[Federal Register Volume 63, Number 250 (Wednesday, December 30, 1998)]
[Rules and Regulations]
[Pages 71752-71753]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-34547]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF JUSTICE

28 CFR Part 23

[OJP(BJA)-1177B]
RIN 1121-ZB40


Criminal Intelligence Sharing Systems; Policy Clarification

AGENCY: Bureau of Justice Assistance (BJA), Office of Justice Programs 
(OJP), Justice.

ACTION: Clarification of policy.

-----------------------------------------------------------------------

SUMMARY: The current policy governing the entry of identifying 
information into criminal intelligence sharing systems requires 
clarification. This policy clarification is to make clear that the 
entry of individuals, entities and organizations, and locations that do 
not otherwise meet the requirements of reasonable suspicion is 
appropriate when it is done solely for the purposes of criminal 
identification or is germane to the criminal subject's criminal 
activity. Further, the definition of ``criminal intelligence system'' 
is clarified.

EFFECTIVE DATE: This clarification is effective December 30, 1998.

FOR FURTHER INFORMATION CONTACT: Paul Kendall, General Counsel, Office 
of Justice Programs, 810 7th Street N.W., Washington, D.C. 20531, (202) 
307-6235.

SUPPLEMENTARY INFORMATION:
    The operation of criminal intelligence information systems is 
governed by 28 CFR Part 23. This regulation was written to both protect 
the privacy rights of individuals and to encourage and expedite the 
exchange of criminal intelligence information between and among law 
enforcement agencies of different jurisdictions. Frequent 
interpretations of the regulation, in the form of policy guidance and 
correspondence, have been the primary method of ensuring that advances 
in technology did not hamper its effectiveness.

Comments

    The clarification was opened to public comment. Comments expressing 
unreserved support for the clarification were received from two 
Regional Intelligence Sharing Systems (RISS) and five states. A comment 
from the Chairperson of a RISS, relating to the use of identifying 
information to begin new investigations, has been incorporated. A 
single negative comment was received, but was not addressed to the 
subject of this clarification.

Use of Identifying Information

    28 CFR 23.3(b)(3) states that criminal intelligence information 
that can be put into a criminal intelligence sharing system is 
``information relevant to the identification of and the criminal 
activity engaged in by an individual who or organization which is 
reasonably suspected of involvement in criminal activity, and * * * 
[m]eets criminal intelligence system submission criteria.'' Further, 28 
CFR 23.20(a) states that a system shall only collect information on an 
individual if ``there is reasonable suspicion that the individual is 
involved in criminal conduct or activity and the information is 
relevant to that criminal conduct or activity.'' 28 CFR 23.20(b) 
extends that limitation to

[[Page 71753]]

collecting information on groups and corporate entities.
    In an effort to protect individuals and organizations from the 
possible taint of having their names in intelligence systems (as 
defined at 28 C.F.R. Sec. 23.3(b)(1)), the Office of Justice Programs 
has previously interpreted this section to allow information to be 
placed in a system only if that information independently meets the 
requirements of the regulation. Information that might be vital to 
identifying potential criminals, such as favored locations and 
companions, or names of family members, has been excluded from the 
systems. This policy has hampered the effectiveness of many criminal 
intelligence sharing systems.
    Given the swiftly changing nature of modern technology and the 
expansion of the size and complexity of criminal organizations, the 
Bureau of Justice Assistance (BJA) has determined that it is necessary 
to clarify this element of 28 CFR Part 23. Many criminal intelligence 
databases are now employing ``Comment'' or ``Modus Operandi'' fields 
whose value would be greatly enhanced by the ability to store more 
detailed and wide-ranging identifying information. This may include 
names and limited data about people and organizations that are not 
suspected of any criminal activity or involvement, but merely aid in 
the identification and investigation of a criminal suspect who 
independently satisfies the reasonable suspicion standard.
    Therefore, BJA issues the following clarification to the rules 
applying to the use of identifying information. Information that is 
relevant to the identification of a criminal suspect or to the criminal 
activity in which the suspect is engaged may be placed in a criminal 
intelligence database, provided that (1) appropriate disclaimers 
accompany the information noting that is strictly identifying 
information, carrying no criminal connotations; (2) identifying 
information may not be used as an independent basis to meet the 
requirement of reasonable suspicion of involvement in criminal activity 
necessary to create a record or file in a criminal intelligence system; 
and (3) the individual who is the criminal suspect identified by this 
information otherwise meets all requirements of 28 CFR Part 23. This 
information may be a searchable field in the intelligence system.
    For example: A person reasonably suspected of being a drug dealer 
is known to conduct his criminal activities at the fictional 
``Northwest Market.'' An agency may wish to note this information in a 
criminal intelligence database, as it may be important to future 
identification of the suspect. Under the previous interpretation of the 
regulation, the entry of ``Northwest Market'' would not be permitted, 
because there was no reasonable suspicion that the ``Northwest Market'' 
was a criminal organization. Given the current clarification of the 
regulation, this will be permissible, provided that the information 
regarding the ``Northwest Market'' was clearly noted to be non-criminal 
in nature. For example, the data field in which ``Northwest Market'' 
was entered could be marked ``Non-Criminal Identifying Information,'' 
or the words ``Northwest Market'' could be followed by a parenthetical 
comment such as ``This organization has been entered into the system 
for identification purposes only--it is not suspected of any criminal 
activity or involvement.'' A criminal intelligence system record or 
file could not be created for ``Northwest Market'' solely on the basis 
of information provided, for example, in a comment field on the 
suspected drug dealer. Independent information would have to be 
obtained as a basis for the opening of a new criminal intelligence file 
or record based on reasonable suspicion on ``Northwest Market.'' 
Further, the fact that other individuals frequent ``Northwest Market'' 
would not necessarily establish reasonable suspicion for those other 
individuals, as it relates to criminal intelligence systems.

The Definition of a ``Criminal Intelligence System''

    The definition of a ``criminal intelligence system'' is given in 28 
CFR 23.3(b)(1) as the ``arrangements, equipment, facilities, and 
procedures used for the receipt, storage, interagency exchange or 
dissemination, and analysis of criminal intelligence information * * * 
.'' Given the fact that cross-database searching techniques are now 
common-place, and given the fact that multiple databases may be 
contained on the same computer system, BJA has determined that this 
definition needs clarification, specifically to differentiate between 
criminal intelligence systems and non-intelligence systems.
    The comments to the 1993 revision of 28 CFR Part 23 noted that 
``[t]he term `intelligence system' is redefined to clarify the fact 
that historical telephone toll files, analytical information, and work 
products that are not either retained, stored, or exchanged and 
criminal history record information or identification (fingerprint) 
systems are excluded from the definition, and hence are not covered by 
the regulation * * * .'' 58 FR 48448-48449 (Sept. 16, 1993.) The 
comments further noted that materials that ``may assist an agency to 
produce investigative or other information for an intelligence system * 
* *'' do not necessarily fall under the regulation. Id.
    The above rationale for the exclusion of non-intelligence 
information sources from the definition of ``criminal intelligence 
system,'' suggests now that, given the availability of more modern non-
intelligence information sources such as the Internet, newspapers, 
motor vehicle administration records, and other public record 
information on-line, such sources shall not be considered part of 
criminal intelligence systems, and shall not be covered by this 
regulation, even if criminal intelligence systems access such sources 
during searches on criminal suspects. Therefore, criminal intelligence 
systems may conduct searches across the spectrum of non-intelligence 
systems without those systems being brought under 28 CFR Part 23. There 
is also no limitation on such non-intelligence information being stored 
on the same computer system as criminal intelligence information, 
provided that sufficient precautions are in place to separate the two 
types of information and to make it clear to operators and users of the 
information that two different types of information are being accessed. 
Such precautions should be consistent with the above clarification of 
the rule governing the use of identifying information. This could be 
accomplished, for example, through the use of multiple windows, 
differing colors of data or clear labeling of the nature of information 
displayed.
    Additional guidelines will be issued to provide details of the 
above clarifications as needed.

    Dated: December 22, 1998.
Nancy Gist,
Director, Bureau of Justice Assistance.
[FR Doc. 98-34547 Filed 12-29-98; 8:45 am]
BILLING CODE 4410-18-P