Federal Register, Volume 72 Issue 150 (Monday, August 6, 2007)

[Federal Register Volume 72, Number 150 (Monday, August 6, 2007)]
[Notices]
[Pages 43650-43656]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E7-15197]

=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

[DHS-2007-0042]

Privacy Act of 1974; U.S. Customs and Border Protection,
Automated Targeting System, System of Records

AGENCY: Privacy Office; Department of Homeland Security.

ACTION: Notice of Privacy Act System of Records.

-----------------------------------------------------------------------

SUMMARY: This document is a new System of Records Notice (SORN) for the
Automated Targeting System (ATS) and is subject to the Privacy Act of
1974, as amended. ATS is an enforcement screening tool consisting of
six separate components, all of which rely substantially on information
in the Treasury Enforcement Communications System (TECS). ATS
historically was covered by the SORN for TECS. The Department of
Homeland Security, U.S. Customs and Border Protection (CBP) published a
separate SORN for ATS in the Federal Register on November 2, 2006. This
SORN did not describe any new collection of information and was
intended solely to provide increased notice and transparency to the
public about ATS. Based on comments received in response to the
November 2, 2006 notice, CBP issues this revised SORN, which responds
to those comments, makes certain amendments with regard to the
retention period and access provisions of the prior notice, and
provides further notice and transparency to the public about the
functionality of ATS.
TECS is an overarching law enforcement information collection, risk
assessment, and information sharing environment. It is also a
repository for law enforcement and investigative information. TECS is
comprised of several modules that collect, maintain, and evaluate
screening data, conduct targeting, and make information available to
appropriate officers of the U.S. government. ATS is one of those
modules. It is a decision support tool that compares traveler, cargo,
and conveyance information against intelligence and other enforcement
data by incorporating risk-based targeting scenarios and assessments.
As such, ATS allows DHS officers charged with enforcing U.S. law and
preventing terrorism and other crimes to effectively and efficiently
manage information collected when travelers or goods seek to enter,
exit, or transit through the United States.
Within ATS there are six separate and distinct components that
perform screening of inbound and outbound cargo, conveyances, or
travelers. These modules compare information received against CBP's law
enforcement databases, the Federal Bureau of Investigation Terrorist
Screening Center's Terrorist Screening Database (TSDB), information on
outstanding wants or warrants, information from other government
agencies regarding high-risk parties, and risk-based rules developed by
analysts using law enforcement data, intelligence, and past case
experience. The modules also facilitate analysis of the screening
results of these comparisons. In the case of cargo and conveyances,
this screening results in a risk assessment score. In the case of
travelers, however, it does not result in a risk assessment score.

DATES: The new system of records will be effective September 5, 2007.

FOR FURTHER INFORMATION CONTACT: For general questions please contact:
Laurence E. Castelli (202-572-8790), Chief, Privacy Act Policy and
Procedures Branch, U.S. Customs and Border Protection, Office of

[[Page 43651]]

International Trade, Mint Annex, 1300 Pennsylvania Ave., NW.,
Washington, DC 20229. For privacy issues please contact: Hugo Teufel
III (703-235-0780), Chief Privacy Officer, Privacy Office, U.S.
Department of Homeland Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

Background

The System

The priority mission of CBP is to prevent terrorists and terrorist
weapons from entering the country while facilitating legitimate travel
and trade. ATS uses CBP's law enforcement databases, the Federal Bureau
of Investigation Terrorist Screening Center's Terrorist Screening
Database (TSDB), information on outstanding wants or warrants,
information from other government agencies regarding high-risk parties,
and risk-based rules developed by analysts to assess and identify high-
risk cargo, conveyances, and travelers that may pose a greater risk of
terrorist or criminal activity and therefore should be subject to
further scrutiny or examination. These rules are based on investigatory
and law enforcement data, intelligence, and past case experience.
Historically, the SORN for the Treasury Enforcement Communications
System (TECS) covered ATS. As part of DHS's updating of its system of
records notices and in an effort to provide more detailed information
to the traveling public and trade community, DHS has decided to notice
ATS as a separate Privacy Act system of records, giving greater
visibility into its targeting and screening efforts.
TECS is an overarching law enforcement information collection, risk
assessment, and information sharing environment. It is also a
repository for law enforcement and investigative information. TECS is
comprised of several modules that collect, maintain, and evaluate
screening data, conduct targeting analysis, and make information
available to appropriate officers of the U.S. government. ATS is one of
those modules. It is a decision-support tool that compares traveler,
cargo, and conveyance information against intelligence and other
enforcement data by incorporating risk-based targeting scenarios and
assessments. As such, ATS allows DHS officers charged with enforcing
U.S. law and preventing terrorism and other crime to effectively and
efficiently manage information collected when travelers or goods seek
to enter, exit, or transit through the United States. Within ATS there
are six separate and distinct components that perform screening of
inbound and outbound cargo, conveyances, or travelers by comparing
information received against CBP's law enforcement databases, the
Federal Bureau of Investigation Terrorist Screening Center's Terrorist
Screening Database (TSDB), information on outstanding wants or
warrants, information from other government agencies regarding high-
risk parties, and risk-based rules developed by analysts based on law
enforcement data, intelligence, and past case experience. The modules
also facilitate analysis of the screening results of these comparisons.
As a legacy organization of CBP, the U.S. Customs Service
traditionally employed computerized screening tools to target
potentially high-risk cargo entering, exiting, and transiting the
United States. ATS originally was designed as a rules-based program to
identify such cargo; it did not apply to travelers. Today, ATS includes
the following separate components: ATS-N, for screening inbound or
imported cargo; ATS-AT, for outbound or exported cargo; ATS-L, for
screening private passenger vehicles crossing at land border ports of
entry using license plate data; ATS-I, for cooperating with
international customs partners in shared cargo screening and supply
chain security; ATS-TAP, for assisting tactical units in identifying
anomalous trade activity and performing trend analysis; and ATS-P, for
screening travelers and conveyances entering the United States in the
air, sea, and rail environments. The Privacy Impact Assessment (PIA)--
which DHS will publish on its Web site (http://www.dhs.gov/privacy)
concurrently with the publication of the SORN in the Federal Register--
provides a full discussion of the functional capabilities of ATS and
its components. It is worth clarifying here, however, that only the ATS
components pertaining to cargo rely on rules-based ``scoring'' to
identify cargo shipments of interest. Travelers identified by risk-
based targeting scenarios identified through the ATS-P are not assigned
scores.
ATS-P became operational in 1999 and is critically important to
CBP's mission. ATS-P allows CBP officers to determine whether a variety
of potential risk indicators exist for travelers and/or their
itineraries that may warrant additional scrutiny. ATS-P maintains
Passenger Name Record (PNR) data, which is data provided to airlines
and travel agents by or on behalf of air passengers seeking to book
travel. CBP began receiving PNR data voluntarily from air carriers in
1997. Currently, CBP collects this information as part of its border
enforcement mission and pursuant to the Aviation and Transportation
Security Act of 2001 (ATSA).
ATS-P's screening relies upon information from the following
databases: TECS, the Advanced Passenger Information System (APIS), the
Non Immigrant Information System (NIIS), the Suspect and Violator
Indices (SAVI), and the Department of State visa databases, as well as
the PNR information that it maintains. As stated above, unlike in the
cargo environment, ATS-P does not use a score to determine an
individual's risk level; instead, ATS-P compares PNR and information in
the above-mentioned databases against lookouts and patterns of
suspicious activity identified by analysts based upon past
investigations and intelligence. This risk assessment is an analysis of
the threat-based scenario(s) that a traveler matched when traveling on
a given flight. These scenarios are drawn from previous and current law
enforcement and intelligence information. This analysis is done in
advance of a traveler's arrival in or departure from the United States
and becomes one tool available to DHS officers in identifying illegal
activity. In lieu of manual reviews of traveler information and
intensive interviews with every traveler arriving in or departing from
the United States, ATS-P allows CBP personnel to focus their efforts on
potentially high-risk passengers.

The Legal Requirements

The Privacy Act embodies fair information principles in a statutory
framework governing the means by which the United States Government
collects, maintains, uses, and disseminates personally identifiable
information. The Privacy Act applies to information that is maintained
in a ``system of records.'' A system of records is a group of any
records under the control of an agency from which information is
retrieved by the name of the individual or by some identifying number,
symbol, or other identifying particular assigned to the individual. In
the Privacy Act, an individual is defined to encompass U.S. citizens
and lawful permanent residents. ATS involves the collection and
creation of information that is maintained in a system of records. ATS
also stores information on individuals other than U.S. citizens and
lawful permanent residents (LPRs). As a matter of administrative
policy, where the PII of individuals other than U.S. citizens and LPRs
is held in mixed systems (i.e., a system also including U.S. citizen or
LPR), DHS will accord

[[Page 43652]]

such PII the fair information principles set forth the Privacy Act.
The Privacy Act requires each agency to publish in the Federal
Register a description denoting the type and character of each system
of records that the agency maintains, and the routine uses that are
contained in each system to make agency recordkeeping practices
transparent, to notify individuals regarding the uses to which
personally identifiable information is put, to assist the individual to
more easily find such files within the agency, and to inform the public
if any applicable Privacy Act exemptions will be claimed for the
system.
Access to information in ATS may be provided. However, as discussed
further later in this notice, certain records within ATS are exempt
from certain provisions of the Privacy Act (specifically, those
provisions contained at 5 U.S.C. 552a(c)(3) and (4); (d)(1), (2), (3),
and (4); (e)(1), (2), (3), (4)(G) through (I), (5), and (8); (f), and
(g)) pursuant to 5 U.S.C. 552a(j)(2) and (k)(2)). Notwithstanding the
listed exemptions for the system, individuals, regardless of their
citizenship, may make a written request to review and access personal
data provided by and regarding the requester, or provided by a booking
agent, brokers, or other person on the requester's behalf, that is
collected by CBP and contained in the PNR database stored in the ATS-P,
and correct any inaccuracies. Data collected and maintained from air
carriers as PNR are listed later in this notice in the ``Categories of
Records in the System'' section of this notice; the listed categories
are not specific data elements because each carrier varies its
configuration of PNR to meet its business needs. In an effort to
provide some consistency in the description of PNR data for the
traveling public, CBP has categorized the various data that generally
comprise PNR for air carriers into the 19 categories listed in the
SORN. The PNR data, upon request, may be provided to the requester in
the form in which it was collected from the respective carrier, but may
not include certain business confidential information of the air
carrier that is also contained in the record, such as use and
application of frequent flier miles, internal annotations to the air
fare, etc.
To obtain access to a requestor's own PNR, contact the FOIA/PA
Branch, Office of Field Operations, U.S. Customs and Border Protection,
Room 5.5-C, 1300 Pennsylvania Avenue, NW., Washington, DC 20229 (phone:
(202) 344-1850 and fax: (202) 344-2791). Additionally, regardless of
their citizenship, individuals who believe they have been erroneously
denied entry, refused boarding for transportation, or identified for
additional screening by CBP may submit a redress request through DHS
Traveler Redress Inquiry Program (``TRIP''). (See 72 FR 2294, January
18, 2007). For further information on the Automated Targeting System
and the redress options, please see the accompanying Privacy Impact
Assessment for the Automated Targeting System at http://www.dhs.gov/privacy under ``Privacy Impact Assessment.'' Redress requests should be
sent to: Systems Manager, DHS TRIP, U.S. Department of Homeland
Security, Washington, DC.
DHS is hereby publishing a description of the system of records
referred to as the Automated Targeting System. In accordance with 5
U.S.C. 552a(r), a report concerning this record system has been sent to
the Office of Management and Budget and to the Congress.
Discussion of Revisions Arising From Public Comments:
On November 2, 2006, CBP issued a Privacy Act System of Records
Notice for ATS (71 FR 64543). DHS received a number of comments and
decided to extend the comment period until December 29, 2006, by
Federal Register Notice dated December 8, 2006 (71 FR 71182). A total
of 641 comments were received in response to the SORN. After
considering these comments, CBP has made the following substantive
changes to the previously issued SORN. First, the general retention
period for data maintained in ATS is reduced from 40 years to a total
of 15 years. CBP has determined that it can continue to uncover and use
information relating to terrorism and other serious crimes within this
shorter retention period.
This retention period is consistent with the retention period
currently contained in international agreements entered into by the
Department. Furthermore, CBP has limited access to the last eight years
of the retention period for PNR data to those users who first obtain
supervisory approval to access the archive where the data is
maintained. CBP, however, has created an exception to this general
retention period such that PNR data, as well as any other data that may
be stored in ATS, which becomes associated with active law enforcement
activities, and/or investigations or cases (i.e., specific and credible
threats; flights, individuals, and routes of concern; or other defined
sets of circumstances) will remain accessible for the life of the law
enforcement matter to support that activity and other enforcement
activities that may become related.
Second, persons whose PNR data has been collected and maintained in
ATS-P will have administrative access to that data under the Privacy
Act. This data will be available in the same format that it was
obtained by CBP (with the exception of business confidential
information that may be contained in the record). These individuals
will also be able to seek to correct factual inaccuracies contained in
their PNR data, as it is maintained by CBP. CBP believes that
permitting persons to access and to seek to amend their PNR data will
reduce the incidence of potential misidentifications and improve the
accuracy of the data within ATS-P.
Third, CBP has added the following category to the categories of
persons from whom information is obtained: ``Persons who serve as
booking agents.'' Several commenters correctly noted that many in the
traveling public utilize the services of booking agents and that
booking agents' identities are included in itinerary information.
Fourth, to be consistent with the forthcoming SORN for the Advanced
Passenger Information System (APIS), CBP has amended category A to
include persons whose international itineraries cause their flight to
stop in the United States, either to refuel or to permit a transfer,
and crewmembers on flights that overfly or transit through U.S.
airspace.
Fifth, as stated above, CBP has clarified the categories of PNR
data collected and maintained in ATS-P to more accurately reflect the
type of data collected from air carriers. Consistent with its
particular business needs, each air carrier determines the specific
configuration of data elements that ultimately constitute PNR. By
providing increased notice of the types of data that may be contained
within PNR, CBP seeks to provide the public with a greater
understanding of the personal information being maintained in ATS-P.
Examples of these categories of PNR, as listed below under ``Categories
of Records'' include: Name, date of issuance ticket, date(s) of travel,
PNR locator number, payment information, such as credit card
information, and travel agent or travel agency that may have made the
reservations for the individual.
Lastly, two of the routine uses included in the earlier version of
the SORN-those pertaining to using ATS in background checks--are
removed. This is necessary because the revised SORN contains a more
narrow definition of the purposes for which certain data--

[[Page 43653]]

specifically, PNR data maintained in ATS-P--will be used. The deleted
routine uses did not fit within the scope of these purposes.
This discussion of comments addresses revisions made to the SORN
published on November 2, 2006. The full comments received address
additional issues, such as mission creep, potential economic impact,
appropriate applicability of the Privacy Act, constitutionality, and
information quality. For a discussion of the full comments received
from the November 2, 2006, publication and DHS' response, please see
``Discussion of Public Comments Received on the Automated Targeting
System Privacy Act System of Records Notice'' on the DHS Web site at
http://www.dhs.gov/privacy.
SYSTEM NAME:
Automated Targeting System (ATS)--CBP.

SYSTEM LOCATION:
This computer database is located at the CBP National Data Center
in Washington, D.C. Computer terminals are located at customhouses,
border ports of entry, airport inspection facilities under the
jurisdiction of DHS, and other locations at which DHS authorized
personnel may be posted to facilitate DHS's mission. Terminals may also
be located at appropriate facilities for other participating government
agencies pursuant to agreement.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
ATS includes the following separate components: ATS-N, for
screening inbound or imported cargo; ATS-AT, for outbound or exported
cargo; ATS-L, for screening private passenger vehicles crossing at land
border ports of entry by license plate data; ATS-I, for cooperating
with international customs partners in shared cargo screening and
supply chain security; ATS-TAP, for assisting tactical units in
identifying anomalous trade activity and performing trend analysis; and
ATS-P, for screening travelers and conveyances entering the United
States in the air, sea and rail environments.
Collectively, these components handle information relating to the
following individuals:
A. Persons seeking to enter, exit, or transit through the United
States by land, air, or sea. This includes passengers who arrive and
depart the United States by air or sea, including those in transit
through the United States on route to a foreign destination and crew
members who arrive and depart the United States by air or sea,
including those in transit through the United States on route to a
foreign destination, and crew members on aircraft that over fly the
United States.
B. Persons who engage in any form of trade or other commercial
transaction related to the importation or exportation of merchandise.
C. Persons who are employed in any capacity related to the transit
of merchandise intended to cross the United States border.
D. Persons who serve as operators, crew, or passengers on any
vessel, vehicle, aircraft, train, or other conveyance that arrives in
or departs the United States.
E. Persons who serve as booking agents, brokers, or other persons
who provide information on behalf of persons seeking to enter, exit, or
transit through the United States.

CATEGORIES OF RECORDS IN THE SYSTEM:
ATS uses CBP's law enforcement databases, the Federal Bureau of
Investigation Terrorist Screening Center's Terrorist Screening Database
(TSDB), information on outstanding wants or warrants, information from
other government agencies regarding high-risk parties, and risk-based
rules developed by analysts to assess and identify high-risk cargo,
conveyances, or travelers that should be subject to further scrutiny or
examination. ATS maintains these assessments together with a record of
which rules were used to develop the assessment. With the exception of
PNR information, discussed below, ATS maintains a pointer or reference
to the underlying records from other systems that resulted in a
particular assessment.
ATS-P, a component of ATS, maintains the PNR information obtained
from commercial air carriers and uses that information to assess
whether there is a risk associated with any travelers seeking to enter,
exit, or pass through the United States. PNR may include some
combination of these following categories of information, when
available:
1. PNR record locator code.
2. Date of reservation/ issue of ticket.
3. Date(s) of intended travel.
4. Name(s) .
5. Available frequent flier and benefit information (i.e., free
tickets, upgrades, etc.).
6. Other names on PNR, including number of travelers on PNR.
7. All available contact information (including originator of
reservation).
8. All available payment/billing information (e.g. credit card
number).
9. Travel itinerary for specific PNR.
10. Travel agency/travel agent.
11. Code share information (e.g., when one air carrier sells seats
on another air carrier's flight).
12. Split/divided information (e.g., when one PNR contains a
reference to another PNR).
13. Travel status of passenger (including confirmations and check-
in status).
14. Ticketing information, including ticket number, one way tickets
and Automated Ticket Fare Quote (ATFQ) fields.
15. Baggage information.
16. Seat information, including seat number.
17. General remarks including Other Service Indicated (OSI),
Special Service Indicated (SSI) and Supplemental Service Request (SSR)
information.
18. Any collected APIS information (e.g., Advance Passenger
Information (API) that is initially captured by an air carrier within
its PNR, such as passport number, date of birth and gender).
19. All historical changes to the PNR listed in numbers 1 to 18.
Not all air carriers maintain the same sets of information for PNR,
and a particular individual's PNR likely will not include information
for all possible categories. In addition, PNR does not routinely
include information that could directly indicate the racial or ethnic
origin, political opinions, religious or philosophical beliefs, trade
union membership, health, or sex life of the individual. To the extent
PNR does include terms that reveal such personal matters, DHS employs
an automated system that filters certain of these terms and only uses
this information in exceptional circumstances.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
19 U.S.C. 482, 1461, 1496, and 1581-82, 8 U.S.C 1357, Title VII of
Public Law 104-208, 49 U.S.C. 44909, and the ``Security and
Accountability for Every Port Act of 2006'' (SAFE Port Act) (Pub. L.
109-347).

PURPOSES FOR PNR IN ATS-P:
(a) To prevent and combat terrorism and related crimes;
(b) To prevent and combat other serious crimes, including organized
crime, that are transnational in nature;
(c) To prevent flight from warrants or custody for crimes described
in (a) and (b) above;
(d) Wherever necessary for the protection of the vital interests of
a data subject or other persons;
(e) In any criminal judicial proceedings; or
(f) As otherwise required by law.

[[Page 43654]]

PURPOSES OF ATS (EXCEPT PNR IN ATS-P):
In addition to those purposes listed above for PNR in ATS-P:
(a) To perform targeting of individuals, including passengers and
crew, focusing CBP resources by identifying persons who may pose a risk
to border security or public safety, may be a terrorist or suspected
terrorist, or may otherwise be engaged in activity in violation of U.S.
law.
(b) To perform a risk-based assessment of conveyances and cargo to
focus CBP's resources for inspection and examination and enhance CBP's
ability to identify potential violations of U.S. law, possible
terrorist threats, and other threats to border security; and
(c) To otherwise assist in the enforcement of the laws enforced or
administered by DHS, including those related to counterterrorism.

ROUTINE USES OF RECORDS MAINTAINED IN THE VARIOUS COMPONENTS OF ATS,
INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside DHS as a
routine use pursuant to 5 U.S.C. 552a(b)(3). DHS only discloses
information to those authorities who have a legal purpose to use the
data, intend to use the information consistent with the purpose for
which CBP collects it or for another legally required function, such as
GAO oversight and ongoing IT maintenance, and has sufficient capability
to protect and safeguard it. Under these limits, data may be disclosed
as a routine use in the following manner:
A. To appropriate Federal, state, local, tribal, or foreign
governmental agencies or multilateral governmental organizations
responsible for investigating or prosecuting the violations of, or for
enforcing or implementing, a statute, rule, regulation, order, or
license, where CBP believes the information would assist enforcement of
applicable civil or criminal laws;
B. To Federal and foreign government intelligence or
counterterrorism agencies or components where CBP becomes aware of an
indication of a threat or potential threat to national or international
security, or where such use is to assist in anti-terrorism efforts and
disclosure is appropriate to the proper performance of the official
duties of the person making the disclosure;
C. To an organization or individual in either the public or private
sector, either foreign or domestic, where there is a reason to believe
that the recipient is or could become the target of a particular
terrorist activity or conspiracy, or where the information is relevant
to the protection of life, property, or other vital interests of a data
subject and such disclosure is proper and consistent with the official
duties of the person making the disclosure;
D. To appropriate Federal, state, local, tribal, or foreign
governmental agencies or multilateral governmental organizations for
the purpose of protecting the vital interests of a data subject or
other persons, including to assist such agencies or organizations in
preventing exposure to or transmission of a communicable or
quarantinable disease or to combat other significant public health
threats; appropriate notice will be provided of any identified health
threat or risk;
E. To a court, magistrate, or administrative tribunal in the course
of presenting evidence, including disclosures to opposing counsel or
witnesses in the course of civil discovery, litigation, or settlement
negotiations, or in response to a subpoena, or in connection with
criminal law proceedings;
F. To third parties during the course of a law enforcement
investigation to the extent necessary to obtain information pertinent
to the investigation, provided disclosure is appropriate in the proper
performance of the official duties of the officer making the
disclosure.

G. To an agency, organization, or individual for the purposes of
performing audit or oversight operations as authorized by law, but only
such information as is necessary and relevant to such audit or
oversight function;
H. To a Congressional office, for the record of an individual in
response to an inquiry from that Congressional office made at the
request of the individual to whom the record pertains;
I. To contractors, grantees, experts, consultants, and others
performing or working on a contract, service, grant, cooperative
agreement, or other assignment for the Federal government, when
necessary to accomplish an agency function related to this system of
records, in compliance with the Privacy Act of 1974, as amended;
J. To the U.S. Department of Justice (including U.S. Attorney
offices) or other Federal agency conducting litigation or in
proceedings before any court, adjudicative or administrative body, when
it is necessary to the litigation and one of the following is a party
to the litigation or has an interest in such litigation: (a) DHS, or
(b) any employee of DHS in his/her official capacity, or (c) any
employee of DHS in his/her individual capacity where DOJ or DHS has
agreed to represent said employee, or (d) the United States or any
agency thereof;
K. To the National Archives and Records Administration or other
Federal government agencies pursuant to records management inspections
being conducted under the authority of 44 U.S.C. Sections 2904 and
2906;
L. To appropriate Federal, state, local, tribal, or foreign
governmental agencies or multilateral governmental organizations where
CBP is aware of a need to utilize relevant data for purposes of testing
new technology and systems designed to enhance ATS;
M. To appropriate agencies, entities, and persons when (1) It is
suspected or confirmed that the security or confidentiality of
information in the system of records has been compromised; (2) DHS has
determined that as a result of the suspected or confirmed compromise
there is a risk of harm to economic or property interests, identity
theft or fraud, or harm to the security or integrity of this system or
other systems or programs (whether maintained by DHS or another agency
or entity) that rely upon the compromised information; and (3) the
disclosure is made to such agencies, entities, and persons when
reasonably necessary to assist in connection with DHS's efforts to
respond to the suspected or confirmed compromise and prevent, minimize,
or remedy such harm.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM
STORAGE:
The data is stored electronically at the National Data Center for
current data and offsite at an alternative data storage facility for
historical logs and system backups.

RETRIEVABILITY:
The data is retrievable by name or personal identifier from an
electronic database.

SAFEGUARDS:
All records are protected from unauthorized access through
appropriate administrative, physical, and technical safeguards. These
safeguards include all of the following: restricting access to those
with a ``need to know''; using locks, alarm devices, and passwords;
compartmentalizing databases; auditing software; and encrypting data
communications.
ATS also monitors source systems for changes to the source data.
The system

[[Page 43655]]

manager, in addition, has the capability to maintain system back-ups
for the purpose of supporting continuity of operations and the discrete
need to isolate and copy specific data access transactions for the
purpose of conducting security incident investigations. ATS information
is secured in full compliance with the requirements of the Federal
Information Security Management Act (FISMA) and the DHS IT Security
Program Handbook. This handbook establishes a comprehensive information
security program.

USE AND CONTROL:
CBP maintains full access for a limited number of authorized
personnel to all information contained within ATS. Authorized personnel
receive thorough background investigations and extensive training on
CBP security and privacy policies on the appropriate use of ATS
information. These individuals are trained to review the risk
assessments and background information to identify individuals who may
likely pose a risk. To ensure that ATS is being accessed and used
appropriately, audit logs are also created and reviewed routinely by
CBP's Office of Internal Affairs to ensure integrity of the system and
process.
Access to the risk assessment results and related rules is
restricted to a limited number of authorized government personnel who
have gone through extensive training on the appropriate use of this
information and CBP policies, including for security and privacy. These
All individuals are specifically trained to review the risk assessments
and background information to identify individuals who may likely pose
a risk.

RETENTION AND DISPOSAL:
Records in this system will be retained and disposed of in
accordance with a records schedule to be approved by the National
Archives and Records Administration. ATS both collects information
directly, and derives other information from various systems. To the
extent information is collected from other systems, data is retained in
accordance with the record retention requirements of those systems.
The retention period for data maintained in ATS will not exceed
fifteen years, after which time it will be deleted, except as noted
below. The retention period for PNR, which is contained only in ATS-P,
will be subject to the following further access restrictions: ATS-P
users will have general access to PNR for seven years, after which time
the PNR data will be moved to dormant, non-operational status. PNR data
in dormant status will be retained for eight years and may be accessed
only with approval of a senior DHS official designated by the Secretary
of Homeland Security and only in response to an identifiable case,
threat, or risk. Such limited access and use for older PNR strikes a
reasonable balance between protecting this information and allowing CBP
to continue to identify potential high-risk travelers. Notwithstanding
the foregoing, information maintained only in ATS that is linked to
active law enforcement lookout records, CBP matches to enforcement
activities, and/or investigations or cases (i.e., specific and credible
threats; flights, individuals, and routes of concern; or other defined
sets of circumstances) will remain accessible for the life of the law
enforcement matter to support that activity and other enforcement
activities that may become related.
It is important to note that the justification for a fifteen year
retention period is based on CBP's law enforcement and security
functions at the border. This retention period is based on CBP's
historical encounters with suspected terrorists and other criminals, as
well as the broader expertise of the law enforcement and intelligence
communities. It is well known, for example, that potential terrorists
may make multiple visits to the United States in advance of performing
an attack. It is over the course of time and multiple visits that a
potential risk becomes clear. Passenger records including historical
records are essential in assisting CBP Officers with their risk-based
screening of travel indicators and identifying potential links between
known and previously unidentified terrorist facilitators. Analyzing
these records for these purposes allows CBP to continue to effectively
identify suspect travel patterns and irregularities.

SYSTEM MANAGER(S) AND ADDRESS:
Executive Director, National Targeting and Security, Office of
Field Operations, U.S. Customs and Border Protection, Ronald Reagan
Building and Director, Targeting and Analysis, Systems Program Office,
Office of Information Technology, U.S. Customs and Border Protection.

PUBLIC RECORD ACCESS/REDRESS PROCEDURES:
DHS policy allows persons (including foreign nationals) to access
and redress under the Privacy Act to raw PNR data maintained in ATS-P.
The PNR data, upon request, may be provided to the requester in the
form in which it was collected from the respective carrier, but may not
include certain business confidential information of the air carrier
that is also contained in the record, such as . This access does not
extend to other information in ATS obtained from official sources
(which are covered under separate SORNs) or that is created by CBP,
such as the targeting rules and screening results, which are law
enforcement sensitive information and are exempt from certain
provisions of the Privacy Act. For other information in this system of
records, individuals generally may not seek access for purposes of
determining if the system contains records pertaining to a particular
individual or person. (See 5 U.S.C. 552a (e)(4)(G) and (f)(1)).
Individuals, regardless of nationality, may seek access to records
about themselves in accordance with the Freedom of Information Act. In
addition, DHS policy allows persons, including foreign nationals, to
seek access under the Privacy Act to raw PNR data submitted to ATS-P.
Requests for access to personally identifiable information contained in
PNR that was provided by the requestor or by someone else on behalf of
the requestor, regarding the requestor, may be submitted to the FOIA/PA
Unit, Office of Field Operations, U.S. Customs and Border Protection,
Room 5.50C, 1300 Pennsylvania Avenue, NW., Washington, DC 20229 (phone:
(202) 344-1850 and fax: (202) 344-2791). Requests should conform to the
requirements of 6 CFR Part 5, which provides the rules for requesting
access to Privacy Act records maintained by DHS. The envelope and
letter should be clearly marked ``Privacy Act Access Request.'' The
request should include a general description of the records sought and
must include the requester's full name, current address, and date and
place of birth. The request must be signed and either notarized or
submitted under penalty of perjury.
CBP notes that ATS is a decision-support tool that compares various
databases, but does not actively collect the information in those
respective databases, except for PNR. When an individual is seeking
redress for other information analyzed in ATS, such redress is properly
accomplished by referring to the databases that directly collect that
information. If individuals are uncertain what agency handles the
information, they may seek redress through the DHS Traveler Redress
Program (``TRIP''). See 72 FR 2294, dated January 18, 2007. Individuals
who believe they have been improperly denied entry, refused boarding
for transportation, or identified for

[[Page 43656]]

additional screening by CBP may submit a redress request through TRIP.
TRIP is a single point of contact for individuals who have inquiries or
seek resolution regarding difficulties they experienced during their
travel screening at transportation hubs--like airports and train
stations or crossing U.S. borders. Through TRIP, a traveler can request
correction of erroneous PNR data stored in ATS-P and other data stored
in other DHS databases through one application. Additionally, for
further information on ATS and the redress options please see the
accompanying PIA for ATS published on the DHS website at www.dhs.gov/privacy. Redress requests should be sent to: DHS Traveler Redress
Inquiry Program (TRIP), 601 South 12th Street, TSA-901, Arlington, VA
22202-4220 or online at http://www.dhs.gov/trip and at http://www.dhs.gov.
Additionally, a traveler may seek redress from CBP at the time of
the border crossing.

CONTESTING RECORD PROCEDURES:
Individuals may seek redress and/or contest a record through
several different means, all of which will be handled in the same
fashion. If the individual is aware the information is specifically
handled by CBP, requests may be sent directly to CBP at the FOIA/PA
Unit, Office of Field Operations, U.S. Customs and Border Protection,
Room 5.5-C, 1300 Pennsylvania Avenue, NW., Washington, DC 20229 (phone:
(202) 344-1850 and fax: (202) 344-2791). If the individual is uncertain
what agency is responsible for maintaining the information, redress
requests may be sent to DHS TRIP at DHS Traveler Redress Inquiry
Program (TRIP), 601 South 12th Street, TSA-901, Arlington, VA 22202-
4220 or online at http://www.dhs.gov/trip.

RECORD SOURCE CATEGORIES:
The system contains information derived from other law enforcement
systems operated by DHS and federal, state, local, tribal, or foreign
government agencies, which collected the underlying data from
individuals and public entities directly.
The system also contains information collected from carriers that
operate vessels, vehicles, aircraft, and/or trains that enter or exit
the United States. In addition, the cargo modules (ATS-Inbound and
Outbound) employ information collected from third party data
aggregators.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
Pursuant to 6 CFR Part 5, Appendix C, certain records and
information in this system are exempt from 5 U.S.C. 552a(c)(3) and (4);
(d)(1), (2), (3), and (4); (e)(1), (2), (3), (4)(G) through (I),
(e)(5), and (8); (f), and (g) of the Privacy Act pursuant to 5 U.S.C.
552a(j)(2) and (k)(2)). With respect to ATS-P module, exempt records
are the risk assessment analyses and business confidential information
received in the PNR from the air and vessel carriers. No exemption
shall be asserted regarding PNR data about the requester, obtained from
either the requester or by a booking agent, brokers, or another person
on the requester's behalf. This information, upon request, may be
provided to the requester in the form in which it was collected from
the respective carrier, but may not include certain business
confidential information of the air carrier that is also contained in
the record. For other ATS modules the only information maintained in
ATS is the risk assessment analyses and a pointer to the data from the
source system of records.

Dated: July 31, 2007.
Hugo Teufel III,
Chief Privacy Officer.
[FR Doc. E7-15197 Filed 8-1-07; 11:51 am]
BILLING CODE 4410-10-P