[Federal Register Volume 62, Number 72 (Tuesday, April 15, 1997)]
[Notices]
[Pages 18375-18377]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 97-9590]


=======================================================================
-----------------------------------------------------------------------

POSTAL SERVICE


Privacy Act of 1974, System of Records

AGENCY: Postal Service.

ACTION: Notice of new system of records.

-----------------------------------------------------------------------

SUMMARY: This document publishes notice of a new Privacy Act system of 
records, Collection and Delivery Records--Customer Public Key 
Certificate Records, USPS 010.090. The new system consists of an 
electronic database containing limited information about postal 
customers who have been authorized public key certificates by the 
Postal Service. A public key certificate is a digital document that can 
be used to validate the authenticity of a digitally signed document 
sent by way of the Internet, a service provider, or a value-added 
network from one customer to another. The Postal Service acts as the 
certifying authority that assigns and holds public key certificates for 
participating customers, the records subjects covered by this system.

DATES: Any interested party may submit written comments on the proposed 
new system of records. This proposal will become effective without 
further notice on May 27, 1997, unless comments received on or before 
that date result in a contrary determination.

ADDRESSES: Written comments on this proposal should be mailed or 
delivered to Payroll Accounting and Records, United States Postal 
Service, 475 L'Enfant Plaza SW, Room 8650, Washington, DC 20260-5243. 
Copies of all written comments will be available at the above address 
for public inspection and photocopying between 8 a.m. and 4:45 p.m., 
Monday through Friday.

FOR FURTHER INFORMATION CONTACT: Betty E. Sheriff, (202) 268-2608.

SUPPLEMENTARY INFORMATION: The Postal Service is conducting a pilot 
program with several federal agencies. The Postal Service's role is to 
act as the certifying authority by using and managing X.509 public key 
certificates containing a person's distinguished name, public key, and 
other identifying information. Under the program a customer applies to 
a Registrar (a Postal Service authority) to receive a Postal Service 
public key certificate. Information collected through the application 
process is limited to the customer name, address, phone number, 
electronic mail address, signature, and payment information.
    The Registrar then creates a key pair consisting of a public key 
and a private key. Keys are long, random, bit strings that are unique 
to the user. That application information, as well as a distinguished 
name for the user, is transmitted to the Postal Service database 
covered by this system. The database returns a signed certificate to 
the Registrar, who enters it onto a disk along with the distinguished 
name, public key, and private key. The disk is

[[Page 18376]]

given to the customer who uses special software, along with the private 
key, to send and digitally sign documents. The public key and 
certificate are public data, but the customer is instructed not to 
disclose the private key and personal identification number (PIN) 
associated with the private key to a third party.
    Maintenance of these records is not expected to affect individual 
privacy rights because, to the extent that the system covers 
individuals, limited information about them is kept. A large segment of 
the population covered by the system is businesses, which are not 
covered by the Privacy Act. Other than digital components for public 
key certification, the information kept about a customer is name, 
distinguished name, public key(s), account, phone number, postal and 
electronic mail address, and payment information.
    Information kept within the database is protected by several 
layers. The computer housing the database is located in a building with 
access controlled by guards and a room with access controlled by the 
use of card keys. Other components of the security architecture are an 
asynchronous gateway, a network firewall, LAN connection, operating 
system, database management system, application software, database 
software security architecture, application software security 
architecture, and key generation and maintenance. Each of these levels 
has been subjected to an external audit to ensure security of the 
system. In addition, internal access to the database is limited to the 
system administrator, database administrator, and designated support 
personnel. Key pairs are protected against cryptanalysis by encrypting 
the private key and by using a shared secret algorithm to protect the 
encryption key, and the certificate authority key is stored in a 
separate, tamperproof hardware device. Finally, activities are audited 
and archived information is protected from corruption, deletion, and 
modification.
    With the above security controls the information will be protected 
from unauthorized access unless a customer does not heed a warning to 
keep the private key and PIN secret. If a private key is compromised, 
the Postal Service will immediately revoke upon notification from the 
certificate holder the related certificate.
    Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to 
submit written data, views, or arguments regarding this proposal. A 
report of the following proposed system has been sent to Congress and 
to the Office of Management and Budget for their evaluation.
USPS 010.090

SYSTEM NAME:
    Collection and Delivery Records--Customer Public Key Certificate 
Records, USPS 010.090.

SYSTEM LOCATIONS:
    Marketing, Headquarters, and Information Systems Service Center, 
San Mateo, CA.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Business and individual postal customers who apply to receive a 
public key certificate.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The following information is kept with regard to customers who have 
applied for public key certificates from the Postal Service: Name, 
address, phone number, electronic mail address, payment information, 
customer's public key(s), certificate serial numbers, customer's 
distinguished name, effective dates of authorized certificates, 
certificate algorithm, date of revocation or expiration of certificate, 
Postal Service-authorized digital signature, and information supplied 
by the customer to identify who may have access to public key data 
related to that customer.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    39 U.S.C. 403 and 404.

PURPOSE(S):
    Information within this system is used to issue and manage public 
key certificates.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    General routine use statements a, b, c, d, e, f, g, h, and j listed 
in the prefatory statement at the beginning of the Postal Service's 
published system notices apply to this system. Other routine uses 
follow:
    1. The X.509 certificate and public key associated with a records 
subject may be disclosed to persons who provide the associated 
certificate number or distinguished name and who have not been denied 
access by the records subject.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Paper, automated database, and computer storage media.

RETRIEVABILITY:
    Customer name, distinguished name, certificate serial number, and 
public key.

SAFEGUARDS:
    Hard copy records and computers containing information within this 
system of records are located in a building with entrance access 
controlled by guards and room access controlled by card readers. 
Information within the database is protected by a security architecture 
of several layers that includes an asynchronous gateway, network 
firewall, operating security system, and database software security 
architecture. Internal access to the database is limited to the system 
administrator, database administrator, and designated support 
personnel. Key pairs are protected against cryptanalysis by encrypting 
the private key and by using a shared secret algorithm to protect the 
encryption key, and the certificate authority key is stored in a 
separate, tamperproof, hardware device. Activities are audited and 
archived information is protected from corruption, deletion, and 
modification.

RETENTION AND DISPOSAL:
    a. Pending Public Key Certificate Application Files. These records 
are added as received to an electronic database. Move to authorized 
certificate file when they are updated with the required data. Destroy 
records not updated within 90 days from the date of receipt.
    b. Public Key Certificate Directory. These records are maintained 
in an electronic database and are constantly updated. Destroy records 
as they are superseded or deleted.
    c. Authorized Public Key Certificate Master File. These records are 
maintained in an electronic database for the life of the authorized 
certificate. Move to the certificate revocation file when certificate 
is revoked or expired.
    d. Public Key Certificate Revocation List. Cut off this file at the 
end of each calendar year. Destroy these records 30 years from the date 
of cutoff.

SYSTEM MANAGER(S) AND ADDRESS:
    Vice President, Technology Applications, United States Postal 
Service, 475 L'Enfant Plaza SW, Washington, DC 20260-2403

NOTIFICATION PROCEDURE:
    Individuals wanting to know whether information about them is 
maintained in this system of records must address inquiries in writing 
to the system manager. Inquiries must contain name and certificate 
serial number.

RECORD ACCESS PROCEDURES:
    Access must be requested in accordance with the Notification 
Procedure above and the Postal Service

[[Page 18377]]

Privacy Act regulations regarding access to records and verification of 
identity under 39 CFR 266.6.

CONTESTING RECORD PROCEDURES:
    See Notification Procedure and Record Access Procedures above.

RECORD SOURCE CATEGORIES:
    Customers.
Stanley F. Mires,
Chief Counsel, Legislative.
[FR Doc. 97-9590 Filed 4-15-97; 8:45 am]
BILLING CODE 7710-12-P