriters were 20 years ago, and software is often published in the tens of thousands of copies and is shipped to users in shrink- wrapped boxes, the same IT procurement rules and processes continue to be followed. As a result and unlike private sector practices, federal government agencies now frequently spend excessive amounts of time and effort acquiring IT items that are not commensurate with either the cost or the technology life-cycle of the items being procured. Even simple procurements for off-the-shelf items take far too long, thereby delaying arrival and use of hardware and software needed for effective program implementation.

GSA, through existing IT procurement delegation levels, has limited executive branch agency authorizations to no more than $2.5 million for an individual acquisition. While agency size and IT competence obviously vary, it seems reasonable that a new approach to GSA oversight should be considered. Increased agency authorization levels would give agencies substantially more freedom to manage their own IT affairs. The existence of a vigorous General Accounting Office, agency inspectors general, and GSA information resource management program reviews should provide the necessary oversight for those agencies unable or unwilling to manage their IT affairs effectively.

Because off-the-shelf IT tools are now often integral to even simple program implementation, the frequent delays in government program execution caused by an inability to acquire IT tools quickly need to end. Such delays, although quantifiable, are rarely recorded in government accounting systems or even recognized as an added cost of government operations. Program or line managers, having received budget authority for the function under their direction, should have the authority to buy a fully configured personal computer and relevant software when program conditions require immediate action.

Process reengineering techniques hold the most promise for allowing government users to be quickly supplied with state-of-the-art IT tools at competitive prices.[7] A reengineered IT acquisition process for short technological life-cycle, off-the-shelf IT tools can be achieved by creating an "Electronic IT Marketplace." This marketplace would allow:

---a dramatic decrease in the length of time it takes to get from product announcement or requirement definition to contract award so as to speed up the implementation of government programs dependent on IT tools; and

----a substantial decrease in the costs--both of the IT acquisition process itself and of the accompanying program office and vendor staff time involved.[8]

Implementation of such a dramatically new acquisition process like an "Electronic IT Marketplace" will not be easily accomplished. Because virtually all the existing statutes and regulations were developed with paper-based transactions in mind, many adjustments will be needed. The benefits of a dramatically faster, more streamlined, and more efficiently reengineered IT acquisition system are more than sufficient to justify the preparatory work required to test the concept.

The use of antiquated, paper-based processes in much of the federal government imposes a substantial cost to the business being conduted. Because these costs are not captured by government accounting sysems, they are often thought invisible. Chrysler Corporation, for exampe, attributes much of its ability to bring new models to market more quickly than its competitors to the combination of an innovative taff team approach and the building of a new, IT-intensive Automotive Technology Center in Auburn Hills, Michigan. The technology in this new center allows for easier and more rapid communication of information among all team members, regardless of whether they are physically adjacent. Using IT tools instead of paper, new body designs existing only on a computer's screen are used to directly control the carving of clay models of proposed new designs. This innovative use of IT, eliminating the paper and most of the manual work previously required with traditional approaches, allows new models to be brought to market more quickly.

Government can slice substantial amounts of time and cost from its acquisition process--not just for IT items, but for everything it buys-- simply by eliminating the need for paper documents and records.[9] Measured over any reasonable life-cycle, getting the paper out of the system will pay the taxpayers dividends in the form of lower taxes just as an IT-intensive environment has enabled Chrysler to bring new models to market at lower prices. Other than additional government automation and networking resources, there are relatively few impediments to moving to a paperless electronic data interchange (EDI) acquisition system. Vendors should appreciate an EDI system because it will reduce their costs as well.

To enable government managers to make IT acquisitions with efficiencies approaching those found in the private sector, providing visibility to IT acquisition process costs and including them as part of program implementation costs is of exceptional urgency. If IT acquisition costs are removed from overhead accounts, the fees charged by executive branch acquisition entities can be budgeted for within program activity budget submissions and included in program activity accounting systems as a separately identifiable expense for each individual acquisition requiring such support. The added costs the present IT acquisition process imposes on IT tools when they are purchased by the government will thus be highlighted, allowing managers to manage more effectively.[10] For example, at present, the costs of IT acquisition support provided by the Defense Commercial Communications Office, a fee-for-service organization, are capped at 2 percent. Removing IT acquisition staff costs from overhead accounts and placing them on a fee-for-service basis--combined with program manager freedom to negotiate the most cost-effective arrangement possible from any IT acquisition office--will promote competition among acquisition organizations and give program managers the opportunity to be held accountable for their own and their program's effectiveness.[11]


Although the following actions are recommended in other NPR accompanying reports, they are summarized here to show how they collectively address the acquisition problems facing the IT community.

  1. Conduct a two-year pilot test of a modernized IT acquisition framework. (1)

The administrator of GSA should conduct a two-year pilot test of a modernized IT acquisition framework.

2. Increase delegation of authority to agencies. (1)

The administrator of GSA should increase delegation levels for competitive IT procurements.

3. Expand use of commercial credit card. (1)

The heads of all federal agencies and the Federal Acquisition Regulatory Council should adopt the recommendations for expanding the use of the International Merchants Purchase Authorization Card.

4. Pilot test innovative approaches under the Multiple Award Schedule program. (1)

The administrator of GSA should begin a pilot test of an "electronic IT marketplace."

5. Expand electronic commerce. (2)

The President should issue a directive establishing a governmentwide program for engaging in electronic commerce, and the Federal Acquisition Regulatory Council should revise the Federal Acquisition Regulation to support full implementation of EDI.

6. Provide incentives for improved IT acquisition service efficiency. (2)

The President should issue a directive instructing agency heads on franchising service functions, OMB should establish an Implementation Team to facilitate franchising implementation, and the President's Management Council should assume overall responsibility for franchising implementation for IT acquisition activities. Simultaneously, agency heads should authorize executive branch agency program and line managers to use any officially established IT acquisition entity conducting business in accordance with the Federal Acquisition Regulations.

Cross References to Other NPR Accompanying Reports

Improving Financial Management, FM06: "Franchise" Internal Services.

Reinventing Federal Procurement, PROC08: Reform Information Technology Procurements; PROC09: Lower Costs and Reduce Bureaucracy in Small Purchases Through the Use of Purchase Cards; and PROC14: Expand Electronic Commerce for Federal Acquisition.

Reinventing Support Services, SUP04: Streamline and Improve Contracting Strategies for the Multiple Award Schedule Program.


  1. Sloan, Alfred P., Jr., My Years With General Motors (New York: Doubleday & Co., Inc., 1964), pp. 150, 152, 163, 165-68, 238-47.
  2. Synnott, William R., The Information Weapon: Winning Customers and Markets with Technology (New York: John Wiley & Sons, Inc., 1987), pp. 307-09.
  3. Tapscott, Don, and Art Caston, Paradigm Shift: The New Promise of Information Technology (New York: McGraw-Hill, Inc., 1993), p. 20.
  4. Kiviat, Philip J., "Information Sharing Between Industry, Agencies Key to Procurement Success," Federal Computer Week (June 21, 1993), p. 13.
  5. Synnott, p. 4.
  6. 40 U.S.C. 759
  7. Davenport, Thomas H., Process Innovation: Reengineering Work through Information Technology (Boston: Harvard Business School Press, 1993), pp. 37-93.
  8. Barzelay, Michael, and Babak J. Armajani, Breaking Through Bureaucracy: A New Vision for Managing in Government (Berkeley: University of California Press, 1992), pp. 115-133.
  9. Keen, Peter G. W., Shaping the Future: Business Design through Information Technology (Boston: Harvard Business School Press, 1991), pp. 1-21.
  10. Barzelay and Armajani, pp. 102-114.
  11. Kelman, Steven, Procurement and Public Management: The Fear of Discretion and the Quality of Government Performance (Washington, D.C.: The AEI Press, 1990), pp. 24-26.

# # #