Attachment to Supporting Statement

Supporting Statement Attachment 12-7-10.xls

E-Verify Self Check Program

Attachment to Supporting Statement

OMB: 1615-0117

Document [xlsx]
Download: xlsx | pdf


































































Special Operations | Self Check | Federal Register Questions






























































ID# Source Submitted By Date Received Submission Type Category Submission Response Status Comment/Resolution























































1 TALX David C Fowler ([email protected]) 11/8/2010 Question Employment Eligibility Results Can U.S. workers share their E-Verify results? For example, can the worker share his or her E-Verify Self Check results with a current employer, prospective employer, or a pre-employment screener, and can the worker post his or her E-Verify Self Check results on a job board?
We do not intend for the E-Verify Self Check results to be shared with a US worker's employer, prospective employer, a pre-employment screener, or posted on a job board. An E-Verify Self Check result is not a USCIS issued credential and does not guarantee a US worker's right to work in this country. A US worker's status may change in between the time that he/she runs an E-Verify Self Check and when they are check through E-Verify by their employer. Although there is no legal impediment to workers sharing their results, the E-Verify Self Check result is intended to be informational to the US worker only as to their work authorization status when used, and not a guarantee of work authorized status when seeking employment. New Roth, Howard S: Although the Self-Check is not intended to be used for employment authorization, there is no legal impediment to employees from sharing the result of the Self-Check query. Answered




















0 0 2 TALX David C Fowler ([email protected]) 11/8/2010 Question Identity Assurance What controls are in place to prevent a worker from running a query on someone else?
There are two primary controls preventing an imposter from running a query on someone else. First, the imposter must pass an identity assurance quiz where he/she must prove their identity in order to be able to run a Self Check query. Second, once he/she has passed their identity assurance quiz, the name used to pass the ID assurance part of Self Check will be pre-populated into the name field for the Self Check query and will not be able to be changed by the user. Both of these controls are sufficient under OMB 04-04 guidance in establishing a system with Level 2 security features. New Answered




















0 0 3 TALX David C Fowler ([email protected]) 11/8/2010 Question Identity Assurance What is the limit on the number of times a worker can take the identity quiz or run a query?
A user may run a Self Check query a few times in a given time period in the course of checking their status and making certain any changes needed are reflected in the VIS. We do keep track of the number of times used to prevent fraud or hacking into the Self Check system. Releasing the specific number of times a user may attempt to take the identity quiz and run a self-check query, and the specific time frame, would reduce the effectiveness of this fraud prevention measure and therefore USCIS will not release this information to the general public. New Roth, Howard S: Is there a specific limitation on the number of times a user can runa query? Answered






















4 TALX David C Fowler ([email protected]) 11/8/2010 Question Identity Assurance What is the timeframe used to limit the number of times a worker can take the identity quiz or run a query?
A user may run a Self Check query a few times in a given time period in the course of checking their status and making certain any changes needed are reflected in the VIS. We do keep track of the number of times used to prevent fraud or hacking into the Self Check system. Releasing the specific number of times a user may attempt to take the identity quiz and run a self-check query, and the specific time frame, would reduce the effectiveness of this fraud prevention measure and therefore USCIS will not release this information to the general public. New Answered




















0 0 5 TALX David C Fowler ([email protected]) 11/8/2010 Question Program/Policy Does a worker need to or should a worker use Self Check to confirm that their immigration and/or SSA records have been properly updated?
A Self Check user may want to confirm that their immigration and/or SSA records have been updated after interaction with the E-Verify Self Check process. While an individual is free to run a Self Check on him/herself after their intiial query, they also should realize that the updating of SSA and/or immigration records is not instaneous and is subject to an adjudication process in some instances. New Answered




















0 0 6 TALX David C Fowler ([email protected]) 11/8/2010 Question Program/Policy Does DHS anticipate that a worker will only run a query on themselves one time? Our operating assumption is that a worker will usually run a query on themselves one time. However, E-Vefirfy Self Check does allow for the ability to query oneself more than once, as long as it is within the fraud boundaries set by the program. New Answered




















0 0 7 TALX David C Fowler ([email protected]) 11/8/2010 Question Identity Assurance The 3rd party identity authentication service must be identified. Is this one of the three credit reporting bureaus?
DHS fails to see a reason for broadcasting the identity of third party verification service due to the fact that it believes that disclosure could lead to possible fraud and security implications. However, the third party verification service will meet all applicable federal government privacy and security standards before it is made operational. New Answered




















0 0 8 TALX David C Fowler ([email protected]) 11/8/2010 Question Program/Policy Why is Self Check limited to individuals over the age of 16?
For its initial implementation, E-Verify Self Check is limited to the work authorized population. In future implementations, DHS may decide to expand the reach of its program. The 16 year old age limitation is not arbitrary as it is, generally, the age that individuals are legally permitted to work. Additionally, most, if not all of those younger than 16 would not have a big enough identity "footprint" for an identity proofing quiz to be generated and completed prior to verifying their employment eligibility. New Roth, Howard S: The 16 year old age limitation is not arbitrary as it is, generally, the age that individuals are legally permitted to work? Answered




















0 0 9 TALX David C Fowler ([email protected]) 11/8/2010 Question Employment Eligibility Results Why inform the worker that they would ‘likely’ be employment authorized rather that stating definitively?
The E-Verify Self Check service can only give the user an answer to their work authorization status at that moment. It cannot accurately predict an E-Verify result since a person's work authorization status may change between the time of the Self Check query and their employer's E-Verify query. New Answered




















0 0 10 TALX David C Fowler ([email protected]) 11/8/2010 Question Program/System Information What features does E-Verify envision being added to Self Check in the future, provided the program is successful?
Future features being considered by DHS to add to the E-Verify Self Check service include ways to give greater information and clarity about the E-verify process to the general public and looking at ways for the Self Check user to better understand how to protect their information and privacy throughout the E-Verify process. New Answered






















11 TALX David C Fowler ([email protected]) 11/8/2010 Question Privacy Why is the information a worker submits to Self Check not considered confidential since the information could be used for identity theft?
The information submitted to Self Check is considered confidential and is protected according to Federal Privacy and IT Security standards, as well as the Verification Information System Systems of Records Notice. We will update our documentation to reflect this fact. New Roth, Howard S: information maintained in VIS and protected in accordance to the VIS SORN Change made




















0 0 12 TALX David C Fowler ([email protected]) 11/8/2010 Question Program/Policy Why does E-Verify not intend to publish statistics on Self Check since these statistics could be used to determine the benefit and cost effectiveness of the program? USCIS states that information about each Self Check query will be retained for statistical purposes. Why not share the statistical results with the public that is paying for the service?
Once launched, E-Verify Self Check will be evaluated and judged in conjunction with its effect on the E-Verify service itself. E-Verify Self Check evaluations will be shared with the general public as part of reporting on E-Verify service effects. New Change made




















0 0 13 TALX David C Fowler ([email protected]) 11/8/2010 Question Program/Policy Why would E-Verify allow the 3rd party identity authentication service to market other services on its website as part of the Self Check program?
E-Verify Self Check will not allow the third party authentication service to market other services on its website as part of the Self Check program. DHS has ownership of the screen and display of any and all information, and the third party identity verification service will not control nor/market and information through the Self Check website. Documentation has been changed accordingly. New Change made






















14 TALX David C Fowler ([email protected]) 11/8/2010 Suggestion Program/Policy The 3rd party identity authentication service website should be limited to only performing the function required by Self Check and should not be used to market other services to U.S. workers. Self Check should be a marketing tool for the 3rd party identity authentication service.
E-Verify Self Check will not allow the third party authentication service to market other services on its website as part of the Self Check program. DHS has ownership of the screen and display of any and all information, and the third party identity verification service will not control nor/market any information through the SElf Check website. Documentation changed accordingly. New Change made




















0 0 15 TALX David C Fowler ([email protected]) 11/8/2010 Question Privacy How can USCIS say that the information collected by the 3rd party identity authentication service will only be retained for 1 year when USCIS also states that it has no control over the 3rd party?
USCIS controls the actions of the third party identity authentication service through a legal agreement that established the government's contracting for that service. The third party service is limited by both contract and the Fair Credit Reporting Act to a 1 year retention period and limited in its use of the information to solely fraud monitoring. New Answered




















0 0 16 TALX David C Fowler ([email protected]) 11/8/2010 Question Privacy Is the Federal Credit Reporting Act (FCRA) one year data retention a minimum or maximum requirement?
The FCRA one year retention period for data is a maximum requirement. New Answered






















17 TALX David C Fowler ([email protected]) 11/8/2010 Question Program/Policy Why won’t USCIS at least assume responsibility for the accuracy of information provided by Self Check that originates with USCIS?
USCIS assumes responsibility for the accuracy of the information provided by USCIS to the extent practicable under law. New Answered




















0 0 18 TALX David C Fowler ([email protected]) 11/8/2010 Suggestion Program/System Information There should be a published service level for the Self Check website.
Unsure of the comment. The Terms of Use for use of Self Check are going to be published on the Self Check site. New Answered




















0 0 19 TALX David C Fowler ([email protected]) 11/8/2010 Suggestion Program/Policy Since USCIS selected the 3rd party identity authentication service to be part of Self Check, which is a government system, USCIS must accept some responsibility for the information a worker is required to enter into such 3rd party website in order to access Self Check.
USCIS assumes responsibility for the protection of all data provided by the Self Check user in the course of the process. USCIS will be publishing a privacy impact assessment and system of record notices detailing the privacy protections of the data provided and what if any data the government retains. New Roth, Howard S: Answered




















0 0 20 TALX David C Fowler ([email protected]) 11/8/2010 Suggestion Program/Policy The user’s liability must relate to ‘intentionally’ causing technical disruption. A user cannot be held liable for unintentional consequences of attempting to use the Self Check program in the prescribed manner.
USCIS agrees with this comment and will make the necessary changes to the Terms of use. New Change made




















0 0 21 TALX David C Fowler ([email protected]) 11/8/2010 Question Privacy USCIS is committed to maintaining privacy of PII, yet USCIS does not accept any liability for requiring a user to provide PII to a 3rd party identity authentication service selected by USCIS and incorporated as a required component of Self Check. Also, USCIS considers all information submitted through Self Check to be ‘unconfidential’ and USCIS may disclose, distribute, modify, or reproduce the information a user provides to any other government agency. How is that maintaining privacy of a user’s information?
We agree with the comment and we will make the necessary changes to the Terms of Use to qualify that the information provided will be held as confidential and only disclosed to government agencies with the legal authority to request the data. New Change made






















22 TALX David C Fowler ([email protected]) 11/8/2010 Question Identity Assurance What data is exchanged between USCIS and the 3rd party identity authentication service to connect the results of the identity verification to the user’s Self Check session?
The Self Check session will create a unique user id that is transferred between the Self Check application and the third party authentication service, thereby tying the Self Check session to the identity verification transaction. New Answered




















0 0 23 TALX David C Fowler ([email protected]) 11/8/2010 Question Privacy On page 10 of the September 2010 proposed website content it states that the 3rd party will retain personal information for 1 year, yet on page 17 of the same document is states that the 3rd party will delete the information when the questions are answered successfully. Which is it?
The 3rd party will retain the data for one year. The new website content will reflect that change. New Change made




















0 0 24 TALX David C Fowler ([email protected]) 11/8/2010 Suggestion Self Check System Fix the software to be smart enough to deal with Alien numbers of less than 9 digits.
The Self Check system leverages an existing web services interface with the Verification Information System. Future changes to VIS will address this issue. New Answered




















0 0 25 AILA AILA 11/29/2010 Suggestion Policy Prevent use of Self Check as a pre-screening tool. Upon roll-out of the Self Check service, contemporaneously amend the E-Verify MOU to include a specific provision prohibiting employers from requiring Self Check as a condition for hire or using it to perform any type of pre-employment screening. Establish sanctions to prevent the pre-screening of applicants by employers who are not enrolled in E-Verify and other third parties. Coordinate enforcement measures with the Department of Justice Office of Special Counsel. Publish advisories and make other efforts to educate employers and third parties that the Self Check service may only be used by individuals to verify their own E-Verify records and not as a tool for employers to pre-screen job applicants. USCIS sees misuse of Self Check by employers attempting to pre-screen applicants as one of the major issues we will have to be vigilant in addressing. Guidance on the Self Check website will specifically address this issue and amending existing E-Verify MOUs as the commenter suggested is something we will pursue in the near future. We are working with the DOJ Office of Special Counsel on how the use of Self Check can be monitored for pre-screening to ensure the protection of the US worker. Lastly, our outreach and education efforts will concentrate on worker's rights and the fact that the use of Self Check is not for employers and they should not be asking or requiring applicants to use Self Check. New Answered






















TBD AILA AILA 11/29/2010 Suggestion Policy Protect Privacy. The proposed on-line identification mechanism does not require any biometrics or other strict access protocols for secure identification of the individual. We are also concerned about the potential sharing of personal data and information regarding the use of the Self Check mechanism among government agencies without any clearly defined limits in the proposal. We appreciate that USCIS recognizes data privacy issues but we strongly urge the agency to review and augment the proposed access protocols so that identity thieves cannot mine data from public information sources and then use that data to gain access to Self Check data. Without strict access protocols, rather than protecting
individuals from identity theft, Self Check would actually be a tool that identity thieves could use to verify that their victims’ stolen data will successfully pass through the E-Verify system.
DHS has designed the Self Check application to guard against the use of Self Check as a tool for identity thieves to validate personal data. The use of knowledge based identity verification procedures will allow us to know that a person "is who they say the are" before we allow them to determine if they are work authorized in the United States. This level of identity authentication is in line with the secure access protocols for a Level 2 system as defined in OMB M 04-04 and NIST guidelines. We believe that the level of authentication incorporated into Self Check is sufficient and addresses the concerns of the comment. We plan to actively monitor the use of Self Check during its initial implementation to guard against fraud and misuse and we will adjust the security protocls accordingly during its initial implementation. Furthermore, there is no "Self Check data" that an identity thief could obtain as no new personally identifiable information is shown to the user via the application. Also, Self Check will not share data with any government agency unless their is a legal obligation to do so under the E-Verify authorizing statute or other applicable laws. There are not any data sharing MOUs that currently exist to which the sharing of E-Verify Self Check data is subject to. New Answered




















0 0 TBD AILA AILA 11/29/2010 Suggestion Policy Provide Options for Self Check Access to Individuals Without Credit Histories. Our final concern is that because the proposed access protocol for Self Check relies entirely on background checks, it will render Self Check unavailable to populations of foreign nationals who have only recently arrived in the United States and therefore do not have a credit history. The individuals who are most likely to have complicated immigration situations—and corresponding errors in their E-Verify records—are refugees, asylees, and individuals with temporary protected status (TPS). Due to their recent arrival in the United States, these individuals will often lack the financial and credit history necessary to generate the questions for access into the Self Check system. Due to their often complex work authorization documentation, it is exactly these individuals who are likely to have the greatest need to update or correct their EVerify records through Self Check. The proposed system of access based on credit history will leave those who are most likely to need the Self Check mechanism the least able to access it. We urge the agency to consider alternate means of identity verification to access the Self Check system, such as presentation of identity documents at an InfoPass appointment or Application Support Center and then conducting the Self Check query at that government office. Again, because asylees, refugees and TPS holders are among those who most need the opportunity to correct errors in the E-Verify system, we urge the agency to provide meaningful mechanisms
through which these vulnerable populations can avail themselves of the benefit of the Self Check process.
USCIS recognizes that the workers who could see the most benefit from using the Self Check service may be those who have the lightest identity "footprint" because they will have arrived in the United States very recently. We are looking into ways to increase the availablility of the service to those persons, including finding additional databases to utilize during the identity proofing process. We thank you for your suggestion for addressing this concern by making visits to field offices or application support centers and will take the development of these processes in the future into consideration. New Answered




















0 0 TBD NILC NILC 11/30/2010 Suggestion Policy E-Verify “Self-Check” should guarantee that no data from Self-Check will be shared with other components within the Department of Homeland Security (DHS) or the Social Security Administration (SSA). Without this guarantee, the quantity and quality of information that DHS receives through Self-Check will be highly limited. Individuals unsure of their employment eligibility or immigration status will be afraid to use Self-Check, essentially vitiating the purpose of the program. Self-Check’s design enables a worker who is unsure of their employment eligibility to obtain vital information and expedite his entry into the workforce through this program. However, if a worker fears inputting their information into Self-Check, it will significantly decrease the utility of the information sought through this program. E-Verify Self Check is subject to the legal obligations for data sharing that are set out in the E-Verify (Basic Pilot) authorizing statute. The sharing of E-Verify Self Check information is not subject to any data sharing MOUs that the E-Verify program has entered into with the Department of Justice Office of Special Counsel and DHS Immigration and Customs Enforcement. DHS believes it is important that individuals feel comfortable in their use of the E-Verify Self Check and take advantage of this important service. New Answered




















0 0 TBD NILC NILC 11/30/2010 Suggestion Policy USCIS should develop an appeals process for workers wrongfully denied, rejected, or miscategorized by Self-Check and a complaint process for workers subject to employer misuse of E-Verify. Self-Check or E-Verify may be abused by employers who choose to use it as part of the hiring process, use it on existing employees for employers that are not Federal Contractors, or who engage in any other practice that violates the terms of the MOU. Additionally, protections should be in place to ensure employers that are not signatories to an MOU do not use Self-Check in place of signing up for E-Verify, further abusing the Self-Check program.

NILC recommends that DHS and SSA develop procedures to prevent employers from using Self-Check on behalf of workers. Furthermore, NILC recommends that the agencies develop a procedure to redress individual workers harmed by employer misuse of the E-Verify and/or Self-Check programs. This procedure should entail a petition and appeals process, and provide a means to reach a satisfactory resolution for individual workers.
As Self Check is providing no benefit or credential to the user, and users cannot be denied a job based on a failure to successfully complete the Self Check process, there is no immediate need to develop an appeals process. We will continue to evaluate the possible utility of an appeals process in the future. Additionally, guidance on the Self Check website will inform visitors that the use of Self Check does not infer the granting of a beneft or credential. DHS will continue to stress the use, benefits, and limitations of E-Verify Self Check in education and outreach materials provided to the public during the time leading up to and and after its implementation. New





















0 0 TBD NILC NILC 11/30/2010 Suggestion Policy As a matter of policy, USCIS should not follow-up with individuals who fail to correct their information under Self-Check. NILC recommends that SSA and DHS both issue guidance committing not to track an individual in this situation. Additionally, to avoid future privacy infringements, NILC recommends that SSA and DHS destroy the information transmitted from the individual to the agency as part of Self-Check. USCIS has no authority to follow up with individuals who fail to correct their information upon receiving a Self Check mismatch, just as we have no authority to follow up with those workers who fail to contest an E-Verify TNC. We will ensure that all outreach and educational materials address this fact. Additionally, the government will never know anything about the identity proofing portion of Self Check other than the fact that an identity proofing transaction occurred and whether it was successfully completed. We will not retain any personally identifiable information from the transaction unless the user chooses to confirm his/her work authorization status after a successful identity verification. However, we are unable destroy all of the information used to check DHS and SSA records due to data retention requirements and the way the Verification Information System (VIS), which is the system used by E-Verify and will be used by Self Check, is currently configured. We believe that configuring VIS to destroy this information would severely impact the reporting capabilities for both E-Verify and Self Check such that we would be greatly limited in our ability to detect fraud, system misuse, and discriminatory practices. We are working with NARA to establish a seperate record retention schedule for E-Verify Self Check query information that would limit our retention to 1 year for the above stated purposes. New Answered






















TBD NILC NILC 11/30/2010 Suggestion Policy Self-Check is not sufficiently available to individuals who read languages other than English or Spanish. NILC recommends that DHS provides Self-Check in languages including, but not limited to, Mandarin (Chinese), Carolinian, Chamorro, Japanese, Korean, Urdu, Punjabi, Gujarati and Tagalog. Since the language-needs cannot likely be provided at the outset, a phased approach may be beneficial. USCIS is taking a phased-in approach to the implementation of E-Verify Self Check to provide for adequate feedback based on the live system before making it available to all U.S. workers. Given this approach and the rationale behind it, Self Check will initially be available only in English, with mismatch guidance also available in Spanish. We plan to make the service available in multiple languages in future releases. New Answered




















0 0 TBD NILC NILC 11/30/2010 Suggestion Policy Currently, there is no schedule posted that discusses how and when Self-Check will become active. A proposed or target schedule would provide individuals and others advance notice of when this feature is to roll-out This is particularly beneficial to advocacy organizations such as NILC, whom the public will look to for information about Self-Check. NILC recommends that a schedule be posted by DHS on a publicly-accessible section of the DHS website. USCIS is currently pushing toward a March roll-out of the E-Verify Self Check service. The exact date, scope, and locations of the initial release are not yet solidified. USCIS will make this information available as the anticipated roll out date approaches. We look forward to work with NILC and others in the stakeholder and advocacy community to ensure a successful implementation of this important service for US workers. New Answered






















TBD





























0 0 TBD































TBD





























0 0 TBD































TBD





























0 0 TBD































TBD





























0 0 TBD































TBD





























0 0 TBD































TBD































TBD





























0 0 TBD































TBD





























0 0 TBD































TBD





























0 0 TBD





























0 0 TBD































TBD





























0 0 TBD





























0 0 TBD































TBD





























0 0 TBD































TBD





























0 0 TBD































TBD





























0 0 TBD





























0 0 TBD





























0 0 TBD































TBD





























0 0 TBD































TBD





























0 0






























0 0






























0 0































































0 0






























0 0































































0 0






























0 0































































0 0






























0 0






























0 0































































0 0






























0 0






























0 0































































0 0
































































































0 0































































0 0






























File Typeapplication/vnd.ms-excel
Last Modified ByStephen Tarragon
File Modified2010-12-09
File Created2002-03-29

© 2024 OMB.report | Privacy Policy