[Federal Register Volume 72, Number 150 (Monday, August 6, 2007)]
[Notices]
[Pages 43650-43656]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E7-15197]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

[DHS-2007-0042]


Privacy Act of 1974; U.S. Customs and Border Protection, 
Automated Targeting System, System of Records

AGENCY: Privacy Office; Department of Homeland Security.

ACTION: Notice of Privacy Act System of Records.

-----------------------------------------------------------------------

SUMMARY: This document is a new System of Records Notice (SORN) for the 
Automated Targeting System (ATS) and is subject to the Privacy Act of 
1974, as amended. ATS is an enforcement screening tool consisting of 
six separate components, all of which rely substantially on information 
in the Treasury Enforcement Communications System (TECS). ATS 
historically was covered by the SORN for TECS. The Department of 
Homeland Security, U.S. Customs and Border Protection (CBP) published a 
separate SORN for ATS in the Federal Register on November 2, 2006. This 
SORN did not describe any new collection of information and was 
intended solely to provide increased notice and transparency to the 
public about ATS. Based on comments received in response to the 
November 2, 2006 notice, CBP issues this revised SORN, which responds 
to those comments, makes certain amendments with regard to the 
retention period and access provisions of the prior notice, and 
provides further notice and transparency to the public about the 
functionality of ATS.
    TECS is an overarching law enforcement information collection, risk 
assessment, and information sharing environment. It is also a 
repository for law enforcement and investigative information. TECS is 
comprised of several modules that collect, maintain, and evaluate 
screening data, conduct targeting, and make information available to 
appropriate officers of the U.S. government. ATS is one of those 
modules. It is a decision support tool that compares traveler, cargo, 
and conveyance information against intelligence and other enforcement 
data by incorporating risk-based targeting scenarios and assessments. 
As such, ATS allows DHS officers charged with enforcing U.S. law and 
preventing terrorism and other crimes to effectively and efficiently 
manage information collected when travelers or goods seek to enter, 
exit, or transit through the United States.
    Within ATS there are six separate and distinct components that 
perform screening of inbound and outbound cargo, conveyances, or 
travelers. These modules compare information received against CBP's law 
enforcement databases, the Federal Bureau of Investigation Terrorist 
Screening Center's Terrorist Screening Database (TSDB), information on 
outstanding wants or warrants, information from other government 
agencies regarding high-risk parties, and risk-based rules developed by 
analysts using law enforcement data, intelligence, and past case 
experience. The modules also facilitate analysis of the screening 
results of these comparisons. In the case of cargo and conveyances, 
this screening results in a risk assessment score. In the case of 
travelers, however, it does not result in a risk assessment score.

DATES: The new system of records will be effective September 5, 2007.

FOR FURTHER INFORMATION CONTACT: For general questions please contact: 
Laurence E. Castelli (202-572-8790), Chief, Privacy Act Policy and 
Procedures Branch, U.S. Customs and Border Protection, Office of

[[Page 43651]]

International Trade, Mint Annex, 1300 Pennsylvania Ave., NW., 
Washington, DC 20229. For privacy issues please contact: Hugo Teufel 
III (703-235-0780), Chief Privacy Officer, Privacy Office, U.S. 
Department of Homeland Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION: 

Background

The System

    The priority mission of CBP is to prevent terrorists and terrorist 
weapons from entering the country while facilitating legitimate travel 
and trade. ATS uses CBP's law enforcement databases, the Federal Bureau 
of Investigation Terrorist Screening Center's Terrorist Screening 
Database (TSDB), information on outstanding wants or warrants, 
information from other government agencies regarding high-risk parties, 
and risk-based rules developed by analysts to assess and identify high-
risk cargo, conveyances, and travelers that may pose a greater risk of 
terrorist or criminal activity and therefore should be subject to 
further scrutiny or examination. These rules are based on investigatory 
and law enforcement data, intelligence, and past case experience. 
Historically, the SORN for the Treasury Enforcement Communications 
System (TECS) covered ATS. As part of DHS's updating of its system of 
records notices and in an effort to provide more detailed information 
to the traveling public and trade community, DHS has decided to notice 
ATS as a separate Privacy Act system of records, giving greater 
visibility into its targeting and screening efforts.
    TECS is an overarching law enforcement information collection, risk 
assessment, and information sharing environment. It is also a 
repository for law enforcement and investigative information. TECS is 
comprised of several modules that collect, maintain, and evaluate 
screening data, conduct targeting analysis, and make information 
available to appropriate officers of the U.S. government. ATS is one of 
those modules. It is a decision-support tool that compares traveler, 
cargo, and conveyance information against intelligence and other 
enforcement data by incorporating risk-based targeting scenarios and 
assessments. As such, ATS allows DHS officers charged with enforcing 
U.S. law and preventing terrorism and other crime to effectively and 
efficiently manage information collected when travelers or goods seek 
to enter, exit, or transit through the United States. Within ATS there 
are six separate and distinct components that perform screening of 
inbound and outbound cargo, conveyances, or travelers by comparing 
information received against CBP's law enforcement databases, the 
Federal Bureau of Investigation Terrorist Screening Center's Terrorist 
Screening Database (TSDB), information on outstanding wants or 
warrants, information from other government agencies regarding high-
risk parties, and risk-based rules developed by analysts based on law 
enforcement data, intelligence, and past case experience. The modules 
also facilitate analysis of the screening results of these comparisons.
    As a legacy organization of CBP, the U.S. Customs Service 
traditionally employed computerized screening tools to target 
potentially high-risk cargo entering, exiting, and transiting the 
United States. ATS originally was designed as a rules-based program to 
identify such cargo; it did not apply to travelers. Today, ATS includes 
the following separate components: ATS-N, for screening inbound or 
imported cargo; ATS-AT, for outbound or exported cargo; ATS-L, for 
screening private passenger vehicles crossing at land border ports of 
entry using license plate data; ATS-I, for cooperating with 
international customs partners in shared cargo screening and supply 
chain security; ATS-TAP, for assisting tactical units in identifying 
anomalous trade activity and performing trend analysis; and ATS-P, for 
screening travelers and conveyances entering the United States in the 
air, sea, and rail environments. The Privacy Impact Assessment (PIA)--
which DHS will publish on its Web site (http://www.dhs.gov/privacy) 
concurrently with the publication of the SORN in the Federal Register--
provides a full discussion of the functional capabilities of ATS and 
its components. It is worth clarifying here, however, that only the ATS 
components pertaining to cargo rely on rules-based ``scoring'' to 
identify cargo shipments of interest. Travelers identified by risk-
based targeting scenarios identified through the ATS-P are not assigned 
scores.
    ATS-P became operational in 1999 and is critically important to 
CBP's mission. ATS-P allows CBP officers to determine whether a variety 
of potential risk indicators exist for travelers and/or their 
itineraries that may warrant additional scrutiny. ATS-P maintains 
Passenger Name Record (PNR) data, which is data provided to airlines 
and travel agents by or on behalf of air passengers seeking to book 
travel. CBP began receiving PNR data voluntarily from air carriers in 
1997. Currently, CBP collects this information as part of its border 
enforcement mission and pursuant to the Aviation and Transportation 
Security Act of 2001 (ATSA).
    ATS-P's screening relies upon information from the following 
databases: TECS, the Advanced Passenger Information System (APIS), the 
Non Immigrant Information System (NIIS), the Suspect and Violator 
Indices (SAVI), and the Department of State visa databases, as well as 
the PNR information that it maintains. As stated above, unlike in the 
cargo environment, ATS-P does not use a score to determine an 
individual's risk level; instead, ATS-P compares PNR and information in 
the above-mentioned databases against lookouts and patterns of 
suspicious activity identified by analysts based upon past 
investigations and intelligence. This risk assessment is an analysis of 
the threat-based scenario(s) that a traveler matched when traveling on 
a given flight. These scenarios are drawn from previous and current law 
enforcement and intelligence information. This analysis is done in 
advance of a traveler's arrival in or departure from the United States 
and becomes one tool available to DHS officers in identifying illegal 
activity. In lieu of manual reviews of traveler information and 
intensive interviews with every traveler arriving in or departing from 
the United States, ATS-P allows CBP personnel to focus their efforts on 
potentially high-risk passengers.

The Legal Requirements

    The Privacy Act embodies fair information principles in a statutory 
framework governing the means by which the United States Government 
collects, maintains, uses, and disseminates personally identifiable 
information. The Privacy Act applies to information that is maintained 
in a ``system of records.'' A system of records is a group of any 
records under the control of an agency from which information is 
retrieved by the name of the individual or by some identifying number, 
symbol, or other identifying particular assigned to the individual. In 
the Privacy Act, an individual is defined to encompass U.S. citizens 
and lawful permanent residents. ATS involves the collection and 
creation of information that is maintained in a system of records. ATS 
also stores information on individuals other than U.S. citizens and 
lawful permanent residents (LPRs). As a matter of administrative 
policy, where the PII of individuals other than U.S. citizens and LPRs 
is held in mixed systems (i.e., a system also including U.S. citizen or 
LPR), DHS will accord

[[Page 43652]]

such PII the fair information principles set forth the Privacy Act.
    The Privacy Act requires each agency to publish in the Federal 
Register a description denoting the type and character of each system 
of records that the agency maintains, and the routine uses that are 
contained in each system to make agency recordkeeping practices 
transparent, to notify individuals regarding the uses to which 
personally identifiable information is put, to assist the individual to 
more easily find such files within the agency, and to inform the public 
if any applicable Privacy Act exemptions will be claimed for the 
system.
    Access to information in ATS may be provided. However, as discussed 
further later in this notice, certain records within ATS are exempt 
from certain provisions of the Privacy Act (specifically, those 
provisions contained at 5 U.S.C. 552a(c)(3) and (4); (d)(1), (2), (3), 
and (4); (e)(1), (2), (3), (4)(G) through (I), (5), and (8); (f), and 
(g)) pursuant to 5 U.S.C. 552a(j)(2) and (k)(2)). Notwithstanding the 
listed exemptions for the system, individuals, regardless of their 
citizenship, may make a written request to review and access personal 
data provided by and regarding the requester, or provided by a booking 
agent, brokers, or other person on the requester's behalf, that is 
collected by CBP and contained in the PNR database stored in the ATS-P, 
and correct any inaccuracies. Data collected and maintained from air 
carriers as PNR are listed later in this notice in the ``Categories of 
Records in the System'' section of this notice; the listed categories 
are not specific data elements because each carrier varies its 
configuration of PNR to meet its business needs. In an effort to 
provide some consistency in the description of PNR data for the 
traveling public, CBP has categorized the various data that generally 
comprise PNR for air carriers into the 19 categories listed in the 
SORN. The PNR data, upon request, may be provided to the requester in 
the form in which it was collected from the respective carrier, but may 
not include certain business confidential information of the air 
carrier that is also contained in the record, such as use and 
application of frequent flier miles, internal annotations to the air 
fare, etc.
    To obtain access to a requestor's own PNR, contact the FOIA/PA 
Branch, Office of Field Operations, U.S. Customs and Border Protection, 
Room 5.5-C, 1300 Pennsylvania Avenue, NW., Washington, DC 20229 (phone: 
(202) 344-1850 and fax: (202) 344-2791). Additionally, regardless of 
their citizenship, individuals who believe they have been erroneously 
denied entry, refused boarding for transportation, or identified for 
additional screening by CBP may submit a redress request through DHS 
Traveler Redress Inquiry Program (``TRIP''). (See 72 FR 2294, January 
18, 2007). For further information on the Automated Targeting System 
and the redress options, please see the accompanying Privacy Impact 
Assessment for the Automated Targeting System at http://www.dhs.gov/privacy under ``Privacy Impact Assessment.'' Redress requests should be 
sent to: Systems Manager, DHS TRIP, U.S. Department of Homeland 
Security, Washington, DC.
    DHS is hereby publishing a description of the system of records 
referred to as the Automated Targeting System. In accordance with 5 
U.S.C. 552a(r), a report concerning this record system has been sent to 
the Office of Management and Budget and to the Congress.
Discussion of Revisions Arising From Public Comments:
    On November 2, 2006, CBP issued a Privacy Act System of Records 
Notice for ATS (71 FR 64543). DHS received a number of comments and 
decided to extend the comment period until December 29, 2006, by 
Federal Register Notice dated December 8, 2006 (71 FR 71182). A total 
of 641 comments were received in response to the SORN. After 
considering these comments, CBP has made the following substantive 
changes to the previously issued SORN. First, the general retention 
period for data maintained in ATS is reduced from 40 years to a total 
of 15 years. CBP has determined that it can continue to uncover and use 
information relating to terrorism and other serious crimes within this 
shorter retention period.
    This retention period is consistent with the retention period 
currently contained in international agreements entered into by the 
Department. Furthermore, CBP has limited access to the last eight years 
of the retention period for PNR data to those users who first obtain 
supervisory approval to access the archive where the data is 
maintained. CBP, however, has created an exception to this general 
retention period such that PNR data, as well as any other data that may 
be stored in ATS, which becomes associated with active law enforcement 
activities, and/or investigations or cases (i.e., specific and credible 
threats; flights, individuals, and routes of concern; or other defined 
sets of circumstances) will remain accessible for the life of the law 
enforcement matter to support that activity and other enforcement 
activities that may become related.
    Second, persons whose PNR data has been collected and maintained in 
ATS-P will have administrative access to that data under the Privacy 
Act. This data will be available in the same format that it was 
obtained by CBP (with the exception of business confidential 
information that may be contained in the record). These individuals 
will also be able to seek to correct factual inaccuracies contained in 
their PNR data, as it is maintained by CBP. CBP believes that 
permitting persons to access and to seek to amend their PNR data will 
reduce the incidence of potential misidentifications and improve the 
accuracy of the data within ATS-P.
    Third, CBP has added the following category to the categories of 
persons from whom information is obtained: ``Persons who serve as 
booking agents.'' Several commenters correctly noted that many in the 
traveling public utilize the services of booking agents and that 
booking agents' identities are included in itinerary information.
    Fourth, to be consistent with the forthcoming SORN for the Advanced 
Passenger Information System (APIS), CBP has amended category A to 
include persons whose international itineraries cause their flight to 
stop in the United States, either to refuel or to permit a transfer, 
and crewmembers on flights that overfly or transit through U.S. 
airspace.
    Fifth, as stated above, CBP has clarified the categories of PNR 
data collected and maintained in ATS-P to more accurately reflect the 
type of data collected from air carriers. Consistent with its 
particular business needs, each air carrier determines the specific 
configuration of data elements that ultimately constitute PNR. By 
providing increased notice of the types of data that may be contained 
within PNR, CBP seeks to provide the public with a greater 
understanding of the personal information being maintained in ATS-P. 
Examples of these categories of PNR, as listed below under ``Categories 
of Records'' include: Name, date of issuance ticket, date(s) of travel, 
PNR locator number, payment information, such as credit card 
information, and travel agent or travel agency that may have made the 
reservations for the individual.
    Lastly, two of the routine uses included in the earlier version of 
the SORN-those pertaining to using ATS in background checks--are 
removed. This is necessary because the revised SORN contains a more 
narrow definition of the purposes for which certain data--

[[Page 43653]]

specifically, PNR data maintained in ATS-P--will be used. The deleted 
routine uses did not fit within the scope of these purposes.
    This discussion of comments addresses revisions made to the SORN 
published on November 2, 2006. The full comments received address 
additional issues, such as mission creep, potential economic impact, 
appropriate applicability of the Privacy Act, constitutionality, and 
information quality. For a discussion of the full comments received 
from the November 2, 2006, publication and DHS' response, please see 
``Discussion of Public Comments Received on the Automated Targeting 
System Privacy Act System of Records Notice'' on the DHS Web site at 
http://www.dhs.gov/privacy.
SYSTEM NAME:
    Automated Targeting System (ATS)--CBP.

SYSTEM LOCATION:
    This computer database is located at the CBP National Data Center 
in Washington, D.C. Computer terminals are located at customhouses, 
border ports of entry, airport inspection facilities under the 
jurisdiction of DHS, and other locations at which DHS authorized 
personnel may be posted to facilitate DHS's mission. Terminals may also 
be located at appropriate facilities for other participating government 
agencies pursuant to agreement.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    ATS includes the following separate components: ATS-N, for 
screening inbound or imported cargo; ATS-AT, for outbound or exported 
cargo; ATS-L, for screening private passenger vehicles crossing at land 
border ports of entry by license plate data; ATS-I, for cooperating 
with international customs partners in shared cargo screening and 
supply chain security; ATS-TAP, for assisting tactical units in 
identifying anomalous trade activity and performing trend analysis; and 
ATS-P, for screening travelers and conveyances entering the United 
States in the air, sea and rail environments.
    Collectively, these components handle information relating to the 
following individuals:
    A. Persons seeking to enter, exit, or transit through the United 
States by land, air, or sea. This includes passengers who arrive and 
depart the United States by air or sea, including those in transit 
through the United States on route to a foreign destination and crew 
members who arrive and depart the United States by air or sea, 
including those in transit through the United States on route to a 
foreign destination, and crew members on aircraft that over fly the 
United States.
    B. Persons who engage in any form of trade or other commercial 
transaction related to the importation or exportation of merchandise.
    C. Persons who are employed in any capacity related to the transit 
of merchandise intended to cross the United States border.
    D. Persons who serve as operators, crew, or passengers on any 
vessel, vehicle, aircraft, train, or other conveyance that arrives in 
or departs the United States.
    E. Persons who serve as booking agents, brokers, or other persons 
who provide information on behalf of persons seeking to enter, exit, or 
transit through the United States.

CATEGORIES OF RECORDS IN THE SYSTEM:
    ATS uses CBP's law enforcement databases, the Federal Bureau of 
Investigation Terrorist Screening Center's Terrorist Screening Database 
(TSDB), information on outstanding wants or warrants, information from 
other government agencies regarding high-risk parties, and risk-based 
rules developed by analysts to assess and identify high-risk cargo, 
conveyances, or travelers that should be subject to further scrutiny or 
examination. ATS maintains these assessments together with a record of 
which rules were used to develop the assessment. With the exception of 
PNR information, discussed below, ATS maintains a pointer or reference 
to the underlying records from other systems that resulted in a 
particular assessment.
    ATS-P, a component of ATS, maintains the PNR information obtained 
from commercial air carriers and uses that information to assess 
whether there is a risk associated with any travelers seeking to enter, 
exit, or pass through the United States. PNR may include some 
combination of these following categories of information, when 
available:
    1. PNR record locator code.
    2. Date of reservation/ issue of ticket.
    3. Date(s) of intended travel.
    4. Name(s) .
    5. Available frequent flier and benefit information (i.e., free 
tickets, upgrades, etc.).
    6. Other names on PNR, including number of travelers on PNR.
    7. All available contact information (including originator of 
reservation).
    8. All available payment/billing information (e.g. credit card 
number).
    9. Travel itinerary for specific PNR.
    10. Travel agency/travel agent.
    11. Code share information (e.g., when one air carrier sells seats 
on another air carrier's flight).
    12. Split/divided information (e.g., when one PNR contains a 
reference to another PNR).
    13. Travel status of passenger (including confirmations and check-
in status).
    14. Ticketing information, including ticket number, one way tickets 
and Automated Ticket Fare Quote (ATFQ) fields.
    15. Baggage information.
    16. Seat information, including seat number.
    17. General remarks including Other Service Indicated (OSI), 
Special Service Indicated (SSI) and Supplemental Service Request (SSR) 
information.
    18. Any collected APIS information (e.g., Advance Passenger 
Information (API) that is initially captured by an air carrier within 
its PNR, such as passport number, date of birth and gender).
    19. All historical changes to the PNR listed in numbers 1 to 18.
    Not all air carriers maintain the same sets of information for PNR, 
and a particular individual's PNR likely will not include information 
for all possible categories. In addition, PNR does not routinely 
include information that could directly indicate the racial or ethnic 
origin, political opinions, religious or philosophical beliefs, trade 
union membership, health, or sex life of the individual. To the extent 
PNR does include terms that reveal such personal matters, DHS employs 
an automated system that filters certain of these terms and only uses 
this information in exceptional circumstances.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    19 U.S.C. 482, 1461, 1496, and 1581-82, 8 U.S.C 1357, Title VII of 
Public Law 104-208, 49 U.S.C. 44909, and the ``Security and 
Accountability for Every Port Act of 2006'' (SAFE Port Act) (Pub. L. 
109-347).

PURPOSES FOR PNR IN ATS-P:
    (a) To prevent and combat terrorism and related crimes;
    (b) To prevent and combat other serious crimes, including organized 
crime, that are transnational in nature;
    (c) To prevent flight from warrants or custody for crimes described 
in (a) and (b) above;
    (d) Wherever necessary for the protection of the vital interests of 
a data subject or other persons;
    (e) In any criminal judicial proceedings; or
    (f) As otherwise required by law.

[[Page 43654]]

PURPOSES OF ATS (EXCEPT PNR IN ATS-P):
    In addition to those purposes listed above for PNR in ATS-P:
    (a) To perform targeting of individuals, including passengers and 
crew, focusing CBP resources by identifying persons who may pose a risk 
to border security or public safety, may be a terrorist or suspected 
terrorist, or may otherwise be engaged in activity in violation of U.S. 
law.
    (b) To perform a risk-based assessment of conveyances and cargo to 
focus CBP's resources for inspection and examination and enhance CBP's 
ability to identify potential violations of U.S. law, possible 
terrorist threats, and other threats to border security; and
    (c) To otherwise assist in the enforcement of the laws enforced or 
administered by DHS, including those related to counterterrorism.

ROUTINE USES OF RECORDS MAINTAINED IN THE VARIOUS COMPONENTS OF ATS, 
INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DHS as a 
routine use pursuant to 5 U.S.C. 552a(b)(3). DHS only discloses 
information to those authorities who have a legal purpose to use the 
data, intend to use the information consistent with the purpose for 
which CBP collects it or for another legally required function, such as 
GAO oversight and ongoing IT maintenance, and has sufficient capability 
to protect and safeguard it. Under these limits, data may be disclosed 
as a routine use in the following manner:
    A. To appropriate Federal, state, local, tribal, or foreign 
governmental agencies or multilateral governmental organizations 
responsible for investigating or prosecuting the violations of, or for 
enforcing or implementing, a statute, rule, regulation, order, or 
license, where CBP believes the information would assist enforcement of 
applicable civil or criminal laws;
    B. To Federal and foreign government intelligence or 
counterterrorism agencies or components where CBP becomes aware of an 
indication of a threat or potential threat to national or international 
security, or where such use is to assist in anti-terrorism efforts and 
disclosure is appropriate to the proper performance of the official 
duties of the person making the disclosure;
    C. To an organization or individual in either the public or private 
sector, either foreign or domestic, where there is a reason to believe 
that the recipient is or could become the target of a particular 
terrorist activity or conspiracy, or where the information is relevant 
to the protection of life, property, or other vital interests of a data 
subject and such disclosure is proper and consistent with the official 
duties of the person making the disclosure;
    D. To appropriate Federal, state, local, tribal, or foreign 
governmental agencies or multilateral governmental organizations for 
the purpose of protecting the vital interests of a data subject or 
other persons, including to assist such agencies or organizations in 
preventing exposure to or transmission of a communicable or 
quarantinable disease or to combat other significant public health 
threats; appropriate notice will be provided of any identified health 
threat or risk;
    E. To a court, magistrate, or administrative tribunal in the course 
of presenting evidence, including disclosures to opposing counsel or 
witnesses in the course of civil discovery, litigation, or settlement 
negotiations, or in response to a subpoena, or in connection with 
criminal law proceedings;
    F. To third parties during the course of a law enforcement 
investigation to the extent necessary to obtain information pertinent 
to the investigation, provided disclosure is appropriate in the proper 
performance of the official duties of the officer making the 
disclosure.

    G. To an agency, organization, or individual for the purposes of 
performing audit or oversight operations as authorized by law, but only 
such information as is necessary and relevant to such audit or 
oversight function;
    H. To a Congressional office, for the record of an individual in 
response to an inquiry from that Congressional office made at the 
request of the individual to whom the record pertains;
    I. To contractors, grantees, experts, consultants, and others 
performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for the Federal government, when 
necessary to accomplish an agency function related to this system of 
records, in compliance with the Privacy Act of 1974, as amended;
    J. To the U.S. Department of Justice (including U.S. Attorney 
offices) or other Federal agency conducting litigation or in 
proceedings before any court, adjudicative or administrative body, when 
it is necessary to the litigation and one of the following is a party 
to the litigation or has an interest in such litigation: (a) DHS, or 
(b) any employee of DHS in his/her official capacity, or (c) any 
employee of DHS in his/her individual capacity where DOJ or DHS has 
agreed to represent said employee, or (d) the United States or any 
agency thereof;
    K. To the National Archives and Records Administration or other 
Federal government agencies pursuant to records management inspections 
being conducted under the authority of 44 U.S.C. Sections 2904 and 
2906;
    L. To appropriate Federal, state, local, tribal, or foreign 
governmental agencies or multilateral governmental organizations where 
CBP is aware of a need to utilize relevant data for purposes of testing 
new technology and systems designed to enhance ATS;
    M. To appropriate agencies, entities, and persons when (1) It is 
suspected or confirmed that the security or confidentiality of 
information in the system of records has been compromised; (2) DHS has 
determined that as a result of the suspected or confirmed compromise 
there is a risk of harm to economic or property interests, identity 
theft or fraud, or harm to the security or integrity of this system or 
other systems or programs (whether maintained by DHS or another agency 
or entity) that rely upon the compromised information; and (3) the 
disclosure is made to such agencies, entities, and persons when 
reasonably necessary to assist in connection with DHS's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM
STORAGE:
    The data is stored electronically at the National Data Center for 
current data and offsite at an alternative data storage facility for 
historical logs and system backups.

RETRIEVABILITY:
    The data is retrievable by name or personal identifier from an 
electronic database.

SAFEGUARDS:
    All records are protected from unauthorized access through 
appropriate administrative, physical, and technical safeguards. These 
safeguards include all of the following: restricting access to those 
with a ``need to know''; using locks, alarm devices, and passwords; 
compartmentalizing databases; auditing software; and encrypting data 
communications.
    ATS also monitors source systems for changes to the source data. 
The system

[[Page 43655]]

manager, in addition, has the capability to maintain system back-ups 
for the purpose of supporting continuity of operations and the discrete 
need to isolate and copy specific data access transactions for the 
purpose of conducting security incident investigations. ATS information 
is secured in full compliance with the requirements of the Federal 
Information Security Management Act (FISMA) and the DHS IT Security 
Program Handbook. This handbook establishes a comprehensive information 
security program.

USE AND CONTROL:
    CBP maintains full access for a limited number of authorized 
personnel to all information contained within ATS. Authorized personnel 
receive thorough background investigations and extensive training on 
CBP security and privacy policies on the appropriate use of ATS 
information. These individuals are trained to review the risk 
assessments and background information to identify individuals who may 
likely pose a risk. To ensure that ATS is being accessed and used 
appropriately, audit logs are also created and reviewed routinely by 
CBP's Office of Internal Affairs to ensure integrity of the system and 
process.
    Access to the risk assessment results and related rules is 
restricted to a limited number of authorized government personnel who 
have gone through extensive training on the appropriate use of this 
information and CBP policies, including for security and privacy. These 
All individuals are specifically trained to review the risk assessments 
and background information to identify individuals who may likely pose 
a risk.

RETENTION AND DISPOSAL:
    Records in this system will be retained and disposed of in 
accordance with a records schedule to be approved by the National 
Archives and Records Administration. ATS both collects information 
directly, and derives other information from various systems. To the 
extent information is collected from other systems, data is retained in 
accordance with the record retention requirements of those systems.
    The retention period for data maintained in ATS will not exceed 
fifteen years, after which time it will be deleted, except as noted 
below. The retention period for PNR, which is contained only in ATS-P, 
will be subject to the following further access restrictions: ATS-P 
users will have general access to PNR for seven years, after which time 
the PNR data will be moved to dormant, non-operational status. PNR data 
in dormant status will be retained for eight years and may be accessed 
only with approval of a senior DHS official designated by the Secretary 
of Homeland Security and only in response to an identifiable case, 
threat, or risk. Such limited access and use for older PNR strikes a 
reasonable balance between protecting this information and allowing CBP 
to continue to identify potential high-risk travelers. Notwithstanding 
the foregoing, information maintained only in ATS that is linked to 
active law enforcement lookout records, CBP matches to enforcement 
activities, and/or investigations or cases (i.e., specific and credible 
threats; flights, individuals, and routes of concern; or other defined 
sets of circumstances) will remain accessible for the life of the law 
enforcement matter to support that activity and other enforcement 
activities that may become related.
    It is important to note that the justification for a fifteen year 
retention period is based on CBP's law enforcement and security 
functions at the border. This retention period is based on CBP's 
historical encounters with suspected terrorists and other criminals, as 
well as the broader expertise of the law enforcement and intelligence 
communities. It is well known, for example, that potential terrorists 
may make multiple visits to the United States in advance of performing 
an attack. It is over the course of time and multiple visits that a 
potential risk becomes clear. Passenger records including historical 
records are essential in assisting CBP Officers with their risk-based 
screening of travel indicators and identifying potential links between 
known and previously unidentified terrorist facilitators. Analyzing 
these records for these purposes allows CBP to continue to effectively 
identify suspect travel patterns and irregularities.

SYSTEM MANAGER(S) AND ADDRESS:
    Executive Director, National Targeting and Security, Office of 
Field Operations, U.S. Customs and Border Protection, Ronald Reagan 
Building and Director, Targeting and Analysis, Systems Program Office, 
Office of Information Technology, U.S. Customs and Border Protection.

PUBLIC RECORD ACCESS/REDRESS PROCEDURES:
    DHS policy allows persons (including foreign nationals) to access 
and redress under the Privacy Act to raw PNR data maintained in ATS-P. 
The PNR data, upon request, may be provided to the requester in the 
form in which it was collected from the respective carrier, but may not 
include certain business confidential information of the air carrier 
that is also contained in the record, such as . This access does not 
extend to other information in ATS obtained from official sources 
(which are covered under separate SORNs) or that is created by CBP, 
such as the targeting rules and screening results, which are law 
enforcement sensitive information and are exempt from certain 
provisions of the Privacy Act. For other information in this system of 
records, individuals generally may not seek access for purposes of 
determining if the system contains records pertaining to a particular 
individual or person. (See 5 U.S.C. 552a (e)(4)(G) and (f)(1)).
    Individuals, regardless of nationality, may seek access to records 
about themselves in accordance with the Freedom of Information Act. In 
addition, DHS policy allows persons, including foreign nationals, to 
seek access under the Privacy Act to raw PNR data submitted to ATS-P. 
Requests for access to personally identifiable information contained in 
PNR that was provided by the requestor or by someone else on behalf of 
the requestor, regarding the requestor, may be submitted to the FOIA/PA 
Unit, Office of Field Operations, U.S. Customs and Border Protection, 
Room 5.50C, 1300 Pennsylvania Avenue, NW., Washington, DC 20229 (phone: 
(202) 344-1850 and fax: (202) 344-2791). Requests should conform to the 
requirements of 6 CFR Part 5, which provides the rules for requesting 
access to Privacy Act records maintained by DHS. The envelope and 
letter should be clearly marked ``Privacy Act Access Request.'' The 
request should include a general description of the records sought and 
must include the requester's full name, current address, and date and 
place of birth. The request must be signed and either notarized or 
submitted under penalty of perjury.
    CBP notes that ATS is a decision-support tool that compares various 
databases, but does not actively collect the information in those 
respective databases, except for PNR. When an individual is seeking 
redress for other information analyzed in ATS, such redress is properly 
accomplished by referring to the databases that directly collect that 
information. If individuals are uncertain what agency handles the 
information, they may seek redress through the DHS Traveler Redress 
Program (``TRIP''). See 72 FR 2294, dated January 18, 2007. Individuals 
who believe they have been improperly denied entry, refused boarding 
for transportation, or identified for

[[Page 43656]]

additional screening by CBP may submit a redress request through TRIP. 
TRIP is a single point of contact for individuals who have inquiries or 
seek resolution regarding difficulties they experienced during their 
travel screening at transportation hubs--like airports and train 
stations or crossing U.S. borders. Through TRIP, a traveler can request 
correction of erroneous PNR data stored in ATS-P and other data stored 
in other DHS databases through one application. Additionally, for 
further information on ATS and the redress options please see the 
accompanying PIA for ATS published on the DHS website at www.dhs.gov/privacy. Redress requests should be sent to: DHS Traveler Redress 
Inquiry Program (TRIP), 601 South 12th Street, TSA-901, Arlington, VA 
22202-4220 or online at http://www.dhs.gov/trip and at http://www.dhs.gov.
    Additionally, a traveler may seek redress from CBP at the time of 
the border crossing.

CONTESTING RECORD PROCEDURES:
    Individuals may seek redress and/or contest a record through 
several different means, all of which will be handled in the same 
fashion. If the individual is aware the information is specifically 
handled by CBP, requests may be sent directly to CBP at the FOIA/PA 
Unit, Office of Field Operations, U.S. Customs and Border Protection, 
Room 5.5-C, 1300 Pennsylvania Avenue, NW., Washington, DC 20229 (phone: 
(202) 344-1850 and fax: (202) 344-2791). If the individual is uncertain 
what agency is responsible for maintaining the information, redress 
requests may be sent to DHS TRIP at DHS Traveler Redress Inquiry 
Program (TRIP), 601 South 12th Street, TSA-901, Arlington, VA 22202-
4220 or online at http://www.dhs.gov/trip.

RECORD SOURCE CATEGORIES:
    The system contains information derived from other law enforcement 
systems operated by DHS and federal, state, local, tribal, or foreign 
government agencies, which collected the underlying data from 
individuals and public entities directly.
    The system also contains information collected from carriers that 
operate vessels, vehicles, aircraft, and/or trains that enter or exit 
the United States. In addition, the cargo modules (ATS-Inbound and 
Outbound) employ information collected from third party data 
aggregators.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    Pursuant to 6 CFR Part 5, Appendix C, certain records and 
information in this system are exempt from 5 U.S.C. 552a(c)(3) and (4); 
(d)(1), (2), (3), and (4); (e)(1), (2), (3), (4)(G) through (I), 
(e)(5), and (8); (f), and (g) of the Privacy Act pursuant to 5 U.S.C. 
552a(j)(2) and (k)(2)). With respect to ATS-P module, exempt records 
are the risk assessment analyses and business confidential information 
received in the PNR from the air and vessel carriers. No exemption 
shall be asserted regarding PNR data about the requester, obtained from 
either the requester or by a booking agent, brokers, or another person 
on the requester's behalf. This information, upon request, may be 
provided to the requester in the form in which it was collected from 
the respective carrier, but may not include certain business 
confidential information of the air carrier that is also contained in 
the record. For other ATS modules the only information maintained in 
ATS is the risk assessment analyses and a pointer to the data from the 
source system of records.

    Dated: July 31, 2007.
Hugo Teufel III,
Chief Privacy Officer.
 [FR Doc. E7-15197 Filed 8-1-07; 11:51 am]
BILLING CODE 4410-10-P