NOTE:

COMMENTS REGARDING ANY FEDERAL REGISTER NOTICE MUST BE SENT TO THE ADDRESS
INDICATED IN THE DOCUMENT. ANY COMMENTS ON THE RAPID INFORMATION BULLETIN
BOARD SYSTEM (RIBBS) ABOUT ANY FEDERAL REGISTER NOTICES WILL NOT BE USED
OR CONSIDERED IN THE COURSE OF ANY RULE MAKING.

-------------------------------------------------------------------------------
===============================================================================
[Federal Register: August 14, 1996 (Volume 61, Number 158)]
[Proposed Rules]               
[Page 42219-42222]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]

=======================================================================
-----------------------------------------------------------------------

POSTAL SERVICE

39 CFR Part 701

 
Postal Electronic Commerce Service

AGENCY: Postal Service.
ACTION: Proposed rule electronic postmark test; request for comments.

-----------------------------------------------------------------------

SUMMARY: The United States Postal Service is developing ``Postal 
Electronic Commerce Services'' that will provide security and integrity 
to electronic correspondence and transactions, giving them attributes 
usually associated with First-Class Mail. As part of this effort, the 
United States Postal Service is testing a limited prototype of an 
Electronic Postmarking Service that will offer customers a third-party 
validation of the time and date that an electronic mail document was 
received by the Postal Service, and validate the existence of a 
document by ensuring that it was not changed after its handling by the 
Postal Service. The test is intended to be concluded within 60 days of 
its start, although it may be extended. To provide guidance for 
implementing the test, the Postal Service is proposing to add new 
regulations to title 39 of the Code of Federal Regulations.

DATES: Comments must be received on or before September 13, 1996.

ADDRESSES: Written comments should be directed to the Manager, 
Electronic Commerce Services, Room 5636, 475 L'Enfant Plaza, SW., 
Washington, DC 20260-2427. Copies of all written documents will be 
available at that address for inspection and photocopying between 9 
a.m. and 4 p.m., Monday through Friday.

FOR FURTHER INFORMATION CONTACT: Leo Campbell (202) 268-6837.

SUPPLEMENTARY INFORMATION: To further its mission of ``binding the 
Nation together through the correspondence of the people,'' 39 U.S.C. 
101, the United States Postal Service is developing services which, 
through an extension of its traditional paper mail services, will 
enable and enhance the development of commerce by electronic means. 
These ``Postal Electronic Commerce Services'' will provide security and 
integrity to electronic correspondence and transactions, giving them 
attributes usually associated with First-Class Mail. As a first step in 
this effort, the Postal Service is testing a limited prototype pilot of 
an ``Electronic Postmarking Service.'' Under this new service, the 
Postal Service will apply a trusted time and date stamp to a document 
that has been electronically submitted to the Postal Service 
(``Electronic Postmark''), and then digitally signs the document with a 
Postal Service private key (defined by a CCITT x .500 Sec. 509 Version 
3 certificate). This Electronic Postmark provides evidence of the 
document's existence at a specific point in time, allows any subsequent 
change in the document to be identified, and shows that the Electronic 
Postmarked version of the document was no longer in the possession of 
the originator at the time of marking.
    This Electronic Postmark is a valuable third-party validation of 
the official character of some documents. For users of electronic 
commerce, the Electronic Postmark is a way to send important 
information in a manner that combines the security of postmarked paper 
with the speed and convenience of an electronic network. Further, the 
Electronic Postmark, if offered in combination with a public key 
infrastructure, can be used to validate the digital signature of a 
sender of documents. At this time, this certification capability is an 
additional service that the Postal Service will offer only in the event 
that there is clear demand from its customers.
    Although the prototype system for the Electronic Postmark is still 
in development, it will be FIPS 140-1 complaint and will incorporate 
U.S. Postal Service Software Process Standards and Security Management 
Procedures. The Electronic Postmark will use Digital Signature Standard 
(DSS) as the signing algorithm. Future implementations may incorporate 
additional or different algorithms. For the prototype test, the service 
will be provided by contract with an Authorized Computer Service 
Provider.
    This prototype pilot test is intended to last 60 days, although it 
may be extended if necessary to achieve more complete test results.
    Although exempt from the notice and comment requirements of the 
Administrative Procedure Act (5 U.S.C. Secs. 553 (b), (c)) regarding 
proposed rulemaking by 39 U.S.C. Sec. 410(a), the Postal Service 
invites public comment on the following revisions to the Title 39 of 
the Code of Federal Regulations.

List of Subjects in 39 CFR Part 701

    Communications, Electronic Commerce Services, Postal Service, 
Telecommunications.

    It is proposed that chapter I of title 39 be amended as set forth 
below.

SUBCHAPTER I--ELECTRONIC AND COMPUTER-BASED SERVICES

    Part 701 in Subchapter I will be added to read as follows:

PART 701--POSTAL ELECTRONIC POSTMARK

    Authority: 5 U.S.C. 552(a); 39 U.S.C. 101, 401, 403, 404, 3001-
3011.


Sec. 701.1  Policy and objective.

    The Postal Service seeks to offer Electronic Postmark Services that 
will offer Senders of Messages a third-party validation of the time and 
date that the Message was received by the Postal Service, and that will 
validate the existence of the Message by enabling Recipients to 
determine whether it was changed after its handling by the Postal 
Service.


Sec. 701.2  Trial period.

    The Electronic Postmarking Services (defined in Sec. 701.4) are 
being provided via a prototype system and will be made available to 
selected Senders as part of a pilot test that is intended to be 
concluded within 60 days of its start, although it may be extended if 
necessary to achieve more complete test results. The Regulations in 
this part will govern that pilot test.


Sec. 701.3  Definitions.

    For purposes of this part, the following definitions shall apply:
    (a) Authorized Computer Service Provider means a third party 
authorized by the Postal Service to accept and process Messages to be 
Electronically Postmarked and to forward the Postmarked Messages to the 
Recipient(s).
    (b) Authorized Value-Added Network means a private computer-based 
value-added network designated by the Postal Service as authorized to 
carry Messages to the Postal Service for Electronic Postmarking.
    (c) Certificate means a computer-based record that identifies the 
Postal

[[Page 42220]]

Service public key to be used for purposes of authenticating Postal 
Service Electronic Postmarks. The certificate will be in CCITT X.500 
Sec. 509 version 3 format.
    (d) Digital Signature means a transformation of a Message using the 
Digital Signature Standard (DSS) and the DSA algorithm that allows 
recipients of the Message to authenticate the Message and determine 
whether the Message has been altered since it was received by the 
Postal Service.
    (e) Digitally Sign means to apply a Digital Signature to a Message.
    (f) Electronic Address means an alphanumeric or other designation 
corresponding a location on a computer network.
    (g) Electronic Mail Software means any commercially available 
software product capable of sending and receiving electronic mail 
Messages.
    (h) Electronic Postmark means data incorporated within a Message by 
the Postal Service that includes the following information:
    (1) Postal Service branding.
    (2) Date and time in Greenwich Mean Time (GMT) down to the second 
the Message was received by the Postal Service Mail Processor, as 
determined by the Mail Processor's internal clock.
    (3) Postal Service Certificate serial number.
    (4) Postal Service's distinguished name.
    (5) Postal Service's Digital Signature consisting of the DSA R 
component and the DSA S component.
    (i) Mail Processor means the computer system operated by an 
Authorized Computer Service Provider that is designed to handle the 
processing of Messages intended to be Electronically Postmarked in 
accordance with this Regulation.
    (j) Message means any data in electronic machine-readable form 
directed to one or more Electronic Addresses to which it can be 
communicated via a computer network. A ``Message'' is not a ``letter'' 
for purposes of part 310.
    (k) Postmark Address means the e-mail address to which a Message 
must be sent in order to obtain an Electronic Postmark.
    (l) Postmarked Message means a Message, submitted to the Postal 
Service by a Sender in accordance with these Regulations, to which an 
Electronic Postmark has been added to the body of the Message as text, 
and which is attached to another Message containing a graphical 
representation of the Electronic Postmark.
    (m) Postmark Processor means the computer system operated by or on 
behalf of the Postal Service for the purpose of applying an Electronic 
Postmark to a Message.
    (n) Recipient(s) means the person(s) designated by an Electronic 
Address in a Message prepared by the Sender to receive the Electronic 
Postmarked Message.
    (o) Sender means an individual or entity that submits a Message to 
the Postal Service via an Authorized Value-Added Network for Electronic 
Postmarking under part 701.
    (p) USPS Mail Reader means software developed or licensed by the 
Postal Service that enables a Recipient to view an Electronic 
Postmarked Message, view the Electronic Postmark, and authenticate the 
Electronic Postmark for such Message.


Sec. 701.4  Description of Electronic Postmark Services.

    (a) The Postal Service will provide the following Electronic 
Postmark Services for Messages sent to the Postmark Address at its Mail 
Processor via an Authorized Value-Added Network:
    (1) The Postal Service will apply an Electronic Postmark to the 
Message using a private key corresponding to the public key specified 
in its Certificate.
    (2) The Postal Service will forward the Postmarked Message to the 
recipient(s) designated by the Sender, using the same Authorized Value-
Added Network from which the Message was originally received.
    (b) The Electronic Postmarking Services will be available on 
demand, on a 24-hour, 7-day-a-week basis, subject to equipment, 
software, and communications problems.
    (c) The Electronic Postmarking Services do not include any 
undertaking by the Postal Service to deliver Messages to any intended 
Recipient. The Postal Service's obligation is limited to communicating 
the Electronic Postmarked Message, using each Recipient's Electronic 
Address as specified by the Sender, to the Authorized Value-Added 
Network from which it was received, for further communication to the 
intended Recipient by such Authorized Value-Added Network. The Postal 
Service shall have no obligation or liability with respect to the 
performance of any Authorized Value-Added Network.
    (d) The Postal Service may subcontract the foregoing Electronic 
Postmark Services to an Authorized Computer Service Provider.


Sec. 701.5  Requirements for submitting messages to be postmarked.

    Any person whether or not a U.S. citizen and whether or not located 
in the United States may submit a Message to the Postal Service to be 
Electronically Postmarked in accordance with these Regulations, 
provided the following requirements are met:
    (a) the Message must be in the format prescribed by Sec. 701.6;
    (b) the Message must be submitted to the Postmark Address at the 
Postal Service Mail Processor via an Authorized Value-Added Network; 
and
    (c) the Sender must have an account with an Authorized Computer 
Service Provider for the purpose of obtaining Electronic Postmarks, and 
must pay the fee provided in Sec. 701.8 to such Authorized Computer 
Service Provider.


Sec. 701.6  Message format.

    (a) Messages shall be submitted electronically in a binary-encoded 
file.
    (b) Messages must include: (i) the Postmark Address at the Postal 
Service's Mail Processor; (ii) a valid account number against which the 
Authorized Computer Service Provider may charge applicable fees for 
Electronic Postmarking Services, and (iii) the Electronic Addresses of 
any Recipients to whom the Electronic Postmarked Message should be 
forwarded after the Electronic Postmark is applied.
    (c) For the purposes of this test, the specific format shall be 
specified by the Authorized Computer Service Provider.


Sec. 701.7  Authorized Value-Added Network and Authorized Computer 
Service Provider.

    (a) All Messages to be Electronically Postmarked must be submitted 
to the Postmark Address through an Authorized Value-Added Network, and 
the corresponding Electronic Postmarked Message will be forwarded to 
the Recipient(s) by the Postal Service using the same Authorized Value-
Added Network. Senders must make necessary arrangements with the 
Authorized Value-Added Network.
    (b) The Authorized Computer Service Provider is responsible for 
issuing account numbers, billing Senders for the Electronic Postmarking 
Services, and supplying Senders and Recipients with the USPS Mail 
Reader software.
    (c) The Authorized Computer Service Provider and Authorized Value-
Added Networks may by contract or otherwise specify other protocols, 
formats, procedures, terms, conditions, and requirements not 
inconsistent with these Regulations with respect to the generation, 
structure, submission and receipt of Messages, the assignment, use, and 
authentication of account numbers, and the payment of charges assessed 
against account numbers.
    (d) A list of Authorized Computer Service Providers and Authorized

[[Page 42221]]

Value-Added Networks may be obtained by contacting the Postal Service 
via electronic mail at: LCAMPBEL@EMAIL.USPS.GOV, or by writing to: Leo 
Campbell, New Electronic Businesses, 475 L'Enfant Plaza SW, Room 5670, 
Washington, DC 20260-2427. Requests sent by regular mail should include 
a self-addressed stamped return envelope.


Sec. 701.8  Fees.

    (a) Senders submitting Messages shall be charged in accordance with 
fee schedules to be developed by the Postal Service. The fee shall be 
assessed against the Sender account number. Sender will be billed for 
the amount of the fee by the Authorized Computer Service Provider that 
issued the account number.
    (b) A person submitting an account number in connection with a 
Message is representing to the Postal Service that he or she has 
authority to use the account number to pay for the Electronic 
Postmarking of the Message. Persons using account numbers without 
proper authority may be subject to fines and imprisonment.


Sec. 701.9  Specifications for recipients.

    (a) When a Recipient receives a Postmarked Message, Recipient will 
need a USPS Mail Reader to read it. The USPS Mail Reader will include 
the public key file (and may include the Postal Service Certificate) 
for verifying the Postal Service Digital Signature on the Electronic 
Postmarked Message.
    (b) The USPS Mail Reader is available from the Authorized Service 
Provider and will be licensed to Recipients on terms specified by the 
Authorized Service Provider. Use of the USPS Mail Reader constitutes 
acceptance of these terms.


Sec. 701.10  Electronic Postmark.

    (a) Application of Electronic Postmark. Messages submitted for 
Electronic Postmarks will be processed substantially as follows:
    (1) Upon receipt of the Message by the Mail Processor, the format 
of the information specified in Sec. 701.6 and the Sender's account 
with the Authorized Computer Service Provider is verified. Messages 
that are not in proper format, and Messages received from Senders who 
do not designate valid account numbers, will be returned.
    (2) Messages received in proper format from Senders with valid 
accounts will be readdressed to the intended Recipient(s) and passed to 
the Electronic Postmark Processor.
    (3) The Electronic Postmark Processor will create an Electronic 
Postmark for the Message. It will then create a new Message, with the 
body being a graphical representation of the Electronic Postmark and 
with the original Message attached to the new Message using Mime base 
64. The new Message, with attachment, is then sent back to the Mail 
Processor as the Postmarked Message.
    (4) The Mail Processor will then forward the Electronic Postmarked 
Message to the Recipient(s) designated in the original Message via the 
same Authorized Value-Added Network from which it was received.
    (b) Security Policy. The Electronic Postmark will be FIPS 140-1 
complaint and will incorporate U.S. Postal Service Software Process 
Standards and Security Management Procedures. Implementation of the 
Electronic Postmark will also be governed by the Postal Services 
Electronic Commerce Services Security Policy. The Electronic Postmark 
will use Digital Signature Standard (DSS) as the signing algorithm.


Sec. 701.11  Digital signatures and certificates.

    (a) All Postmarked Messages will be Digitally Signed by the Postal 
Service.
    (b) The Digital Signature shall be based on the original Message, 
plus the Electronic Postmark, using the Digital Signature Standard 
(DSS).
    (c) All Digital Signatures will be generated using a private key 
held by the Postal Service corresponding to a public key specified in 
the Certificate located in the United States Postal Service Prototype 
Certificate Authority in the Information Systems Service Center (ISSC) 
in San Mateo, CA.


Sec. 701.12  Message handling generally.

    (a) Except as provided in Sec. 701.10, the Postal Service will not 
undertake to verify the format or integrity of any Message received for 
Electronic Postmark Processing. Messages shall be Postmarked as 
received, regardless of condition.
    (b) Messages will be processed for Electronic Postmarking and 
forwarding to the intended Recipient within a reasonable time after 
receipt by the Mail Processor. However, the Postal Service does not 
guarantee any specific response time.
    (c) Messages with invalid account numbers will not be Electronic 
Postmarked or forwarded to the Recipient. They will be returned to 
Sender.
    (d) Electronic Postmarked Messages will be forwarded to the 
Recipient identified by the Sender using the same Authorized Value-
Added Network as that from which the Message was originally received by 
the Mail Processor. The Postal Service shall have no responsibility for 
delivery of the Message by the Authorized Value-Added Network.


Sec. 701.13  Terms and condition of service.

    (a) The Electronic Postmark Services are offered subject to the 
terms of this part, which Senders are deemed to accept by submitting 
any Message to the Postmark Address at the Postal Service Mail 
Processor.
    (b) The Postal Service shall have no liability to the Sender or any 
Recipient for any indirect, incidental, special, or consequential 
damages (including damages for loss of profits or revenue by the 
Sender, Recipient, or any third party), or for damages arising from 
lost or corrupted Messages or other data, delayed or incorrect 
forwarding of Messages, or any other failure or error on the part of 
the Postal Service, whether in an action in contract or tort, even if 
the Postal Service has been advised of the possibility of such damages.
    (c) The Postal Service's entire liability for any damages claim 
(regardless of legal theory) arising from the provision of Electronic 
Postmarking Services shall not exceed the amount of fees paid by the 
applicable Sender for the Electronic Postmarking Services giving rise 
to the liability.
    (d) Each Sender shall indemnify and hold the Postal Service and its 
Governors, officers, employees, subcontractors and agents (the 
``Indemnified Parties'') harmless from and against any and all 
liabilities, losses, damages, costs, and expenses (including legal fees 
and expenses) associated with, or incurred as a result of, any claim or 
action brought against an Indemnified Party either for actual or 
alleged infringement of any patent, copyright, trademark, service mark, 
trade secret, or other property right based on the processing, or 
communication of any Message submitted to the Postal Service by the 
Sender.
    (e) A Sender shall not submit Messages or otherwise use Electronic 
Postmarking Services in any manner that violates any federal or state 
law or regulations.


Sec. 701.14  Security provisions.

    (a) Policy. The Postal Service will preserve and protect the 
security of all Messages and Postmarked Messages in its custody from 
unauthorized interception, inspection or reading of contents, or 
tampering, delay, or other unauthorized acts. Any postal employee 
committing or allowing any of these

[[Page 42222]]

unauthorized acts is subject to administrative discipline and may be 
subject to criminal prosecution leading to fine, imprisonment, or both. 
An employee having a question about proper security procedures that is 
not clearly and specifically answered by postal regulations or by 
written direction of the Inspection Service or Law Department shall 
resolve the question by protecting the Messages in all respects and 
delivering them, or letting them be delivered, without interruption to 
their destination.
    (b) Interception, Searching, or Reading of Messages Generally 
Prohibited.
    (1) General.
    In general, no employee may intercept, search, read, or divulge the 
contents of any Message submitted for Electronic Postmarking, even 
though such Message may be believed to contain criminal matter or 
evidence of the commission of a crime. The only exception to this 
general rule is for a person executing a search warrant duly issued 
under Rule 41 of the Federal Rules of Criminal Procedure. Usually, a 
warrant issued by a Federal Court or service by a Federal Officer is 
issued under Rule 41, and is duly issued if signed and dated within the 
past 10 days. No employee shall permit the execution of a search 
warrant issued by a state court and served by a state officer.
    (2) Disclosure of Information Collected from Messages Sent or 
Received by Customers. Except as provided in Sec. 701.14(b)(1), no 
employee in the performance of official duties may disclose information 
collected from Messages processed by the Postal Service Electronic 
Postmark Processor, including any information about a Message processed 
by the Postal Service.
    (3) Interference with Operation of Postal Computers.
    Interference by any person with the operation of Postal Service 
data processing equipment, including the Postmark Processor, is 
strictly prohibited.
Stanley F. Mires,
Chief Counsel, Legislative.
[FR Doc. 96-19102 Filed 8-13-96; 8:45 am]
BILLING CODE 7710-12-P