Federal Register, Volume 69 Issue 249 (Wednesday, December 29, 2004)

[Federal Register Volume 69, Number 249 (Wednesday, December 29, 2004)]
[Notices]
[Pages 78033-78034]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 04-28493]


-----------------------------------------------------------------------

GENERAL SERVICES ADMINISTRATION


Public Meeting Addressing Privacy and Policy Issues in a Common 
Identification Standard for Federal Employees and Contractors

AGENCY: Office of Electronic Government and Technology, GSA.

ACTION: Notice of public meeting.

-----------------------------------------------------------------------

SUMMARY: The General Services Administration, in partnership with the 
Department of Commerce and the Office of Management and Budget will 
host a public meeting to seek individual views on the policy, privacy, 
and security issues associated with the Common Identification Standard 
for Federal Employees and Contractors as outlined in Homeland Security 
Presidential Directive 12 (HSPD-12). The public meeting is on the draft 
common identification standard (Federal Information Processing Standard 
201) and will inform future HSPD-12 implementation guidance issued by 
the Office of Management and Budget.

DATES: The public meeting is on January 19, 2005, from 8:30 a.m. to 
noon at the Auditorium of the Potomac Center Plaza, 550 12th Street, 
SW., Washington, DC 20202, near the Smithsonian and L'Enfant Plaza 
Metro Stations. The meeting is open to the public and there is no fee 
for attendance. All attendees must pre-register and present government-
issued photo identification to enter the building. Students may present 
their student ID.
    Registration: Please e-mail your plan to attend to Sara Caswell, 
[email protected]. Sara can be reached at 301-975-4634 if you have 
questions regarding registration. Registration information must be 
received by 5 p.m. e.s.t., January 11, 2005.
    Requests To Speak at the Meeting: Written requests to speak at the 
meeting are required before January 5, 2005, and should be sent via e-
mail to [email protected] or by fax to 202-395-5167. In their requests, 
individuals should include a statement describing their expertise in, 
or knowledge of, the issues on which the public meeting will focus. 
Potential speakers should provide their contact information, including 
a telephone number, facsimile number, and e-mail address, to enable 
notification if selected. Selected speakers will be notified on or 
before Friday, January 7, 2005. There will be open microphone time 
during the last half hour of the meeting.

FOR FURTHER INFORMATION CONTACT: Ms. Jeanette Thornton, (202) 395-3562 
or Ms. Judith Spencer, (202) 208-6576. An agenda and additional 
information for attendees will be posted on the www.csrc.nist.gov/piv-project Web site prior to the meeting.

SUPPLEMENTARY INFORMATION: On August 27, 2004, the President issued 
HSPD-12 Common Identification Standard for Federal Employees and 
Contractors.
    As the Directive explained, ``wide variations in the quality and 
security of forms of identification used to gain access to secure 
Federal and other facilities where there is potential for terrorist 
attacks need to be eliminated. Therefore, it is the policy of the 
United States to enhance security, increase Government efficiency, 
reduce identity fraud, and protect personal privacy by establishing a 
mandatory, Government-wide standard for secure and reliable forms of 
identification issued by the Federal Government to its employees and 
contractors (including contractor employees).
    ``Secure and reliable forms of identification for purposes of this 
directive means identification that (a) is issued based on sound 
criteria for verifying an individual employee's identity; (b) is 
strongly resistant to identity fraud, tampering, counterfeiting, and 
terrorist exploitation; (c) can be rapidly authenticated 
electronically; and (d) is issued only by providers whose reliability 
has been established by an official accreditation process. The Standard 
will include graduated criteria, from least secure to most secure, to 
ensure flexibility in selecting the appropriate level of security for 
each application. The Standard shall not apply to identification 
associated with national security systems as defined by 44 U.S.C. 
3542(b)(2).''
    HSPD-12 directed the Secretary of Commerce to ``promulgate in 
accordance with applicable law a Federal standard for secure and 
reliable forms of identification (the ``Standard'') not later than 6 
months after the date of this directive in consultation with the 
Secretary of State, the Secretary of Defense, the Attorney General, the 
Secretary of Homeland Security, the Director of the Office of 
Management and Budget (OMB), and the Director of the Office of Science 
and Technology Policy.''
    On November 8, 2004, NIST published a draft standard. The Standard 
and supporting documents are available at http://csrc.nist.gov/piv-project. The standard was open for public comment until December 23, 
2004. On February 27, 2005 the standard will be promulgated. 
Information on the past two public workshops on the standard is 
available at www.csrc.nist.gov/piv-project.
    The public meeting to address ``Privacy and Security Issues in a 
Common Identification Standard for Federal Employees and Contractors'' 
will focus on the specific issues raised in HSPD-12. Meeting speakers 
should address the privacy and security concerns as they may affect 
individuals, including Federal employees and contractors as well as the 
public at large, in implementation.
    By bringing together card and biometric experts, privacy advocates, 
academics, and other interested parties, the public meeting will 
present views on how to develop policies to implement the Standard 
without compromising users' privacy and security.
    The session will include introductory remarks and speakers to 
discuss key questions, such as:
    1. How do the proposed technologies in the draft FIPS 201 standard 
affect privacy and security?
     Does the proposed use of contact and contactless smart 
card chips raise privacy or security concerns?
     Do the biometric (fingerprint and facial image) standards 
as proposed, raise privacy or security concerns?
     Does the assignment of a permanent or persistent employee 
identification number raise privacy concerns?
     Do other applications or features of the card, as proposed 
raise concerns?
    2. Do the proposed credential issuance policies and procedures 
raise privacy and security concerns?
    3. What federal uses of the identification raise privacy and 
security concerns?

[[Page 78034]]

    4. Are there means to address privacy and security in the 
development of the card standard and implementation guidance?
     Can privacy enhancing technologies be built into the card?
     How can we limit non-federal uses of the card?
     What training do employees and contractors need to 
properly secure their cards?
     What training should card issuers have? Security 
personnel?
     What law and policies must agencies consider in planning 
for and implementing the new cards?

    Dated: December 22, 2004.
G. Martin Wagner,
Associate Administrator for Governmentwide Policy.
[FR Doc. 04-28493 Filed 12-28-04; 8:45 am]
BILLING CODE 6820-WY-P