On Dec. 17, 2002, President Bush signed the E-Government Act into law. The signing was muffled amidst the drumbeat of war talk with Iraq, and with scant controversy behind its bipartisan passage, it was little more than a blip on the radar screen of the nation’s media. Yet by the simple action of signing the act, the president had taken a giant step toward launching the federal government into the information age.
E-government is designed to make it easier for citizens and businesses to access government information and services by encouraging interagency IT initiatives that, while improving customer service, also consolidate redundant systems, decrease paperwork, increase productivity and save money. As Mark Forman, associate director for IT and e-government at the Office of Management and Budget, told a gathering last year of the Open Group?a standards body?e-government will enable “an order of magnitude improvement in the federal government’s value to the citizen; with decisions in minutes or hours, not weeks or months.” Ultimately, it’s about making government citizen-centric so that you can go to websites to get information about unemployment benefits, comment on proposed clean air rules or apply for an import license. You save time. And the government gets more for its IT dollars.
That’s no small matter. The federal government’s proposed IT budget for the 2004 fiscal year is a whopping $59 billion. Yet that money has traditionally been appropriated and spent on an agency-by-agency basis, with little regard to how a system might fit into an overall federal architecture and with little focus on using IT to improve citizen services.
Money and budgets aside, the E-Government Act is a logical extension of President Bush’s management agenda, which cites e-government as one of the five key cornerstones of his efforts to run government more like a business. “The idea behind this law is for the federal government to take full advantage of the Internet and other information technologies to improve its efficiency and to secure its electronic information,” said Sen. Joe Lieberman (D-Conn.), author of the act, in a statement released last December.
The new legislation aims to further the inroads Forman and his staff at the OMB have been making; they have been using IT to help improve government efficiency and make services more responsive to citizens. The OMB’s 25 various e-government initiatives are a prime example (see “Emphasizing Business Value,” Page 48). One of the projects, the Department of Labor’s Govbenefits.gov site, aims to help citizens locate and determine their eligibility for benefits and services. Patrick Pizzella, CIO at the DoL, is justifiably proud of the new site. “In 30 to 60 days, we’ll have [close to] 300 government benefit programs on the site…. It saves [citizens] a lot of time, and it’s available around the clock,” he says.
The act builds on the work already being done by the OMB and the federal CIO Council, and it pumps the power of law into the government’s IT fuel tank. To establish accountability, it has created a new office within the OMB devoted to e-government strategy and implementation. It establishes a separate, $345 million E-Government Fund for interagency projects, requires basic standards for federal websites and privacy impact assessments for new systems, and calls for improved information security measures. (For major provisions of the act, see “E-Government Act of 2002 Highlights,” opposite page.)
“The bill is probably the most extensive piece of legislation to date on e-government,” says Dave McClure, who worked on the legislation. McClure is vice president for e-government at The Council for Excellence in Government in Washington, D.C., a group that works to improve the government’s performance. For their part, federal CIOs say the new law and its E-Government Fund finally gives them the legal and financial backing needed to make e-government happen. “The fund will support projects that try to find innovative ways to make it easier for the public to conduct business with the federal government,” says Woody Hall, CIO at the Customs Service. Rosita Parks, CIO at the Federal Emergency Management Agency, also is a fan of the fund. “Having had managing partner responsibility for two e-gov initiatives with broad application since last August, and understanding how difficult it has been to garner resources for both initiatives, I believe that one of the most beneficial elements of the act is that it authorizes e-gov funds beyond the $100 million originally targeted,” says Parks.
Although Congress and the administration are clearly paving the way to creating a 24/7 government, there are a number of hurdles ahead for the 60 or so federal CIOs who make up the CIO Council. Reformers are starting to chip away at the traditional stovepiped structure of the federal government?spurred by the integration of 22 agencies into the new Department of Homeland Security?yet the fact remains that an agency, not cross-agency, perspective is the norm. Until that changes, a functional framework for e-government will be nothing more than a tease and an empty promise. In addition, privacy and security issues will remain paramount as citizen information is increasingly gathered and exchanged among numerous agencies’ systems. And the $345 million that the act authorized for the E-Government Fund over four years is subject to the legislative whims of Congress. That became clear in January when Senate appropriators slashed $40 million from the $45 million that was earmarked for the 2003 fiscal year.
While the e-gov act promises major benefits in terms of service and efficiency, achieving true e-government won’t happen until the players involved overcome some significant challenges.
The Act’s Guiding Principles
Make it easier for citizens to interact with government.
Attempting to find out which agencies are responsible for regulating nursing homes or protecting local rivers or regulating the amount of animal byproducts in the bratwurst you just consumed can be a frustrating trip through a byzantine collection of 22,000 agency websites. The act calls for improving the federal government’s portal, Firstgov.gov, so that citizens will have access to better organized information in fewer clicks, regardless of agency. According to McClure, the act mandates uniform access to the government’s functional services?paying taxes, applying for loans or getting disaster assistance, for example. “The goal is to do it simpler and faster, without navigating government bureaucracy,” McClure says.
Another provision calls for e-rule making that allows citizens to comment on proposed regulations online. “It’s a very democratizing provision,” says Kevin Landy, a counsel on Lieberman’s staff on the Senate Governmental Affairs Committee who worked on the e-government legislation. In January, the Environmental Protection Agency launched a new website (www.regulations.gov) that gives citizens and businesses a one-stop portal to submit their opinions on government regulations from all departments. Previously, the public comment process was difficult to use; for example, citizens needed to know the agency responsible for a specific rule and often had to submit the comment in writing. “E-rule making will allow citizens to participate actively by enabling them to be involved in federal rule making on their own terms at a location and time of their choice,” said EPA Deputy Administrator Linda Fisher in remarks delivered at the time of the site’s official launch. “This initiative will help assure the public that they have a role in making regulatory decisions, and that it can be done in a more timely and efficient manner.”
Another significant plus: The OMB estimates that creating a single system for rule making will save $94 million.
Increase agency-to-agency cooperation.
Since the birth of the nation more than two centuries ago, the federal government has grown up around an agency-centric structure. But today’s government managers realize that for e-government to succeed, cross-agency partnerships are critical, whether it’s the Department of Agriculture working with the Department of the Interior on geospatial mapping, or the Office of Personnel Management working with agencies to consolidate payroll systems. “We need to make choices based on citizens, as opposed to the specific department we come from,” says Ira Hobbs, deputy CIO in the Department of Agriculture. To develop security standards, create website guidelines or make any other provisions of the act succeed, government CIOs will need to continue formulating common strategies.
Commenced in late 2001, the OMB’s Quicksilver initiatives have already been actively breaking down barriers as agencies have worked side by side developing e-government projects. And the OMB’s IT team, led by Forman, has also been working with government CIOs on a number of other IT initiatives, including the development of a federal architecture. The act provides “additional momentum for what we’ve been doing in terms of using IT to improve the value and delivery of government services,” says Doug Bourgeois, CIO of the U.S. Patent and Trademark Office.
Jim Flyzik, who recently left government after serving in the Department of Homeland Security and as CIO at the Treasury Department, strongly advocates looking at government from a functional, not a stovepiped, perspective. And he thinks the act, as well as DHS, can do just that. “The evolution of the Internet and tearing down of lines of demarcation across entities is part of that evolution [toward a more functional view of government]. It allows a physical restructuring and better services,” says Flyzik, who cofounded a Washington, D.C.-based government consulting firm, Guerra, Kiviat & Flyzik, last December.
Raise the profile of government IT leaders by creating a new Office of Electronic Government and writing the federal CIO Council into law.
The new office will be part of the OMB and led by a presidential-appointed administrator. That person will also head the federal CIO Council, an interagency group of CIOs and deputy CIOs. Those two provisions legislate two groups completely devoted to improving governmentwide management of IT. Flyzik, who was vice chairman of the council, says he’d been pushing to make the council law for some time. “We constantly tried to position the CIO Council to be a strategic force in setting the agenda for the administration,” Flyzik says, adding that, by making it law, the council gains a lot more emphasis and authority.
The act sets out specific responsibilities for the new administrator, including capital planning and investment control for IT, the development of enterprise architectures, ensuring dialogue between the federal, state and local sectors, and overseeing the distribution of the E-Government Fund. A logical choice to head the new office is Forman, the government’s top IT official.
Strengthen privacy protections by requiring privacy impact assessments for new systems.
Congress and the administration understand that Americans are justifiably concerned about privacy in their digital interactions. The provision calls for assessments any time personal information is collected on 10 or more people. The assessments must address what information is to be collected and why, how it will be used and secured, with whom it will be shared, and requires notice of how consent is to be obtained from individuals. “By requiring agencies to go through the process of answering those questions, I think we move a long way toward protecting the privacy of the American public,” says Rep. Jim Turner (D-Texas), who introduced the legislation in the House.
McClure says that the importance of the provision is that assessments are now law. “In the past, there was guidance from OMB but nothing specifically in the law,” he says. “That’s a strengthening of privacy protections.” Another provision requires agencies to provide privacy notices outlining their policies on their websites.
Improve information security.
In 2000, Congress passed the Government Information Security Reform Act (GISRA), which required agencies to report on the security of their IT systems and build security into their business cases when making budget requests. Last year, Rep. Tom Davis (R-Va.), a key supporter of the E-Government Act in the House, introduced legislation to strengthen GISRA, which expired last November. That bill became the Federal Information Security Management Act (FISMA), which calls for security standards, annual independent audits and gives Congress more oversight over agency security matters. “Many have described it as GISRA with teeth,” says Shannon Kellogg, vice president of information security policy and programs at the Arlington, Va.-based Information Technology Association of America, an industry trade group. FISMA became law in the E-Government Act.
Agriculture CIO Hobbs is enthusiastic about the security mandate. “We clearly need to continue improving our cybersecurity posture across government. Having it [legislated] is good for all of us. It keeps our feet in the fire in the area where we need to spend time and resources,” he says. Kentucky CIO Aldona Valicenti thinks it’s one of the best things in the act, particularly because it makes it easier for states to interact securely with federal agencies. “You can imagine?I deal with Justice, Treasury, the EPA, [Health and Human Services]. If everyone has a different set of standards and a state wants to standardize on something else, we’re just nowhere,” she says. “The greater amount of coordination on the federal side is positive for states.”
Through many of its provisions, the E-Government Act gets the federal government out of the starting blocks, but managers and CIOs are going to be running 10-minute miles for a pretty long time. After all, one can’t expect a single piece of legislation to quickly transform Washington’s lumbering bureaucracy into a lean online machine.
There is no federal CIO.
It’s been seven years since passage of the Clinger-Cohen Act, which required federal agencies to appoint CIOs. That act was a giant step in getting agencies to acknowledge the importance of IT to their mission. But, in the minds of many, a large hole exists at the apex of the federal government’s IT management structure, a hole that should be filled by someone with the federal CIO title. During a congressional committee hearing on the e-government legislation, Valicenti, testifying for the National Association of Chief Information Officers, urged the committee to create the position. “We wanted to provide a powerful position so that the federal government would adhere to standards and put more of their services online,” she says. The sponsors of the bill in Congress, including Sen. Lieberman and Rep. Turner, agreed, and the initial legislation called for the creation of a CIO position within the OMB that would require Senate confirmation.
But ultimately, the Bush administration nixed the proposal. “Any administration probably has a natural tendency to oppose the creation of additional positions that require Senate confirmation. That’s particularly true in an environment when the Senate is in control of one party [as it was at the time] and the administration in control of the other,” Turner opines. “Secondly, there is a natural turf battle any time you’re trying to elevate a position within the administration because OMB always has the belief that the director of OMB should be the one in charge of all management and budget issues, which in their mind, includes IT.” Though Forman holds many of the responsibilities of the CIO position, his profile would likely be raised if he became the government’s CIO. A person holding that title statutorially might have an easier time consolidating IT management powers into one position and would be in a stronger position to elevate IT to a higher level, helping to ensure that technology strategy is part and parcel of the federal government’s management strategy.
The structure of the federal government makes successful e-government difficult.
As has been noted, the government’s stovepiped structure has been institutionalized for more than two centuries. Even if cross-agency cooperation increases, the realities of the autonomous structure will make the process slow. Funding is one example. E-government requires that agencies offer services to citizens based on a functional perspective, “yet we program money on an agency perspective,” says McClure; that is, agencies develop their own budget. He says the same holds true for performance outcomes. “Congress is trying to instill a performance-based approach to government, but it’s been an agency focus, not a functional focus.”
Governance is another whole ball of e-wax. “E-government sort of blows up traditional organizational structures, processes and authority, and erases organizational lines pretty fast,” McClure notes. “Trying to agree on governance models on authority, control and responsibility will have to be worked out.”
“Bureaucrats guard their autonomy very carefully,” says Darrell West, director of the Taubman Center for Public Policy at Brown University in Providence, R.I., “and e-government forces them to work together in ways they haven’t in the past.”
Agencies have a lot of work to do when it comes to security.
The good news is that agencies are prioritizing information security more than ever, and the E-Government Act will reinforce that momentum. The less-than-good news is that some agencies are beginning their ascent to the security summit somewhere around sea level or worse. The latest Horn computer security report cards of federal agencies, announced by Rep. Stephen Horn (R-Calif.) last November, gave F’s to 14 of 24 agencies. (The Social Security Administration earned the highest grade, a B-.) “I think the federal government still has a ways to go to get its house in order,” says ITAA’s Kellogg.
The challenge is even more acute for government agencies because citizens set a higher security bar for government than they do for the private sector, according to McClure. “If a government entity was hacked and credit card numbers [were stolen], public trust in government would suffer tremendously,” he says. And, just as in the private sector, hacking government systems is a relatively common occurrence. “It’s been a serious problem,” says McClure, who previously worked as director of IT management issues at the General Accounting Office.
Privacy concerns remain a lightning-rod issue.
E-government, by its very definition, means more data is collected and shared among agencies, and that raises the level of concern among privacy advocates. The Privacy Act of 1974, which put procedural safeguards in place to protect citizens’ data, has held up surprisingly well for its age, but there are exceptions to that act that have increased over time. A major one is the “routine use” exception, which allows agencies to share information on individuals for the routine business of government. (For example, the Department of Education can share student loan information with the Treasury Department.) The danger is that routine use could increase as e-government expands, resulting in more personal information in the hands of agencies without the knowledge of individuals. “[The exception] is overused today already,” says Ari Schwartz, associate director of the Center for Democracy and Technology in Washington, D.C. “In the e-gov world, the concern becomes more acute because the whole purpose is for agencies to share information when needed.”
Schwartz goes on to say that privacy protections have been weakened in the Bush administration, noting the failed Operation Tips (which encouraged citizens to report suspicious activity), new domestic surveillance rules passed last year that allow the FBI more liberty to gather information, and 2001’s USA Patriot Act (which also allows the government more powers of surveillance). “Law enforcement should be able to do its job and share information in a reasonable way as long as its not invading privacy. But there needs to be oversight. [The country has] a history of the misuse of information,” he says.
Of course, many of those developments have been a direct result of the events of 9/11. The tricky part for Americans is balancing the need for better information to prevent future terrorist attacks against the danger of losing their civil liberties.
Citizens still lack access to government information.
Does the act turn the country into an e-democracy overnight? Absolutely not. The digital divide isn’t going away. There’s no public catalog of all the government information that exists online. Agencies aren’t required to post online who they do business with. “Why is it the public can’t come through Firstgov.gov and obtain information about who’s doing business with government?” says Gary Bass, executive director of OMB Watch in Washington, D.C., a government accountability watchdog group. “I should be able to know if General Electric is doing business with the government and at the same time see if GE is violating any regulatory or legal requirements imposed upon it,” Switching gears from businesses to citizens, he adds, “I should be able to see how safe my drinking water is and [find] data that tells me the quality of the water. That’s the information the public is interested in.”
By virtue of the E-Government Act, the Bush administration and Congress have admirably put the pedal to the metal in their quest to make government operate more efficiently and cost-effectively, and to make government services more accessible and responsive to citizens. The act’s bipartisan support in both houses of Congress clearly demonstrates that our elected officials recognize the importance of using IT to improve government. But transforming government won’t happen overnight; it will be a long and slow process, akin to watching a sapling grow to maturity. The E-Government Act injects the necessary fertilizer, but its roots will need plenty of time to take hold.