[Federal Register Volume 67, Number 88 (Tuesday, May 7, 2002)]
[Notices]
[Pages 30757-30759]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 02-10943]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Office of the Secretary


Privacy Act of 1974: System of Records

AGENCY: Office of the Secretary, DOT.

ACTION: Notice to establish a system of records.

-----------------------------------------------------------------------

SUMMARY: DOT proposes to establish a new system of records under the 
Privacy Act of 1974.

EFFECTIVE DATE: June 17, 2002. If no comments are received, the 
proposal will become effective on the above date. If comments are 
received, the comments will be considered and, where adopted, the 
documents will be republished with changes.

ADDRESSES: Address all comments concerning this notice to Yvonne L. 
Coates, Department of Transportation, Office of the Secretary, 400 7th 
Street, SW., Washington, DC 20590, (202) 366-6964 (telephone).

FOR FURTHER INFORMATION CONTACT: Yvonne L. Coates, Department of 
Transportation, Office of the Secretary, 400 7th Street, SW., 
Washington, DC 20590, (202) 366-6964 (telephone), (202) 366-7024 (fax) 
[email protected] (Internet address).

SUPPLEMENTARY INFORMATION: The Department of Transportation system of 
records notices subject to the Privacy Act of 1974 (5 U.S.C. 552a), as 
amended, have been published in the Federal Register and are available 
from the above mentioned address.

[[Page 30758]]

DOT/ALL 13

System Name:
    Internet/Intranet Activity and Access Records.

Security Classification:
    Unclassified, sensitive.

System Location:
    The system is located in the Department of Transportation. These 
offices are located within the Office of the Secretary (OST), Federal 
Aviation Administration (FAA), the United States Coast Guard (USCG), 
the Research and Special Programs Administration (RSPA), the Federal 
Highway Safety Administration (FHWA), Federal Motor Carrier Safety 
Administration (FMCSA), the National Highway Safety Administration 
(NHTSA), the Federal Transit Administration (FTA), the Maritime 
Administration (MARAD), the Federal Railroad Administration (FRA), the 
Bureau of Transportation Statistics (BTS), the St. Lawrence Seaway 
Development Corporation (SLSDC), Transportation Administrative Service 
Center (TASC), and the Transportation Security Administration (TSA).

Categories of Individuals Covered by the System of Records:
    All DOT employees, contractors, or other users authorized or 
unauthorized who access the Internet/Intranet through any of the 
authorized DOT network computers or mainframe/enterprise servers, 
including individuals who send and receive electronic communications, 
access Internet/Intranet sites, or access system databases, files, or 
applications from DOT computers or sending electronic communications to 
DOT computers. An ``Internet/Intranet Access Point'' is one of the 
authorized gateways, through which all Internet/Intranet traffic 
passes. For statistical purposes, the system monitors the amount of 
traffic using different Internet/Intranet protocols, but does not view 
the content of transmissions (e.g., it does not monitor the text of 
electronic mail messages).

Categories of Records in the System:
    Records and reports in this system may include:
    1. The source Internet/Intranet Protocol (IP) address of the 
computer used to make the Internet/Intranet connection.
    2. The destination IP address of the site visited (could include 
URL address)
    3. The date and time of the connection
    4. The size of the transmission
    5. Keywords propagated by Internet/Intranet web sites
    6. Technical machine data as the system may generate (e.g., 
Machine-name field and Medium Access Control [MAC] address from the 
last device the machine traversed.)
    7. Electronic mail systems, including the email address of sender 
and receiver of the electronic mail message, subject, date, and time.
    8. Profile customization purposes to personalize levels of access.
    9. Records on user access to DOT's office automation networks as 
well as denials of access.
    10. Records relating to mainframe/enterprise server access.
    11. Verification and authorization records.
    Logs of Internet/Intranet access and use from a DOT computer 
generally do not directly contain names or similar personal 
identifiers. However, for official government business purposes and 
through research or investigation, an individual whose PC was assigned 
an IP address at a given time may be identifiable by name.

Authority for Maintenance of the System:
    49 U.S.C. 322, 49 U.S.C. 40122(g), 49 U.S.C. 40101, 40 U.S.C. 1441, 
5 U.S.C. 302

Purposes:
    Data in the system of records is used by DOT systems and security 
personnel or persons authorized to assist these personnel, to plan and 
manage systems services and otherwise perform their official duties. 
Such services would include, but are not limited to, analyzing 
engineering and statistical use data to assist in making business 
decisions regarding upgrading hardware, software, and communications 
technology to meet changing Internet/Intranet use requirements.
    The system is also used to monitor for improper use.
    Authorized managers may use the records in the system to 
investigate improper use or other improper activity by an employee, 
contractor or other individual relating to DOT computer systems use or 
access; to initiate disciplinary or other such action; and/or where the 
record(s) may appear to indicate a violation or potential violation of 
law, to refer such record(s) to the appropriate investigative 
organization within the agency or the Department of Transportation, or 
to other law enforcement agencies for investigation.

Routine Uses of Records Maintained in the System, Including Categories 
of Users and the Purposes of Such Uses:
    --To provide information to any person(s) authorized to assist in 
an approved investigation of improper access or usage of DOT computer 
systems.
    --To an actual or potential party or his or her authorized 
representative for the purpose of negotiation or discussion of such 
matters as settlement of the case or matter, or informal discovery 
proceedings.
    --To contractors, grantees, experts, consultants, detailees, and 
other non-DOT employees performing or working on a contract, service, 
grant cooperative agreement, or other assignment from the Federal 
government, when necessary to accomplish an agency function related to 
this system of records.
    --To other government agencies where required by law.
    --See Prefatory Statement of General Routine Uses.

Disclosure to Consumer Reporting Agencies:
    None.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, 
and Disposing of Records in the System:
Storage:
    The information is collected at each monitoring location and the 
data may be merged into computers within DOT. Data may be stored on an 
internal hard disk and periodically backed up onto magnetic tape. The 
data on the systems are protected by passwords. Software may be 
maintained on the firewall server. The length of time of storage may be 
governed by available disk space on the server. When it is necessary to 
print a hard copy, copies will be stored in a locked file cabinet.

Retrievability:
    Records may be retrieved by user name, user ID, e-mail address, or 
other identifying search term employed, depending on the record 
category. The Department does not usually connect IP addresses with a 
person. However, in some instances, for official government business 
purposes, the Department may connect the IP address with an individual, 
and records may be retrieved by IP address.

Safeguards:
    To safeguard against the risk of unauthorized disclosure, the DOT 
maintains the information at secured facilities in limited access areas 
of the DOT data processing facilities. The systems are also software-
protected by a

[[Page 30759]]

set of multiple passwords. There is backup capability to address issues 
of availability and continuity of operations. Previous week's backup 
tapes may be sent to an off-site storage location in some cases.
    DOT limits access to monitoring software of the computer(s) to 
authorized personnel only. In addition, DOT limits who can use the 
computer(s), and limits dissemination of any passwords used to operate 
the computer(s). DOT maintains any hard copies of sensitive information 
in secure file cabinets.

Retention and Disposal:
    The information is retained at DOT Headquarters by the system 
administrators and Regional Administrators. When there is no longer 
disk space available on the monitors' hard disks, the files are 
released to the operating system for re-write. This means the files are 
``marked'' internally as eligible for the computer operating system to 
overwrite with subsequent data. DOT will comply with requirements of 
the National Archives and Records Administration (NARA). NARA 
regulations state that electronic files created to monitor system usage 
are authorized for erasure or deletion when the agency determines that 
they are no longer needed for administrative, legal, audit, or other 
operational purposes. Generally, these (and any associated hard copy) 
files will be authorized for deletion after 30 days unless needed for 
official purposes. Not all locations, HQ or regions, will be collecting 
information at all times.

System manager(s) and Address:
    a. Department of Transportation, Office of the Secretary, Office of 
the Chief Information Officer, S-80, 400 7th Street, SW., Washington, 
DC 20590.
    b. Department of Transportation, Federal Aviation Administration, 
Assistant Administrator for Information Services and Chief Information 
Officer, AIO-1, FAA Headquarters, FOB-10A, 800 Independence Avenue, 
SW., Washington, DC 20591.
    c. Department of Transportation, United States Coast Guard 
Headquarters, Commandant, G-C, 2100 2nd Street, SW., Washington, DC 
20593.
    d. Department of Transportation, Research and Special Programs 
Administration, Office of the Administrator, DRP-1, 400 7th Street, 
SW., Washington, DC 20590.
    e. Department of Transportation, Federal Highway Safety 
Administration, Office of the Federal Highway Administrator, HOA-1, 400 
7th Street, SW., Washington, DC 20590.
    f. Department of Transportation, Federal Motor Carrier Safety 
Administration, Office of the Administrator, MC-A, 400 7th Street, SW., 
Washington, DC 20590.
    g. Department of Transportation, National Highway Safety 
Administration, Office of the Administrator, NOA-01, 400 7th Street, 
SW., Washington, DC 20590.
    h. Department of Transportation, Federal Transit Administration, 
Office of the Administrator, TOA-1, 400 7th Street, SW., Washington, DC 
20590.
    i. Department of Transportation, Maritime Administration, Office of 
Maritime Administrator, MAR-100, 400 7th Street, SW., Washington, DC 
20590.
    j. Department of Transportation, Federal Railroad Administration, 
The Administrator, ROA-1, 400 7th Street, SW., Washington, DC 20590.
    k. Department of Transportation, Bureau of Transportation 
Statistics, Office of the Director, K-1, 400 7th Street, SW., 
Washington, DC 20590.
    l. Department of Transportation, St. Lawrence Seaway Development 
Corporation, The Administrator, 400 7th Street, SW., Washington, DC 
20590.
    m. Department of Transportation, Transportation Administrative 
Service Center, Director, SVC-1, 400 7th Street, SW., Washington, DC 
20590.
    n. Department of Transportation, Transportation Security 
Administration (TSA), Under Secretary, TSA-1, 400 7th Street, SW., 
Washington, DC 20590.

Notification Procedure:
    To determine whether the system may contain records relating to 
you, write to the System Manager.

Record Access Procedures:
    Same as ``Notification Procedure.'' Provide full name, assigned 
computer location, and a description of information that you seek, 
including the time frame during which the records(s) may have been 
generated. Individuals requesting access must comply with the 
Department of Transportation's Privacy Act regulations on verification 
of identity (49 C.F.R. 10.37).

Contesting Record Procedures:
    Same as ``Notification Procedure'' and ``Record Access Procedure.''

Record Source Categories:
    Information is collected from computers located at each of the 
Internet/Intranet Access locations. A software program installed on 
each of the machines retrieves the information from a hub or connection 
to the Internet/Intranet. Regional offices may be collecting 
information from time-to-time. Personal computers at data collection 
points are used to capture data in a passive mode. Most records are 
generated internally, i.e., computer activity logs; individuals covered 
by the system; and management officials.

Exemptions Claimed for the System:
    None.

    Dated: April 24, 2002.
Yvonne L. Coates,
Privacy Act Coordinator.
[FR Doc. 02-10943 Filed 5-6-02; 8:45 am]
BILLING CODE 4910-62-P