[Federal Register Volume 79, Number 154 (Monday, August 11, 2014)]
[Notices]
[Pages 46857-46862]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-18703]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

[Docket No. DHS-2014-0039]


Privacy Act of 1974; Department of Homeland Security/ALL-037 E-
Authentication Records System of Records

AGENCY: Privacy Office, Department of Homeland Security.

ACTION: Notice of Privacy Act System of Records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of 
Homeland Security proposes to establish a new system of records titled, 
Department of Homeland Security/ALL-037 E-Authentication Records System 
of Records. This system of records allows the Department of Homeland 
Security to collect, maintain, and retrieve records about individuals, 
including members of the public, who electronically authenticate their 
identities. The information in this system of records includes data 
collected by programs and applications for use when the Department of 
Homeland Security or a

[[Page 46858]]

trusted third-party performs some or all of the functions required to 
enroll, issue, and maintain a credential on DHS's behalf that can be 
used by an individual to electronically authenticate his or her 
identity to DHS systems.
    These programs and applications include: The Department of Homeland 
Security's Homeland Security Information Network, which is a trusted 
network for homeland security mission operations to share sensitive but 
unclassified information used by federal, state, local, tribal, 
territorial, international, and private sector homeland security 
partners to manage operations, analyze data, and send alerts and 
notices; the U.S. Citizenship and Immigration Services E-Verify Self 
Check, which is a free service that allows individuals to learn about 
their work authorization status information; and the U.S. Citizenship 
and Immigration Services myE-Verify, which is a free service that 
allows individuals to create an account and access additional features 
beyond Self Check concerning the use of their personally identifiable 
information in E-Verify and Self Check such as the ability to lock a 
Social Security number to prevent its use in E-Verify and Self Check. 
Additional Department programs or applications may also use third-party 
authentication.
    In addition, the Department of Homeland Security also proposes to 
consolidate the E-Verify Self Check System of Records (DHS/USCIS-013), 
last published in the Federal Register on February 16, 2011 (76 FR 
9604), into this newly established E-Authentication Records System of 
Records. As a result of this consolidation, by this notice, DHS intends 
to remove DHS/USCIS-013 from its inventory of systems of records. The 
newly established system will be included in the Department of Homeland 
Security's inventory of record systems.

DATES: Written comments must be submitted on or before September 10, 
2014.

ADDRESSES: You may submit comments, identified by Docket Number DHS-
2014-0039 by one of the following methods:
     Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: (202) 343-4010.
     Mail: Karen L. Neuman, Chief Privacy Officer, Privacy 
Office, U.S. Department of Homeland Security, 245 Murray Drive SW., 
Building 410, STOP-0655, Washington, DC 20528.
    Instructions: All submissions received must include the agency name 
and docket number for this rulemaking. All comments received will be 
posted without change to http://www.regulations.gov, including any 
personal information provided.
    Docket: For access to the docket to read background documents or 
comments received go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: For general and privacy related 
questions please contact: Karen L. Neuman (202-343-1717), Chief Privacy 
Officer, Privacy Office, U.S. Department of Homeland Security, 245 
Murray Drive SW., Building 410, STOP-0655, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

I. Background

    In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the 
Department of Homeland Security (DHS) proposes to establish a new DHS 
system of records titled, ``DHS/ALL-037 E-Authentication Records System 
of Records.'' The collection and maintenance of information within this 
system of records assists DHS in enrolling, issuing, and maintaining 
credentials (e.g., online accounts) for individuals seeking electronic 
access to DHS programs, services, and applications, including when DHS 
uses a trusted third-party identity service provider for these 
activities. DHS may perform some or all credential management functions 
(e.g., identity proofing, manage authentication tokens, authenticate 
users) on its own, choose a single third-party to perform all 
functions, or use multiple providers for each discrete function. This 
system of records notice is agnostic as to how DHS applications or 
systems using electronic authentication wish to engage with third-
parties.
    DHS has many public-facing programs that provide online access to 
its services at various levels of assurance, as described in the Office 
of Management and Budget (OMB) E-Authentication Guidance for Federal 
Agencies (M-04-04). OMB defines four levels of assurance (LOA), Levels 
1 to 4, in terms of the consequences resultant from authentication 
errors or misuse of credentials. Level 1 is the lowest assurance level, 
and Level 4 is the highest. For example, an authentication error may 
occur if an individual gains access to sensitive information he or she 
is not entitled to access. Depending on the context and the sensitivity 
of the information accessed, the consequences of such an authentication 
error could pose significant harm to other individuals and/or to the 
affected agency. As the consequences of an authentication error become 
more serious, the required LOA increases.
    In order to facilitate access, information must be collected to 
authenticate an individual's identity at the requisite level of 
assurance for the purpose of obtaining a credential or electronically 
authorizing access to a DHS program or application. These programs and 
applications include: DHS's Homeland Security Information Network 
(HSIN), which is a trusted network for homeland security mission 
operations to share sensitive but unclassified information used by 
federal, state, local, tribal, territorial, international, and private 
sector homeland security partners to manage operations, analyze data, 
and send alerts and notices; the U.S. Citizenship and Immigration 
Services (USCIS) E-Verify Self Check, which is a free service that 
allows individuals to learn about their work authorization status 
information; and USCIS myE-Verify, which is a free service that allows 
individuals to create an account and exercise limited control about the 
use of their information in E-Verify Self Check. HSIN, E-Verify Self 
Check, and myE-Verify use trusted third-party identity service 
providers to perform credential management functions.
    Identity proofing is the process by which an identity service 
provider collects and verifies information (e.g., name, date of birth, 
Social Security number (SSN), address of residence) about a person for 
the purpose of issuing credentials to that person. Third-party identity 
service providers use a variety of verification techniques, including 
knowledge-based authentication, to generate a quiz containing questions 
that only the individual should be able to answer. When using the 
knowledge-based authentication process the third-party identity 
provider generates a quiz based on commercial identity verification 
information collected by the third-parties from financial institutions, 
public records, and other service providers. The information accessed 
by the third-parties includes information such as the individual's 
commercial transaction history, mortgage payments, addresses, or past 
addresses. DHS does not have access to the commercial identity 
verification information, the quiz questions asked of the individual, 
or the responses provided thereto; therefore this commercial 
information is not included in this system of records. Rather, DHS 
receives assertions (e.g., pass/fail) and assertion references (e.g., 
transaction ID, date/time of the transaction, and error codes) from the

[[Page 46859]]

identity service provider to facilitate troubleshooting and system 
management. DHS maintains attributes (e.g., clearances, location, 
biometrics, and group memberships) collected for identity proofing only 
when necessary for the DHS program to manage the credential.
    DHS may request verified attributes about an individual from the 
third-party depending on the program or application's requirements. For 
any attribute DHS requests from the third-party, DHS will ask the user 
if he or she wishes to share the requested information with DHS prior 
to gaining access to the DHS online system or application. The user can 
select to opt-in, meaning he or she will allow DHS access to his or her 
attribute information from the third-party in order for him or her to 
gain access to the DHS system. If the third-party cannot generate a 
quiz, or if the individual cannot answer the questions provided, the 
individual may not be able to access program or application.
    DHS may share attribute information with trusted third-party 
identity service providers under contract with DHS or certified by the 
Federal Identity Management Credential and Access Management (FICAM) 
initiative for the purpose of authenticating an individual seeking a 
credential with DHS. More information about FICAM is available at 
www.idmanagment.gov. Attributes provided to the relying party are 
limited to: (1) Making authorization decisions; (2) dynamically 
provisioning accounts; and (3) performing audit logging. The 
transaction may be included in the individual's credit record as a 
``soft inquiry'' that does not impact the individual's credit score 
when the identity service provider is a credit bureau or uses a credit 
bureau to conduct identity proofing. The ``soft inquiry'' is not 
viewable by third parties. DHS may also share attribute information 
with ``relying parties'' approved by the National Information Exchange 
Federation (NIEF) Trust Framework Provider who provide federated access 
to systems. More information about NIEF is available at https://nief.gfipm.net/.
    In accordance with the Privacy Act of 1974, DHS is giving notice 
that it proposes to issue a new DHS system of records notice titled, 
DHS/ALL-037 E-Authentication Records System of Records. In addition DHS 
proposes to consolidate the E-Verify Self Check System of Records (DHS/
USCIS-013) into this newly-established system of records. As a result 
of this consolidation, by this notice, DHS intends to remove DHS/USCIS-
013 from its inventory of systems of records. This newly established 
system will be included in DHS's inventory of record systems.

II. Privacy Act

    The Privacy Act embodies fair information principles in a statutory 
framework governing the means by which the federal government agencies 
collect, maintain, use, and disseminate individuals' records. The 
Privacy Act applies to information that is maintained in a ``system of 
records.'' A ``system of records'' is a group of any records under the 
control of an agency from which information is retrieved by the name of 
an individual or by some identifying number, symbol, or other 
identifying particular assigned to the individual. In the Privacy Act, 
an individual is defined to encompass United States citizens and lawful 
permanent residents. As a matter of policy, DHS extends administrative 
Privacy Act protections to all individuals when systems of records 
maintain information on U.S. citizens, lawful permanent residents, and 
visitors. Individuals may request access to their own records that are 
maintained in a system of records in the possession or under the 
control of DHS by complying with DHS Privacy Act regulations, 6 CFR 
part 5.
    The Privacy Act requires each agency to publish in the Federal 
Register a description denoting the type and character of each system 
of records that the agency maintains, and the routine uses that are 
contained in each system in order to make agency record keeping 
practices transparent, to notify individuals regarding the uses to 
which their records are put, and to assist individuals to more easily 
find such files within the agency. Below is the description of DHS/ALL-
037 E-Authentication Records System of Records.
    In accordance with 5 U.S.C. 552a(r), DHS has provided a report of 
this system of records to the Office of Management and Budget and to 
Congress.
System of Records:
    Department of Homeland Security (DHS)/ALL-037.

System name:
    DHS/ALL-037 E-Authentication Records System of Records.

Security classification:
    Sensitive but unclassified.

System location:
    Records are maintained at several Headquarters locations and in 
component offices of DHS, in both Washington, DC, and field locations 
or by a third-party identity service provider. Records related to 
identity proofing required for levels of assurance (LOA) 2 and above 
are also maintained by the third-party identity service provider in 
accordance with retention requirements identified in the National 
Institute of Standards and Technology (NIST) Special Publication 800-63 
Electronic Authentication Guideline for the applicable LOA.

Categories of individuals covered by the system:
    Categories of individuals in this system of records include members 
of the public, external stakeholders, and federal employees or 
contractors seeking electronic access to DHS programs and applications. 
This includes anyone attempting to authenticate his or her identity for 
the purpose of obtaining a credential to access a DHS program or 
application electronically, including when the program or application 
uses a third-party identity service provider to perform some or all 
credential management functions (e.g., prove identity, manage 
authentication tokens, authenticate users).

Categories of records in the system:
     Attributes DHS or a third-party identity service provider 
collects necessary to perform identity proofing at the required level 
of assurance. Attributes are only retained in this system of records if 
it is necessary for the program to manage the credential. Examples of 
attributes collected for identity proofing information include:
    [cir] Name (last, first, middle, and maiden);
    [cir] Date of birth;
    [cir] Place of birth;
    [cir] Financial or utility account number;
    [cir] Address of residence;
    [cir] Social Security number (SSN)--full or partial (may be 
optional depending on the application);
    [cir] Telephone number--(may be optional depending on the 
application); and
    [cir] Country of Citizenship.
     Assertions and assertion references from a third-party 
identity service provider such as:
    [cir] Transaction ID;
    [cir] Pass/fail indicator;
    [cir] Date/time of the transaction;
    [cir] Codes associated with the transaction;
     Information DHS or third-parties collect necessary to 
register, issue, and maintain the credential (e.g., to administer 
multi-factor authentication)

[[Page 46860]]

including verified attributes the identity service provider maintains 
or passes to DHS after a user successfully passes identity proofing 
such as:
    [cir] Name;
    [cir] Email addresses;
    [cir] User ID;
    [cir] Passwords;
    [cir] Phone numbers (primary, alternate, mobile, home, work, 
landline);
    [cir] Two-factor authentication preference (SMS text message, 
email, phone number for interactive voice response);
    [cir] Self-generated security questions and answers;
    [cir] Level of access;
     Credential registration information DHS collects manually 
that is necessary to perform manual identity verification in cases in 
which an individual cannot electronically prove his or her identity. 
Note that some identity proofing information (e.g., copies of 
government-issued photo identification) is retained in this system of 
records only if it is necessary for DHS to manage the credential.
     Other program-specific attribute information DHS or the 
identity service provider collects directly on behalf of DHS may 
include:
    [cir] Citizenship;
    [cir] Accepted Terms of Service (Y/N);
    [cir] Employment information such as job title, job role, 
organization;
    [cir] Business and affiliations;
    [cir] Faculty positions held;
    [cir] Home addresses;
    [cir] Business addresses;
    [cir] Justification/nomination for access to DHS computers, 
networks, or systems;
    [cir] Supervisor/nominator's name, job title, organization, phone 
numbers, email address;
    [cir] Verification of training requirements or other prerequisite 
requirements for access to DHS computers, networks, or systems;
    [cir] Government-issued identity document type and expiration date;
     Records on access to DHS computers, networks, online 
programs, and applications including user ID and passwords;
    [cir] Registration numbers or IDs associated with DHS Information 
Technology (IT) resources;
    [cir] Date and time of access;
    [cir] Logs of activity interacting with DHS IT resources;
    [cir] Internet Protocol (IP) address of access;
    [cir] Logs of internet activity; and
    [cir] Records on the authentication of the access request, names, 
phone numbers of other contacts, and positions or business/
organizational affiliations and titles of individuals who can verify 
that the individual seeking access has a need to access the system, as 
well as other contact information provided to the Department or that is 
derived from other sources to facilitate authorized access to DHS IT 
resources.

Authority for maintenance of the system:
    44 U.S.C. 3101; EO 9397 (SSN), as amended by EO 13487; 44 U.S.C. 
3534; Illegal Immigration Reform and Immigrant Responsibility Act of 
1996 (IIRIRA), Public Law (Pub. L.) 104-208, September 30, 1996, Note 
Section 404. Additional programmatic authorities may apply to 
maintenance of the credential.

Purpose(s):
    This system collects information in order to authenticate an 
individual's identity for the purpose of obtaining a credential to 
electronically access a DHS program or application. This system 
includes DHS programs or applications that use a third-party identity 
service provider to provide any of the following credential services: 
Registration, including identity proofing, issuance, authentication, 
authorization, and maintenance. This system collects information that 
allows DHS to track the use of programs and applications for system 
maintenance and troubleshooting. The system also enables DHS to allow 
an individual to reuse a credential received when applicable and 
available.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    In addition to those disclosures generally permitted under 5 U.S.C. 
Sec.  552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DHS as a 
routine use pursuant to 5 U.S.C. Sec.  552a(b)(3), as follows:
    A. To the Department of Justice (DOJ), including Offices of the 
U.S. Attorneys, or other federal agency conducting litigation or in 
proceedings before any court, adjudicative, or administrative body, 
when it is relevant or necessary to the litigation and one of the 
following is a party to the litigation or has an interest in such 
litigation:
    1. DHS or any component thereof;
    2. Any employee or former employee of DHS in his/her official 
capacity;
    3. Any employee or former employee of DHS in his/her individual 
capacity when DOJ or DHS has agreed to represent the employee; or
    4. The U.S. or any agency thereof.
    B. To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of the individual to whom the record pertains.
    C. To the National Archives and Records Administration (NARA) or 
General Services Administration pursuant to records management 
inspections being conducted under the authority of 44 U.S.C. 2904 and 
2906.
    D. To an agency or organization for the purpose of performing audit 
or oversight operations as authorized by law, but only such information 
as is necessary and relevant to such audit or oversight function.
    E. To appropriate agencies, entities, and persons when:
    1. DHS suspects or has confirmed that the security or 
confidentiality of information in the system of records has been 
compromised;
    2. DHS has determined that as a result of the suspected or 
confirmed compromise, there is a risk of identity theft or fraud, harm 
to economic or property interests, harm to an individual, or harm to 
the security or integrity of this system or other systems or programs 
(whether maintained by DHS or another agency or entity) that rely upon 
the compromised information; and
    3. The disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with DHS's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.
    F. To contractors and their agents, grantees, experts, consultants, 
and others performing or working on a contract, service, grant, 
cooperative agreement, or other assignment for DHS, when necessary to 
accomplish an agency function related to this system of records. 
Individuals provided information under this routine use, are subject to 
the same Privacy Act requirements and limitations on disclosure as are 
applicable to DHS officers and employees.
    G. To an appropriate federal, state, tribal, local, international, 
or foreign law enforcement agency or other appropriate authority 
charged with investigating or prosecuting a violation or enforcing or 
implementing a law, rule, regulation, or order, when a record, either 
on its face or in conjunction with other information, indicates a 
violation or potential violation of law, which includes criminal, 
civil, or regulatory violations and such disclosure is proper and 
consistent with the official duties of the person making the 
disclosure.
    H. To sponsors, employers, contractors, facility operators, 
grantees, experts, and consultants in connection

[[Page 46861]]

with establishing, maintaining, or managing an access account for an 
individual or maintaining appropriate points of contact.
    I. To relying parties approved by the National Information Exchange 
Federation (NIEF) Trust Framework Provider for the purpose of providing 
federated access to systems when the user has been provided with 
appropriate notice and the opportunity to consent. Attributes provided 
to the relying party are limited to: (1) making authorization 
decisions; (2) dynamically provisioning accounts; and (3) performing 
audit logging.
    J. To international, federal, state and local, tribal, private and/
or corporate entities for the purpose of the regular exchange of 
business contact information in order to facilitate collaboration for 
official business.
    K. To a trusted third-party identity service provider under 
contract with DHS or certified by the Federal Identity Management 
Credential and Access Management initiative for the purpose of 
authenticating an individual seeking a credential with DHS. The 
information may be included in the individual's credit record as a 
``soft inquiry'' that does not impact the individual's credit score 
when the identity service provider is a credit bureau or uses a credit 
bureau to conduct identity proofing. The ``soft inquiry'' is not 
viewable by third parties.
    L. To the news media and the public, with the approval of the Chief 
Privacy Officer in consultation with counsel, when there exists a 
legitimate public interest in the disclosure of the information, when 
disclosure is necessary to preserve confidence in the integrity of DHS, 
or when disclosure is necessary to demonstrate the accountability of 
DHS's officers, employees, or individuals covered by the system, except 
to the extent the Chief Privacy Officer determines that release of the 
specific information in the context of a particular case would 
constitute an unwarranted invasion of personal privacy.

Disclosure to consumer reporting agencies:
    None.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    Records in this system are on paper or in digital or other 
electronic form. Digital and other electronic images are stored on a 
storage area network in a secured environment. Records, whether paper 
or electronic, are stored at the DHS Headquarters, at the component 
level, or at the third-party identity service provider's physical or 
cloud location.

Retrievability:
    Information is retrieved, sorted, or searched by an identification 
number assigned by computer, by SSN (if maintained by the program), by 
facility, by business affiliation, by email address, or by the name of 
the individual, or other data fields previously identified in this 
SORN. Note that when DHS uses a third-party identity service provider 
for identity proofing, data elements collected by the third party on 
DHS's behalf are not retained by DHS unless specifically required by 
the program or application.

Safeguards:
    Information in this system is safeguarded in accordance with 
applicable laws, rules and policies, including the DHS IT Security 
Program Handbook and DHS Information Security Program Policy and 
Handbook. DHS uses trusted identity service providers including those 
certified through the Trust Framework Adoption Process by Federal 
Identity Credential and Access Management (FICAM). The DHS/ALL-037 E-
Authentication Records system of records security protocols also meet 
multiple NIST Security Standards from Authentication to Certification 
and Accreditation.
    Records in the DHS/ALL-037 E-Authentication Records system of 
records will be maintained in a secure, password-protected, electronic 
system that uses security hardware and software including: Multiple 
firewalls, active intruder detection, and role-based access controls. 
Additional safeguards vary by component and program. All records are 
protected from unauthorized access through appropriate administrative, 
physical, and technical safeguards. These safeguards include 
restricting access to authorized personnel who have a ``need to know,'' 
using locks and password protection identification features. Classified 
information is appropriately stored in accordance with applicable 
requirements. DHS file areas are locked after normal duty hours and the 
facilities are protected from the outside by security personnel.

Retention and disposal:
    Records are securely retained and disposed of in accordance with 
the NARA's General Records Schedule (GRS) 24, section 6, ``User 
Identification, Profiles, Authorizations, and Password Files.'' 
Inactive records are destroyed or deleted six years after the user 
account is terminated or password is altered, or when no longer needed 
for investigative or security purposes, whichever is later.
    In addition, in accordance with NIST SP-800-63-2, a record of the 
registration, history, and status of each token and credential 
(including revocation) is maintained by the credential service provider 
(CSP) or its representative. The record retention period of data for 
Level 2 and 3 credentials is seven years and six months beyond the 
expiration or revocation (whichever is later). The minimum record 
retention period for Level 4 credential data is ten years and six 
months beyond the expiration or revocations of the credential.

System Manager and address:
    The System Manager is the Chief Information Officer (CIO), 
Department of Homeland Security, Washington, DC 20528.

Notification procedure:
    Individuals seeking notification of and access to any record 
contained in this system of records, or seeking to contest its content, 
may submit a request in writing to the Headquarters or component's FOIA 
Officer, whose contact information can be found at http://www.dhs.gov/foia under ``contacts.'' If an individual believes more than one 
component maintains Privacy Act records concerning him or her, the 
individual may submit the request to the Chief Privacy Officer and 
Chief Freedom of Information Act Officer, Privacy Office, Department of 
Homeland Security, 245 Murray Drive SW., Building 410, STOP-0655, 
Washington, DC 20528.
    When seeking records about yourself from this system of records or 
any other Departmental system of records, your request must conform 
with the Privacy Act regulations set forth in 6 CFR Part 5. You must 
first verify your identity, meaning that you must provide your full 
name, current address and date and place of birth. You must sign your 
request, and your signature must either be notarized or submitted under 
28 U.S.C. 1746, a law that permits statements to be made under penalty 
of perjury as a substitute for notarization. While no specific form is 
required, you may obtain forms for this purpose from the Chief Privacy 
Officer and Chief Freedom of Information Act Officer, http://www.dhs.gov or 1-866-431-0486. In addition you should:
     Explain why you believe the Department would have 
information on you;

[[Page 46862]]

     Identify which component(s) of the Department you believe 
may have the information about you;
     Specify when you believe the records would have been 
created; and
     Provide any other information that will help the FOIA 
staff determine which DHS component agency may have responsive records.
    If your request is seeking records pertaining to another living 
individual, you must include a statement from that individual 
certifying his/her agreement for you to access his/her records.
    Without the above information the component(s) may not be able to 
conduct an effective search, and your request may be denied due to lack 
of specificity or lack of compliance with applicable regulations.

Record access procedures:
    See ``Notification procedure'' above.

Contesting record procedures:
    See ``Notification procedure'' above.

Record source categories:
    Information contained in this system is obtained from affected 
individuals, organizations, facilities, trusted third-party identity 
service providers (which may use commercial identity verification 
information not accessed or maintained by DHS to perform knowledge-
based authentication), public source data, other government agencies, 
or information already in other DHS records systems.

Exemptions claimed for the system:
    None.

    Dated: July 31, 2014.
Karen L. Neuman,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2014-18703 Filed 8-8-14; 8:45 am]
BILLING CODE 9110-9B-P