[Federal Register Volume 72, Number 163 (Thursday, August 23, 2007)]
[Proposed Rules]
[Pages 48397-48400]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E7-15963]



  Federal Register / Vol. 72, No. 163 / Thursday, August 23, 2007 / 
Proposed Rules  

[[Page 48397]]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Transportation Security Administration

49 CFR Part 1507

[Docket No. TSA-2007-28972]
RIN 1652-AA48


Privacy Act of 1974: Implementation of Exemptions; Secure Flight 
Records

AGENCY: Transportation Security Administration, DHS.

ACTION: Notice of proposed rulemaking (NPRM).

-----------------------------------------------------------------------

SUMMARY: The Transportation Security Administration (TSA) is proposing 
to amend the Transportation Security regulations to exempt a new system 
of records from several provisions of the Privacy Act. Secure Flight 
Records (DHS/TSA 019) will include records used as a part of a 
passenger watch list matching program known as Secure Flight. The 
Secure Flight program implements a mandate of the Intelligence Reform 
and Terrorism Prevention Act of 2004 (IRTPA) (Pub. L. 108-458, 118 
Stat. 3638, Dec. 17, 2004) and is consistent with TSA's authority under 
the Aviation and Transportation Security Act (ATSA). Section 4012(a)(1) 
of the IRTPA requires TSA to assume from air carriers the comparison of 
passenger information for domestic flights to the consolidated and 
integrated terrorist watch list maintained by the Federal Government. 
Further, Section 4012(a)(2) of IRTPA similarly requires the DHS to 
compare passenger information for international flights to and from the 
United States against the consolidated and integrated terrorist watch 
list before departure of such flights. Under the Secure Flight program, 
TSA would assume the current watch list matching function to the No Fly 
and Selectee from aircraft operators. TSA is proposing exemptions for 
DHS/TSA 019 to the extent necessary to protect the integrity of 
investigatory information that may be included in the system of 
records.

DATES: Submit comments by September 24, 2007.

ADDRESSES: You may submit comments, identified by the TSA docket number 
to this rulemaking, using any one of the following methods:
    Comments Filed Electronically: You may submit comments through the 
docket Web site at http://dms.dot.gov. You also may submit comments 
through the Federal eRulemaking portal at http://www.regulations.gov.
    Comments Submitted by Mail, Fax, or In Person: Address or deliver 
your written, signed comments to the Docket Management System at U.S. 
Department of Transportation, Docket Operations, M-30, West Building 
Ground Floor, Room W12-140, 1200 New Jersey Ave., SE., Washington, DC 
20590; Fax: 202-493-2251.
    See SUPPLEMENTARY INFORMATION for format and other information 
about comment submissions.

FOR FURTHER INFORMATION CONTACT: Peter Pietra, Director, Privacy Policy 
and Compliance, TSA-36, Transportation Security Administration, 601 
South 12th Street, Arlington, VA 22202-4220; facsimile (571) 227-1400; 
e-mail [email protected]; Hugo Teufel III (703-235-0780), Chief 
Privacy Officer, Privacy Office, U.S. Department of Homeland Security, 
Washington, DC 20528, e-mail: [email protected].

SUPPLEMENTARY INFORMATION:

Comments Invited

    TSA invites interested persons to participate in this rulemaking by 
submitting written comments, data, or opinions. We also invite comments 
relating to the economic, environmental, energy, or federalism impacts 
that might result from this rulemaking action. See ADDRESSES above for 
information on where to submit comments.
    With each comment, please include your name and address, identify 
the docket number at the beginning of your comments, and give the 
reason for each comment. The most helpful comments reference a specific 
portion of the rulemaking, explain the reason for any recommended 
change, and include supporting data. You may submit comments and 
material electronically, in person, by mail, or fax as provided under 
ADDRESSES, but please submit your comments and material by only one 
means. If you submit comments by mail or delivery, submit them in two 
copies, in an unbound format, no larger than 8.5 by 11 inches, suitable 
for copying and electronic filing.
    If you want TSA to acknowledge receipt of comments submitted by 
mail, include with your comments a self-addressed, stamped postcard on 
which the docket number appears. We will stamp the date on the postcard 
and mail it to you.
    TSA will file in the public docket all comments received by TSA, 
except for comments containing confidential information and sensitive 
security information.\1\ TSA will consider all comments received on or 
before the closing date for comments and will consider comments filed 
late to the extent practicable. The docket is available for public 
inspection before and after the comment closing date.
---------------------------------------------------------------------------

    \1\ ``Sensitive Security Information'' or ``SSI'' is information 
obtained or developed in the conduct of security activities, the 
disclosure of which would constitute an unwarranted invasion of 
privacy, reveal trade secrets or privileged or confidential 
information, or be detrimental to the security of transportation. 
The protection of SSI is governed by 49 CFR part 1520.
---------------------------------------------------------------------------

Handling of Confidential or Proprietary Information and Sensitive 
Security Information (SSI) Submitted in Public Comments

    Do not submit comments that include trade secrets, confidential 
commercial or financial information, or SSI to the public regulatory 
docket. Please submit such comments separately from other comments on 
the rulemaking. Comments containing this type of information should be 
appropriately marked as containing such information and submitted by 
mail to the address listed in the FOR FURTHER INFORMATION CONTACT 
section.
    Upon receipt of such comments, TSA will not place the comments in 
the public docket and will handle them in accordance with applicable 
safeguards and restrictions on access. TSA will hold them in a separate 
file to which the public does not have access, and place a note in the 
public docket that TSA has received such materials from the commenter. 
If TSA receives a request to examine or copy this information, TSA will 
treat it as any other request under the Freedom of Information Act 
(FOIA) (5 U.S.C. 552) and the Department of Homeland Security's (DHS') 
FOIA regulation found in 6 CFR part 5.

Reviewing Comments in the Docket

    Please be aware that anyone is able to search the electronic form 
of all comments received into any of our dockets by the name of the 
individual submitting the comment (or signing the comment, if submitted 
on behalf of an association, business, labor union, or advocacy group, 
etc.). You may review the applicable Privacy Act Statement published in 
the Federal Register on April 11, 2000 (65 FR 19477), or you may visit 
http://dms.dot.gov.
    You may review the comments in the public docket by visiting the 
Dockets Office between 9 a.m. and 5 p.m., Monday through Friday, except 
Federal holidays. The Dockets Office is located in the West Building 
Ground Floor, Room W12-140, at the Department of Transportation address 
previously provided under ADDRESSES. Also, you may review public 
dockets on the Internet at http://dms.dot.gov.

[[Page 48398]]

Availability of Rulemaking Document

    You can get an electronic copy using the Internet by--
    (1) Searching the Department of Transportation's electronic Docket 
Management System (DMS) Web page (http://dms.dot.gov/search);
    (2) Accessing the Government Printing Office's Web page at http://www.gpoaccess.gov/fr/index.html; or
    (3) Visiting TSA's Security Regulations Web page at http://www.tsa.gov and accessing the link for ``Research Center'' at the top 
of the page.
    In addition, copies are available by writing or calling the 
individual in the FOR FURTHER INFORMATION CONTACT section. Make sure to 
identify the docket number of this rulemaking.

Abbreviations and Terms Used in This Document

DHS--Department of Homeland Security.
FBI--Federal Bureau of Investigation.
TSA--Transportation Security Administration.

Background

    In order to begin the Secure Flight program, Transportation 
Security Administration (TSA) is publishing this Notice of Proposed 
Rulemaking (NPRM) to propose exemptions for DHS/TSA 019 to the extent 
necessary to protect the integrity of investigatory information that 
may be included in the system of records.
    On December 17, 2004, the Intelligence Reform and Terrorism 
Prevention Act of 2004 (IRTPA) (Pub. L. 108-458) was enacted. Section 
4012(a) of the IRTPA directs the TSA and the Department of Homeland 
Security (DHS) to assume from aircraft operators the pre-flight 
passenger watch list matching function. TSA is carrying out this 
mandate through the creation of the Secure Flight program.
    Section 4012(a)(1) of the IRTPA requires TSA to assume from air 
carriers the comparison of passenger information for domestic flights 
to the consolidated and integrated terrorist watch list maintained by 
the Federal Government. Section 4012(a)(2) of IRTPA similarly requires 
the DHS to compare passenger information for international flights to 
and from the United States against the consolidated and integrated 
terrorist watch list before departure of such flights. Further, as 
recommended by the 9/11 Commission, TSA may access the ``larger set of 
watch lists maintained by the Federal Government.'' \2\ Therefore, as 
warranted by security considerations, TSA may use the full Terrorist 
Screening Database (TSDB) or other government databases, such as 
intelligence or law enforcement databases (referred to as ``watch list 
matching''). For example, TSA may obtain intelligence that flights 
flying a particular route may be subject to an increased security risk. 
Under this circumstance, TSA may decide to compare passenger 
information on some or all of the flights flying that route against the 
full TSDB or other government database.
---------------------------------------------------------------------------

    \2\ National Commission on Terrorist Attacks Upon the Untied 
States, page 393.
---------------------------------------------------------------------------

    TSA also is publishing in today's Federal Register a Privacy Act 
System of Records notice establishing a new system of records for the 
Secure Flight program, entitled Secure Flight Records (DHS/TSA 019). 
Although not required, aircraft operators may voluntarily choose to 
begin operational testing with TSA prior to publication of a final rule 
for the Secure Flight program. In the event an aircraft operator begins 
early operational testing with TSA, the records created as part of that 
testing would be included in the Secure Flight Records system and the 
exemptions claimed in this rulemaking would apply to such records.
    The categories of records TSA will create or maintain in the course 
of the Secure Flight program are described in detail in the system of 
records notice. TSA would not assert an exemption with respect to 
information submitted by or on behalf of individual passengers or non-
travelers in the course of making a reservation or seeking access to a 
secured area under the Secure Flight program. This system, however, may 
contain records or information recompiled from or created from 
information contained in other systems of records, which are exempt 
from certain provisions of the Privacy Act. For these records or 
information only, TSA is proposing certain Privacy Act exemptions for 
the records contained in DHS/TSA 019 pursuant to 5 U.S.C. 552a(j)(2), 
(k)(1), and (k)(2), to the extent necessary to protect the integrity of 
watch list matching procedures performed under the Secure Flight 
Program.
    Under 5 U.S.C. 552a(j)(2), (k)(1), and (k)(2), an agency may exempt 
from certain provisions of the Privacy Act a system of records 
containing investigatory material compiled for law enforcement 
purposes, classified information, and information pertaining to 
national security. The exemptions proposed here are standard law 
enforcement and national security exemptions exercised by a large 
number of federal agencies.
    In the course of carrying out the Secure Flight program, TSA will 
review information from Federal Bureau of Investigation (FBI) systems 
of records and from systems of records of other law enforcement and 
intelligence agencies if necessary to resolve an apparent match to a 
Federal watch list. These may include classified and unclassified 
governmental terrorist, law enforcement, and intelligence databases, 
including databases maintained by the Department of Homeland Security, 
Department of Defense, National Counterterrorism Center, and FBI. 
Records from these systems are exempt from certain provisions of the 
Privacy Act because they contain law enforcement investigative 
information and classified information. To the extent the Secure Flight 
Records system relies on information from such other exempt systems of 
records, TSA would rely on the Privacy Act exemptions claimed for those 
systems.
    Individuals can seek redress, in accordance with the provisions of 
proposed 49 CFR part 1560, subpart C, in cases where they believe they 
have been delayed or prohibited from boarding or denied entrance to the 
airport sterile area, as a result of the operation of the Secure Flight 
program. TSA will examine each separate request on a case-by-case 
basis, and after conferring with the appropriate agency, may waive 
applicable exemptions in appropriate circumstances and where it would 
not appear to interfere with or adversely affect the law enforcement or 
national security purposes of the systems from which the information is 
recompiled or in which it is contained.

Paperwork Reduction Act

    The Paperwork Reduction Act of 1995 (44 U.S.C. 3507(d)) requires 
that TSA consider the impact of paperwork and other information 
collection burdens imposed on the public. There are no current or new 
information collection requirements associated with this proposed rule.

Economic Impact Analyses

    This rulemaking is not a ``significant regulatory action'' within 
the meaning of Executive Order 12886. Further regulatory evaluation is 
not necessary because the economic impact should be minimal. Moreover, 
I certify that this rule would not have a significant economic impact 
on a substantial number of small entities, because the reporting 
requirements themselves are not changed and because it applies only to 
information on individuals.

[[Page 48399]]

Unfunded Mandates Assessment

    Title II of the Unfunded Mandates Reform Act of 1995 (UMRA), (Pub. 
L. 104-4, 109 Stat. 48), requires Federal agencies to assess the 
effects of certain regulatory actions on State, local, and tribal 
governments, and the private sector. UMRA requires a written statement 
of economic and regulatory alternatives for proposed and final rules 
that contain Federal mandates. A ``Federal mandate'' is a new or 
additional enforceable duty, imposed on any State, local, or tribal 
government, or the private sector. If any Federal mandate causes those 
entities to spend, in aggregate, $100 million or more in any one year, 
the UMRA analysis is required. This rule would not impose Federal 
mandates on any State, local, or tribal government or the private 
sector.

Executive Order 13132, Federalism

    TSA has analyzed this proposed rule under the principles and 
criteria of Executive Order 13132, Federalism. We determined that this 
action would not have a substantial direct effect on the States, on the 
relationship between the National Government and the States, or on the 
distribution of power and responsibilities among the various levels of 
government, and therefore would not have federalism implications.

Environmental Analysis

    TSA has reviewed this action for purposes of the National 
Environmental Policy Act of 1969 (NEPA) (42 U.S.C. 4321-4347) and has 
determined that this action will not have a significant effect on the 
human environment.

Energy Impact Analysis

    The energy impact of the notice has been assessed in accordance 
with the Energy Policy and Conservation Act (EPCA), Public Law 94-163, 
as amended (42 U.S.C. 6362). We have determined that this rulemaking is 
not a major regulatory action under the provisions of the EPCA.

List of Subjects in 49 CFR Part 1507

    Privacy.

The Proposed Amendments

    For the reasons set forth in the preamble, the Transportation 
Security Administration proposes to amend part 1507 of Chapter XII of 
Title 49 of the Code of Federal Regulations, as follows:

PART 1507--PRIVACY ACT--EXEMPTIONS

    1. The authority citation for part 1507 continues to read as 
follows:

    Authority: 49 U.S.C. 114(l)(1), 40113, 5 U.S.C. 552a(j) and (k).

    2. Add a new paragraph (k) to Sec.  1507.3 to read as follows:


Sec.  1507.3  Exemptions.

* * * * *
    (k) Secure Flight Records. (1) Secure Flight Records (DHS/TSA 019) 
enables TSA to maintain a system of records related to watch list 
matching applied to air passengers and to non-traveling individuals 
authorized to enter an airport sterile area. Pursuant to 5 U.S.C. 
552a(j)(2), (k)(1), and (k)(2), TSA is claiming the following 
exemptions for certain records within the Secure Flight Records system: 
5 U.S.C. 552a(c)(3) and (4); (d)(1), (2), (3), and (4); (e)(1), (2), 
(3), (4)(G) through (I), (5), and (8); (f), and (g).
    (2) In addition to records under the control of TSA, the Secure 
Flight system of records may include records originating from systems 
of records of other law enforcement and intelligence agencies which may 
be exempt from certain provisions of the Privacy Act. However, TSA does 
not assert exemption to any provisions of the Privacy Act with respect 
to information submitted by or on behalf of individual passengers or 
non-travelers in the course of making a reservation or seeking access 
to a secured area under the Secure Flight program.
    (3) To the extent the Secure Flight system contains records 
originating from other systems of records, TSA will rely on the 
exemptions claimed for those records in the originating system of 
records. Exemptions for certain records within the Secure Flight 
Records system from particular subsections of the Privacy Act are 
justified for the following reasons:
    (i) From subsection (c)(3) (Accounting for Disclosures) because 
giving a record subject access to the accounting of disclosures from 
records concerning him or her could reveal investigative interest on 
the part of the recipient agency that obtained the record pursuant to a 
routine use. Disclosure of the accounting could therefore present a 
serious impediment to law enforcement efforts on the part of the 
recipient agency because the individual who is the subject of the 
record would learn of third agency investigative interests and could 
take steps to evade detection or apprehension. Disclosure of the 
accounting also could reveal the details of watch list matching 
measures under the Secure Flight program, as well as capabilities and 
vulnerabilities of the watch list matching process, the release of 
which could permit an individual to evade future detection and thereby 
impede efforts to ensure transportation security.
    (ii) From subsection (c)(4) because portions of this system are 
exempt from the access and amendment provisions of subsection (d).
    (iii) From subsections (d)(1), (2), (3), and (4) because these 
provisions concern individual access to and amendment of certain 
records contained in this system, including law enforcement 
counterterrorism, investigatory and intelligence records. Compliance 
with these provisions could: alert the subject of an investigation of 
the fact and nature of the investigation, and/or the investigative 
interest of intelligence or law enforcement agencies; compromise 
sensitive information related to national security; interfere with the 
overall law enforcement process by leading to the destruction of 
evidence, improper influencing of witnesses, fabrication of testimony, 
and/or flight of the subject; identify a confidential source or 
disclose information which would constitute an unwarranted invasion of 
another's personal privacy; reveal a sensitive investigative or 
intelligence technique; or constitute a potential danger to the health 
or safety of law enforcement personnel, confidential informants, and 
witnesses. Amendment of these records would interfere with ongoing 
counterterrorism, law enforcement, or intelligence investigations and 
analysis activities and impose an impossible administrative burden by 
requiring investigations, analyses, and reports to be continuously 
reinvestigated and revised.
    (iv) From subsection (e)(1) because it is not always possible for 
TSA or other agencies to know in advance what information is both 
relevant and necessary for it to complete an identity comparison 
between aviation passengers or certain non-travelers and a known or 
suspected terrorist. Also, because TSA and other agencies may not 
always know what information about an encounter with a known or 
suspected terrorist will be relevant to law enforcement for the purpose 
of conducting an operational response.
    (v) From subsection (e)(2) because application of this provision 
could present a serious impediment to counterterrorism, law 
enforcement, or intelligence efforts in that it would put the subject 
of an investigation, study or analysis on notice of that fact, thereby 
permitting the subject to engage in conduct designed to frustrate or 
impede that activity. The nature of counterterrorism, law enforcement, 
or intelligence investigations is such that

[[Page 48400]]

vital information about an individual frequently can be obtained only 
from other persons who are familiar with such individual and his/her 
activities. In such investigations it is not feasible to rely upon 
information furnished by the individual concerning his own activities.
    (vi) From subsection (e)(3), to the extent that this subsection is 
interpreted to require TSA to provide notice to an individual if TSA or 
another agency receives or collects information about that individual 
during an investigation or from a third party. Should the subsection be 
so interpreted, exemption from this provision is necessary to avoid 
impeding counterterrorism, law enforcement, or intelligence efforts by 
putting the subject of an investigation, study or analysis on notice of 
that fact, thereby permitting the subject to engage in conduct intended 
to frustrate or impede that activity.
    (vii) From subsections (e)(4)(G) and (H) (Agency Requirements) and 
(f) (Agency Rules), because this system is exempt from the access 
provisions of 5 U.S.C. 552a(d).
    (viii) From subsection (e)(5) because many of the records in this 
system coming from other system of records are derived from other 
domestic and foreign agency record systems and therefore it is not 
possible for TSA to ensure their compliance with this provision; 
however, TSA has implemented internal quality assurance procedures to 
ensure that data used in the watch list matching process is as 
thorough, accurate, and current as possible. In addition, in the 
collection of information for law enforcement, counterterrorism, and 
intelligence purposes, it is impossible to determine in advance what 
information is accurate, relevant, timely, and complete. With the 
passage of time, seemingly irrelevant or untimely information may 
acquire new significance as further investigation brings new details to 
light. The restrictions imposed by (e)(5) would limit the ability of 
those agencies' trained investigators and intelligence analysts to 
exercise their judgment in conducting investigations and impede the 
development of intelligence necessary for effective law enforcement and 
counterterrorism efforts. However, TSA has implemented internal quality 
assurance procedures to ensure that the data used in the watch list 
matching process is as thorough, accurate, and current as possible.
    (ix) From subsection (e)(8) because to require individual notice of 
disclosure of information due to compulsory legal process would pose an 
impossible administrative burden on TSA and other agencies and could 
alert the subjects of counterterrorism, law enforcement, or 
intelligence investigations to the fact of those investigations when 
not previously known.
    (x) From subsection (f) (Agency Rules) because portions of this 
system are exempt from the access and amendment provisions of 
subsection (d).
    (xi) From subsection (g) to the extent that the system is exempt 
from other specific subsections of the Privacy Act.

    Issued in Arlington, Virginia on August 8, 2007.
Kip Hawley,
Assistant Secretary.
Hugo Teufel III,
Chief Privacy Officer.
[FR Doc. E7-15963 Filed 8-22-07; 8:45 am]
BILLING CODE 9110-05-P