Some members of industry say the Government Publishing Office is pushing them out of fair and open competition in the federal secure credentials space.
The argument stems from a disagreement over how the agency, some members of Congress and the private sector interpret Title 44 of the U.S. Code, which classifies the production of secure credentials as “printing.” Because secure cards are considered a core GPO function, the agency does not abide by the Federal Acquisition Rule (FAR) when it produces credentials for agencies.
“It appears GPO is increasingly shifting toward in-house production of credentials,” House Oversight and Government Reform Committee Chairman Jason Chaffetz (R-Utah), said during a hearing Wednesday. “Now if they offer the best price, more power to them. But without that competition, I’m worried that over the course of time that security, that innovation will suffer.”
Some private companies in the credentials space “feel threatened” by GPO’s decision to manufacture secure federal cards, said Kathleen Carroll, vice president of corporate affairs at HID Global.
“GPO also aggressively markets its manufacturing services to Executive Branch agencies, with the claim that it is the sole legal source of these ID cards,” she told the committee.
But Davita Vance-Cooks, director of GPO, said that isn’t the case. The concerns over a lack of competition aren’t an issue, because agencies are not required to use GPO for those projects, and the agency doesn’t promote itself as the sole producer of federal secure credentials cards, she said.
“We are a choice, and the agencies are not required to use us,” Vance-Cooks told the committee.
GPO has about 27 employees who work on the GPO’s secure credential operation, Vance-Cooks said. In fiscal 2014, the agency’s credential program revenues reached $30 million, which represents 1 percent of the overall industry’s revenues.
“This should be a textbook opportunity for government to better collaborate with industry,” said Rep. Gerry Connolly (D-Va.), the ranking member of the committee.
In Vance-Cook’s mind, GPO is already collaborating. The agency outsources design, consulting, supplies, materials and research and development for secure credential cards to the private sector, she said. In many situations, GPO has used the very companies who are arguing against the agency’s role in the field, as prime and sub-contractors on its own credentials projects.
Since the Joint Committee on Printing gave GPO permission in 2007 to produce secure credentials, the agency hasn’t lost a client, Vance-Cooks said. It’s produced more than 9 million secure credentials cards since the program started.
But it isn’t perfect. Since 2012, GPO’s Office of Inspector General made 34 recommendations on secure credentials program management, 12 of which are still open, Inspector General Michael Raponi told the committee.
“My biggest concern when I started looking at all of this is a couple things in the acquisition process,” Raponi said. “The acquisition process is flawed right now, and I know GPO is working diligently to correct the actions.”
He’s also concerned the agency could improve the technology associated with many of GPO’s secure credentials projects.
“There is no inter-coordination within the GPO in terms of leveraging the expertise from the CIO shop,” Raponi said. “I spoke with the CIO yesterday, and he’s working on a more collaborative, more involvement in the IT and security aspect of secure credentials.”
Potential reform coming
Chaffetz asked that GPO consider the concerns that he and some members of industry have over the way Title 44 is interpreted.
“We do anticipate potentially rewriting that statute,” he said.
Jim Albers, senior vice president of government operations of MorphoTrust USA, encouraged Congress reform Title 44.
“Doing so will clarify the authority of agencies to procure the production of secure credentials directly from the private sector,” he said. “Only in this way, will the government secure and ensure the quality assurance, technological innovation and cost efficiencies with robust, private sector competition.”
MorphoTrust was the contractor who produced the Border Crossing Card for the State Department until 2012, when it heard indirectly that GPO would soon begin to produce the card instead.
“There was no public notice, no RFI, no RFA, no opportunity for other suppliers to compete for this business,” Albers said.
Vance-Cooks reiterated her agency does not hold sole control over the market.
“If the State Department really believed that they had to give all the secure credential work to the GPO, it would be doing it,” she said.