Public Workshop; Proof Positive: New Directions for ID Authentication, 8381-8383 [E7-3238]

Download as PDF Federal Register / Vol. 72, No. 37 / Monday, February 26, 2007 / Notices The Agency reviewed the status of the land in light of the comments it received, the existing case law, and a November 3, 2006 opinion from the United States Department of the Interior (DOI) Solicitor, who has special expertise on Indian country questions. EPA also consulted with the Navajo Nation pursuant to its federal trustee relationship. On February 6, 2007, EPA issued its final determination concluding that the Section 8 land is part of a dependent Indian community under 18 U.S.C. 1151(b) and, thus, ‘‘Indian country.’’ EPA is therefore the appropriate agency to consider underground injection control permit applications under the Safe Drinking Water Act (SDWA) for that land. For a copy of the Determination and other supporting material, go to http://www.epa.gov/ region09/water/groundwater/permitdetermination.html. Dated: February 15, 2007. Laura Yoshii, Acting Regional Administrator, Region IX. [FR Doc. E7–3203 Filed 2–23–07; 8:45 am] BILLING CODE 6560–50–P EQUAL EMPLOYMENT OPPORTUNITY COMMISSION Sunshine Act Meeting Equal Employment Opportunity Commission. DATE AND TIME: Monday, March 5, 2007, 10 a.m. Eastern Time. PLACE: Clarence M. Mitchell, Jr. Conference Room on the Ninth Floor of the EEOC Office Building, 1801 ‘‘L’’ Street, NW., Washington, DC 20507. STATUS: The meeting will be closed to the public. MATTERS TO BE CONSIDERED: CLOSED SESSION: Litigation Recommendation: General Counsel Recommendation. AGENCY HOLDING THE MEETING: ycherry on PROD1PC64 with NOTICES Note: In accordance with the Sunshine Act, the meeting will be open to public observation of the Commission’s deliberations and voting. (In addition to publishing notices on EEOC Commission meetings in the Federal Register, the Commission also provides a recorded announcement a full week in advance on future Commission sessions.) Please telephone (202) 663–7100 (voice) and (202) 663–4074 (TTY) at any time for information on these meetings. The EEOC provides sign language interpretation at Commission meetings for the hearing impaired. Requests for other reasonable accommodations may VerDate Aug<31>2005 16:03 Feb 23, 2007 Jkt 211001 be made by using the voice and TTY numbers listed above. Contact Person for More Information: Stephen Llewellyn, Acting Executive Officer, on (202) 663–4070. Dated: February 22, 2007. Stephen Llewellyn, Acting Executive Officer, Executive Secretariat. [FR Doc. 07–884 Filed 2–22–07; 1:30 pm] 8381 Management and Administrative Matters. PERSON TO CONTACT FOR INFORMATION: Mr. Robert Biersack, Press Officer, Telephone: (202) 694–1220. Mary W. Dove, Secretary of the Commission. [FR Doc. 07–888 Filed 2–22–07; 2:26 pm] BILLING CODE 6715–01–M BILLING CODE 6570–06–M FEDERAL TRADE COMMISSION FEDERAL DEPOSIT INSURANCE CORPORATION Public Workshop; Proof Positive: New Directions for ID Authentication Notice of Agency Meeting; Sunshine Act AGENCY: Pursuant to the provisions of the ‘‘Government in the Sunshine Act’’ (5 U.S.C. 552b), notice is hereby given that at 10 a.m. on Thursday, March 1, 2007, the Federal Deposit Insurance Corporation’s Board of Directors will meet in closed session, pursuant to section 552b(c)(2), (C)(6), (c)(8), and (9)(A)(ii), Title 5, United States Code, to consider matters relating to the Corporation’s supervisory and corporate activities. The meeting will be held in the Board Room on the sixth floor of the FDIC Building located at 550 17th Street, NW., Washington, DC. Requests for further information concerning the meeting may be directed to Mr. Robert E. Feldman, Executive Secretary of the Corporation, at (202) 898–7122. ACTION: Federal Trade Commission (FTC). Notice announcing a two-day public workshop and requesting public comment and participation. SUMMARY: The FTC and other participating agencies are planning to host a two-day public workshop to explore the role of authentication processes in preventing identity theft. The workshop will provide a forum for discussion among public sector, private sector, and consumer representatives about better ways to authenticate the identities of individuals. DATES: Workshop, Proof Positive: New Directions for ID Authentication, will be held on April 23, 2007 from 8:30 a.m. to 5 p.m. and April 24, 2007, from 8:30 a.m. to 12:30 p.m., in the Federal Trade Commission’s Satellite Building Conference Center located at 601 New Jersey Avenue, NW., Washington, DC. Dated: February 22, 2007. The events are open to the public and Federal Deposit Insurance Corporation. attendance is free of charge. There will Robert E. Feldman, be no pre-registration. Executive Secretary. Participants: As discussed below, [FR Doc. 07–881 Filed 2–22–07; 12:53 pm] written requests to participate as a BILLING CODE 6714–01–M panelist in the workshop must be filed on or before March 9, 2007. Persons filing requests to participate as a FEDERAL ELECTION COMMISSION panelist will be notified on or before March 23, 2007, if they have been Sunshine Act Meetings Notice selected to participate. DATE AND TIME: Thursday, March 1, Comments: Whether or not selected to 2007, at 10 a.m. participate, persons may submit written PLACE: 999 E Street, NW., Washington, comments on the issues and topics set DC (Ninth Floor). out below. Such comments must be STATUS: This meeting will be open to the filed on or before March 23, 2007. public. ADDRESSES: Interested parties are ITEMS TO BE DISCUSSED: Correction and invited to submit requests to participate Approval of Minutes. and comments in accordance with the Advisory Opinion 2007–03: Senator following instructions: Barack Obama and the Obama Requests To Participate as Panelist in Exploratory Committee by counsel, Robert F. Bauer and Rebecca Gordon, of Workshop: Perkins Coie LLP. Statement of Policy Parties seeking to participate as Regarding Commission Action in panelists in the workshop must notify Matters at the Initial Stage in the the FTC in writing of their interest in Enforcement Process. participating on or before March 9, PO 00000 Frm 00045 Fmt 4703 Sfmt 4703 E:\FR\FM\26FEN1.SGM 26FEN1 8382 Federal Register / Vol. 72, No. 37 / Monday, February 26, 2007 / Notices there also will be time during the workshop to ask questions. ycherry on PROD1PC64 with NOTICES 2007. Requests to participate as a panelist should be captioned ‘‘ID Workshop—Request to Participate, P075402’’ and may be submitted by any of the following methods. However, if the request contains any material for which confidential treatment is requested, it must be filed in paper form, and the first page of the document must be clearly labeled ‘‘Confidential.’’ 1 • E-mail: Requests to participate can be submitted electronically to: idmworkshop@ftc.gov. • Mail or Hand Delivery: A request to participate filed in paper form should include ‘‘ID Workshop, P075402,’’ both in the text and on the envelope and should be mailed or delivered to the following address: Federal Trade Commission/Office of the Secretary, Room H–135 (Annex N), 600 Pennsylvania Avenue, NW., Washington, DC 20580. Because paper mail in the Washington area and at the Commission is subject to delay, please consider submitting your request by email, as prescribed above. The FTC is requesting that any request filed in paper form be sent by courier or overnight service, if possible. Parties should include in their requests a statement setting forth their expertise in or knowledge of the issues on which the workshop will focus and their contact information, including a telephone number, facsimile number, and e-mail address (if available), to enable the FTC to notify them if they are selected. FTC staff will select a limited number of panelists to participate in the workshop, using the following criteria. 1. The party has expertise in or knowledge of the issues that are the focus of the workshop; 2. The party’s participation would promote a balance of interests being represented at the workshop; and 3. The party has been designated by one or more interested parties (who timely file requests to participate) as a party who shares group interests with the designator(s). The FTC will notify panelists on or before March 23, 2007, as to whether they have been selected. The number of parties selected will not be so large as to inhibit effective discussion among them. For those not serving as panelists, Comments The FTC requests that interested parties submit written comments on the issues raised below. Studies, surveys, research, and empirical data are especially useful. Comments should be captioned ‘‘ID Workshop—Comment, P075402’’ and must be filed on or before March 23, 2007. If the comment contains any material for which confidential treatment is requested, it must be filed in paper form, and the first page of the document must be clearly labeled ‘‘Confidential.’’ 2 Otherwise, comments may be submitted by any of the following methods. • Electronic Filing: Comments filed in electronic form should be submitted by clicking on the following Web link: https://secure.commentworks.com/ftcidmworkshop and following the instructions on the Web-based form. To ensure that the Commission considers an electronic comment, you must file it on the Web-based form at https:// secure.commentworks.com/ftcidmworkshop. • Mail or Hand Delivery: A comment filed in paper form should include ‘‘ID Workshop, P075402,’’ both in the text and on the envelope and should be mailed or delivered to the following address: Federal Trade Commission/ Office of the Secretary, Room H–135 (Annex N), 600 Pennsylvania Avenue, NW., Washington, DC 20580. Because paper mail in the Washington area and at the Commission is subject to delay, please consider submitting your comments in electronic form, as prescribed above. The FTC is requesting that any comment filed in paper form be sent by courier or overnight service, if possible. The FTC Act and other laws the Commission administers permit the collection of public comments to consider and use in this proceeding as appropriate. All timely and responsive public comments, whether filed in paper or electronic form, will be considered by the Commission and will be available to the public on the FTC Web site, to the extent practicable, at http://www.ftc.gov/os/ publiccomments.htm. As a matter of discretion, the FTC makes every effort to 1 Commission Rule 4.2(d), 16 CFR 4.2(d). The comment must be accompanied by an explicit request for confidential treatment, including the factual and legal basis for the request, and must identify the specific portions of the comment to be withheld from the public record. The request will be granted or denied by the Commission’s General Counsel, consistent with applicable law and the public interest. See Commission Rule 4.9(c), 16 CFR 4.9(c). 2 Commission Rule 4.2(d), 16 CFR 4.2(d). The comment must be accompanied by an explicit request for confidential treatment, including the factual and legal basis for the request, and must identify the specific portions of the comment to be withheld from the public record. The request will be granted or denied by the Commission’s General Counsel, consistent with applicable law and the public interest. See Commission Rule 4.9(c), 16 CFR 4.9(c). VerDate Aug<31>2005 16:03 Feb 23, 2007 Jkt 211001 PO 00000 Frm 00046 Fmt 4703 Sfmt 4703 remove home contact information for individuals from the public comments it receives before placing those comments on the FTC Web site. More information, including routine uses permitted by the Privacy Act, may be found in the FTC’s privacy policy, at http://www.ftc.gov/ ftc/privacy.htm. FOR FURTHER INFORMATION CONTACT: Stacey Brandenburg, Joanna Crane, or Naomi Lefkovitz at (202)–326–2252. SUPPLEMENTARY INFORMATION: Background and Proposed Agenda Identity theft takes many forms and is committed for various purposes, including financial gain, avoidance of criminal penalties, and facilitating criminal activity (e.g., opening new credit accounts or draining bank accounts, evading criminal arrest warrants, and facilitating terrorist activities). But in its most basic form, it is a crime of deception relying on the unauthorized use of identifying information or credentials of another individual. At present, many transactions that depend on correct identification are conducted either remotely, or if in person, between individuals who are strangers. Because such transactions necessarily rely on an individual’s use of identifying information or credentials in order to prove his or her identity, there is a potential risk of identity theft. Thus, the ability to determine when an individual is not who he or she purports to be is an important key to preventing identity theft. The Identity Theft Task Force (‘‘Task Force’’) was established by Executive Order of the President on May 10, 2006. The Order directed the Task Force to deliver a strategic plan to the President on the Federal Government’s response to identity theft. The Task Force, which is chaired by the Attorney General and co-chaired by the Chairman of the FTC, delivered an interim set of recommendations on September 19, 2006 that included the recommendation to hold a workshop focused on promoting improved means of authenticating the identities of individuals.3 To implement the Task Force’s recommendation and to begin greater study of this area, the FTC and other Task Force agencies 4 will hold a workshop to explore the means by 3 President’s Identity Theft Task Force Summary of Interim Recommendations (2006), available at http://www.ftc.gov/opa/2006/09/idtheft.htm. 4 For a list of the agencies comprising the Task Force, see Executive Order: Strengthening Federal Efforts to Protect Against Identity Theft (2006), available at http://www.whitehouse.gov/news/ releases/2006/05/20060510–3.html. E:\FR\FM\26FEN1.SGM 26FEN1 Federal Register / Vol. 72, No. 37 / Monday, February 26, 2007 / Notices which identity theft can be prevented through better authentication of individuals.5 The workshop will facilitate a discussion among public sector, private sector, and consumer representatives and will focus on technological and policy requirements for developing better authentication processes, including the incorporation of privacy standards and consideration of consumer usability. To help in planning for the workshop, the FTC invites comments on ways to improve authentication processes in order to reduce the incidence of identity theft, including but not limited to, comments on the issues and topics set out below: ycherry on PROD1PC64 with NOTICES 1. Establishing Identity—Understanding Verification Processes • In what ways can identities be established? How can individuals prove their identities when establishing them in the first instance? • Please comment on the strengths and weaknesses of relying on traditional identification documentation or credentials such as birth certificates, Social Security cards, driver’s licenses, and passports. • Please comment on the strengths and weaknesses of new or emerging tools for establishing individuals’ identities. Examples may include consumer information databases, which can be used to confirm whether a name and other personal information (e.g., Social Security number) belong together, and fraud detection software, which can be used to identify anomalous patterns or behaviors that may signal use of a false identity. • What roles should the public sector or the private sector have in establishing identification credentials? Within the public sector, what roles should different levels of government (i.e., federal, state, local) have in establishing identification credentials? 5 The term ‘‘authentication’’ generally means the process of ensuring that an individual is who she or he claims to be. However, this process is more easily understood as comprising two distinct steps. The first step is the identification of an individual at the onset of the relationship between the individual and the verifying entity (e.g., an individual’s identity will be verified when he or she applies for a passport or opens a financial account). The second step is the reaffirmation that the individual is the same individual whose identity was initially verified (e.g., the individual’s passport is checked when he or she travels in or out of the country or the individual provides a password or other credentials to the financial institution when accessing an existing account). Although different terms can be applied to these steps, the first step is often labeled verification and the second step, particularly with respect to online environments, is often labeled authentication. For greater clarity, these distinctions are used in the invitation for comment section set forth herein. VerDate Aug<31>2005 16:03 Feb 23, 2007 Jkt 211001 2. Confirming the Established Identity— Current or Emerging Use of Authentication Technologies or Methods • What are some current or emerging authentication technologies or methods (e.g., biometrics, public key infrastructure, knowledge-based authentication) for confirming established identities? Describe the contexts in which they may be used and their strengths and weaknesses. • Please comment on the concept of multifactor authentication and how it is being or should be applied. • To what extent are consumer information databases being used to authenticate individuals? One example of such use is to support knowledgebased authentication tools, which generate questions the answers to which only the consumer would know. • To what extent do current or emerging authentication technologies or methods incorporate or rely on readily available identification information, such as Social Security numbers? How might such reliance affect the risk of identity theft? • To what extent do these technologies or methods meet consumer needs, such as ease of use? To what extent do these technologies or methods raise privacy concerns, including concerns about the tracking and profiling of an individual’s movements or transactions by the public or private sector? 3. Comparing Verification and Authentication Systems • What are some of the different models for verification and authentication systems? Please comment on their strengths and weaknesses. For example, what are the relative merits of a centralized identification system where a single or a limited number of organizations identify all individuals and issue credentials that other entities can rely upon versus a decentralized identification system where each organization develops its own procedures and separately verifies and authenticates the individuals with which it is involved? • In considering the relative merits of different systems, please comment on: Æ Consumer acceptance and to what degree consumer education may facilitate such acceptance; and Æ Any privacy concerns including issues raised with respect to data collection, use, and storage. • In addition to reducing identity theft, how might better systems or processes for proving claims of identity PO 00000 Frm 00047 Fmt 4703 Sfmt 4703 8383 generate other consumer benefits (e.g., providing access to various commercial or government services)? • How are other countries addressing verification and authentication issues, particularly as the issues relate to identity theft? What lessons can be learned? 4. Upcoming Challenges in Authentication • As technologies converge to allow consumers to conduct financial or other sensitive transactions in new ways, how can appropriate authentication processes or technologies be incorporated to ensure that consumers receive the intended benefits of these advances without exposing them to new vulnerabilities? By direction of the Commission. Donald S. Clark, Secretary. [FR Doc. E7–3238 Filed 2–23–07; 8:45 am] BILLING CODE 6750–01–P DEPARTMENT OF HEALTH AND HUMAN SERVICES Office of the Secretary [Document Identifier: OS–0990–0000] [60day notice] Agency Information Collection Activities: Proposed Collection; Comment Request Office of the Secretary, HHS. In compliance with the requirement of section 3506(c)(2)(A) of the Paperwork Reduction Act of 1995, the Office of the Secretary (OS), Department of Health and Human Services, is publishing the following summary of a proposed collection for public comment. Interested persons are invited to send comments regarding this burden estimate or any other aspect of this collection of information, including any of the following subjects: (1) The necessity and utility of the proposed information collection for the proper performance of the agency’s functions; (2) the accuracy of the estimated burden; (3) ways to enhance the quality, utility, and clarity of the information to be collected; and (4) the use of automated collection techniques or other forms of information technology to minimize the information collection burden. Type of Information Collection Request: New collection. Title of Information Collection: Understanding Barriers and Successful Strategies for Faith-Based Organizations in Accessing Grants. AGENCY: E:\FR\FM\26FEN1.SGM 26FEN1

Agencies

[Federal Register Volume 72, Number 37 (Monday, February 26, 2007)]
[Notices]
[Pages 8381-8383]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E7-3238]


=======================================================================
-----------------------------------------------------------------------

FEDERAL TRADE COMMISSION


Public Workshop; Proof Positive: New Directions for ID 
Authentication

AGENCY: Federal Trade Commission (FTC).

ACTION: Notice announcing a two-day public workshop and requesting 
public comment and participation.

-----------------------------------------------------------------------

SUMMARY: The FTC and other participating agencies are planning to host 
a two-day public workshop to explore the role of authentication 
processes in preventing identity theft. The workshop will provide a 
forum for discussion among public sector, private sector, and consumer 
representatives about better ways to authenticate the identities of 
individuals.

DATES: Workshop, Proof Positive: New Directions for ID Authentication, 
will be held on April 23, 2007 from 8:30 a.m. to 5 p.m. and April 24, 
2007, from 8:30 a.m. to 12:30 p.m., in the Federal Trade Commission's 
Satellite Building Conference Center located at 601 New Jersey Avenue, 
NW., Washington, DC. The events are open to the public and attendance 
is free of charge. There will be no pre-registration.
    Participants: As discussed below, written requests to participate 
as a panelist in the workshop must be filed on or before March 9, 2007. 
Persons filing requests to participate as a panelist will be notified 
on or before March 23, 2007, if they have been selected to participate.
    Comments: Whether or not selected to participate, persons may 
submit written comments on the issues and topics set out below. Such 
comments must be filed on or before March 23, 2007.

ADDRESSES: Interested parties are invited to submit requests to 
participate and comments in accordance with the following instructions:

Requests To Participate as Panelist in Workshop:

    Parties seeking to participate as panelists in the workshop must 
notify the FTC in writing of their interest in participating on or 
before March 9,

[[Page 8382]]

2007. Requests to participate as a panelist should be captioned ``ID 
Workshop--Request to Participate, P075402'' and may be submitted by any 
of the following methods. However, if the request contains any material 
for which confidential treatment is requested, it must be filed in 
paper form, and the first page of the document must be clearly labeled 
``Confidential.'' \1\
---------------------------------------------------------------------------

    \1\ Commission Rule 4.2(d), 16 CFR 4.2(d). The comment must be 
accompanied by an explicit request for confidential treatment, 
including the factual and legal basis for the request, and must 
identify the specific portions of the comment to be withheld from 
the public record. The request will be granted or denied by the 
Commission's General Counsel, consistent with applicable law and the 
public interest. See Commission Rule 4.9(c), 16 CFR 4.9(c).
---------------------------------------------------------------------------

     E-mail: Requests to participate can be submitted 
electronically to: idmworkshop@ftc.gov.
     Mail or Hand Delivery: A request to participate filed in 
paper form should include ``ID Workshop, P075402,'' both in the text 
and on the envelope and should be mailed or delivered to the following 
address: Federal Trade Commission/Office of the Secretary, Room H-135 
(Annex N), 600 Pennsylvania Avenue, NW., Washington, DC 20580. Because 
paper mail in the Washington area and at the Commission is subject to 
delay, please consider submitting your request by e-mail, as prescribed 
above. The FTC is requesting that any request filed in paper form be 
sent by courier or overnight service, if possible.
    Parties should include in their requests a statement setting forth 
their expertise in or knowledge of the issues on which the workshop 
will focus and their contact information, including a telephone number, 
facsimile number, and e-mail address (if available), to enable the FTC 
to notify them if they are selected.
    FTC staff will select a limited number of panelists to participate 
in the workshop, using the following criteria.
    1. The party has expertise in or knowledge of the issues that are 
the focus of the workshop;
    2. The party's participation would promote a balance of interests 
being represented at the workshop; and
    3. The party has been designated by one or more interested parties 
(who timely file requests to participate) as a party who shares group 
interests with the designator(s).
    The FTC will notify panelists on or before March 23, 2007, as to 
whether they have been selected. The number of parties selected will 
not be so large as to inhibit effective discussion among them. For 
those not serving as panelists, there also will be time during the 
workshop to ask questions.

Comments

    The FTC requests that interested parties submit written comments on 
the issues raised below. Studies, surveys, research, and empirical data 
are especially useful. Comments should be captioned ``ID Workshop--
Comment, P075402'' and must be filed on or before March 23, 2007. If 
the comment contains any material for which confidential treatment is 
requested, it must be filed in paper form, and the first page of the 
document must be clearly labeled ``Confidential.'' \2\ Otherwise, 
comments may be submitted by any of the following methods.
---------------------------------------------------------------------------

    \2\ Commission Rule 4.2(d), 16 CFR 4.2(d). The comment must be 
accompanied by an explicit request for confidential treatment, 
including the factual and legal basis for the request, and must 
identify the specific portions of the comment to be withheld from 
the public record. The request will be granted or denied by the 
Commission's General Counsel, consistent with applicable law and the 
public interest. See Commission Rule 4.9(c), 16 CFR 4.9(c).
---------------------------------------------------------------------------

     Electronic Filing: Comments filed in electronic form 
should be submitted by clicking on the following Web link: https://
secure.commentworks.com/ftc-idmworkshop and following the instructions 
on the Web-based form. To ensure that the Commission considers an 
electronic comment, you must file it on the Web-based form at https://
secure.commentworks.com/ftc-idmworkshop.
     Mail or Hand Delivery: A comment filed in paper form 
should include ``ID Workshop, P075402,'' both in the text and on the 
envelope and should be mailed or delivered to the following address: 
Federal Trade Commission/Office of the Secretary, Room H-135 (Annex N), 
600 Pennsylvania Avenue, NW., Washington, DC 20580. Because paper mail 
in the Washington area and at the Commission is subject to delay, 
please consider submitting your comments in electronic form, as 
prescribed above. The FTC is requesting that any comment filed in paper 
form be sent by courier or overnight service, if possible.
    The FTC Act and other laws the Commission administers permit the 
collection of public comments to consider and use in this proceeding as 
appropriate. All timely and responsive public comments, whether filed 
in paper or electronic form, will be considered by the Commission and 
will be available to the public on the FTC Web site, to the extent 
practicable, at http://www.ftc.gov/os/publiccomments.htm. As a matter 
of discretion, the FTC makes every effort to remove home contact 
information for individuals from the public comments it receives before 
placing those comments on the FTC Web site. More information, including 
routine uses permitted by the Privacy Act, may be found in the FTC's 
privacy policy, at http://www.ftc.gov/ftc/privacy.htm.

FOR FURTHER INFORMATION CONTACT: Stacey Brandenburg, Joanna Crane, or 
Naomi Lefkovitz at (202)-326-2252.

SUPPLEMENTARY INFORMATION:

Background and Proposed Agenda

    Identity theft takes many forms and is committed for various 
purposes, including financial gain, avoidance of criminal penalties, 
and facilitating criminal activity (e.g., opening new credit accounts 
or draining bank accounts, evading criminal arrest warrants, and 
facilitating terrorist activities). But in its most basic form, it is a 
crime of deception relying on the unauthorized use of identifying 
information or credentials of another individual. At present, many 
transactions that depend on correct identification are conducted either 
remotely, or if in person, between individuals who are strangers. 
Because such transactions necessarily rely on an individual's use of 
identifying information or credentials in order to prove his or her 
identity, there is a potential risk of identity theft. Thus, the 
ability to determine when an individual is not who he or she purports 
to be is an important key to preventing identity theft.
    The Identity Theft Task Force (``Task Force'') was established by 
Executive Order of the President on May 10, 2006. The Order directed 
the Task Force to deliver a strategic plan to the President on the 
Federal Government's response to identity theft. The Task Force, which 
is chaired by the Attorney General and co-chaired by the Chairman of 
the FTC, delivered an interim set of recommendations on September 19, 
2006 that included the recommendation to hold a workshop focused on 
promoting improved means of authenticating the identities of 
individuals.\3\
---------------------------------------------------------------------------

    \3\ President's Identity Theft Task Force Summary of Interim 
Recommendations (2006), available at http://www.ftc.gov/opa/2006/09/
idtheft.htm.
---------------------------------------------------------------------------

    To implement the Task Force's recommendation and to begin greater 
study of this area, the FTC and other Task Force agencies \4\ will hold 
a workshop to explore the means by

[[Page 8383]]

which identity theft can be prevented through better authentication of 
individuals.\5\ The workshop will facilitate a discussion among public 
sector, private sector, and consumer representatives and will focus on 
technological and policy requirements for developing better 
authentication processes, including the incorporation of privacy 
standards and consideration of consumer usability.
---------------------------------------------------------------------------

    \4\ For a list of the agencies comprising the Task Force, see 
Executive Order: Strengthening Federal Efforts to Protect Against 
Identity Theft (2006), available at http://www.whitehouse.gov/news/
releases/2006/05/20060510-3.html.
    \5\ The term ``authentication'' generally means the process of 
ensuring that an individual is who she or he claims to be. However, 
this process is more easily understood as comprising two distinct 
steps. The first step is the identification of an individual at the 
onset of the relationship between the individual and the verifying 
entity (e.g., an individual's identity will be verified when he or 
she applies for a passport or opens a financial account). The second 
step is the reaffirmation that the individual is the same individual 
whose identity was initially verified (e.g., the individual's 
passport is checked when he or she travels in or out of the country 
or the individual provides a password or other credentials to the 
financial institution when accessing an existing account). Although 
different terms can be applied to these steps, the first step is 
often labeled verification and the second step, particularly with 
respect to online environments, is often labeled authentication. For 
greater clarity, these distinctions are used in the invitation for 
comment section set forth herein.
---------------------------------------------------------------------------

    To help in planning for the workshop, the FTC invites comments on 
ways to improve authentication processes in order to reduce the 
incidence of identity theft, including but not limited to, comments on 
the issues and topics set out below:

1. Establishing Identity--Understanding Verification Processes

     In what ways can identities be established? How can 
individuals prove their identities when establishing them in the first 
instance?
     Please comment on the strengths and weaknesses of relying 
on traditional identification documentation or credentials such as 
birth certificates, Social Security cards, driver's licenses, and 
passports.
     Please comment on the strengths and weaknesses of new or 
emerging tools for establishing individuals' identities. Examples may 
include consumer information databases, which can be used to confirm 
whether a name and other personal information (e.g., Social Security 
number) belong together, and fraud detection software, which can be 
used to identify anomalous patterns or behaviors that may signal use of 
a false identity.
     What roles should the public sector or the private sector 
have in establishing identification credentials? Within the public 
sector, what roles should different levels of government (i.e., 
federal, state, local) have in establishing identification credentials?

2. Confirming the Established Identity--Current or Emerging Use of 
Authentication Technologies or Methods

     What are some current or emerging authentication 
technologies or methods (e.g., biometrics, public key infrastructure, 
knowledge-based authentication) for confirming established identities? 
Describe the contexts in which they may be used and their strengths and 
weaknesses.
     Please comment on the concept of multifactor 
authentication and how it is being or should be applied.
     To what extent are consumer information databases being 
used to authenticate individuals? One example of such use is to support 
knowledge-based authentication tools, which generate questions the 
answers to which only the consumer would know.
     To what extent do current or emerging authentication 
technologies or methods incorporate or rely on readily available 
identification information, such as Social Security numbers? How might 
such reliance affect the risk of identity theft?
     To what extent do these technologies or methods meet 
consumer needs, such as ease of use? To what extent do these 
technologies or methods raise privacy concerns, including concerns 
about the tracking and profiling of an individual's movements or 
transactions by the public or private sector?

3. Comparing Verification and Authentication Systems

     What are some of the different models for verification and 
authentication systems? Please comment on their strengths and 
weaknesses. For example, what are the relative merits of a centralized 
identification system where a single or a limited number of 
organizations identify all individuals and issue credentials that other 
entities can rely upon versus a decentralized identification system 
where each organization develops its own procedures and separately 
verifies and authenticates the individuals with which it is involved?
     In considering the relative merits of different systems, 
please comment on:
    [cir] Consumer acceptance and to what degree consumer education may 
facilitate such acceptance; and
    [cir] Any privacy concerns including issues raised with respect to 
data collection, use, and storage.
     In addition to reducing identity theft, how might better 
systems or processes for proving claims of identity generate other 
consumer benefits (e.g., providing access to various commercial or 
government services)?
     How are other countries addressing verification and 
authentication issues, particularly as the issues relate to identity 
theft? What lessons can be learned?

4. Upcoming Challenges in Authentication

     As technologies converge to allow consumers to conduct 
financial or other sensitive transactions in new ways, how can 
appropriate authentication processes or technologies be incorporated to 
ensure that consumers receive the intended benefits of these advances 
without exposing them to new vulnerabilities?

    By direction of the Commission.
Donald S. Clark,
Secretary.
[FR Doc. E7-3238 Filed 2-23-07; 8:45 am]
BILLING CODE 6750-01-P