Description - Online Security

DOCUMENTATION FOR THE GENERIC CLEARANCE

OF CUSTOMER SATISFACTION SURVEYS

TITLE OF INFORMATION COLLECTION: Social Security Survey of Online Security

SSA SUB-NUMBER: E02

ACTIVITY: ONLINE SURVEY

BACKGROUND

To support Federal e-Government initiatives, the Social Security Administration (SSA) is proactively seeks public feedback concerning our Internet applications. The public’s ability to access our applications, perception of the security of our applications, and opinion concerning the usefulness of our online services are the factors that drive Internet usage. Public feedback from Internet users about our current online applications provides insight about how we can continue to meet our customers’ needs as we expand online services.

Eighty million baby boomers will require SSA’s services within the next 20 years. SSA is approaching an unprecedented amount of work. In past work years, SSA’s traditional customer has been face-to-face, in-office, or on the telephone. To improve service and reduce the volume of walk-in traffic to the field offices, we are moving more workloads online. To move these workloads online, SSA must develop authentication technologies that encourage the public to feel secure about the exchange and release of personal information via the Internet.

Currently, SSA accesses applications using PIN/password or knowledge-based authentication. However, these single-factor technologies may not provide the level of assurance required by the higher-risk applications SSA will implement in the future. As a result, there is an increased need to strengthen current authentication routines and methods to provide adequate levels of assurance in the identity of individuals who wish to electronically conduct business with SSA. In order to develop strong authentication processes, we need to understand our customer’s Internet usage and their perception of a secure Internet site.

We will conduct an Internet survey project (i.e., two duplicate surveys) to assess public reaction to SSA’s anticipated authentication processes, online service, and new authentication technologies. We will use survey results to enhance our authentication techniques for online applications. SSA’s overall goal is to obtain customer feedback on proposed enhancements to SSA authentication protocols. Customer feedback, along with SSA’s collaborative efforts with other agencies, contractual support, and the contribution of privacy experts, enable the agency to choose electronic authentication technologies that meet OMB and National Institute of Standards Technology (NIST) standards and address customer security concerns.

DESCRIPTION OF ACTIVITY:

Internet Survey

We will conduct a one-time, voluntary online survey to target beneficiaries and non-beneficiaries who use the Internet. SSA has hired the services of a contractor to conduct the online survey. The contractor will be conducting the survey using an online survey tool: SurveyMK.com and will post the survey for approximately 8 weeks.

Survey Populations

There will be a total of two target survey populations. The contractor will conduct a survey with two audiences: A) beneficiaries who use the Internet, and B) non-beneficiaries who use the Internet. We will mail letters requesting participation to 6,000 participants from the beneficiary group, and 19,020 from the non-beneficiary group for a total of 25,020 participants. The letters provide survey information and the link participants will need to access the survey. The 25,020 participants will receive a second letter (reminder) two weeks from the date of the first mailing.

We expect an estimated 2,400 responses, based on an assumed 20 percent response rate for each survey. Based on data from past surveys of these two groups, the response rate for the non-beneficiary population has been lower than that of the beneficiary population. To remedy this, we have increased the sample size of the non-beneficiary population in an attempt to achieve similar response totals for both populations.

We will structure the non-beneficiary sample to include users for whom an e-mail address is available. This will provide a high likelihood that the individuals are Internet users. We will obtain the non-beneficiary sample from a data provider, and we will structure it to include members of the public who have completed an online transaction with SSA. SSA will identify the beneficiary sample using its own records.

The invitation letters provide survey information and the link participants will need to use to access the survey. The 25,020 participants will receive the first of two reminder letters two weeks after the date of the first mailing; we will mail the second reminder letter five weeks from the date of the first mailing. We expect an estimated 4,337 responses based on an assumed 36.15 percent response rate for the beneficiary population, and an 11.4 percent response rate for the non-beneficiary population.

The following is the screening criteria for the targeted audiences:

Beneficiaries – Group A

We plan to canvass 6,000 current beneficiaries whose SSA records indicate they filed a first- party application (i.e., iClaims, Direct Deposit or Change of Address) on-line (indicating they have experience using the Internet), and have filed within the last 9 months. The listing will comprise beneficiaries between the ages of 31 – 70.

Non-Beneficiaries – Group B

We plan to have our contractor obtain contact information for the non-beneficiary group. The desired age range is 31 to 70 years old (19,020 non-beneficiaries equally distributed across four age deciles). We will structure the sample to include only those users for whom they have an email address, thus increasing the likelihood that the contacts are Internet users.

Current beneficiaries already have some familiarity with how SSA does business and some experience with our website applications and security features. However, it is very important to obtain insight from members of the public who have had no contact with SSA or its Internet services to ensure that we enhance our current authentication process to meet the needs of future applicants. Accordingly, we include members of the general public not currently receiving benefits in the survey to garner more insight from this population of prospective Social Security beneficiaries.

Survey Questions

The objective of the questions included in the survey is to obtain information about the participants’ general Internet usage, their concerns with Internet security, and their confidence in SSA’s authentication protocols. We grouped the survey questions into the following categories:

• User’s experience—SSA is interested in understanding how our users’ current level of Internet use will affect their willingness to transact confidential business online with the agency.

• User’s preferred level of security—The purpose of these questions is to understand participants’ willingness to provide additional personal data in order to be able to transact confidential business online with the agency. SSA is interested in understanding how users feel about different methods we could employ to safeguard user access to their online account.

• Demographics—SSA will be analyzing the results by age, state of residence, and by education level.

IF SURVEY PARTICIPANTS WILL RECEIVE A PAYMENT, INDICATE AMOUNT:

SSA will not compensate active survey participants for their participation.

USE OF SURVEY RESULTS:

SSA will use the results of this survey to enhance identity proofing (i.e. electronic authentication) techniques for future online applications. SSA’s overall goal in this phase of testing is to obtain qualitative customer feedback on authentication controls currently used by the agency as well as proposed enhancements to these protocols. Customer feedback along with SSA’s collaborative efforts with other agencies, contractual support, and the contribution of privacy experts will enable the agency to choose electronic authentication technologies that meet OMB and NIST standards and address customer security concerns.

BURDEN HOUR COMPUTATION (Number of responses (X) estimated response time (/60) - annual burden hours):

Total Number of Possible Responses: 25,020

Estimated Response Time: 5 minutes and 30 seconds

Estimated Annual Burden hours: 2,294 hours (137,610 minutes)

NAME OF CONTACT PERSON: Deb Larwood

TELEPHONE NUMBER: 410-966-6135