[Federal Register Volume 72, Number 150 (Monday, August 6, 2007)]
[Proposed Rules]
[Pages 43567-43569]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E7-15198]
�========================================================================
�Proposed Rules
� Federal Register
�________________________________________________________________________
�
�This section of the FEDERAL REGISTER contains notices to the public of
�the proposed issuance of rules and regulations. The purpose of these
�notices is to give interested persons an opportunity to participate in
�the rule making prior to the adoption of the final rules.
�
�========================================================================
�
��Federal Register / Vol. 72, No. 150 / Monday, August 6, 2007 /
Proposed Rules��
[[Page 43567]]
DEPARTMENT OF HOMELAND SECURITY
Office of the Secretary
6 CFR Part 5
[Docket Number 2007-0043]
Privacy Act of 1974: Implementation of Exemptions; Automated
Targeting System
AGENCY: Privacy Office, Office of the Secretary, DHS.
ACTION: Notice of proposed rulemaking.
-----------------------------------------------------------------------
SUMMARY: The Department of Homeland Security is amending its
regulations to exempt certain records from particular provisions of the
Privacy Act. Specifically, the Department proposes to exempt certain
records of the Automated Targeting System from one or more provisions
of the Privacy Act because of criminal, civil, and administrative
enforcement requirements. This notice is a republication of the
Treasury Department exemption regulation (title 31, Code of Federal
Regulations, part 1) which previously covered the Automated Targeting
System as part of the Treasury Enforcement Communications System.
DATES: Written comments must be submitted on or before September 5,
2007.
ADDRESSES: You may submit comments, identified by DOCKET NUMBER DHS-
2007-0043 by one of the following methods:
Federal e-Rulemaking Portal: http://www.regulations.gov.
Follow the instructions for submitting comments.
Fax: 1-866-466-5370.
Mail: Hugo Teufel III, Chief Privacy Officer, Privacy
Office, Department of Homeland Security, Washington, DC 20528.
FOR FURTHER INFORMATION CONTACT: For general questions please contact:
Laurence E. Castelli (202-572-8790), Chief, Privacy Act Policy and
Procedures Branch, Bureau of Customs and Border Protection, Office of
International Trade, Mint Annex, 1300 Pennsylvania Ave., NW.,
Washington, DC 20229. For privacy issues please contact: Hugo Teufel
III (703-235-0780), Chief Privacy Officer, Privacy Office, U.S.
Department of Homeland Security, Washington, DC 20528.
SUPPLEMENTARY INFORMATION:
Background
The Department of Homeland Security (DHS), elsewhere in this
edition of the Federal Register, published a Privacy Act system of
records notice describing records in the Automated Targeting System
(ATS). ATS performs screening of both inbound and outbound cargo,
travelers, and conveyances. As part of this screening function and to
facilitate DHS's border enforcement mission, ATS compares information
received with CBP's law enforcement databases, the Federal Bureau of
Investigation Terrorist Screening Center's the Terrorist Screening
Database (TSDB), information on outstanding wants or warrants,
information from other government agencies regarding high-risk parties,
and risk-based rules developed by analysts using law enforcement data,
intelligence, and past case experience. The modules also facilitate
analysis of the screening results of these comparisons.
ATS originally was designed as a rules-based program to identify
such cargo; it did not apply to travelers. Today, ATS includes the
following separate components: ATS-N, for screening inbound or imported
cargo; ATS-AT, for outbound or exported cargo; ATS-L, for screening
private passenger vehicles crossing at land border ports of entry using
license plate data; ATS-I, for cooperating with international customs
partners in shared cargo screening and supply chain security; ATS-TAP,
for assisting tactical units in identifying anomalous trade activity
and performing trend analysis; and ATS-P, for screening travelers and
conveyances entering the United States in the air, sea, and rail
environments.
ATS-Passenger (ATS-P), one of six modules contained within ATS,
maintains Passenger Name Record (PNR) data (data provided to airlines
and travel agents by or on behalf of air passengers seeking to book
travel) that has been collected by CBP as part of its border
enforcement mission. ATS-P's screening relies upon information from the
following databases: Treasury Enforcement Communications System (TECS),
Advanced Passenger Information System (APIS), Non Immigrant Information
System (NIIS), Suspect and Violator Indices (SAVI), and the Visa
databases (maintained by the Department of State) with the PNR
information that it maintains.
With respect to ATS-P module exempt records are the risk assessment
analyses and business confidential information received in the PNR from
the air and vessel carriers. No exemption shall be asserted regarding
PNR data about the requester, obtained from either the requester or by
a booking agent, brokers, or another person on the requester's behalf.
This information, upon request, may be provided to the requester in the
form in which it was collected from the respective carrier, but may not
include certain business confidential information of the air carrier
that is also contained in the record, such as use and application of
frequent flier miles, internal annotations to the air fare, etc. For
other ATS modules the only information maintained in ATS is the risk
assessment analyses and a pointer to the data from the source system of
records.
This system, however, may contain records or information recompiled
from or created from information contained in other systems of records,
which are exempt from certain provisions of the Privacy Act. For these
records or information only, in accordance with 5 U.S.C. 552a (j)(2),
and (k)(2), DHS will claims the following exemptions for these records
or information from subsections (c)(3) and (4); (d)(1), (2), (3), and
(4); (e)(1), (2), (3), (4)(G) through (I), (5), and (8); (f), and (g)
of the Privacy Act of 1974, as amended, as necessary and appropriate to
protect such information. Moreover, DHS will add these exemptions to
Appendix C to 6 CFR part 5, DHS Systems of Records Exempt from the
Privacy Act. Such exempt records or information are law enforcement or
national security investigation records, law enforcement activity and
encounter records, or terrorist screening records.
DHS needs these exemptions in order to protect information relating
to law enforcement investigations from disclosure to subjects of
investigations
[[Page 43568]]
and others who could interfere with investigatory and law enforcement
activities. Specifically, the exemptions are required to: preclude
subjects of investigations from frustrating the investigative process;
avoid disclosure of investigative techniques; protect the identities
and physical safety of confidential informants and of law enforcement
personnel; ensure DHS' and other federal agencies' ability to obtain
information from third parties and other sources; protect the privacy
of third parties; and safeguard sensitive information.
Additionally, DHS needs these exemptions in order to protect
information relating to law enforcement investigations from disclosure
to subjects of such investigations and others who could interfere with
investigatory activities. Specifically, the exemptions are required to:
withhold information to the extent it identifies witnesses promised
confidentiality as a condition of providing information during the
course of the law enforcement investigation; prevent subjects of such
investigations from frustrating the investigative process; avoid
disclosure of investigative techniques; protect the privacy of third
parties; ensure DHS's and other federal agencies' ability to obtain
information from third parties and other sources; and safeguard
sensitive information.
The exemptions proposed here are standard law enforcement
exemptions exercised by a large number of federal law enforcement
agencies.
Nonetheless, DHS will examine each separate request on a case-by-
case basis, and, after conferring with the appropriate component or
agency, may waive applicable exemptions in appropriate circumstances
and where it would not appear to interfere with or adversely affect the
law enforcement purposes of the systems from which the information is
recompiled or in which it is contained.
Regulatory Requirements
A. Regulatory Impact Analyses
Changes to Federal regulations must undergo several analyses. In
conducting these analyses, DHS has determined:
1. Executive Order 12866 Assessment
This rule is not a significant regulatory action under Executive
Order 12866, ``Regulatory Planning and Review'' (as amended).
Accordingly, this rule has not been reviewed by the Office of
Management and Budget (OMB). Nevertheless, DHS has reviewed this
rulemaking, and concluded that there will not be any significant
economic impact.
2. Regulatory Flexibility Act Assessment
Pursuant to section 605 of the Regulatory Flexibility Act (RFA), 5
U.S.C. 605(b), as amended by the Small Business Regulatory Enforcement
and Fairness Act of 1996 (SBREFA), DHS certifies that this rule will
not have a significant impact on a substantial number of small
entities. The rule would impose no duties or obligations on small
entities. Further, the exemptions to the Privacy Act apply to
individuals, and individuals are not covered entities under the RFA.
3. International Trade Impact Assessment
This rulemaking will not constitute a barrier to international
trade. The exemptions relate to criminal investigations and agency
documentation and, therefore, do not create any new costs or barriers
to trade.
4. Unfunded Mandates Assessment
Title II of the Unfunded Mandates Reform Act of 1995 (UMRA), (Pub.
L. 104-4, 109 Stat. 48), requires Federal agencies to assess the
effects of certain regulatory actions on State, local, and tribal
governments, and the private sector. This rulemaking will not impose an
unfunded mandate on State, local, or tribal governments, or on the
private sector.
B. Paperwork Reduction Act
The Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3501 et seq.)
requires that DHS consider the impact of paperwork and other
information collection burdens imposed on the public and, under the
provisions of PRA section 3507(d), obtain approval from the Office of
Management and Budget (OMB) for each collection of information it
conducts, sponsors, or requires through regulations. DHS has determined
that there are no current or new information collection requirements
associated with this rule.
C. Executive Order 13132, Federalism
This action will not have a substantial direct effect on the
States, on the relationship between the national Government and the
States, or on the distribution of power and responsibilities among the
various levels of government, and therefore will not have federalism
implications.
D. Environmental Analysis
DHS has reviewed this action for purposes of the National
Environmental Policy Act of 1969 (NEPA) (42 U.S.C. 4321-4347) and has
determined that this action will not have a significant effect on the
human environment.
E. Energy Impact
The energy impact of this action has been assessed in accordance
with the Energy Policy and Conservation Act (EPCA) Public Law 94-163,
as amended (42 U.S.C. 6362). This rulemaking is not a major regulatory
action under the provisions of the EPCA.
List of Subjects in 6 CFR Part 5
Freedom of information, Privacy, Sensitive information.
For the reasons stated in the preamble, DHS proposes to amend
Chapter I of Title 6, Code of Federal Regulations, as follows:
PART 5--DISCLOSURE OF RECORDS AND INFORMATION
1. The authority citation for part 5 continues to read as follows:
Authority: Pub. L. 107-296, 116 Stat. 2135, 6 U.S.C. 101 et
seq.; 5 U.S.C. 301. Subpart A also issued under 5 U.S.C. 552.
2. At the end of Appendix C to part 5, add the following new
paragraph 5:
Appendix C to Part 5--DHS Systems of Records Exempt From the Privacy
Act
* * * * *
5. DHS/CBP-006, Automated Targeting System. Certain records or
information in the following system of records are exempt from 5
U.S.C. 552a(c)(3) and (4); (d)(1), (2), (3), and (4); (e)(1), (2),
(3), (4)(G) through (I), (e)(5), and (8); (f), and (g). With respect
to the ATS-P module, exempt records are the risk assessment analyses
and business confidential information received in the PNR from the
air and vessel carriers. No exemption shall be asserted regarding
PNR data about the requester, obtained from either the requester or
by a booking agent, brokers, or another person on the requester's
behalf. This information, upon request, may be provided to the
requester in the form in which it was collected from the respective
carrier, but may not include certain business confidential
information of the air carrier that is also contained in the record,
such as use and application of frequent flier miles, internal
annotations to the air fare, etc. For other ATS modules the only
information maintained in ATS is the risk assessment analyses and a
pointer to the data from the source system of records. These
exemptions also apply to the extent that information in this system
of records is recompiled or is created from information contained in
other systems of records subject to such exemptions pursuant to 5
U.S.C. 552a(j)(2), and (k)(2). After conferring with the appropriate
component or agency, DHS may waive applicable exemptions in
appropriate circumstances and where it would not appear to interfere
with or adversely affect the law enforcement purposes of the systems
from which the information is recompiled or in
[[Page 43569]]
which it is contained. Exemptions from these particular subsections
are justified, on a case-by-case basis to be determined at the time
a request is made, for the following reasons: (a) From subsection
(c)(3) (Accounting for Disclosure) because making available to a
record subject the accounting of disclosures from records concerning
him or her would specifically reveal any investigative interest in
the individual. Revealing this information could reasonably be
expected to compromise ongoing efforts to investigate a known or
suspected terrorist by notifying the record subject that he or she
is under investigation. This information could also permit the
record subject to take measures to impede the investigation, e.g.,
destroy evidence, intimidate potential witnesses, or flee the area
to avoid or impede the investigation.
(b) From subsection (c)(4) (Accounting for Disclosure, notice of
dispute) because certain records in this system are exempt from the
access and amendment provisions of subsection (d), this requirement
to inform any person or other agency about any correction or
notation of dispute that the agency made with regard to those
records, should not apply.
(c) From subsections (d)(1), (2), (3), and (4) (Access to
Records) because these provisions concern individual access to and
amendment of certain records contained in this system, including law
enforcement, counterterrorism, and investigatory records. Compliance
with these provisions could alert the subject of an investigation to
the fact and nature of the investigation, and/or the investigative
interest of intelligence or law enforcement agencies; compromise
sensitive information related to law enforcement, including matters
bearing on national security; interfere with the overall law
enforcement process by leading to the destruction of evidence,
improper influencing of witnesses, fabrication of testimony, and/or
flight of the subject; could identify a confidential source; reveal
a sensitive investigative or intelligence technique; or constitute a
potential danger to the health or safety of law enforcement
personnel, confidential informants, and witnesses. Amendment of
these records would interfere with ongoing counterterrorism or law
enforcement investigations and analysis activities and impose an
impossible administrative burden by requiring investigations,
analyses, and reports to be continuously reinvestigated and revised.
(d) From subsection (e)(1) (Relevancy and Necessity of
Information) because it is not always possible for DHS or other
agencies to know in advance what information is relevant and
necessary for it to complete screening of cargo, conveyances, and
passengers. Information relating to known or suspected terrorists is
not always collected in a manner that permits immediate verification
or determination of relevancy to a DHS purpose. For example, during
the early stages of an investigation, it may not be possible to
determine the immediate relevancy of information that is collected--
only upon later evaluation or association with further information,
obtained subsequently, may it be possible to establish particular
relevance to a law enforcement program. Lastly, this exemption is
required because DHS and other agencies may not always know what
information about an encounter with a known or suspected terrorist
will be relevant to law enforcement for the purpose of conducting an
operational response.
(e) From subsection (e)(2) (Collection of Information from
Individuals) because application of this provision could present a
serious impediment to counterterrorism or law enforcement efforts in
that it would put the subject of an investigation, study or analysis
on notice of that fact, thereby permitting the subject to engage in
conduct designed to frustrate or impede that activity. The nature of
counterterrorism, and law enforcement investigations is such that
vital information about an individual frequently can be obtained
only from other persons who are familiar with such individual and
his/her activities. In such investigations it is not feasible to
rely solely upon information furnished by the individual concerning
his own activities.
(f) From subsection (e)(3) (Notice to Subjects), to the extent
that this subsection is interpreted to require DHS to provide notice
to an individual if DHS or another agency receives or collects
information about that individual during an investigation or from a
third party. Should the subsection be so interpreted, exemption from
this provision is necessary to avoid impeding counterterrorism or
law enforcement efforts by putting the subject of an investigation,
study or analysis on notice of that fact, thereby permitting the
subject to engage in conduct intended to frustrate or impede that
activity.
(g) From subsections (e)(4)(G), (H) and (I) (Agency
Requirements) because portions of this system are exempt from the
access and amendment provisions of subsection (d).
(h) From subsection (e)(5) (Collection of Information) because
many of the records in this system coming from other system of
records are derived from other domestic and foreign agency record
systems and therefore it is not possible for DHS to vouch for their
compliance with this provision; however, the DHS has implemented
internal quality assurance procedures to ensure that data used in
its screening processes is as complete, accurate, and current as
possible. In addition, in the collection of information for law
enforcement and counterterrorism purposes, it is impossible to
determine in advance what information is accurate, relevant, timely,
and complete. With the passage of time, seemingly irrelevant or
untimely information may acquire new significance as further
investigation brings new details to light. The restrictions imposed
by (e)(5) would limit the ability of those agencies' trained
investigators and intelligence analysts to exercise their judgment
in conducting investigations and impede the development of
intelligence necessary for effective law enforcement and
counterterrorism efforts.
(i) From subsection (e)(8) (Notice on Individuals) because to
require individual notice of disclosure of information due to
compulsory legal process would pose an impossible administrative
burden on DHS and other agencies and could alert the subjects of
counterterrorism or law enforcement investigations to the fact of
those investigations when not previously known.
(j) From subsection (f) (Agency Rules) because portions of this
system are exempt from the access and amendment provisions of
subsection (d). Access to, and amendment of, system records that are
not exempt or for which exemption is waived may be obtained under
procedures described in the related SORN or Subpart B of this Part.
(k) From subsection (g) (Civil Remedies) to the extent that the
system is exempt from other specific subsections of the Privacy Act.
Dated: July 31, 2007
Hugo Teufel III,
Chief Privacy Officer.
[FR Doc. E7-15198 Filed 8-3-07; 8:45 am]
BILLING CODE 4410-10-P