[Federal Register Volume 66, Number 14 (Monday, January 22, 2001)]
[Rules and Regulations]
[Pages 6470-6474]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 01-1616]
-----------------------------------------------------------------------
DEPARTMENT OF JUSTICE
28 CFR Part 25
[AG Order No. 2354-2001]; [FBI 105F]
RIN 1110-AA02
National Instant Criminal Background Check System Regulation
AGENCY: Federal Bureau of Investigation, Department of Justice.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The United States Department of Justice (``DOJ'' or ``the
Department'') is publishing a final rule amending the
[[Page 6471]]
DOJ regulation implementing the National Instant Criminal Background
Check System (``NICS'') pursuant to the Brady Handgun Violence
Prevention Act (``Brady Act''): to establish a reduced retention period
of 90 days for information relating to allowed firearm transfers in the
system transaction log of background check transactions (``NICS Audit
Log''), to clarify that only the FBI has direct access to the NICS
Audit Log, and to clarify that, in furtherance of the purpose of
auditing the use and performance of the NICS, the FBI may extract and
provide information from the NICS Audit Log to the Bureau of Alcohol,
Tobacco and Firearms (``ATF'') for use in ATF's inspections of Federal
Firearms Licensee (``FFL'') records, provided that ATF destroys the
NICS Audit Log information about allowed firearm transfers within the
applicable retention period (unless discrepancies are found) and
maintains a written record certifying the destruction.
EFFECTIVE DATE: March 5, 2001.
FOR FURTHER INFORMATION CONTACT: Fanny Haslebacher, Attorney-Advisor,
Federal Bureau of Investigation, Module A-3, 1000 Custer Hollow Road,
Clarksburg, West Virginia 26306-0147, (304) 625-2000.
SUPPLEMENTARY INFORMATION: This document finalizes the rule proposed in
the Federal Register on March 3, 1999, (64 FR 10262). The FBI accepted
comments on the proposed rule from interested parties until June 6,
1999, and slightly over 150 comments were received. With the exception
of two technical changes explained below, the proposed rule is adopted
as final.
Significant Comments or Changes
The Retention Period
Many of the comments asserted that the FBI was violating the
requirements of the Brady Act by keeping information about approved
firearm transfers for any period of time in the NICS Audit Log.
Commenters stated that, in their view, the Brady Act requires immediate
destruction of identifying information about individuals who have been
approved for the transfer of a firearm. Commenters also asserted that
the retention of information about approved firearm transfers in the
NICS Audit Log constituted a firearms registry in violation of section
103(i) of the Brady Act. Some commenters labeled the NICS Audit Log a
``back door'' registration system or a de facto registry and expressed
concern that such a ``registry'' could lead to future gun
confiscations.
The Department of Justice received and considered similar comments
when promulgating the final NICS regulation that established the
current retention period of six months for information in the NICS
Audit Log about approved firearm transfers. The discussion accompanying
the final rule provided the following explanation of the Department's
construction of the Brady Act as it relates to the record destruction
requirement and the question of whether the NICS Audit Log constitutes
a firearms registry:
The FBI will not establish a federal firearms registry. The FBI
is expressly barred from doing so by section 103(i) of the Brady
Act. In order to meet her responsibility to maintain the integrity
of Department systems, however, the Attorney General must establish
an adequate system of oversight and review. Consequently, the FBI
has proposed to retain records of approved transactions in an audit
log for a limited period of time solely for the purpose of
satisfying the statutory requirement of ensuring the privacy and
security of the NICS and the proper operation of the system.
Although the Brady Act mandates the destruction of all personally
identified information in the NICS associated with approved firearms
transactions (other than the identifying number and the date the
number was assigned), the statute does not specify a period of time
within which records of approvals must be destroyed. The Department
attempted to balance various interests involved and comply with both
statutory requirements by retaining such records in the NICS Audit
Log for a limited, but sufficient, period of time to conduct audits
of the NICS.
63 FR 58304.
The United States Court of Appeals for the District of Columbia
Circuit recently held that the Attorney General reasonably interpreted
the Brady Act to permit the temporary retention of certain information
regarding NICS background checks for purposes of auditing the NICS. The
court held that the six-month retention period was reasonable. National
Rifle Ass'n of America, Inc. v. Reno, 216 F.3d 122 (D.C. Cir. 2000),
rehearing denied (Oct. 26, 2000).
The temporarily retained information on approved firearm transfers
is used only for purposes related to discovering misuse or avoidance of
the system or ensuring the proper operation of the system: e.g. (1)
comparing system records of a transaction with FFL records of the same
transaction in order to detect cases where discrepancies in personal
identifying information or missing records may reveal either (a)
unauthorized NICS checks or (b) the submission of inaccurate
information to the NICS for the purpose of avoiding a background check
on the person to whom the gun is transferred; (2) reviewing system
records in response to allegations of system misuse; (3) performing
internal employee audits to monitor employee performance and adherence
to established procedures; (4) evaluating system performance,
identifying and resolving operational problems, and generating
statistical reports; and (5) assisting in the resolution of appeals of
NICS denials. Many of these system audits would not be possible with
just the NICS Transaction Number and the date on which it was issued.
A number of comments incorrectly interpreted the proposed rule as
intending to allow the FBI and/or ATF to regularly conduct continued
scrutiny or ``audits'' of persons who have been approved for purchase
of a firearm. It is true that, if during the course of any authorized
system activity it is determined that a purchaser who should have been
denied was given a proceed or a purchaser who should have been given a
proceed was denied, the FBI will attempt to remedy the error. In the
case of someone who was approved for a transfer who should have been
denied, the NICS will notify the FFL of the error. If the NICS is
informed that the firearm was transferred, the NICS will notify ATF.
However, other than in conjunction with activities which are linked to
discovering misuse or avoidance of the system or ensuring the proper
operation of the system, proceed transactions are not subjected to
continued scrutiny.
Some comments doubted the ability of the audits to prevent abuses
or halt illegal or falsified transfers of firearms. The Department
believes that examination of FFL records in conjunction with
statistical reports (i.e., the number of approved and disapproved
transactions for a particular time period) combined with information in
the NICS Audit Log about the background checks may reveal misuse of the
system or improper record keeping practices when, for instance, (1) the
FFL has requested more background checks than indicated by the number
of ATF Firearm Transaction Record Form 4473s (``4473s'') on file, (2)
the FFL has requested fewer background checks than the number of 4473s
on file, or (3) personal information recorded on the 4473s is
significantly different from the information provided in the NICS
background checks.
One comment suggested that the vast majority of FFLs are honest and
would not abuse the system, and that if an FFL were to intentionally
submit false information to the system, he or she would not record
different information on the 4473 that would allow for the discovery of
the discrepancy. While this scenario is possible, it is also possible,
for example, that the information
[[Page 6472]]
recorded on the 4473 may in fact be different from the information
provided to the system, or that there may be fewer 4473s than NICS
checks that have been requested by the FFL. The latter scenarios would
reveal possible system misuse. The Department believes that it is
essential to retain approval information temporarily to allow for the
possibility of discovering such abuses. At a minimum, allowing for the
possibility of audits should have a deterrent effect on FFLs who might
otherwise consider abusing the system. If approval information were
destroyed immediately, the NICS would have to rely completely on the
``honor system'' without any means to determine whether FFLs or FFL
employees submit accurate identifying information about prospective
purchasers to the NICS. If approval information were destroyed
immediately, there would be no safeguards against the submission of
false information to the NICS for the purpose of avoiding Brady
background checks or doing unauthorized checks. While most FFLs and
their employees are honest and conscientious, even one instance of gun
violence that results from an unlawful firearm transfer allowed by
uncheckable and undeterred system abuse can have a devastating impact
on the lives of individual victims and communities. The Brady Act's
purpose is to prevent gun violence resulting from unlawful firearm
transfers. The temporary retention of information about allowed firearm
transfers is meant to advance this statutory purpose, as well as the
statutory obligation to protect the privacy and security of the
information of the system.
A number of comments asked how the privacy interests of individuals
approved for a firearm transfer have been accounted for in the rule.
Those interests have been addressed in the rule first by reducing the
retention period for information about allowed transfers to the
shortest practicable period of time that will allow audits. The
numerous comments received expressing concern about the privacy of
individuals purchasing guns is the reason the original proposal of an
18-month retention period was first reduced to six months, and now has
been reduced to 90 days, even though a longer retention period would
increase the FBI's ability to detect and deter misuse of the system. In
fact, the 90-day period has been adopted notwithstanding comments from
two law enforcement representatives and the FBI's Criminal Justice
Information Services (CJIS) Advisory Policy Board (an advisory
committee made up of representatives of various government agencies
involved in the criminal justice process which provides advice to the
Director of the FBI on the management of criminal justice information
systems operated by the FBI's CJIS Division) that recommended
increasing the temporary retention of approved transactions from six
months to one year.
The privacy interests of individuals approved for a firearm
transfer have also been accounted for in the rule by the limitation on
direct access to information about allowed transfers. As stated in the
amended Sec. 25.9(b)(2) of the regulation, the temporarily retained
``[i]nformation in the NICS Audit Log pertaining to allowed transfers
may be accessed directly only by the FBI for the purpose of conducting
audits of the use and performance of the NICS.'' Limiting direct access
to allowed transfers in the NICS Audit log to the FBI ensures
controlled access to the information so that it is used only for the
authorized purposes discussed above.
Individual privacy interests are also protected through compliance
by the NICS with the Privacy Act of 1974. The Privacy Act regulates the
collection, maintenance, use and dissemination of personal information
by federal government agencies. A Privacy Act notice has been published
for the NICS system (63 FR 65223) (November 25, 1998) which explains
the system's purpose, routine uses, and policies and practices for
storing, retrieving, accessing, retaining, and disposing of records in
the system. As stated in the NICS Privacy Act notice, ``The NICS
regulations are to be read together with the NICS system notice.'' (63
FR 65224.) Thus, for example, Routine Use ``C'' provides for further
coordination among law enforcement agencies for the purposes of
investigating, prosecuting, and/or enforcing violations of criminal or
civil law or regulation that may come to light during NICS operations.
This portion of the routine use notice, read together with the NICS
regulations, makes it clear that only the FBI has direct access to
allowed transactions in the NICS Audit Log for purposes of conducting
audits of the use and performance of the NICS, and that, if any record
is found during this activity that indicates, either on its face or in
conjunction with other information, a violation or potential violation
of law, that record may be disclosed to the agency responsible for
investigating the matter. By limiting direct access to information
concerning allowed transfers to the FBI, and by limiting dissemination
of information pursuant to published routine uses, the Department
believes that it has struck the appropriate balance between protecting
the personal privacy of individuals in the system and ensuring the
proper and authorized operation of the system.
Several comments expressed concern that the information about
allowed firearm transfers in the NICS Audit Log could fall into the
hands of thieves who could target the homes of gun owners. The security
measures used by the FBI at its computer facilities exceed industry
standards to prevent either unauthorized destruction or theft of
information. It is extremely unlikely that FBI firearm transaction
records could be accessed or obtained by unauthorized individuals or
entities.
Finally, one comment observed that if the NICS used technology that
sent an encrypted ``digital signature'' of the information received by
the system about prospective firearm purchasers back to the FFL, the
goal of having such information available to audit the system could be
achieved without any retention of the identifying information about
approved purchasers by the FBI. In such a case, the FBI could destroy
the information immediately and then simply provide to ATF the ``key''
that would unlock the encrypted information retained by the FFLs for
use when ATF performed its FFL inspections. The Department believes
that this approach is not currently feasible since its implementation
would require an electronic interface with the system on the part of
all FFLs. Although the FBI is working toward providing electronic
access to the NICS by FFLs, such access has not yet been established,
and, even when available, only FFLs with the appropriate computer
equipment will be able to take advantage of the electronic link to
NICS. In addition, the Brady Act requires that the system must, at a
minimum, provide FFLs with telephone access to the NICS. It would not
be easy or reliable to transmit digital signature information to FFLs
over the telephone. Thus, while on its face this approach to the record
retention and audit issues may have some appeal, there are technical
and legal hurdles that do not make it feasible to pursue such an
approach at this time. In addition, while such an approach would make
record retention by the FBI unnecessary for FFL audits, it would not
eliminate the need for some temporary retention of information about
approved transfers to accomplish internal audits and to enable system
troubleshooting.
[[Page 6473]]
Providing NICS Audit Log Information to ATF
Many of the comments dealt with the proposed provision allowing the
FBI to share data with ATF for the purpose of comparing background
check data received by the FBI with information recorded on the
corresponding Form 4473 on file with an FFL. The commenters stated that
the Brady Act requires immediate destruction of such records, thus
making them unavailable for sharing; they also stated that the keeping
and sharing of information about allowed firearms transfers constitutes
a firearms registry. For the reasons cited above, the Department does
not believe that the Brady Act requires immediate destruction of these
records or that the temporary retention of NICS transaction information
for the limited purpose of auditing use and performance of the system
constitutes a firearms registry.
Several comments also stated that section 103(i)(1) of the Brady
Act specifically prohibits transferring these records to ATF. Section
103(i)(1) provides that Federal officials may not ``require that any
record or portion thereof generated by the system established under
[the Brady Act] be recorded at or transferred to a facility owned,
managed, or controlled by the United States or any State or political
subdivision thereof.'' The Department believes, however, that section
103(i), which is entitled ``Prohibition Relating to Establishment of
Registration Systems With Respect to Firearms,'' is intended only to
prevent the establishment of a firearms registry and to prevent the
government from requiring third parties outside the government from
recording information about firearm transactions at a government
facility. See National Rifle Ass'n v. Reno, 216 F.3d at 131. Therefore,
since neither the NICS Audit Log itself nor the proposed provision of
information to ATF for use in its inspections of FFLs (together with
the proviso that ATF destroy the information about allowed transfers
within the 90-day retention period) operates as or otherwise
establishes a firearms registry, the sharing of such information with
ATF does not violate section 103(i)(1).
Finally, some comments expressed the belief that the transfer of
information from the NICS Audit Log to ATF also violates the Firearm
Owners' Protection Act (FOPA), as codified in 18 U.S.C. 926(a). Section
926(a) provides, in relevant part, that regulations implementing the
Gun Control Act promulgated by the Secretary of the Treasury after
enactment of FOPA may not require that records that must be maintained
by an FFL be recorded at or transferred to a government facility. Since
these regulations are promulgated by the Department of Justice pursuant
to the Brady Act, and since the NICS Audit Log information that will be
provided to ATF consists of NICS system records, not records of an FFL,
section 926(a) does not apply to the regulation adopted here.
Technical and Editorial Changes
When the Retention Period Begins To Run
The Department did not adopt the change we proposed in section
25.9(b)(1) of the NICS regulation to provide that the retention period
begins to run on ``the day after the NICS check is received,'' instead
of the day the ``transfer is allowed.'' The intention of this proposed
change was to provide a uniform date from which to begin the retention
period. It was noted by NICS Operations Center staff, however, that
beginning the retention period on the day after the NICS check was
received would complicate the processing of appeals that result in the
reversal of a NICS denial in cases where the reversal occurs more than
90 days after the request for the NICS check was received. Under the
NICS appeals process, the system gives the successful appellant a form
certifying to the FFL that the system has changed the NICS
determination from ``denied'' to ``allowed.'' When presented with the
certificate, the FFL must contact the system to confirm the ``allowed''
determination. The system would not be able to provide such
confirmation unless the record of the ``allowed'' determination is
retained for a reasonable period after the transaction is allowed. For
this reason, the provision in Sec. 25.9(b)(1) of the regulation
providing that the retention period begins running from the date the
transfer is allowed is being left unchanged.
Syntactical Change
A syntactical change was made to clarify the following sentence in
the proposed rule: ``Information in the NICS Audit Log pertaining to
allowed transfers may only be directly accessed by the FBI for the
purpose of conducting audits of the use and performance of the NICS.''
In the final rule, the sentence reads as follows: ``Information in the
NICS Audit Log pertaining to allowed transfers may be accessed directly
only by the FBI for the purpose of conducting audits of the use and
performance of the NICS.'' This change was made to better convey the
intended meaning of the proposed language, i.e., that only the FBI has
direct access to the NICS Audit Log.
Applicable Administrative Procedures and Executive Orders
Regulatory Flexibility Analysis
The Attorney General, in accordance with the Regulatory Flexibility
Act (5 U.S.C. 605(b)), has reviewed this final regulation and by
approving it certifies that this regulation will not have a significant
economic impact on a substantial number of small entities. While many
FFLs are small businesses, they are not subject to any additional
burdens by the plan adopted to audit their use of the NICS. In
addition, the rule will not have any impact on an FFL's ability to
contact the NICS, nor will it result in any delay in receiving
responses from the NICS.
Executive Order 12866
The Department of Justice has completed its examination of this
final rule in light of Executive Order 12866, section 1(b), Principles
of Regulation. The Department of Justice has determined that this rule
is a ``significant regulatory action'' under section 3(f) of Executive
Order 12866, and thus it has been reviewed by the Office of Management
and Budget (OMB).
Executive Order 13132
This final rule will not have a substantial direct effect on the
states, on the relationship between the national government and the
states, or on the distribution of power and responsibilities among the
various levels of government. Therefore, in accordance with Executive
Order 12612, it is determined that this rule does not have sufficient
federalism implications to warrant the preparation of a Federalism
Assessment.
Unfunded Mandates Reform Act
This final rule will not result in the expenditure by state, local,
and tribal governments, in the aggregate, or by the private sector, of
$100,000,000 or more in any one year, and it will not significantly or
uniquely affect small governments. Therefore, no actions were deemed
necessary under the provisions of the Unfunded Mandates Reform Act of
1995.
Small Business Regulatory Enforcement Fairness Act of 1996
This final rule is not a major rule as defined by the Small
Business Regulatory Enforcement Fairness Act of 1996. 5 U.S.C. 804.
This rule will not
[[Page 6474]]
result in an annual effect on the economy of $100,000,000 or more, a
major increase in costs or prices, or have significant adverse effects
on competition, employment, investment, productivity, innovation, or on
the ability of United States-based companies to compete with foreign-
based companies in domestic and export markets.
Paperwork Reduction Act of 1995
The collection of information for NICS previously was approved by
OMB and issued OMB control numbers 1110-0026, 1512-0129, and 1512-0130.
List of Subjects in 28 CFR Part 25
Administrative practice and procedure, Business and industry,
Computer technology, Courts, Firearms, Law enforcement officers,
Penalties, Privacy, Reporting and record keeping requirements, Security
measures, Telecommunications.
Accordingly, part 25 of title 28 of the Code of Federal Regulations
is amended as follows:
PART 25--DEPARTMENT OF JUSTICE INFORMATION SYSTEMS
1. The authority citation for Part 25 continues to read as follows:
Authority: Pub. L. 103-159, 107 Stat. 1536.
Subpart A--The National Instant Criminal Background Check System
Sec. 25.9 [Amended]
2. In Sec. 25.9, paragraph (b) is revised to read as follows:
* * * * *
(b) The FBI will maintain an automated NICS Audit Log of all
incoming and outgoing transactions that pass through the system.
(1) The NICS Audit Log will record the following information: type
of transaction (inquiry or response), line number, time, date of
inquiry, header, message key, ORI, and inquiry/response data (including
the name and other identifying information about the prospective
transferee and the NTN). In cases of allowed transfers, all information
in the NICS Audit Log related to the person or the transfer, other than
the NTN assigned to the transfer and the date the number was assigned,
will be destroyed after not more than 90 days after the transfer is
allowed. NICS Audit Log records relating to denials will be retained
for 10 years, after which time they will be transferred to a Federal
Records Center for storage. The NICS will not be used to establish any
system for the registration of firearms, firearm owners, or firearm
transactions or dispositions, except with respect to persons prohibited
from receiving a firearm by 18 U.S.C. 922 (g) or (n) or by state law.
(2) The NICS Audit Log will be used to analyze system performance,
assist users in resolving operational problems, support the appeals
process, or support audits of the use of the system. Searches may be
conducted on the Audit Log by time frame, i.e., by day or month, or by
a particular state or agency. Information in the NICS Audit Log
pertaining to allowed transfers may be accessed directly only by the
FBI for the purpose of conducting audits of the use and performance of
the NICS. Permissible uses include extracting and providing information
from the NICS Audit Log to ATF in connection with ATF's inspections of
FFL records, provided that ATF destroys the information about allowed
transfers within the retention period for such information set forth in
paragraph (b)(1) of this section and maintains a written record
certifying the destruction. Such information, however, may be retained
as long as needed to pursue cases of identified misuse of the system.
The NICS, including the NICS Audit Log, may not be used by any
Department, agency, officer, or employee of the United States to
establish any system for the registration of firearms, firearm owners,
or firearm transactions or dispositions. The NICS Audit Log will be
monitored and reviewed on a regular basis to detect any possible misuse
of the NICS data.
* * * * *
Dated: January 12, 2001.
Janet Reno,
Attorney General.
[FR Doc. 01-1616 Filed 1-19-01; 8:45 am]
BILLING CODE 4410-06-U