[Federal Register Volume 79, Number 73 (Wednesday, April 16, 2014)]
[Notices]
[Pages 21496-21499]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2014-08578]
=======================================================================
-----------------------------------------------------------------------
SOCIAL SECURITY ADMINISTRATION
Agency Information Collection Activities: Proposed Request
The Social Security Administration (SSA) publishes a list of
information collection packages requiring clearance by the Office of
Management and Budget (OMB) in compliance with Public Law 104-13, the
Paperwork Reduction Act of 1995, effective October 1, 1995. This notice
includes revisions of OMB-approved information collections.
SSA is soliciting comments on the accuracy of the agency's burden
estimate; the need for the information; its practical utility; ways to
enhance its quality, utility, and clarity; and ways to minimize burden
on respondents, including the use of automated collection techniques or
other forms of information technology. Mail, email, or fax your
comments and recommendations on the information collection(s) to the
OMB Desk Officer and SSA Reports Clearance Officer at the following
addresses or fax numbers.
(OMB)
Office of Management and Budget, Attn: Desk Officer for SSA, Fax:
202-395-6974, Email address: [email protected].
(SSA)
Social Security Administration, OLCA, Attn: Reports Clearance
Director, 3100 West High Rise, 6401 Security Blvd., Baltimore, MD
21235, Fax: 410-966-2830, Email address: [email protected].
The information collections below are pending at SSA. SSA will
submit them to OMB within 60 days from the date of
[[Page 21497]]
this notice. To be sure we consider your comments, we must receive them
no later than June 16, 2014. Individuals can obtain copies of the
collection instruments by writing to the above email address.
1. Letter to Landlord Requesting Rental Information--20 CFR
416.1130(b)--0960-0454. SSA uses Form SSA-L5061 to obtain rental
subsidy information, which enables SSA to determine and verify an
income value for such subsidies. SSA uses this income value as part of
determining eligibility for Supplemental Security Income (SSI) and the
correct amount of SSI payable to the claimant. SSA bases an
individual's eligibility for SSI payments, in part, on the amount of
countable income the individual receives. Income includes in-kind
support and maintenance in the form of room or rent, such as a
subsidized rental arrangement. SSA requires claimants to assist in
obtaining this information to prevent a delay or overpayment with their
SSI payments. We collect this information only if the SSI applicant or
recipient is the parent or child of the landlord (respondent). For most
respondents, we collect this information once per year or less, via
telephone or face-to-face personal interview. The claims representative
records the information in our Modernized SSI Claims System (MSSICS),
and we require verbal attestation in lieu of a wet signature. However,
if the claims representative is unable to contact the respondent via
the telephone or face-to face, we print and mail a paper form to the
respondent for completion. The respondent completes, signs, and returns
the form to the claims representative. Upon receipt, the claims
representative documents the information in MSSICS or, for non-MSSICS
cases, faxes the form into the appropriate electronic folder and shreds
the paper form. The respondents are landlords who are related to the
SSI beneficiaries as a parent or child.
Type of Request: Revision of an OMB-approved information
collection.
----------------------------------------------------------------------------------------------------------------
Average burden Estimated total
Modality of completion Number of Frequency of per response annual burden
respondents response (minutes) (hours)
----------------------------------------------------------------------------------------------------------------
SSA-L5061................................... 72,000 1 10 12,000
----------------------------------------------------------------------------------------------------------------
2. Social Security's Public Credentialing and Authentication
Process--20 CFR 401.45 and 402--0960-0789.
Background
Authentication is the foundation for secure, online transactions.
Identity authentication is the process of determining, with confidence,
that someone is who he or she claims to be during a remote, automated
session. It comprises three distinct factors: something you know,
something you have, and something you are. Single-factor authentication
uses one of the factors, and multi-factor authentication uses two or
more of the factors.
SSA's Public Credentialing and Authentication Process
SSA offers consistent authentication across SSA's secured online
services. We allow our users to request and maintain only one User ID,
consisting of a self-selected username and password, to access multiple
Social Security electronic services. Designed in accordance with the
OMB Memorandum M-04-04 and the National Institute of Standards and
Technology (NIST) Special Publication 800-63, this process provides the
means of authenticating users of our secured electronic services and
streamlines access to those services.
SSA's public credentialing and authentication process:
Issues a single User ID to anyone who wants to do business
with the agency;
Offers authentication options that meet the changing needs
of the public;
Partners with an external data service provider to help us
verify the identity of our online customers;
Complies with relevant standards;
Offers access to some of SSA's heaviest, but more
sensitive, workloads online while providing a high level of confidence
in the identity of the person requesting access to these services;
Offers an in-person process for those who are
uncomfortable with or unable to use the Internet process;
Balances security with ease of use; and
Provides a user-friendly way for the public to conduct
extended business with us online instead of visiting local servicing
offices or requesting information over the phone. Individuals have
real-time access to their Social Security information in a safe and
secure web environment.
Public Credentialing and Authentication Process Features
We collect and maintain the users' personally identifiable
information (PII) in our Central Repository of Electronic
Authentication Data Master File Privacy Act system of records that we
published in the Federal Register (75 FR 79065). The PII may include
the users' name, address, date of birth, Social Security number (SSN),
phone number, and other types of identity information [e.g., address
information of persons from the W-2 and Schedule Self Employed forms we
receive electronically for our programmatic purposes as permitted by 26
U.S.C. 6103(l)(1)(A)]. We may also collect knowledge-based
authentication data, which is information users establish with us or
that we already maintain in our existing Privacy Act systems of
records.
We retain the data necessary to administer and maintain our e-
Authentication infrastructure. This includes management and profile
information, such as blocked accounts, failed access data, effective
date of passwords, and other data that allows us to evaluate the
system's effectiveness. The data we maintain also may include archived
transaction data and historical data.
We use the information from this collection to identity proof and
authenticate our users online and to allow them access to their
personal information from our records. We also use this information to
provide second factor authentication. We are committed to expanding and
improving this process so we can grant access to additional online
services in the future.
Offering online services is not only an important part of meeting
SSA's goals, but is vital to good public service. In increasing
numbers, the public expects to conduct complex business over the
Internet. Ensuring that SSA's online services are both secure and user-
friendly is our priority.
With the limited data we have, it is difficult for SSA to meet the
OMB and NIST authentication guidelines for identity proofing the
public. Therefore, we awarded a competitively bid contract to an
external data service
[[Page 21498]]
provider, Experian,\1\ to help us verify the identity of our online
customers. We use this external data service (EDS), in addition to our
other authentication methods, to help us prove, or verify, the identity
of our customers when they are completing online/electronic
transactions with us.
---------------------------------------------------------------------------
\1\ Experian is a global information services company.
Experian's decisional solutions enable Social Security to manage and
optimize risk as well as prevent, detect, and reduce fraud.
---------------------------------------------------------------------------
Social Security's Authentication Strategy
We remain committed to enhancing our online services using
authentication processes that balance usability and security. We will
continue to research and develop new authentication tools while
monitoring the emerging threats.
The following are key components of our authentication strategy:
Enrollment and Identity Verification--We collect
identifying data and use SSA and EDS records to verify an individual's
identity. Individuals have the option of obtaining an enhanced,
stronger, User ID by providing certain financial information (e.g.,
Medicare wages, self-employed earnings, direct deposit amount, or the
last eight digits of a credit card number) for verification. We also
ask individuals to answer out-of-wallet questions so we can further
verify their identities. Individuals who are unable to complete the
process online can present identification at a field office to obtain a
User ID.
Establishing the User Profile--The individual self-selects
a username and password, both of which can be of variable length and
alphanumeric. We provide a password strength indicator to help the
individual select a strong password. We also ask the individual to
choose challenge questions for use in restoring a lost or forgotten
username or password.
Enhancing the User ID--If an individual opts to enhance or
upgrade the User IDs, we mail a one-time-use upgrade code to the
individual's verified residential address. When the individual receives
the upgrade code in the mail, he or she can enter this code online to
enhance the security of the account. At this time, we also ask the
individual to enter a cell phone number. We send an initial text
message to that number and require the individual to confirm its
receipt. We send a text message to that number each time the individual
signs in, subsequently.
Login and Use--Standard authentication provides an
individual with a User ID for access to most online applications.
Enhanced authentication uses the standard User ID along with a one-time
code sent to the individual's cell phone, via text message, to create a
more secure session, and to grant access to certain sensitive Social
Security services. An individual who forgets the password can reset it
automatically without contacting SSA. The enrollment process is a one-
time only activity for the respondents. After the respondents enroll
and choose their User ID (username & password), they have to sign in
with their User ID every time they want to access Social Security's
secured online services.
SSA requires the individual to agree to the ``Terms of Service''
detailed on our Web site before we allow him or her to begin the
enrollment process. The ``Terms of Service'' informs individuals what
we will and will not do with their personal information and the privacy
and security protections we provide on all data we collect. These terms
also detail the consequences of misusing this service.
In order to verify the individual's identity, we ask the individual
to give us minimal personal information, which may include:
Name;
SSN;
Date of birth;
Address--mailing and residential;
Telephone number;
Email address;
Financial information;
Cell phone number; and
Selecting and answering password reset questions.
We send a subset of this information to the EDS, who then generates
a series of out-of-wallet questions back to the individual. The
individual must answer all or most of the questions correctly before
continuing in the process. The exact questions generated are unique to
each individual.
This collection of information, or a subset of it, is mandatory for
respondents who want to do business with SSA via the Internet. We
collect this information via the Internet, on SSA's public-facing Web
site. We also offer an in-person identification verification process
for individuals who cannot, or are not willing to register online. For
this process, the individual must go to a local SSA field office and
provide identifying information. We do not ask for financial
information with the in-person process.
We only collect the identity verification information one time,
when the individual registers for a credential. We ask for the User ID
(username and password) every time an individual signs in to our
automated services. If individuals opt for the enhanced or upgraded
account, they also receive a text message on their cell phones (this
serves as the second factor for authentication) each time they sign in.
The respondents are individuals who choose to use the Internet or
Automated Telephone Response System to conduct business with SSA.
Type of Request: Revision of an OMB-approved information
collection.
----------------------------------------------------------------------------------------------------------------
Average
Number of Frequency of burden per Total annual
Modality of completion respondents response response burden hours
(minutes) (hours)
----------------------------------------------------------------------------------------------------------------
Internet Requestors............................. 38,251,877 1 8 5,100,250
In-Person (Intranet) Requestors................. 1,370,633 1 8 182,751
---------------------------------------------------------------
Totals...................................... 39,622,510 .............. .............. 5,283,001
----------------------------------------------------------------------------------------------------------------
[[Page 21499]]
Dated: April 10, 2014.
Faye Lipsky,
Reports Clearance Director, Social Security Administration.
[FR Doc. 2014-08578 Filed 4-15-14; 8:45 am]
BILLING CODE 4191-02-P