B-299131.1; B-299131.2, Operational Research Consultants, Inc., February 16, 2007
Case: B-299131.1
Agency:
Date: 2007-02-16
Denied
B-299131.1; B-299131.2, Operational Research Consultants, Inc., February 16, 2007
TITLE: B-299131.1; B-299131.2, Operational Research Consultants, Inc., February 16, 2007
BNUMBER: B-299131.1; B-299131.2
DATE: February 16, 2007
*********************************************************************************
B-299131.1; B-299131.2, Operational Research Consultants, Inc., February 16, 2007
DOCUMENT FOR PUBLIC RELEASE
The decision issued on the date below was subject to a GAO Protective
Order. This redacted version has been approved for public release.
Decision
Matter of: Operational Research Consultants, Inc.
File: B-299131.1; B-299131.2
Date: February 16, 2007
John S. Pachter, Esq., Jonathan D. Shaffer, Esq., Mary Pat Gregory, Esq.,
and Stephanie D. Capps, Esq., Smith Pachter McWhorter, PLC, for the
protester.
Daniel S. Koch, Esq., and Hillary E. Clark, Esq., Paley Rothman Goldstein
Rosenberg Eig & Cooper, for Enspier Technologies, Inc., an intervenor.
John E. Cornell, Esq., General Services Administration, for the agency.
Jonathan L. Kang, Esq., and Glenn G. Wolcott, Esq., Office of the General
Counsel, GAO, participated in the preparation of the decision.
DIGEST
1. Protest that award was tainted by organizational conflicts of interest
is denied where the record does not support allegations that the awardee
participated in the drafting of the statement of work or had access to
non-public information that would have provided a competitive advantage.
2. Protest challenging agency's evaluation of vendor's technical and price
quotations is denied where the record supports the reasonableness of the
agency's evaluations, and does not support the protester's allegations
regarding inadequate discussions.
DECISION
Operational Research Consultants, Inc. (ORC) protests the award of a task
order to Enspier Technologies, Inc. under request for quotations (RFQ) No.
TQ-PLB-06-0001, issued by the General Services Administration (GSA) for
operations and maintenance services for the Federal Public Key
Infrastructure Architecture (FPKIA). The protester argues that the award
to Enspier was tainted by organizational conflicts of interest (OCIs), and
challenges the agency's evaluation of vendors' price and technical
quotations, the adequacy of discussions, and the reasonableness of the
agency's source selection decision.
We deny the protest.
BACKGROUND
Generally, a public key infrastructure (PKI) is a system that allows
parties to exchange information electronically and verify the identity of
the sender and recipient and determine whether the contents of the
information have been altered. A PKI relies on cryptography methods to
establish a framework whereby parties use codes called "keys"; each party
keeps a secret "private key" and publishes a "public key" that any other
party can access. A sender uses the intended recipient's public key to
encrypt the message, and the sender's own private key to encrypt his
signature. The recipient uses his private key to de-encrypt the message
that was encrypted with his own public key and can verify that it was not
altered; the recipient can also use the public key of the sender to verify
the identity of that sender.
The E-Government Act of 2002 requires GSA to establish a "framework to
allow efficient interoperability among Executive agencies when using
electronic signatures, including processing digital signatures." Pub. L.
107-347 sect. 203. Use of digital signatures authenticated through a PKI
framework allows government agencies to have confidence in electronic
messages by verifying the identity of the sender and the integrity of the
message. GSA established the E-Authentication Initiative to implement the
E-Government Act and provide a structure for differing levels of security
for digital signatures. The E-Authentication Initiative contains four
levels of "assurance" regarding the ability to validate the identity of
the individual presenting a digital signature. The two lower levels of
assurance allow individuals to validate their identity through
"credentials" such as passwords or personal identification numbers,
whereas the two higher levels of assurance require more sophisticated
PKI-based credentials.
The FPKIA governs the requirements for the two higher-level PKI
assurances, and administers the systems used to validate messages and
digital signatures using PKI credentials.
Full decision text continues on ProtestIntel...