AGENCY:

General Services Administration (GSA).

ACTION:

Notice of request for comments regarding an extension to an existing OMB clearance.

SUMMARY:

Under the provisions of the Paperwork Reduction Act of 1995 (44 U.S.C. Chapter 35), the General Services Administration (GSA) has submitted to the Office of Management and Budget (OMB) a request to review and approve an extension of a currently approved information collection requirement concerning Access Certificates for Electronic Services (ACES). A request for public comments was published at 68 FR 14238, March 24, 2003. No comments were received.

The ACES Program is designed to facilitate and promote secure electronic communications between online automated information technology application systems authorized by law to participate in the ACES Program and users who elect to participate in the program, through the implementation and operation of digital signature certificate technologies. Individual digital signature certificates are issued at no cost to individuals based upon their presentation of verifiable proof of identity in an authorized ACES Registration Authority. Business Representative digital signature certificates are issued to individuals based upon their presentation of verifiable proof of identity and verifiable proof of authority from the claimed entity to an authorized ACES Registration Authority. If authorized by law, a fee may be charged for issuance of a Business Representative certificate.

Public comments are particularly invited on: Whether this collection is necessary for the proper performance of the functions of GSA, and whether it will have practical utility; whether our estimate of the public burden of this collection of information is accurate, and based on valid assumptions and methodology; ways to enhance the quality, utility, and clarity of the information to be collected; and ways in which we can minimize the burden of the collection of information on those who are to respond, through the use of appropriate technological collection techniques or other forms of information technology.

DATES:

Comment Due Date: June 30, 2003.

ADDRESSES:

Submit comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden to Ms. Jeanette Thornton, GSA Desk Officer, OMB, Room 10236, NEOB, Washington, DC 20503, and a copy to General Services Administration, Regulatory and Federal Assistance Publications Division (MVA), 1800 F Street, NW., Room 4035, Washington, DC 20405. Please cite OMB Control Number 3090-0270.

FOR FURTHER INFORMATION CONTACT:

Stephen Duncan, Federal Technology Service, GSA (202) 708-7626 or by e-mail at stephen.duncan@gsa.gov.

SUPPLEMENTARY INFORMATION:

A. Background

One of the primary goals of the emerging Government Services Information Infrastructure (GSII) is to facilitate public access to government information and service through the use of information technologies. One of the specific goals of the GSII is to provide the public with a choice of using Internet-based, online access to the automated information technology application systems operated by government agencies; such access will make it easier and less costly for the public to complete transactions with the government. By law, access to some of these automated information technology application systems can be granted only after the agency operating the system is provided with reliable information that the individual requesting such access is who he/she claims to be, and that he/she is authorized such access. The arms-length transactions envisioned by the GSII require implementation of methods for:

1. Reliably establishing and verifying the identity of the individuals desiring to participate in the ACES Program, based primarily upon electronic communications between the applicant and authorized ACES Registration Authority.

2. Issuing to the individuals who have been successfully identified a means that they can use to uniquely identify themselves to the automated information technology application systems participating in the ACES Program.

3. Electronically and securely passing that identity to the automated information technology application system to which the individual is requesting access.

4. Electronically and securely authenticating that identity, through a trusted third party, each time it is presented to an automated information technology application system participating in the ACES Program.

5. Ensuring that the identified individual requesting access to an automated information technology application system has been duly authorized, by the mangeement of that automated information technology application system, to access that system and perform the transactions desired.

6. Ensuring that the information being exchanged between the individual and the automated information technology application system has not been corrupted during transmission.

7. Reducing the ability of the parties to such transactions to repudiate the actions taken. The current state-of-the-art suggests that digital signature certificate technologies (often referred to as part of “Public Key Infrastructure, or PKI”) provide a reliable and cost efficient means for meeting many of these GSII requirements. Thus, the ACES Program should be understood to represent an effort to implement and continue a PKI through which members of the public who desire to do so can securely communicate electronically with the online automated information technology application systems participating in the ACES Program.

The initial step for any member of the public to take in order to participate in the ACES Program is to submit an application for an ACES certificate to an authorized ACES Registration Authority. In conjunction with application process, the applicant will be required to submit at least:

a. His/her full name.

b. His/her place of birth.

c. His/her date of birth.

d. His/her current address and telephone number.

e. At least three (3) of the following:

i. Current valid state issued driver license number or number of state issued identification card.

ii. Current valid passport number.

iii. Current valid credit card number.

iv. Alien registration number (if applicable).

v. Social Security Number.

vi. Current employer name, address, and telephone number.

f. If the registration is for a business representative certificate, evidence of authorization to represent that business entity.

The information provided during the process of applying for an ACES certificate constitutes the continued information collection activity that is the subject of this Paperwork Reduction Act notice and request for comments.

B. Description

A detailed description of the current ACES Program is available on the World Wide Web at http://www.gs.gov/​aces,, or through the for further information contact listed above.

Please note that all ACES identity information collected from the public is covered by the Privacy Act, the Computer Security Act, and related privacy and security regulations, regardless of whether it is provided Start Printed Page 32519directly to an agency of the Federal Government or to an authorized ACES Registration Authority providing ACES-related services under a contract with GSA. Compliance with all of the attending requirements is enforced through binding contracts, periodic monitoring by GSA, annual audits by independent auditing firms, and annual re-accreditation by GSA. Only fully accredited Registration Authorities will be permitted to accept and maintain identity information provided by the public.

The identity information collected will be used only to establish and verify the identity and eligibility of applicants for ACES certificates; no other use of the information is permitted.

Participation in the ACES Program is strictly voluntary, but participation will only be permitted upon presentation of identity information by the applicant, and verification of that information by an authorized ACES Registration Authority.

ACES is designed to permit on-line, arms-length registration through the Internet, which significantly reduces the public's reporting burden. Based upon preliminary tests run on similar systems for gathering identity-related information from the public (e.g., U.S. Passports, initial issuance of state-issued driver's license, etc.), the individual reporting burden for providing identity information for the initial ACES certificate is estimated at an average of 15 minutes, including gathering the information together and entering the data into the electronic forms provided by the authorized ACES Registration Authorities.

No reliable information is yet available to support any estimate relating to the number of individuals who will seek to register to participate in the ACES Program. Thus, no estimate of the overall reporting burden is being provided at this time.

C. Purpose

GSA is responsible for assisting Federal agencies with the implementation and use of digital signature technologies to enhance electronic access to government information and services by all eligible persons. In order to ensure that the ACES program certificates are issued to the proper individuals, GSA will continue to collect identity information from persons who elect to participate in ACES.

D. Annual Reporting Burden:

Respondents: 1,000,000.

Annual Responses: 1.

Average hours per response: 0.25

Burden Hours: 250,000.

Obtaining Copies of Proposal: Requesters may obtain a copy of the information collection documents from the General Services Administration, Regulatory and Federal Assistance Publications Division (MVA), 1800 F Street, NW., Room 4035, Washington, DC 20405, telephone (202) 208-7312, or by faxing your request to (202) 501-4067. Please cite OMB Control No. 3090-0270, Access Certificates for Electronic Services (ACES).