AGENCY:

General Services Administration (GSA).

ACTION:

Notice of request for comments regarding an extension to an existing OMB clearance.

SUMMARY:

Under the provisions of the Paperwork Reduction Act of 1995 (44 U.S.C. Chapter 35), the General Services Administration (GSA) will be submitting to the Office of Management and Budget (OMB) a request to review and approve an extension of a currently approved information collection requirement concerning Access Certificates for Electronic Services (ACES).

The ACES Program is designed to facilitate and promote secure electronic communications between online automated information technology application systems authorized by law to participate in the ACES Program and users who elect to participate in the program, through the implementation and operation of digital signature certificate technologies. Individual digital signature certificates are issued at no cost to individuals based upon their presentation of verifiable proof of identity in an authorized ACES Registration Authority. Business Representative digital signature certificates are issued to individuals based upon their presentation of verifiable proof of identity and verifiable proof of authority from the claimed entity to an authorized ACES Registration Authority. If authorized by law, a fee may be charged for issuance of a Business Representative certificate.

Public comments are particularly invited on: Whether this collection is necessary for the proper performance of the functions of GSA, and whether it will have practical utility; whether our estimate of the public burden of this collection of information is accurate, and based on valid assumptions and methodology; ways to enhance the quality, utility, and clarity of the information to be collected; and ways in which we can minimize the burden of the collection of information on those who are to respond, through the use of appropriate technological collection techniques or other forms of information technology.

DATES:

Comment Due Date: May 23, 2003.

ADDRESSES:

Submit comments regarding this information collection to Stephanie Morris, General Services Administration, Regulatory & Federal Assistance Publications Division, 1800 F Street, NW., Room 4035, Washington, DC 20405 or fax to (202) 501-4067. Please cite OMB Control Number 3090-0270.

FOR FURTHER INFORMATION CONTACT:

Stephen Duncan, Federal Technology Service, GSA (202) 708-7626 or by e-mail at stephen.duncan@gsa.gov.

SUPPLEMENTARY INFORMATION:

A. Background

One of the primary goals of the emerging Government Services Information Infrastructure (GSII) is to facilitate public access to government information and services through the use of information technologies. One of the specific goals of the GSII is to provide the public with a choice of using Internet-based, online access to the automated information technology application systems operated by government agencies; such access will make it easier and less costly for the public to complete transactions with the government. By law, access to some of these automated information technology application systems can be granted only after the agency operating the system is provided with reliable information that the individual requesting such access is who he/she claims to be, and that he/she is authorized such access. The arms-length transactions envisioned by the GSII require implementation of methods for:

1. Reliably establishing and verifying the identity of the individuals desiring to participate in the ACES Program, based primarily upon electronic communications between the applicant and authorized ACES Registration Authority.

2. Issuing to the individuals who have been successfully identified a means that they can use to uniquely identify themselves to the automated information technology application systems participating in the ACES Program.

3. Electronically and securely passing that identity to the automated information technology application system to which the individual is requesting access.

4. Electronically and securely authenticating that identity, through a trusted third party, each time it is presented to an automated information technology application system participating in the ACES Program.

5. Ensuring that the identified individual requesting access to an automated information technology application system has been duly authorized, by the management of that automated information technology application system, to access that system and perform the transactions desired.

6. Ensuring that the information being exchanged between the individual and the automated information technology application system has not been corrupted during transmission.

7. Reducing the ability of the parties to such transactions to repudiate the actions taken.

The current state-of-the-art suggests that digital signature certificate technologies (often referred to as part of “Public Key Infrastructure, or PKI”) provide a reliable and cost efficient means for meeting many of these GSII requirements. Thus, the ACES Program should be understood to represent an effort to implement and continue a PKI through which members of the public who desire to do so can securely communicate electronically with the online automated information technology application systems participating in the ACES Program.

The initial step for any member of the public to take in order to participate in the ACES Program is to submit an application for an ACES certificate to an authorized ACES Registration Authority. In conjunction with application process, the applicant will be required to submit at least:

a. His/her full name.

b. His/her place of birth.

c. His/her date of birth.

d. His/her current address and telephone number.

e. At least three (3) of the following:

i. Current valid state issued driver license number or number of state issued identification card.

ii. Current valid passport number.

iii. Current valid credit card number.

iv. Alien registration number (if applicable).

v. Social Security Number.

vi. Current employer name, address, and telephone number. Start Printed Page 14239

f. If the registration is for a business representative certificate, evidence of authorization to represent that business entity.

The information provided during the process of applying for an ACES certificate constitutes the continued information collection activity that is the subject of this Paperwork Reduction Act Notice and request for comments.

B. Description

A detailed description of the current ACES Program is available on the World Wide Web at http://www.gsa.gov/​aces,, or through the FOR FURTHER INFORMATION CONTACT listed above.

Please note that all ACES identity information collected from the public is covered by the Privacy Act, the Computer Security Act, and related privacy and security regulations, regardless of whether it is provided directly to an agency of the Federal Government or to an authorized ACES Registration Authority providing ACES-related services under a contract with GSA. Compliance with all of the attending requirements is enforced through binding contracts, periodic monitoring by GSA, annual audits by independent auditing firms, and annual re-accreditation by GSA. Only fully accredited Registration Authorities will be permitted to accept and maintain identity information provided by the public.

The identity information collected will be used only to establish and verify the identity and eligibility of applicants for ACES certificates; no other use of the information is permitted.

Participation in the ACES Program is strictly voluntary, but participation will only be permitted upon presentation of identity information by the applicant, and verification of that information by an authorized ACES Registration Authority.

ACES is designed to permit on-line, arms-length registration through the Internet, which significantly reduces the public's reporting burden. Based upon preliminary tests run on similar systems for gathering identity-related information from the public (e.g., U.S. Passports, initial issuance of state-issued driver's license, etc.), the individual reporting burden for providing identity information for the initial ACES certificate is estimated at an average of 15 minutes, including gathering the information together and entering the data into the electronic forms provided by the authorized ACES Registration Authorities.

No reliable information is yet available to support any estimate relating to the number of individuals who will seek to register to participate in the ACES Program. Thus, no estimate of the overall reporting burden is being provided at this time.

C. Purpose

The General Services Administration will be requesting the Office of Management and Budget (OMB) to review and approve information collection, 3090-0270, concerning ACES. GSA is responsible for assisting Federal agencies with the implementation and use of digital signature technologies to enhance electronic access to government information and services by all eligible persons. In order to ensure that the ACES program certificates are issued to the proper individuals, GSA will continue to collect identity information from persons who elect to participate in ACES.

D. Annual Reporting Burden

Respondents: 1,000,000.

Annual Responses: 1.

Average Hours Per Response: 0.25.

Burden Hours: 250,000.

Obtaining Copies of Proposal: Requesters may obtain a copy of the information collection documents from the General Services Administration, Regulatory and Federal Assistance Publications Division(MVA), 1800 F Street, NW., room 4035, Washington, DC 20405, telephone (202) 208-7312. Please cite OMB Control No. 3090-0270, Access Certificates for Electronic Services (ACES).