[Federal Register Volume 73, Number 112 (Tuesday, June 10, 2008)]
[Proposed Rules]
[Pages 32657-32659]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E8-12785]


 ========================================================================
 Proposed Rules
                                                 Federal Register
 ________________________________________________________________________
 
 This section of the FEDERAL REGISTER contains notices to the public of 
 the proposed issuance of rules and regulations. The purpose of these 
 notices is to give interested persons an opportunity to participate in 
 the rule making prior to the adoption of the final rules.
 
 ========================================================================
 

  Federal Register / Vol. 73, No. 112 / Tuesday, June 10, 2008 / 
Proposed Rules  

[[Page 32657]]



DEPARTMENT OF HOMELAND SECURITY

6 CFR Part 5

[Docket Number DHS-2008-0053]


Privacy Act of 1974: Implementation of Exemptions; Electronic 
System for Travel Authorization

AGENCY: Privacy Office, Office of the Secretary, DHS.

ACTION: Notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: The Department of Homeland Security is amending its 
regulations to exempt portions of a system of records from certain 
provisions of the Privacy Act. Specifically, the Department proposes to 
exempt portions of the Electronic System for Travel Authorization 
(ESTA) from one or more provisions of the Privacy Act because of 
criminal, civil, and administrative enforcement requirements.

DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), the public is 
given a 30-day period in which to comment on this notice; and the 
Office of Management and Budget (OMB), which has oversight 
responsibility under the Act, requires a 40-day period in which to 
conclude its review of the system. Therefore, the public, OMB, and 
Congress are invited to submit comments July 21, 2008.

ADDRESSES: You may submit comments, identified by DOCKET NUMBER DHS-
2008-0053 by one of the following methods:
     Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: 1-866-466-5370.
     Mail: Hugo Teufel III, Chief Privacy Officer, Privacy 
Office, Department of Homeland Security, Washington, DC 20528.

FOR FURTHER INFORMATION CONTACT: For general questions please contact: 
Laurence E. Castelli (202-572-8790), Chief, Privacy Act Policy and 
Procedures Branch, U.S. Customs and Border Protection, Regulations and 
Rulings, Office of International Trade, Mint Annex, 1300 Pennsylvania 
Ave., NW., Washington, DC 20229. For privacy issues please contact: 
Hugo Teufel III (703-235-0780), Chief Privacy Officer, Privacy Office, 
U.S. Department of Homeland Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

Background

    The Department of Homeland Security (DHS), elsewhere in this 
edition of the Federal Register, published a Privacy Act system of 
records notice describing records in the Electronic System Travel 
Authorization (ESTA).
    CBP currently does not require a visa for qualifying nationals 
traveling from countries that participate in the Visa Waiver Program 
(VWP). To ensure the VWP national does not pose a security risk or have 
a law enforcement reason to prevent his or her travel to the United 
States and in response to a Congressional mandate to do so, DHS/CBP 
will be implementing an Electronic System for Travel Authorization 
(ESTA) to permit nationals of VWP countries to electronically submit 
biographic and admissibility information in advance of their travel to 
the United States so that CBP can determine whether the applicant is 
eligible to travel to the United States.
    Applicants under this program will electronically provide 
information, as specified in the ESTA Interim Final Rule, prior to 
traveling to the United States by air or sea, which will be stored in 
the ESTA system in an account. The individual will have the opportunity 
to verify the accuracy of the information entered in ESTA during the 
application process and before the application is submitted through 
ESTA. Applicants will be given a tracking number which, combined with 
some personal information already provided to the system, will allow 
the applicant to submit updates to data elements that do not affect 
their admissibility or apply for a new ESTA.
    Once an applicant has verified the application information and 
submitted the required information to ESTA, the information supplied by 
the applicant will be used to automatically query terrorist and law 
enforcement databases to determine whether the applicant is eligible to 
travel to the United States under VWP. When possible matches to 
derogatory information are found, the applications will be vetted 
through normal CBP procedures. During this time, the applicant will 
receive a ``pending'' status. If the applicant is cleared to travel 
under the VWP, he or she will receive an ``authorized to travel'' 
status via the ESTA Web site. If the applicant is not cleared for 
travel, the applicant will receive a ``not authorized to travel'' 
status and be directed to the State Department Web site to obtain 
information on how to apply for a visa at a U.S. consulate or embassy. 
The Department of State will have access to the information supplied by 
the applicant and the ESTA results to assist in determining whether to 
issue a visa.
    Carriers, when querying the applicant through the Advance Passenger 
Information System/APIS Quick Query (APIS/AQQ) to determine whether a 
boarding pass should be issued, will be notified whether the applicant 
traveler has been authorized to travel, pending, not authorized, or has 
not applied for an ESTA. VWP travelers must have an authorized ESTA or 
a visa to be issued a boarding pass.
    No exemption shall be asserted with respect to information 
maintained in the system as it relates to data submitted by or on 
behalf of a person who travels to visit the United States, nor shall an 
exemption be asserted with respect to the resulting determination 
(authorized to travel, not authorized to travel, pending).
    This system may contain records or information pertaining to the 
accounting of disclosures made from ESTA to other law enforcement 
agencies (Federal, State, Local, Foreign, International or Tribal) in 
accordance with the published routine uses. For the accounting of these 
disclosures only, in accordance with 5 U.S.C. 552a (j)(2), and (k)(2), 
DHS will claim the original exemptions for these records or information 
from subsection (c)(3), (e) (8), and (g) of the Privacy Act of 1974, as 
amended, as necessary and appropriate to protect such information. 
Moreover, DHS will add this exemption to Appendix C to 6 CFR Part 5, 
DHS Systems of Records Exempt from the Privacy Act. Such exempt records 
or information may be law enforcement or national security 
investigation records,

[[Page 32658]]

law enforcement activity and encounter records, or terrorist screening 
records.
    DHS needs these exemptions in order to protect information relating 
to law enforcement investigations from disclosure to subjects of 
investigations and others who could interfere with investigatory and 
law enforcement activities. Specifically, the exemptions are required 
to: Preclude subjects of investigations from frustrating the 
investigative process; avoid disclosure of investigative techniques; 
protect the identities and physical safety of confidential informants 
and of law enforcement personnel; ensure DHS's and other federal 
agencies' ability to obtain information from third parties and other 
sources; protect the privacy of third parties; and safeguard sensitive 
information.
    Nonetheless, DHS will examine each request on a case-by-case basis, 
and, after conferring with the appropriate component or agency, may 
waive applicable exemptions in appropriate circumstances and where it 
would not appear to interfere with or adversely affect the law 
enforcement or national security investigation.
    Again, DHS will not assert any exemption with respect to 
information maintained in the system that is collected from a person 
and submitted by that person's air or vessel carrier, if that person, 
or his or her agent, seeks access or amendment of such information.

Regulatory Requirements

A. Regulatory Impact Analyses

    Changes to Federal regulations must undergo several analyses. In 
conducting these analyses, DHS has determined:
1. Executive Order 12866 Assessment
    This rule is not a significant regulatory action under Executive 
Order 12866, ``Regulatory Planning and Review'' (as amended). 
Accordingly, this rule has not been reviewed by the Office of 
Management and Budget (OMB). Nevertheless, DHS has reviewed this 
rulemaking, and concluded that there will not be any significant 
economic impact.
2. Regulatory Flexibility Act Assessment
    Pursuant to section 605 of the Regulatory Flexibility Act (RFA), 5 
U.S.C. 605(b), as amended by the Small Business Regulatory Enforcement 
and Fairness Act of 1996 (SBREFA), DHS certifies that this rule will 
not have a significant impact on a substantial number of small 
entities. The rule would impose no duties or obligations on small 
entities. Further, the exemptions to the Privacy Act apply to 
individuals, and individuals are not covered entities under the RFA.
3. International Trade Impact Assessment
    This rulemaking will not constitute a barrier to international 
trade. The exemptions relate to criminal investigations and agency 
documentation and, therefore, do not create any new costs or barriers 
to trade.
4. Unfunded Mandates Assessment
    Title II of the Unfunded Mandates Reform Act of 1995 (UMRA), (Pub. 
L. 104-4, 109 Stat. 48), requires Federal agencies to assess the 
effects of certain regulatory actions on State, local, and tribal 
governments, and the private sector. This rulemaking will not impose an 
unfunded mandate on State, local, or tribal governments, or on the 
private sector.

B. Paperwork Reduction Act

    The Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3501 et seq.) 
requires that DHS consider the impact of paperwork and other 
information collection burdens imposed on the public and, under the 
provisions of PRA section 3507(d), obtain approval from the Office of 
Management and Budget (OMB) for each collection of information it 
conducts, sponsors, or requires through regulations. DHS has determined 
that there are no current or new information collection requirements 
associated with this rule.

C. Executive Order 13132, Federalism

    This action will not have a substantial direct effect on the 
States, on the relationship between the national Government and the 
States, or on the distribution of power and responsibilities among the 
various levels of government, and therefore will not have federalism 
implications.

D. Environmental Analysis

    DHS has reviewed this action for purposes of the National 
Environmental Policy Act of 1969 (NEPA) (42 U.S.C. 4321-4347) and has 
determined that this action will not have a significant effect on the 
human environment.

E. Energy Impact

    The energy impact of this action has been assessed in accordance 
with the Energy Policy and Conservation Act (EPCA) Public Law 94-163, 
as amended (42 U.S.C. 6362). This rulemaking is not a major regulatory 
action under the provisions of the EPCA.

List of Subjects in 6 CFR Part 5

    Freedom of information, Privacy.

    For the reasons stated in the preamble, DHS proposes to amend 
Chapter I of Title 6, Code of Federal Regulations, as follows:

PART 5--DISCLOSURE OF RECORDS AND INFORMATION

    1. The authority citation for part 5 continues to read as follows:

    Authority: Public Law 107-296, 116 Stat. 2135, 6 U.S.C. 101 et 
seq.; 5 U.S.C. 301. Subpart A also issued under 5 U.S.C. 552.

    2. At the end of Appendix C to part 5, add the following new 
paragraph:

Appendix C to Part 5--DHS Systems of Records Exempt From the Privacy 
Act

* * * * *

    6. DHS/CBP-009, Electronic System for Travel Authorization 
(ESTA). A portion of the following system of records is exempt from 
5 U.S.C. 552a(c)(3), (e)(8), and (g) pursuant to 5 U.S.C. 
552a(j)(2),and (k)(2). Further, no exemption shall be asserted with 
respect to information maintained in the system as it relates to 
data submitted by or on behalf of a person who travels to visit the 
United States and crosses the border, nor shall an exemption be 
asserted with respect to the resulting determination (approval or 
denial). After conferring with the appropriate component or agency, 
DHS may waive applicable exemptions in appropriate circumstances and 
where it would not appear to interfere with or adversely affect the 
law enforcement purposes of the systems from which the information 
is recompiled or in which it is contained. Exemptions from the above 
particular subsections are justified, on a case-by-case basis to be 
determined at the time a request is made, when information in this 
system of records may impede a law enforcement or national security 
investigation:
    (a) From subsection (c)(3) (Accounting for Disclosure) because 
making available to a record subject the accounting of disclosures 
from records concerning him or her would specifically reveal any 
investigative interest in the individual. Revealing this information 
could reasonably be expected to compromise ongoing efforts to 
investigate a violation of U.S. law, including investigations of a 
known or suspected terrorist, by notifying the record subject that 
he or she is under investigation. This information could also permit 
the record subject to take measures to impede the investigation, 
e.g., destroy evidence, intimidate potential witnesses, or flee the 
area to avoid or impede the investigation.
    (b) From subsection (e)(8) (Notice on Individuals) because to 
require individual notice of disclosure of information due to 
compulsory legal process would pose an impossible administrative 
burden on DHS and other agencies and could alert the subjects of 
counterterrorism or law enforcement investigations to the fact of 
those investigations when not previously known.

[[Page 32659]]

    (c) From subsection (g) (Civil Remedies) to the extent that the 
system is exempt from other specific subsections of the Privacy Act.

Hugo Teufel, III,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. E8-12785 Filed 6-9-08; 8:45 am]
BILLING CODE 4410-10-P