by Mark MacCarthy

GSA’s entity validation request for proposal is flawed

Sep 25, 2018
GovernmentGovernment ITIntellectual Property

The plan to create a government-run identifier raises intellectual property concerns and duplicates private sector efforts.

In late August, the General Services Administration (GSA) released a request for proposal (RFP) for entity validation services that could significantly improve the Federal government’s ability to identify contractors and grantees and track them accurately in government computer systems over time, even when significant elements of their identifying information change. It called for open competition to select a contractor to provide the best possible entity validation service at the lowest cost to the taxpayers.

However, the RFP goes beyond asking for a contractor to provide validation services. It calls for the government itself to create and maintain its own new identifier system, the SAM Managed Identifier (SAMMI). Under this new arrangement, contractors and grantees seeking to do business with the government would enter information into the SAM system directly. That information would be passed to the contractor providing entity validation services. The entity validation contractor would compare and seek to validate the information provided by the entity seeking to register in SAM. It would pass conflicts back to the SAM system, potentially then creating rounds of customer service calls to GSA and the contractor for resolution. The SAMMI data, as eventually adjudicated by the registrant, GSA, and the EVS contractor, would then be made publicly available and searchable.

This new government-run identifier could put the private sector intellectual property of the contractor at risk

Under the framework proposed in the RFP, the contractor is prohibited from using data collected under this contract without express permission from the government, even if they already collect such data for entity validation in the natural course of doing business.  Moreover, the data transferred from the system of the contractor to resolve conflicts might be made available to the public, thereby exposing significant parts of the contractor’s proprietary database to the public.  This public disclosure would slowly erode the value of the investment the entity validation contractor has made to create and maintain its validation database. 

Any entity verification system must ensure that private sector IP is protected. The current RFP creates a confusing path of asking for exemptions to protections, and intermixing data from proprietary and government sources which makes it difficult to protect private sector IP. As the agency moves forward these concerns must be addressed.

The IT Alliance for Public Sector (ITAPS), a technology trade association made this point in a comment to GSA, saying “GSA should clarify the unlimited rights construct and the data rights schema associated with it, to ensure users and the EVS contractor that information, provided in the course of identity verification in SAMMI, will have the appropriate intellectual property protections.”

The GSA approach in its entity validation RFP pushes the principles of openness for hybrid data too far

The GSA identifier plan raises all the issues of hybrid data, a term that describes the increasingly complex government data environment where public-private partnerships and various arrangements lead to a government data ecosystem that is not just government data, but often blended-data sets that combine data from the public and private sectors.  Rich Beutel, Principal at Cyrrus Analytics concluded in his recent study on the topic that the principles of open government data are not unbounded, but rather have limitations, and open government data policies need to take “a more nuanced approach.” 

In dealing with hybrid data, overly-broad open data policies—or mandates—can threaten intellectual property rights in private sector data, and disincentivize joint partnerships and innovation.  The data used in the new government-run identifier system will inevitably involve data obtained from the entity validation contractor, which means that the data set is a classic hybrid data set.  It should be treated with the nuanced approach recommended by Beutel.  Instead, the RFP appears to call for unmodified principles of openness, as if the data were entirely generated by the government.

The new identifier system is also an unnecessary and wasteful duplication of systems which are already available in the private sector

Several private sector companies provide complete entity validation services based on proprietary databases that they protect as their intellectual property. The creation of a separate government-maintained system serves a very limited purpose, would create confusion and duplication and compete in an unacceptable way with the private sector.

It has long been established that government should not compete with the private sector. OMB Circular A-76, regarding Performance of Commercial Activities, was written to provide fundamental policy direction to agencies that the government should not be in the business of providing commercial goods and services in competition with private markets.

ITAPS emphasizes this, saying “It is, therefore, unclear why the General Services Administration (GSA) would embark on what appears to be the acquisition of a large, government-unique IT development project, particularly when there are multiple commercially suitable and proven technologies available as COTS or commercial items available.”

The RFP seeking a contractor to provide Entity Validation Services program should adhere to this guidance of Circular A-76 intent and avoid creating a duplicative, competing system.

GSA has conducted no analysis of what this new system would cost

The government and ultimately the taxpayers will face new costs to deploy the system, and businesses will face substantial transition burdens. In addition, there will be extensive ongoing costs to implement and address business process gaps as envisioned, as well as to maintain and upgrade the system. Any new system would also give rise to questions and compliance burdens and the cost analysis of those increased call center volumes have not been fully appreciated under the proposal.

At this point, Congress and the taxpayers simply do not know how much it would cost to create and maintain a duplicative system.  

GSA should clarify its Entity Validation Services Request for Proposal so as to avoid any violations of intellectual property rights and to avoid developing a duplicative and unnecessary system. They should also conduct adequate due diligence in the form of a comprehensive cost analysis.