[Federal Register Volume 68, Number 104 (Friday, May 30, 2003)]
[Notices]
[Pages 32517-32519]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 03-13459]


=======================================================================
-----------------------------------------------------------------------

GENERAL SERVICES ADMINISTRATION

[OMB Control No. 3090-0270]


Federal Technology Service; Access Certificates for Electronic 
Services (ACES)

AGENCY: General Services Administration (GSA).

ACTION: Notice of request for comments regarding an extension to an 
existing OMB clearance.

-----------------------------------------------------------------------

[[Page 32518]]

SUMMARY: Under the provisions of the Paperwork Reduction Act of 1995 
(44 U.S.C. Chapter 35), the General Services Administration (GSA) has 
submitted to the Office of Management and Budget (OMB) a request to 
review and approve an extension of a currently approved information 
collection requirement concerning Access Certificates for Electronic 
Services (ACES). A request for public comments was published at 68 FR 
14238, March 24, 2003. No comments were received.
    The ACES Program is designed to facilitate and promote secure 
electronic communications between online automated information 
technology application systems authorized by law to participate in the 
ACES Program and users who elect to participate in the program, through 
the implementation and operation of digital signature certificate 
technologies. Individual digital signature certificates are issued at 
no cost to individuals based upon their presentation of verifiable 
proof of identity in an authorized ACES Registration Authority. 
Business Representative digital signature certificates are issued to 
individuals based upon their presentation of verifiable proof of 
identity and verifiable proof of authority from the claimed entity to 
an authorized ACES Registration Authority. If authorized by law, a fee 
may be charged for issuance of a Business Representative certificate.
    Public comments are particularly invited on: Whether this 
collection is necessary for the proper performance of the functions of 
GSA, and whether it will have practical utility; whether our estimate 
of the public burden of this collection of information is accurate, and 
based on valid assumptions and methodology; ways to enhance the 
quality, utility, and clarity of the information to be collected; and 
ways in which we can minimize the burden of the collection of 
information on those who are to respond, through the use of appropriate 
technological collection techniques or other forms of information 
technology.

DATES: Comment Due Date: June 30, 2003.

ADDRESSES: Submit comments regarding this burden estimate or any other 
aspect of this collection of information, including suggestions for 
reducing this burden to Ms. Jeanette Thornton, GSA Desk Officer, OMB, 
Room 10236, NEOB, Washington, DC 20503, and a copy to General Services 
Administration, Regulatory and Federal Assistance Publications Division 
(MVA), 1800 F Street, NW., Room 4035, Washington, DC 20405. Please cite 
OMB Control Number 3090-0270.

FOR FURTHER INFORMATION CONTACT: Stephen Duncan, Federal Technology 
Service, GSA (202) 708-7626 or by e-mail at [email protected].

SUPPLEMENTARY INFORMATION:

A. Background

    One of the primary goals of the emerging Government Services 
Information Infrastructure (GSII) is to facilitate public access to 
government information and service through the use of information 
technologies. One of the specific goals of the GSII is to provide the 
public with a choice of using Internet-based, online access to the 
automated information technology application systems operated by 
government agencies; such access will make it easier and less costly 
for the public to complete transactions with the government. By law, 
access to some of these automated information technology application 
systems can be granted only after the agency operating the system is 
provided with reliable information that the individual requesting such 
access is who he/she claims to be, and that he/she is authorized such 
access. The arms-length transactions envisioned by the GSII require 
implementation of methods for:
    1. Reliably establishing and verifying the identity of the 
individuals desiring to participate in the ACES Program, based 
primarily upon electronic communications between the applicant and 
authorized ACES Registration Authority.
    2. Issuing to the individuals who have been successfully identified 
a means that they can use to uniquely identify themselves to the 
automated information technology application systems participating in 
the ACES Program.
    3. Electronically and securely passing that identity to the 
automated information technology application system to which the 
individual is requesting access.
    4. Electronically and securely authenticating that identity, 
through a trusted third party, each time it is presented to an 
automated information technology application system participating in 
the ACES Program.
    5. Ensuring that the identified individual requesting access to an 
automated information technology application system has been duly 
authorized, by the mangeement of that automated information technology 
application system, to access that system and perform the transactions 
desired.
    6. Ensuring that the information being exchanged between the 
individual and the automated information technology application system 
has not been corrupted during transmission.
    7. Reducing the ability of the parties to such transactions to 
repudiate the actions taken. The current state-of-the-art suggests that 
digital signature certificate technologies (often referred to as part 
of ``Public Key Infrastructure, or PKI'') provide a reliable and cost 
efficient means for meeting many of these GSII requirements. Thus, the 
ACES Program should be understood to represent an effort to implement 
and continue a PKI through which members of the public who desire to do 
so can securely communicate electronically with the online automated 
information technology application systems participating in the ACES 
Program.
    The initial step for any member of the public to take in order to 
participate in the ACES Program is to submit an application for an ACES 
certificate to an authorized ACES Registration Authority. In 
conjunction with application process, the applicant will be required to 
submit at least:
    a. His/her full name.
    b. His/her place of birth.
    c. His/her date of birth.
    d. His/her current address and telephone number.
    e. At least three (3) of the following:
    i. Current valid state issued driver license number or number of 
state issued identification card.
    ii. Current valid passport number.
    iii. Current valid credit card number.
    iv. Alien registration number (if applicable).
    v. Social Security Number.
    vi. Current employer name, address, and telephone number.
    f. If the registration is for a business representative 
certificate, evidence of authorization to represent that business 
entity.
    The information provided during the process of applying for an ACES 
certificate constitutes the continued information collection activity 
that is the subject of this Paperwork Reduction Act notice and request 
for comments.

B. Description

    A detailed description of the current ACES Program is available on 
the World Wide Web at http://www.gs.gov/aces, or through the for 
further information contact listed above.
    Please note that all ACES identity information collected from the 
public is covered by the Privacy Act, the Computer Security Act, and 
related privacy and security regulations, regardless of whether it is 
provided

[[Page 32519]]

directly to an agency of the Federal Government or to an authorized 
ACES Registration Authority providing ACES-related services under a 
contract with GSA. Compliance with all of the attending requirements is 
enforced through binding contracts, periodic monitoring by GSA, annual 
audits by independent auditing firms, and annual re-accreditation by 
GSA. Only fully accredited Registration Authorities will be permitted 
to accept and maintain identity information provided by the public.
    The identity information collected will be used only to establish 
and verify the identity and eligibility of applicants for ACES 
certificates; no other use of the information is permitted.
    Participation in the ACES Program is strictly voluntary, but 
participation will only be permitted upon presentation of identity 
information by the applicant, and verification of that information by 
an authorized ACES Registration Authority.
    ACES is designed to permit on-line, arms-length registration 
through the Internet, which significantly reduces the public's 
reporting burden. Based upon preliminary tests run on similar systems 
for gathering identity-related information from the public (e.g., U.S. 
Passports, initial issuance of state-issued driver's license, etc.), 
the individual reporting burden for providing identity information for 
the initial ACES certificate is estimated at an average of 15 minutes, 
including gathering the information together and entering the data into 
the electronic forms provided by the authorized ACES Registration 
Authorities.
    No reliable information is yet available to support any estimate 
relating to the number of individuals who will seek to register to 
participate in the ACES Program. Thus, no estimate of the overall 
reporting burden is being provided at this time.

C. Purpose

    GSA is responsible for assisting Federal agencies with the 
implementation and use of digital signature technologies to enhance 
electronic access to government information and services by all 
eligible persons. In order to ensure that the ACES program certificates 
are issued to the proper individuals, GSA will continue to collect 
identity information from persons who elect to participate in ACES.

D. Annual Reporting Burden:

    Respondents: 1,000,000.
    Annual Responses: 1.
    Average hours per response: 0.25
    Burden Hours: 250,000.
    Obtaining Copies of Proposal: Requesters may obtain a copy of the 
information collection documents from the General Services 
Administration, Regulatory and Federal Assistance Publications Division 
(MVA), 1800 F Street, NW., Room 4035, Washington, DC 20405, telephone 
(202) 208-7312, or by faxing your request to (202) 501-4067. Please 
cite OMB Control No. 3090-0270, Access Certificates for Electronic 
Services (ACES).

    Dated: May 21, 2003.
Michael W. Carleton,
Chief Information Officer (I).
[FR Doc. 03-13459 Filed 5-29-03; 8:45 am]
BILLING CODE 6820-DH-M