GovernmentExecutive.com

Erstwhile Government Executive columnist, professor and all-around gadfly Paul Light has a new book out on the state of the federal establishment. His take? Things are not going well. At all. In this regard, you can judge the book by its title: A Government Ill Executed.

Here's what Light wrote in a piece in The Politico this week:

The problem is that the federal government is perilously close to the breaking point. Unless the next president takes the lead in fixing government, he or she will preside over a string of meltdowns that will make the federal response to Hurricane Katrina look like a minor mistake.

Light's litany of problems the government faces includes:

• Agencies have missions that extend well beyond their resources.


• The federal establishment is "governed by a chain of command that defies logic."


• Political appointees are "selected through a process that guarantees delays, vacancies and embarrassment."


• Many federal employees are "motivated more by pay and compensation than the chance to make a difference."


• The growth in the government contractor establishment has diffused accountability for results.

Fifteen years ago, cartoonist Peter Steiner drew two dogs sitting in front of a computer, one saying to the other, "On the Internet, nobody knows you're a dog." This iconic adage, cute in its day, is now a warning.

Criminal, terrorist and nation-state cyber attacks against banks, technology companies, online merchants, individuals and government agencies cost the U.S. economy $400 billion annually, focused most often on stealing business and military secrets, and personal data.

In cyberspace, not knowing for sure what person or device is on the other end of the line has serious downsides. It erodes overall trust, limits users' ability to secure their own systems, hinders effective governmental response, and causes organizations to collect more personal data than they really need.

Yet there is important value in anonymity in cyberspace. People need to be able to visit, say, a government health information site without sharing detailed personal information. And, as Justice Stevens wrote in a majority opinion in 1995, "Protections for anonymous speech are vital to democratic discourse."

A zero-sum game between security and privacy is both undesirable and unnecessary.

We can find a balanced way to enhance security without throwing away our privacy rights. Not every transaction demands the same amount of identifying information. Organizations should tailor the amount of identifying information they collect, keeping it to the minimum needed for a specific situation. At the same time, those information collectors should keep an auditable record of what information has changed hands.

As Scott Charney, Microsoft's head of trustworthy computing, suggests in a seminal paper on end-to-end trust, "It may be possible to know something about someone without knowing who they are." We can build systems that verify, for instance, that someone is a minor--and allow them to play in certain online worlds--without requiring they reveal additional personal data. That limit could help protect kids from cyberspace predators.

Government is already deeply involved in securing cyberspace. It must work closely with industry to make authenticated cyber identity a reality.

President Bush's recent classified directive on cyber security is said to create a comprehensive approach to the problem. A first test of the program will be measuring how much it enhances both freedom and security.

(A longer version of this post appeared in Forbes.com.)