AGENCY:

Privacy Office, Department of Homeland Security.

ACTION:

Notice of Privacy Act System of Records.

SUMMARY:

In accordance with the Privacy Act of 1974, the Department of Homeland Security proposes to establish a new system of records titled, Department of Homeland Security/ALL-037 E-Authentication Records System of Records. This system of records allows the Department of Homeland Security to collect, maintain, and retrieve records about individuals, including members of the public, who electronically authenticate their identities. The information in this system of records includes data collected by programs and applications for use when the Department of Homeland Security or a Start Printed Page 46858trusted third-party performs some or all of the functions required to enroll, issue, and maintain a credential on DHS's behalf that can be used by an individual to electronically authenticate his or her identity to DHS systems.

These programs and applications include: The Department of Homeland Security's Homeland Security Information Network, which is a trusted network for homeland security mission operations to share sensitive but unclassified information used by federal, state, local, tribal, territorial, international, and private sector homeland security partners to manage operations, analyze data, and send alerts and notices; the U.S. Citizenship and Immigration Services E-Verify Self Check, which is a free service that allows individuals to learn about their work authorization status information; and the U.S. Citizenship and Immigration Services myE-Verify, which is a free service that allows individuals to create an account and access additional features beyond Self Check concerning the use of their personally identifiable information in E-Verify and Self Check such as the ability to lock a Social Security number to prevent its use in E-Verify and Self Check. Additional Department programs or applications may also use third-party authentication.

In addition, the Department of Homeland Security also proposes to consolidate the E-Verify Self Check System of Records (DHS/USCIS-013), last published in the Federal Register on February 16, 2011 (76 FR 9604), into this newly established E-Authentication Records System of Records. As a result of this consolidation, by this notice, DHS intends to remove DHS/USCIS-013 from its inventory of systems of records. The newly established system will be included in the Department of Homeland Security's inventory of record systems.

DATES:

Written comments must be submitted on or before September 10, 2014.

ADDRESSES:

You may submit comments, identified by Docket Number DHS-2014-0039 by one of the following methods:

• Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
• Fax: (202) 343-4010.
• Mail: Karen L. Neuman, Chief Privacy Officer, Privacy Office, U.S. Department of Homeland Security, 245 Murray Drive SW., Building 410, STOP-0655, Washington, DC 20528.

Instructions: All submissions received must include the agency name and docket number for this rulemaking. All comments received will be posted without change to http://www.regulations.gov,, including any personal information provided.

Docket: For access to the docket to read background documents or comments received go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT:

For general and privacy related questions please contact: Karen L. Neuman (202-343-1717), Chief Privacy Officer, Privacy Office, U.S. Department of Homeland Security, 245 Murray Drive SW., Building 410, STOP-0655, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

I. Background

In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Department of Homeland Security (DHS) proposes to establish a new DHS system of records titled, “DHS/ALL-037 E-Authentication Records System of Records.” The collection and maintenance of information within this system of records assists DHS in enrolling, issuing, and maintaining credentials (e.g., online accounts) for individuals seeking electronic access to DHS programs, services, and applications, including when DHS uses a trusted third-party identity service provider for these activities. DHS may perform some or all credential management functions (e.g., identity proofing, manage authentication tokens, authenticate users) on its own, choose a single third-party to perform all functions, or use multiple providers for each discrete function. This system of records notice is agnostic as to how DHS applications or systems using electronic authentication wish to engage with third-parties.

DHS has many public-facing programs that provide online access to its services at various levels of assurance, as described in the Office of Management and Budget (OMB) E-Authentication Guidance for Federal Agencies (M-04-04). OMB defines four levels of assurance (LOA), Levels 1 to 4, in terms of the consequences resultant from authentication errors or misuse of credentials. Level 1 is the lowest assurance level, and Level 4 is the highest. For example, an authentication error may occur if an individual gains access to sensitive information he or she is not entitled to access. Depending on the context and the sensitivity of the information accessed, the consequences of such an authentication error could pose significant harm to other individuals and/or to the affected agency. As the consequences of an authentication error become more serious, the required LOA increases.

In order to facilitate access, information must be collected to authenticate an individual's identity at the requisite level of assurance for the purpose of obtaining a credential or electronically authorizing access to a DHS program or application. These programs and applications include: DHS's Homeland Security Information Network (HSIN), which is a trusted network for homeland security mission operations to share sensitive but unclassified information used by federal, state, local, tribal, territorial, international, and private sector homeland security partners to manage operations, analyze data, and send alerts and notices; the U.S. Citizenship and Immigration Services (USCIS) E-Verify Self Check, which is a free service that allows individuals to learn about their work authorization status information; and USCIS myE-Verify, which is a free service that allows individuals to create an account and exercise limited control about the use of their information in E-Verify Self Check. HSIN, E-Verify Self Check, and myE-Verify use trusted third-party identity service providers to perform credential management functions.

Identity proofing is the process by which an identity service provider collects and verifies information (e.g., name, date of birth, Social Security number (SSN), address of residence) about a person for the purpose of issuing credentials to that person. Third-party identity service providers use a variety of verification techniques, including knowledge-based authentication, to generate a quiz containing questions that only the individual should be able to answer. When using the knowledge-based authentication process the third-party identity provider generates a quiz based on commercial identity verification information collected by the third-parties from financial institutions, public records, and other service providers. The information accessed by the third-parties includes information such as the individual's commercial transaction history, mortgage payments, addresses, or past addresses. DHS does not have access to the commercial identity verification information, the quiz questions asked of the individual, or the responses provided thereto; therefore this commercial information is not included in this system of records. Rather, DHS receives assertions (e.g., pass/fail) and assertion references (e.g., transaction ID, date/time of the transaction, and error codes) from the Start Printed Page 46859identity service provider to facilitate troubleshooting and system management. DHS maintains attributes (e.g., clearances, location, biometrics, and group memberships) collected for identity proofing only when necessary for the DHS program to manage the credential.

DHS may request verified attributes about an individual from the third-party depending on the program or application's requirements. For any attribute DHS requests from the third-party, DHS will ask the user if he or she wishes to share the requested information with DHS prior to gaining access to the DHS online system or application. The user can select to opt-in, meaning he or she will allow DHS access to his or her attribute information from the third-party in order for him or her to gain access to the DHS system. If the third-party cannot generate a quiz, or if the individual cannot answer the questions provided, the individual may not be able to access program or application.

DHS may share attribute information with trusted third-party identity service providers under contract with DHS or certified by the Federal Identity Management Credential and Access Management (FICAM) initiative for the purpose of authenticating an individual seeking a credential with DHS. More information about FICAM is available at www.idmanagment.gov. Attributes provided to the relying party are limited to: (1) Making authorization decisions; (2) dynamically provisioning accounts; and (3) performing audit logging. The transaction may be included in the individual's credit record as a “soft inquiry” that does not impact the individual's credit score when the identity service provider is a credit bureau or uses a credit bureau to conduct identity proofing. The “soft inquiry” is not viewable by third parties. DHS may also share attribute information with “relying parties” approved by the National Information Exchange Federation (NIEF) Trust Framework Provider who provide federated access to systems. More information about NIEF is available at https://nief.gfipm.net/​.

In accordance with the Privacy Act of 1974, DHS is giving notice that it proposes to issue a new DHS system of records notice titled, DHS/ALL-037 E-Authentication Records System of Records. In addition DHS proposes to consolidate the E-Verify Self Check System of Records (DHS/USCIS-013) into this newly-established system of records. As a result of this consolidation, by this notice, DHS intends to remove DHS/USCIS-013 from its inventory of systems of records. This newly established system will be included in DHS's inventory of record systems.

II. Privacy Act

The Privacy Act embodies fair information principles in a statutory framework governing the means by which the federal government agencies collect, maintain, use, and disseminate individuals' records. The Privacy Act applies to information that is maintained in a “system of records.” A “system of records” is a group of any records under the control of an agency from which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to the individual. In the Privacy Act, an individual is defined to encompass United States citizens and lawful permanent residents. As a matter of policy, DHS extends administrative Privacy Act protections to all individuals when systems of records maintain information on U.S. citizens, lawful permanent residents, and visitors. Individuals may request access to their own records that are maintained in a system of records in the possession or under the control of DHS by complying with DHS Privacy Act regulations, 6 CFR part 5.

The Privacy Act requires each agency to publish in the Federal Register a description denoting the type and character of each system of records that the agency maintains, and the routine uses that are contained in each system in order to make agency record keeping practices transparent, to notify individuals regarding the uses to which their records are put, and to assist individuals to more easily find such files within the agency. Below is the description of DHS/ALL-037 E-Authentication Records System of Records.

In accordance with 5 U.S.C. 552a(r), DHS has provided a report of this system of records to the Office of Management and Budget and to Congress.

System of Records:

Department of Homeland Security (DHS)/ALL-037.

System name:

DHS/ALL-037 E-Authentication Records System of Records.

Security classification:

Sensitive but unclassified.

System location:

Records are maintained at several Headquarters locations and in component offices of DHS, in both Washington, DC, and field locations or by a third-party identity service provider. Records related to identity proofing required for levels of assurance (LOA) 2 and above are also maintained by the third-party identity service provider in accordance with retention requirements identified in the National Institute of Standards and Technology (NIST) Special Publication 800-63 Electronic Authentication Guideline for the applicable LOA.

Categories of individuals covered by the system:

Categories of individuals in this system of records include members of the public, external stakeholders, and federal employees or contractors seeking electronic access to DHS programs and applications. This includes anyone attempting to authenticate his or her identity for the purpose of obtaining a credential to access a DHS program or application electronically, including when the program or application uses a third-party identity service provider to perform some or all credential management functions (e.g., prove identity, manage authentication tokens, authenticate users).

Categories of records in the system:

• Attributes DHS or a third-party identity service provider collects necessary to perform identity proofing at the required level of assurance. Attributes are only retained in this system of records if it is necessary for the program to manage the credential. Examples of attributes collected for identity proofing information include:

○ Name (last, first, middle, and maiden);

○ Date of birth;

○ Place of birth;

○ Financial or utility account number;

○ Address of residence;

○ Social Security number (SSN)—full or partial (may be optional depending on the application);

○ Telephone number—(may be optional depending on the application); and

○ Country of Citizenship.

• Assertions and assertion references from a third-party identity service provider such as:

○ Transaction ID;

○ Pass/fail indicator;

○ Date/time of the transaction;

○ Codes associated with the transaction;

• Information DHS or third-parties collect necessary to register, issue, and maintain the credential (e.g., to administer multi-factor authentication) Start Printed Page 46860including verified attributes the identity service provider maintains or passes to DHS after a user successfully passes identity proofing such as:

○ Name;

○ Email addresses;

○ User ID;

○ Passwords;

○ Phone numbers (primary, alternate, mobile, home, work, landline);

○ Two-factor authentication preference (SMS text message, email, phone number for interactive voice response);

○ Self-generated security questions and answers;

○ Level of access;

• Credential registration information DHS collects manually that is necessary to perform manual identity verification in cases in which an individual cannot electronically prove his or her identity. Note that some identity proofing information (e.g., copies of government-issued photo identification) is retained in this system of records only if it is necessary for DHS to manage the credential.
• Other program-specific attribute information DHS or the identity service provider collects directly on behalf of DHS may include:

○ Citizenship;

○ Accepted Terms of Service (Y/N);

○ Employment information such as job title, job role, organization;

○ Business and affiliations;

○ Faculty positions held;

○ Home addresses;

○ Business addresses;

○ Justification/nomination for access to DHS computers, networks, or systems;

○ Supervisor/nominator's name, job title, organization, phone numbers, email address;

○ Verification of training requirements or other prerequisite requirements for access to DHS computers, networks, or systems;

○ Government-issued identity document type and expiration date;

• Records on access to DHS computers, networks, online programs, and applications including user ID and passwords;

○ Registration numbers or IDs associated with DHS Information Technology (IT) resources;

○ Date and time of access;

○ Logs of activity interacting with DHS IT resources;

○ Internet Protocol (IP) address of access;

○ Logs of internet activity; and

○ Records on the authentication of the access request, names, phone numbers of other contacts, and positions or business/organizational affiliations and titles of individuals who can verify that the individual seeking access has a need to access the system, as well as other contact information provided to the Department or that is derived from other sources to facilitate authorized access to DHS IT resources.

Authority for maintenance of the system:

44 U.S.C. 3101; EO 9397 (SSN), as amended by EO 13487; 44 U.S.C. 3534; Illegal Immigration Reform and Immigrant Responsibility Act of 1996 (IIRIRA), Public Law (Pub. L.) 104-208, September 30, 1996, Note Section 404. Additional programmatic authorities may apply to maintenance of the credential.

Purpose(s):

This system collects information in order to authenticate an individual's identity for the purpose of obtaining a credential to electronically access a DHS program or application. This system includes DHS programs or applications that use a third-party identity service provider to provide any of the following credential services: Registration, including identity proofing, issuance, authentication, authorization, and maintenance. This system collects information that allows DHS to track the use of programs and applications for system maintenance and troubleshooting. The system also enables DHS to allow an individual to reuse a credential received when applicable and available.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

In addition to those disclosures generally permitted under 5 U.S.C. § 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DHS as a routine use pursuant to 5 U.S.C. § 552a(b)(3), as follows:

A. To the Department of Justice (DOJ), including Offices of the U.S. Attorneys, or other federal agency conducting litigation or in proceedings before any court, adjudicative, or administrative body, when it is relevant or necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation:

1. DHS or any component thereof;

2. Any employee or former employee of DHS in his/her official capacity;

3. Any employee or former employee of DHS in his/her individual capacity when DOJ or DHS has agreed to represent the employee; or

4. The U.S. or any agency thereof.

B. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains.

C. To the National Archives and Records Administration (NARA) or General Services Administration pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.

D. To an agency or organization for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.

E. To appropriate agencies, entities, and persons when:

1. DHS suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised;

2. DHS has determined that as a result of the suspected or confirmed compromise, there is a risk of identity theft or fraud, harm to economic or property interests, harm to an individual, or harm to the security or integrity of this system or other systems or programs (whether maintained by DHS or another agency or entity) that rely upon the compromised information; and

3. The disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DHS's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

F. To contractors and their agents, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for DHS, when necessary to accomplish an agency function related to this system of records. Individuals provided information under this routine use, are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to DHS officers and employees.

G. To an appropriate federal, state, tribal, local, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, when a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations and such disclosure is proper and consistent with the official duties of the person making the disclosure.

H. To sponsors, employers, contractors, facility operators, grantees, experts, and consultants in connection Start Printed Page 46861with establishing, maintaining, or managing an access account for an individual or maintaining appropriate points of contact.

I. To relying parties approved by the National Information Exchange Federation (NIEF) Trust Framework Provider for the purpose of providing federated access to systems when the user has been provided with appropriate notice and the opportunity to consent. Attributes provided to the relying party are limited to: (1) making authorization decisions; (2) dynamically provisioning accounts; and (3) performing audit logging.

J. To international, federal, state and local, tribal, private and/or corporate entities for the purpose of the regular exchange of business contact information in order to facilitate collaboration for official business.

K. To a trusted third-party identity service provider under contract with DHS or certified by the Federal Identity Management Credential and Access Management initiative for the purpose of authenticating an individual seeking a credential with DHS. The information may be included in the individual's credit record as a “soft inquiry” that does not impact the individual's credit score when the identity service provider is a credit bureau or uses a credit bureau to conduct identity proofing. The “soft inquiry” is not viewable by third parties.

L. To the news media and the public, with the approval of the Chief Privacy Officer in consultation with counsel, when there exists a legitimate public interest in the disclosure of the information, when disclosure is necessary to preserve confidence in the integrity of DHS, or when disclosure is necessary to demonstrate the accountability of DHS's officers, employees, or individuals covered by the system, except to the extent the Chief Privacy Officer determines that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.

Disclosure to consumer reporting agencies:

None.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

Records in this system are on paper or in digital or other electronic form. Digital and other electronic images are stored on a storage area network in a secured environment. Records, whether paper or electronic, are stored at the DHS Headquarters, at the component level, or at the third-party identity service provider's physical or cloud location.

Retrievability:

Information is retrieved, sorted, or searched by an identification number assigned by computer, by SSN (if maintained by the program), by facility, by business affiliation, by email address, or by the name of the individual, or other data fields previously identified in this SORN. Note that when DHS uses a third-party identity service provider for identity proofing, data elements collected by the third party on DHS's behalf are not retained by DHS unless specifically required by the program or application.

Safeguards:

Information in this system is safeguarded in accordance with applicable laws, rules and policies, including the DHS IT Security Program Handbook and DHS Information Security Program Policy and Handbook. DHS uses trusted identity service providers including those certified through the Trust Framework Adoption Process by Federal Identity Credential and Access Management (FICAM). The DHS/ALL-037 E-Authentication Records system of records security protocols also meet multiple NIST Security Standards from Authentication to Certification and Accreditation.

Records in the DHS/ALL-037 E-Authentication Records system of records will be maintained in a secure, password-protected, electronic system that uses security hardware and software including: Multiple firewalls, active intruder detection, and role-based access controls. Additional safeguards vary by component and program. All records are protected from unauthorized access through appropriate administrative, physical, and technical safeguards. These safeguards include restricting access to authorized personnel who have a “need to know,” using locks and password protection identification features. Classified information is appropriately stored in accordance with applicable requirements. DHS file areas are locked after normal duty hours and the facilities are protected from the outside by security personnel.

Retention and disposal:

Records are securely retained and disposed of in accordance with the NARA's General Records Schedule (GRS) 24, section 6, “User Identification, Profiles, Authorizations, and Password Files.” Inactive records are destroyed or deleted six years after the user account is terminated or password is altered, or when no longer needed for investigative or security purposes, whichever is later.

In addition, in accordance with NIST SP-800-63-2, a record of the registration, history, and status of each token and credential (including revocation) is maintained by the credential service provider (CSP) or its representative. The record retention period of data for Level 2 and 3 credentials is seven years and six months beyond the expiration or revocation (whichever is later). The minimum record retention period for Level 4 credential data is ten years and six months beyond the expiration or revocations of the credential.

System Manager and address:

The System Manager is the Chief Information Officer (CIO), Department of Homeland Security, Washington, DC 20528.

Notification procedure:

Individuals seeking notification of and access to any record contained in this system of records, or seeking to contest its content, may submit a request in writing to the Headquarters or component's FOIA Officer, whose contact information can be found at http://www.dhs.gov/​foia under “contacts.” If an individual believes more than one component maintains Privacy Act records concerning him or her, the individual may submit the request to the Chief Privacy Officer and Chief Freedom of Information Act Officer, Privacy Office, Department of Homeland Security, 245 Murray Drive SW., Building 410, STOP-0655, Washington, DC 20528.

When seeking records about yourself from this system of records or any other Departmental system of records, your request must conform with the Privacy Act regulations set forth in 6 CFR Part 5. You must first verify your identity, meaning that you must provide your full name, current address and date and place of birth. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. While no specific form is required, you may obtain forms for this purpose from the Chief Privacy Officer and Chief Freedom of Information Act Officer, http://www.dhs.gov or 1-866-431-0486. In addition you should:

• Explain why you believe the Department would have information on you;Start Printed Page 46862
• Identify which component(s) of the Department you believe may have the information about you;
• Specify when you believe the records would have been created; and
• Provide any other information that will help the FOIA staff determine which DHS component agency may have responsive records.

If your request is seeking records pertaining to another living individual, you must include a statement from that individual certifying his/her agreement for you to access his/her records.

Without the above information the component(s) may not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations.

Record access procedures:

See “Notification procedure” above.

Contesting record procedures:

See “Notification procedure” above.

Record source categories:

Information contained in this system is obtained from affected individuals, organizations, facilities, trusted third-party identity service providers (which may use commercial identity verification information not accessed or maintained by DHS to perform knowledge-based authentication), public source data, other government agencies, or information already in other DHS records systems.

Exemptions claimed for the system:

None.