[Federal Register Volume 68, Number 56 (Monday, March 24, 2003)]
[Notices]
[Pages 14238-14239]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 03-6945]


=======================================================================
-----------------------------------------------------------------------

GENERAL SERVICES ADMINISTRATION

[OMB Control No. 3090-0270]


Federal Technology Service; Access Certificates for Electronic 
Services (ACES)

AGENCY: General Services Administration (GSA).

ACTION: Notice of request for comments regarding an extension to an 
existing OMB clearance.

-----------------------------------------------------------------------

SUMMARY: Under the provisions of the Paperwork Reduction Act of 1995 
(44 U.S.C. Chapter 35), the General Services Administration (GSA) will 
be submitting to the Office of Management and Budget (OMB) a request to 
review and approve an extension of a currently approved information 
collection requirement concerning Access Certificates for Electronic 
Services (ACES).
    The ACES Program is designed to facilitate and promote secure 
electronic communications between online automated information 
technology application systems authorized by law to participate in the 
ACES Program and users who elect to participate in the program, through 
the implementation and operation of digital signature certificate 
technologies. Individual digital signature certificates are issued at 
no cost to individuals based upon their presentation of verifiable 
proof of identity in an authorized ACES Registration Authority. 
Business Representative digital signature certificates are issued to 
individuals based upon their presentation of verifiable proof of 
identity and verifiable proof of authority from the claimed entity to 
an authorized ACES Registration Authority. If authorized by law, a fee 
may be charged for issuance of a Business Representative certificate.
    Public comments are particularly invited on: Whether this 
collection is necessary for the proper performance of the functions of 
GSA, and whether it will have practical utility; whether our estimate 
of the public burden of this collection of information is accurate, and 
based on valid assumptions and methodology; ways to enhance the 
quality, utility, and clarity of the information to be collected; and 
ways in which we can minimize the burden of the collection of 
information on those who are to respond, through the use of appropriate 
technological collection techniques or other forms of information 
technology.

DATES: Comment Due Date: May 23, 2003.

ADDRESSES: Submit comments regarding this information collection to 
Stephanie Morris, General Services Administration, Regulatory & Federal 
Assistance Publications Division, 1800 F Street, NW., Room 4035, 
Washington, DC 20405 or fax to (202) 501-4067. Please cite OMB Control 
Number 3090-0270.

FOR FURTHER INFORMATION CONTACT: Stephen Duncan, Federal Technology 
Service, GSA (202) 708-7626 or by e-mail at [email protected].

SUPPLEMENTARY INFORMATION:

A. Background

    One of the primary goals of the emerging Government Services 
Information Infrastructure (GSII) is to facilitate public access to 
government information and services through the use of information 
technologies. One of the specific goals of the GSII is to provide the 
public with a choice of using Internet-based, online access to the 
automated information technology application systems operated by 
government agencies; such access will make it easier and less costly 
for the public to complete transactions with the government. By law, 
access to some of these automated information technology application 
systems can be granted only after the agency operating the system is 
provided with reliable information that the individual requesting such 
access is who he/she claims to be, and that he/she is authorized such 
access. The arms-length transactions envisioned by the GSII require 
implementation of methods for:
    1. Reliably establishing and verifying the identity of the 
individuals desiring to participate in the ACES Program, based 
primarily upon electronic communications between the applicant and 
authorized ACES Registration Authority.
    2. Issuing to the individuals who have been successfully identified 
a means that they can use to uniquely identify themselves to the 
automated information technology application systems participating in 
the ACES Program.
    3. Electronically and securely passing that identity to the 
automated information technology application system to which the 
individual is requesting access.
    4. Electronically and securely authenticating that identity, 
through a trusted third party, each time it is presented to an 
automated information technology application system participating in 
the ACES Program.
    5. Ensuring that the identified individual requesting access to an 
automated information technology application system has been duly 
authorized, by the management of that automated information technology 
application system, to access that system and perform the transactions 
desired.
    6. Ensuring that the information being exchanged between the 
individual and the automated information technology application system 
has not been corrupted during transmission.
    7. Reducing the ability of the parties to such transactions to 
repudiate the actions taken.
    The current state-of-the-art suggests that digital signature 
certificate technologies (often referred to as part of ``Public Key 
Infrastructure, or PKI'') provide a reliable and cost efficient means 
for meeting many of these GSII requirements. Thus, the ACES Program 
should be understood to represent an effort to implement and continue a 
PKI through which members of the public who desire to do so can 
securely communicate electronically with the online automated 
information technology application systems participating in the ACES 
Program.
    The initial step for any member of the public to take in order to 
participate in the ACES Program is to submit an application for an ACES 
certificate to an authorized ACES Registration Authority. In 
conjunction with application process, the applicant will be required to 
submit at least:
    a. His/her full name.
    b. His/her place of birth.
    c. His/her date of birth.
    d. His/her current address and telephone number.
    e. At least three (3) of the following:
    i. Current valid state issued driver license number or number of 
state issued identification card.
    ii. Current valid passport number.
    iii. Current valid credit card number.
    iv. Alien registration number (if applicable).
    v. Social Security Number.
    vi. Current employer name, address, and telephone number.

[[Page 14239]]

    f. If the registration is for a business representative 
certificate, evidence of authorization to represent that business 
entity.
    The information provided during the process of applying for an ACES 
certificate constitutes the continued information collection activity 
that is the subject of this Paperwork Reduction Act Notice and request 
for comments.

B. Description

    A detailed description of the current ACES Program is available on 
the World Wide Web at http://www.gsa.gov/aces, or through the FOR 
FURTHER INFORMATION CONTACT listed above.
    Please note that all ACES identity information collected from the 
public is covered by the Privacy Act, the Computer Security Act, and 
related privacy and security regulations, regardless of whether it is 
provided directly to an agency of the Federal Government or to an 
authorized ACES Registration Authority providing ACES-related services 
under a contract with GSA. Compliance with all of the attending 
requirements is enforced through binding contracts, periodic monitoring 
by GSA, annual audits by independent auditing firms, and annual re-
accreditation by GSA. Only fully accredited Registration Authorities 
will be permitted to accept and maintain identity information provided 
by the public.
    The identity information collected will be used only to establish 
and verify the identity and eligibility of applicants for ACES 
certificates; no other use of the information is permitted.
    Participation in the ACES Program is strictly voluntary, but 
participation will only be permitted upon presentation of identity 
information by the applicant, and verification of that information by 
an authorized ACES Registration Authority.
    ACES is designed to permit on-line, arms-length registration 
through the Internet, which significantly reduces the public's 
reporting burden. Based upon preliminary tests run on similar systems 
for gathering identity-related information from the public (e.g., U.S. 
Passports, initial issuance of state-issued driver's license, etc.), 
the individual reporting burden for providing identity information for 
the initial ACES certificate is estimated at an average of 15 minutes, 
including gathering the information together and entering the data into 
the electronic forms provided by the authorized ACES Registration 
Authorities.
    No reliable information is yet available to support any estimate 
relating to the number of individuals who will seek to register to 
participate in the ACES Program. Thus, no estimate of the overall 
reporting burden is being provided at this time.

C. Purpose

    The General Services Administration will be requesting the Office 
of Management and Budget (OMB) to review and approve information 
collection, 3090-0270, concerning ACES. GSA is responsible for 
assisting Federal agencies with the implementation and use of digital 
signature technologies to enhance electronic access to government 
information and services by all eligible persons. In order to ensure 
that the ACES program certificates are issued to the proper 
individuals, GSA will continue to collect identity information from 
persons who elect to participate in ACES.

D. Annual Reporting Burden

    Respondents: 1,000,000.
    Annual Responses: 1.
    Average Hours Per Response: 0.25.
    Burden Hours: 250,000.
    Obtaining Copies of Proposal: Requesters may obtain a copy of the 
information collection documents from the General Services 
Administration, Regulatory and Federal Assistance Publications 
Division(MVA), 1800 F Street, NW., room 4035, Washington, DC 20405, 
telephone (202) 208-7312. Please cite OMB Control No. 3090-0270, Access 
Certificates for Electronic Services (ACES).

    Dated: March 14, 2003.
Susan White,
Deputy Chief Information Officer.
[FR Doc. 03-6945 Filed 3-21-03; 8:45 am]
BILLING CODE 6820-DH-P