[Federal Register Volume 66, Number 14 (Monday, January 22, 2001)]
[Rules and Regulations]
[Pages 6470-6474]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 01-1616]


-----------------------------------------------------------------------

DEPARTMENT OF JUSTICE

28 CFR Part 25

[AG Order No. 2354-2001]; [FBI 105F]
RIN 1110-AA02


National Instant Criminal Background Check System Regulation

AGENCY: Federal Bureau of Investigation, Department of Justice.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The United States Department of Justice (``DOJ'' or ``the 
Department'') is publishing a final rule amending the

[[Page 6471]]

DOJ regulation implementing the National Instant Criminal Background 
Check System (``NICS'') pursuant to the Brady Handgun Violence 
Prevention Act (``Brady Act''): to establish a reduced retention period 
of 90 days for information relating to allowed firearm transfers in the 
system transaction log of background check transactions (``NICS Audit 
Log''), to clarify that only the FBI has direct access to the NICS 
Audit Log, and to clarify that, in furtherance of the purpose of 
auditing the use and performance of the NICS, the FBI may extract and 
provide information from the NICS Audit Log to the Bureau of Alcohol, 
Tobacco and Firearms (``ATF'') for use in ATF's inspections of Federal 
Firearms Licensee (``FFL'') records, provided that ATF destroys the 
NICS Audit Log information about allowed firearm transfers within the 
applicable retention period (unless discrepancies are found) and 
maintains a written record certifying the destruction.

EFFECTIVE DATE: March 5, 2001.

FOR FURTHER INFORMATION CONTACT: Fanny Haslebacher, Attorney-Advisor, 
Federal Bureau of Investigation, Module A-3, 1000 Custer Hollow Road, 
Clarksburg, West Virginia 26306-0147, (304) 625-2000.

SUPPLEMENTARY INFORMATION: This document finalizes the rule proposed in 
the Federal Register on March 3, 1999, (64 FR 10262). The FBI accepted 
comments on the proposed rule from interested parties until June 6, 
1999, and slightly over 150 comments were received. With the exception 
of two technical changes explained below, the proposed rule is adopted 
as final.

Significant Comments or Changes

The Retention Period

    Many of the comments asserted that the FBI was violating the 
requirements of the Brady Act by keeping information about approved 
firearm transfers for any period of time in the NICS Audit Log. 
Commenters stated that, in their view, the Brady Act requires immediate 
destruction of identifying information about individuals who have been 
approved for the transfer of a firearm. Commenters also asserted that 
the retention of information about approved firearm transfers in the 
NICS Audit Log constituted a firearms registry in violation of section 
103(i) of the Brady Act. Some commenters labeled the NICS Audit Log a 
``back door'' registration system or a de facto registry and expressed 
concern that such a ``registry'' could lead to future gun 
confiscations.
    The Department of Justice received and considered similar comments 
when promulgating the final NICS regulation that established the 
current retention period of six months for information in the NICS 
Audit Log about approved firearm transfers. The discussion accompanying 
the final rule provided the following explanation of the Department's 
construction of the Brady Act as it relates to the record destruction 
requirement and the question of whether the NICS Audit Log constitutes 
a firearms registry:

    The FBI will not establish a federal firearms registry. The FBI 
is expressly barred from doing so by section 103(i) of the Brady 
Act. In order to meet her responsibility to maintain the integrity 
of Department systems, however, the Attorney General must establish 
an adequate system of oversight and review. Consequently, the FBI 
has proposed to retain records of approved transactions in an audit 
log for a limited period of time solely for the purpose of 
satisfying the statutory requirement of ensuring the privacy and 
security of the NICS and the proper operation of the system. 
Although the Brady Act mandates the destruction of all personally 
identified information in the NICS associated with approved firearms 
transactions (other than the identifying number and the date the 
number was assigned), the statute does not specify a period of time 
within which records of approvals must be destroyed. The Department 
attempted to balance various interests involved and comply with both 
statutory requirements by retaining such records in the NICS Audit 
Log for a limited, but sufficient, period of time to conduct audits 
of the NICS.
63 FR 58304.

    The United States Court of Appeals for the District of Columbia 
Circuit recently held that the Attorney General reasonably interpreted 
the Brady Act to permit the temporary retention of certain information 
regarding NICS background checks for purposes of auditing the NICS. The 
court held that the six-month retention period was reasonable. National 
Rifle Ass'n of America, Inc. v. Reno, 216 F.3d 122 (D.C. Cir. 2000), 
rehearing denied (Oct. 26, 2000).
    The temporarily retained information on approved firearm transfers 
is used only for purposes related to discovering misuse or avoidance of 
the system or ensuring the proper operation of the system: e.g. (1) 
comparing system records of a transaction with FFL records of the same 
transaction in order to detect cases where discrepancies in personal 
identifying information or missing records may reveal either (a) 
unauthorized NICS checks or (b) the submission of inaccurate 
information to the NICS for the purpose of avoiding a background check 
on the person to whom the gun is transferred; (2) reviewing system 
records in response to allegations of system misuse; (3) performing 
internal employee audits to monitor employee performance and adherence 
to established procedures; (4) evaluating system performance, 
identifying and resolving operational problems, and generating 
statistical reports; and (5) assisting in the resolution of appeals of 
NICS denials. Many of these system audits would not be possible with 
just the NICS Transaction Number and the date on which it was issued.
    A number of comments incorrectly interpreted the proposed rule as 
intending to allow the FBI and/or ATF to regularly conduct continued 
scrutiny or ``audits'' of persons who have been approved for purchase 
of a firearm. It is true that, if during the course of any authorized 
system activity it is determined that a purchaser who should have been 
denied was given a proceed or a purchaser who should have been given a 
proceed was denied, the FBI will attempt to remedy the error. In the 
case of someone who was approved for a transfer who should have been 
denied, the NICS will notify the FFL of the error. If the NICS is 
informed that the firearm was transferred, the NICS will notify ATF. 
However, other than in conjunction with activities which are linked to 
discovering misuse or avoidance of the system or ensuring the proper 
operation of the system, proceed transactions are not subjected to 
continued scrutiny.
    Some comments doubted the ability of the audits to prevent abuses 
or halt illegal or falsified transfers of firearms. The Department 
believes that examination of FFL records in conjunction with 
statistical reports (i.e., the number of approved and disapproved 
transactions for a particular time period) combined with information in 
the NICS Audit Log about the background checks may reveal misuse of the 
system or improper record keeping practices when, for instance, (1) the 
FFL has requested more background checks than indicated by the number 
of ATF Firearm Transaction Record Form 4473s (``4473s'') on file, (2) 
the FFL has requested fewer background checks than the number of 4473s 
on file, or (3) personal information recorded on the 4473s is 
significantly different from the information provided in the NICS 
background checks.
    One comment suggested that the vast majority of FFLs are honest and 
would not abuse the system, and that if an FFL were to intentionally 
submit false information to the system, he or she would not record 
different information on the 4473 that would allow for the discovery of 
the discrepancy. While this scenario is possible, it is also possible, 
for example, that the information

[[Page 6472]]

recorded on the 4473 may in fact be different from the information 
provided to the system, or that there may be fewer 4473s than NICS 
checks that have been requested by the FFL. The latter scenarios would 
reveal possible system misuse. The Department believes that it is 
essential to retain approval information temporarily to allow for the 
possibility of discovering such abuses. At a minimum, allowing for the 
possibility of audits should have a deterrent effect on FFLs who might 
otherwise consider abusing the system. If approval information were 
destroyed immediately, the NICS would have to rely completely on the 
``honor system'' without any means to determine whether FFLs or FFL 
employees submit accurate identifying information about prospective 
purchasers to the NICS. If approval information were destroyed 
immediately, there would be no safeguards against the submission of 
false information to the NICS for the purpose of avoiding Brady 
background checks or doing unauthorized checks. While most FFLs and 
their employees are honest and conscientious, even one instance of gun 
violence that results from an unlawful firearm transfer allowed by 
uncheckable and undeterred system abuse can have a devastating impact 
on the lives of individual victims and communities. The Brady Act's 
purpose is to prevent gun violence resulting from unlawful firearm 
transfers. The temporary retention of information about allowed firearm 
transfers is meant to advance this statutory purpose, as well as the 
statutory obligation to protect the privacy and security of the 
information of the system.
    A number of comments asked how the privacy interests of individuals 
approved for a firearm transfer have been accounted for in the rule. 
Those interests have been addressed in the rule first by reducing the 
retention period for information about allowed transfers to the 
shortest practicable period of time that will allow audits. The 
numerous comments received expressing concern about the privacy of 
individuals purchasing guns is the reason the original proposal of an 
18-month retention period was first reduced to six months, and now has 
been reduced to 90 days, even though a longer retention period would 
increase the FBI's ability to detect and deter misuse of the system. In 
fact, the 90-day period has been adopted notwithstanding comments from 
two law enforcement representatives and the FBI's Criminal Justice 
Information Services (CJIS) Advisory Policy Board (an advisory 
committee made up of representatives of various government agencies 
involved in the criminal justice process which provides advice to the 
Director of the FBI on the management of criminal justice information 
systems operated by the FBI's CJIS Division) that recommended 
increasing the temporary retention of approved transactions from six 
months to one year.
    The privacy interests of individuals approved for a firearm 
transfer have also been accounted for in the rule by the limitation on 
direct access to information about allowed transfers. As stated in the 
amended Sec. 25.9(b)(2) of the regulation, the temporarily retained 
``[i]nformation in the NICS Audit Log pertaining to allowed transfers 
may be accessed directly only by the FBI for the purpose of conducting 
audits of the use and performance of the NICS.'' Limiting direct access 
to allowed transfers in the NICS Audit log to the FBI ensures 
controlled access to the information so that it is used only for the 
authorized purposes discussed above.
    Individual privacy interests are also protected through compliance 
by the NICS with the Privacy Act of 1974. The Privacy Act regulates the 
collection, maintenance, use and dissemination of personal information 
by federal government agencies. A Privacy Act notice has been published 
for the NICS system (63 FR 65223) (November 25, 1998) which explains 
the system's purpose, routine uses, and policies and practices for 
storing, retrieving, accessing, retaining, and disposing of records in 
the system. As stated in the NICS Privacy Act notice, ``The NICS 
regulations are to be read together with the NICS system notice.'' (63 
FR 65224.) Thus, for example, Routine Use ``C'' provides for further 
coordination among law enforcement agencies for the purposes of 
investigating, prosecuting, and/or enforcing violations of criminal or 
civil law or regulation that may come to light during NICS operations. 
This portion of the routine use notice, read together with the NICS 
regulations, makes it clear that only the FBI has direct access to 
allowed transactions in the NICS Audit Log for purposes of conducting 
audits of the use and performance of the NICS, and that, if any record 
is found during this activity that indicates, either on its face or in 
conjunction with other information, a violation or potential violation 
of law, that record may be disclosed to the agency responsible for 
investigating the matter. By limiting direct access to information 
concerning allowed transfers to the FBI, and by limiting dissemination 
of information pursuant to published routine uses, the Department 
believes that it has struck the appropriate balance between protecting 
the personal privacy of individuals in the system and ensuring the 
proper and authorized operation of the system.
    Several comments expressed concern that the information about 
allowed firearm transfers in the NICS Audit Log could fall into the 
hands of thieves who could target the homes of gun owners. The security 
measures used by the FBI at its computer facilities exceed industry 
standards to prevent either unauthorized destruction or theft of 
information. It is extremely unlikely that FBI firearm transaction 
records could be accessed or obtained by unauthorized individuals or 
entities.
    Finally, one comment observed that if the NICS used technology that 
sent an encrypted ``digital signature'' of the information received by 
the system about prospective firearm purchasers back to the FFL, the 
goal of having such information available to audit the system could be 
achieved without any retention of the identifying information about 
approved purchasers by the FBI. In such a case, the FBI could destroy 
the information immediately and then simply provide to ATF the ``key'' 
that would unlock the encrypted information retained by the FFLs for 
use when ATF performed its FFL inspections. The Department believes 
that this approach is not currently feasible since its implementation 
would require an electronic interface with the system on the part of 
all FFLs. Although the FBI is working toward providing electronic 
access to the NICS by FFLs, such access has not yet been established, 
and, even when available, only FFLs with the appropriate computer 
equipment will be able to take advantage of the electronic link to 
NICS. In addition, the Brady Act requires that the system must, at a 
minimum, provide FFLs with telephone access to the NICS. It would not 
be easy or reliable to transmit digital signature information to FFLs 
over the telephone. Thus, while on its face this approach to the record 
retention and audit issues may have some appeal, there are technical 
and legal hurdles that do not make it feasible to pursue such an 
approach at this time. In addition, while such an approach would make 
record retention by the FBI unnecessary for FFL audits, it would not 
eliminate the need for some temporary retention of information about 
approved transfers to accomplish internal audits and to enable system 
troubleshooting.

[[Page 6473]]

Providing NICS Audit Log Information to ATF

    Many of the comments dealt with the proposed provision allowing the 
FBI to share data with ATF for the purpose of comparing background 
check data received by the FBI with information recorded on the 
corresponding Form 4473 on file with an FFL. The commenters stated that 
the Brady Act requires immediate destruction of such records, thus 
making them unavailable for sharing; they also stated that the keeping 
and sharing of information about allowed firearms transfers constitutes 
a firearms registry. For the reasons cited above, the Department does 
not believe that the Brady Act requires immediate destruction of these 
records or that the temporary retention of NICS transaction information 
for the limited purpose of auditing use and performance of the system 
constitutes a firearms registry.
    Several comments also stated that section 103(i)(1) of the Brady 
Act specifically prohibits transferring these records to ATF. Section 
103(i)(1) provides that Federal officials may not ``require that any 
record or portion thereof generated by the system established under 
[the Brady Act] be recorded at or transferred to a facility owned, 
managed, or controlled by the United States or any State or political 
subdivision thereof.'' The Department believes, however, that section 
103(i), which is entitled ``Prohibition Relating to Establishment of 
Registration Systems With Respect to Firearms,'' is intended only to 
prevent the establishment of a firearms registry and to prevent the 
government from requiring third parties outside the government from 
recording information about firearm transactions at a government 
facility. See National Rifle Ass'n v. Reno, 216 F.3d at 131. Therefore, 
since neither the NICS Audit Log itself nor the proposed provision of 
information to ATF for use in its inspections of FFLs (together with 
the proviso that ATF destroy the information about allowed transfers 
within the 90-day retention period) operates as or otherwise 
establishes a firearms registry, the sharing of such information with 
ATF does not violate section 103(i)(1).
    Finally, some comments expressed the belief that the transfer of 
information from the NICS Audit Log to ATF also violates the Firearm 
Owners' Protection Act (FOPA), as codified in 18 U.S.C. 926(a). Section 
926(a) provides, in relevant part, that regulations implementing the 
Gun Control Act promulgated by the Secretary of the Treasury after 
enactment of FOPA may not require that records that must be maintained 
by an FFL be recorded at or transferred to a government facility. Since 
these regulations are promulgated by the Department of Justice pursuant 
to the Brady Act, and since the NICS Audit Log information that will be 
provided to ATF consists of NICS system records, not records of an FFL, 
section 926(a) does not apply to the regulation adopted here.

Technical and Editorial Changes

When the Retention Period Begins To Run
    The Department did not adopt the change we proposed in section 
25.9(b)(1) of the NICS regulation to provide that the retention period 
begins to run on ``the day after the NICS check is received,'' instead 
of the day the ``transfer is allowed.'' The intention of this proposed 
change was to provide a uniform date from which to begin the retention 
period. It was noted by NICS Operations Center staff, however, that 
beginning the retention period on the day after the NICS check was 
received would complicate the processing of appeals that result in the 
reversal of a NICS denial in cases where the reversal occurs more than 
90 days after the request for the NICS check was received. Under the 
NICS appeals process, the system gives the successful appellant a form 
certifying to the FFL that the system has changed the NICS 
determination from ``denied'' to ``allowed.'' When presented with the 
certificate, the FFL must contact the system to confirm the ``allowed'' 
determination. The system would not be able to provide such 
confirmation unless the record of the ``allowed'' determination is 
retained for a reasonable period after the transaction is allowed. For 
this reason, the provision in Sec. 25.9(b)(1) of the regulation 
providing that the retention period begins running from the date the 
transfer is allowed is being left unchanged.
Syntactical Change
    A syntactical change was made to clarify the following sentence in 
the proposed rule: ``Information in the NICS Audit Log pertaining to 
allowed transfers may only be directly accessed by the FBI for the 
purpose of conducting audits of the use and performance of the NICS.'' 
In the final rule, the sentence reads as follows: ``Information in the 
NICS Audit Log pertaining to allowed transfers may be accessed directly 
only by the FBI for the purpose of conducting audits of the use and 
performance of the NICS.'' This change was made to better convey the 
intended meaning of the proposed language, i.e., that only the FBI has 
direct access to the NICS Audit Log.

Applicable Administrative Procedures and Executive Orders

Regulatory Flexibility Analysis

    The Attorney General, in accordance with the Regulatory Flexibility 
Act (5 U.S.C. 605(b)), has reviewed this final regulation and by 
approving it certifies that this regulation will not have a significant 
economic impact on a substantial number of small entities. While many 
FFLs are small businesses, they are not subject to any additional 
burdens by the plan adopted to audit their use of the NICS. In 
addition, the rule will not have any impact on an FFL's ability to 
contact the NICS, nor will it result in any delay in receiving 
responses from the NICS.

Executive Order 12866

    The Department of Justice has completed its examination of this 
final rule in light of Executive Order 12866, section 1(b), Principles 
of Regulation. The Department of Justice has determined that this rule 
is a ``significant regulatory action'' under section 3(f) of Executive 
Order 12866, and thus it has been reviewed by the Office of Management 
and Budget (OMB).

Executive Order 13132

    This final rule will not have a substantial direct effect on the 
states, on the relationship between the national government and the 
states, or on the distribution of power and responsibilities among the 
various levels of government. Therefore, in accordance with Executive 
Order 12612, it is determined that this rule does not have sufficient 
federalism implications to warrant the preparation of a Federalism 
Assessment.

Unfunded Mandates Reform Act

    This final rule will not result in the expenditure by state, local, 
and tribal governments, in the aggregate, or by the private sector, of 
$100,000,000 or more in any one year, and it will not significantly or 
uniquely affect small governments. Therefore, no actions were deemed 
necessary under the provisions of the Unfunded Mandates Reform Act of 
1995.

Small Business Regulatory Enforcement Fairness Act of 1996

    This final rule is not a major rule as defined by the Small 
Business Regulatory Enforcement Fairness Act of 1996. 5 U.S.C. 804. 
This rule will not

[[Page 6474]]

result in an annual effect on the economy of $100,000,000 or more, a 
major increase in costs or prices, or have significant adverse effects 
on competition, employment, investment, productivity, innovation, or on 
the ability of United States-based companies to compete with foreign-
based companies in domestic and export markets.

Paperwork Reduction Act of 1995

    The collection of information for NICS previously was approved by 
OMB and issued OMB control numbers 1110-0026, 1512-0129, and 1512-0130.

List of Subjects in 28 CFR Part 25

    Administrative practice and procedure, Business and industry, 
Computer technology, Courts, Firearms, Law enforcement officers, 
Penalties, Privacy, Reporting and record keeping requirements, Security 
measures, Telecommunications.


    Accordingly, part 25 of title 28 of the Code of Federal Regulations 
is amended as follows:

PART 25--DEPARTMENT OF JUSTICE INFORMATION SYSTEMS

    1. The authority citation for Part 25 continues to read as follows:

    Authority: Pub. L. 103-159, 107 Stat. 1536.

Subpart A--The National Instant Criminal Background Check System


Sec. 25.9  [Amended]

    2. In Sec. 25.9, paragraph (b) is revised to read as follows:
* * * * *
    (b) The FBI will maintain an automated NICS Audit Log of all 
incoming and outgoing transactions that pass through the system.
    (1) The NICS Audit Log will record the following information: type 
of transaction (inquiry or response), line number, time, date of 
inquiry, header, message key, ORI, and inquiry/response data (including 
the name and other identifying information about the prospective 
transferee and the NTN). In cases of allowed transfers, all information 
in the NICS Audit Log related to the person or the transfer, other than 
the NTN assigned to the transfer and the date the number was assigned, 
will be destroyed after not more than 90 days after the transfer is 
allowed. NICS Audit Log records relating to denials will be retained 
for 10 years, after which time they will be transferred to a Federal 
Records Center for storage. The NICS will not be used to establish any 
system for the registration of firearms, firearm owners, or firearm 
transactions or dispositions, except with respect to persons prohibited 
from receiving a firearm by 18 U.S.C. 922 (g) or (n) or by state law.
    (2) The NICS Audit Log will be used to analyze system performance, 
assist users in resolving operational problems, support the appeals 
process, or support audits of the use of the system. Searches may be 
conducted on the Audit Log by time frame, i.e., by day or month, or by 
a particular state or agency. Information in the NICS Audit Log 
pertaining to allowed transfers may be accessed directly only by the 
FBI for the purpose of conducting audits of the use and performance of 
the NICS. Permissible uses include extracting and providing information 
from the NICS Audit Log to ATF in connection with ATF's inspections of 
FFL records, provided that ATF destroys the information about allowed 
transfers within the retention period for such information set forth in 
paragraph (b)(1) of this section and maintains a written record 
certifying the destruction. Such information, however, may be retained 
as long as needed to pursue cases of identified misuse of the system. 
The NICS, including the NICS Audit Log, may not be used by any 
Department, agency, officer, or employee of the United States to 
establish any system for the registration of firearms, firearm owners, 
or firearm transactions or dispositions. The NICS Audit Log will be 
monitored and reviewed on a regular basis to detect any possible misuse 
of the NICS data.
* * * * *

    Dated: January 12, 2001.
Janet Reno,
Attorney General.
[FR Doc. 01-1616 Filed 1-19-01; 8:45 am]
BILLING CODE 4410-06-U