[Federal Register Volume 73, Number 160 (Monday, August 18, 2008)]
[Rules and Regulations]
[Pages 48117-48119]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E8-19033]
========================================================================
Rules and Regulations
Federal Register
________________________________________________________________________
This section of the FEDERAL REGISTER contains regulatory documents
having general applicability and legal effect, most of which are keyed
to and codified in the Code of Federal Regulations, which is published
under 50 titles pursuant to 44 U.S.C. 1510.
The Code of Federal Regulations is sold by the Superintendent of Documents.
Prices of new books are listed in the first FEDERAL REGISTER issue of each
week.
========================================================================
Federal Register / Vol. 73, No. 160 / Monday, August 18, 2008 / Rules
and Regulations
[[Page 48117]]
DEPARTMENT OF HOMELAND SECURITY
Office of the Secretary
6 CFR Part 5
[Docket No. DHS-2008-0071]
Privacy Act of 1974: Implementation of Exemptions; Immigration
and Customs Enforcement (ICE) Pattern Analysis and Information
Collection (ICEPIC) System
AGENCY: Privacy Office, DHS.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Department of Homeland Security is issuing a final rule to
amend its regulations to exempt portions of a new system of records
entitled the ``Immigration and Customs Enforcement (ICE) Pattern
Analysis and Information Collection (ICEPIC) System'' from certain
provisions of the Privacy Act. Specifically, the Department exempts
portions of the ICEPIC system from one or more provisions of the
Privacy Act because of criminal, civil, and administrative enforcement
requirements.
DATES: Effective Date: This final rule is effective August 18, 2008.
FOR FURTHER INFORMATION CONTACT: Lyn Rahilly, Privacy Officer, U.S.
Immigration and Customs Enforcement, 425 I Street, NW., Washington, DC
20536, e-mail: [email protected], or Hugo Teufel III (703-235-0780),
Chief Privacy Officer, Privacy Office, U.S. Department of Homeland
Security, Washington, DC 20528.
SUPPLEMENTARY INFORMATION:
Background
The Department of Homeland Security (DHS) published a notice of
proposed rulemaking in the Federal Register, 73 FR 5460 (Jan. 30,
2008), proposing to exempt portions of the system of records from one
or more provisions of the Privacy Act because of criminal, civil, and
administrative enforcement requirements. The system of records is the
ICE Pattern Analysis and Information Collection (ICEPIC). The ICEPIC
system of records notice (SORN) was published concurrently in the
Federal Register, 73 FR 5577 (Jan. 30, 2008), and comments were invited
on both the proposed rule and SORN. Six comments were received. All
commenters were generally in favor of implementation of the rule as
proposed. Accordingly, the Department is adopting the proposed rule as
final. Concurrently in this issue of the Federal Register, ICE is re-
publishing the SORN for ICEPIC to address comments received through the
Federal Register comment procedure. Given no changes were made to the
rule or the SORN, Privacy Impact Assessment for ICEPIC dated January
30, 2008, remains accurate and is posted on the Department's privacy
Web site. (See http://www.dhs.gov/privacy and follow the link to
``Privacy Impact Assessments'').
Pursuant to the requirements of the Regulatory Flexibility Act, 5
U.S.C. 601-612, DHS certifies that these regulations will not
significantly affect a substantial number of small entities. The final
rule imposes no duties or obligations on small entities. Further, in
accordance with the provisions of the Paperwork Reduction Act of 1995,
44 U.S.C. 3501, DHS has determined that this final rule would not
impose new record keeping, application, reporting, or other types of
information collection requirements.
Public Comments
ICE received and considered the public comments, which are
discussed further below, and concluded that no substantive changes to
the rule are warranted at this time. While all comments were in favor
of the proposed rule, two commenters also raised specific concerns
related to this system of records, which are addressed below.
One commenter expressed concern that individuals would be unable to
ensure their personal information in ICEPIC is accurate unless they are
permitted access to their records. Other means exist to verify the
accuracy of ICEPIC data and ensure that incorrect data is not used to
prejudice that individual. ICEPIC users are trained to verify
information obtained from ICEPIC before including it in analytical
reports that will be used during investigations or shared with
government personnel outside of ICE. Verification procedures include
direct queries to the source databases from which ICEPIC originally
obtained the information, queries of commercial or other government
databases, and ICE agent interviews with individuals or others who are
in a position to confirm the ICEPIC data. These procedures mitigate the
risk posed by inaccurate data in the system and raise the probability
that such data will be identified and corrected before any action is
taken that would prejudice an individual. In addition, the source
systems from which ICEPIC obtains information may, themselves, have
mechanisms in place to ensure the accuracy of the data prior to the
information being accessed through ICEPIC.
Another commenter, while in favor of the system, expressed these
concerns as follows:
``By limiting access to a small number of people, power and
responsibility may be monopolized in the hands of some who are never
given a system of checks and balances over their power. The only other
concern that I have is that, as domestic and international security
policies and concerns shift over time, this proposed rule change will
be stagnant. I would propose then that this rule be revisited in the
coming years as security threats continue to fluctuate.''
To ensure the system contains appropriate checks and balances to
oversee those who have access to ICEPIC information, ICE has
established appropriate controls and safeguards that provide oversight
of authorized ICEPIC users. All user activity is audited and subject to
periodic review to identify unauthorized use or activity. ICE
investigates instances of unauthorized or inappropriate access or use
of the system and takes appropriate disciplinary actions where
violations have occurred. The commenter also recommended a review of
this system in the future because ``security threats continue to
fluctuate.'' ICE and DHS continue to exercise diligence in the response
to the evolving threat environment. Should there be a need to
substantially alter this system in the future, similar public notice
and an
[[Page 48118]]
opportunity to comment will be provided.
Regulatory Requirements
A. Regulatory Impact Analyses
Changes to Federal regulations must undergo several analyses. In
conducting these analyses, DHS has determined:
1. Executive Order 12866 Assessment
This rule is not a significant regulatory action under Executive
Order 12866, ``Regulatory Planning and Review'' (as amended).
Accordingly, this rule has not been reviewed by the Office of
Management and Budget (OMB). Nevertheless, DHS has reviewed this
rulemaking, and concluded that there will not be any significant
economic impact.
2. Regulatory Flexibility Act Assessment
Pursuant to section 605 of the Regulatory Flexibility Act (RFA), 5
U.S.C. 605(b), as amended by the Small Business Regulatory Enforcement
and Fairness Act of 1996 (SBREFA), DHS certifies that this rule will
not have a significant impact on a substantial number of small
entities. The rule would impose no duties or obligations on small
entities. Further, the exemptions to the Privacy Act apply to
individuals, and individuals are not covered entities under the RFA.
3. International Trade Impact Assessment
This rulemaking will not constitute a barrier to international
trade. The exemptions relate to criminal investigations and agency
documentation and, therefore, do not create any new costs or barriers
to trade.
4. Unfunded Mandates Assessment
Title II of the Unfunded Mandates Reform Act of 1995 (UMRA), (Pub.
L. 104-4, 109 Stat. 48), requires Federal agencies to assess the
effects of certain regulatory actions on State, local, and tribal
governments, and the private sector. This rulemaking will not impose an
unfunded mandate on State, local, or tribal governments, or on the
private sector.
B. Paperwork Reduction Act
The Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3501 et seq.)
requires that DHS consider the impact of paperwork and other
information collection burdens imposed on the public and, under the
provisions of PRA section 3507(d), obtain approval from the Office of
Management and Budget (OMB) for each collection of information it
conducts, sponsors, or requires through regulations. DHS has determined
that there are no current or new information collection requirements
associated with this rule.
C. Executive Order 13132, Federalism
This action will not have a substantial direct effect on the
States, on the relationship between the national Government and the
States, or on the distribution of power and responsibilities among the
various levels of government, and therefore will not have federalism
implications.
D. Environmental Analysis
DHS has reviewed this action for purposes of the National
Environmental Policy Act of 1969 (NEPA) (42 U.S.C. 4321-4347) and has
determined that this action will not have a significant effect on the
human environment.
E. Energy Impact
The energy impact of this action has been assessed in accordance
with the Energy Policy and Conservation Act (EPCA) Public Law 94-163,
as amended (42 U.S.C. 6362). This rulemaking is not a major regulatory
action under the provisions of the EPCA.
List of Subjects in 6 CFR Part 5
Freedom of information; Privacy.
0
For the reasons stated in the preamble, DHS amends Chapter I of Title
6, Code of Federal Regulations, as follows:
PART 5--DISCLOSURE OF RECORDS AND INFORMATION
0
1. The authority citation for part 5 continues to read as follows:
Authority: Pub. L. 107-296, 116 Stat. 2135, 6 U.S.C. 101 et
seq.; 5 U.S.C. 301. Subpart A also issued under 5 U.S.C. 552.
0
2. At the end of appendix C to part 5, add the following new paragraph
6 to read as follows:
Appendix C to Part 5--DHS Systems of Records Exempt From the Privacy
Act
* * * * *
6. The Immigration and Customs Enforcement (ICE) Pattern
Analysis and Information Collection (ICEPIC) System consists of
electronic and paper records and will be used by DHS and its
components. ICEPIC is a repository of information held by DHS in
connection with its several and varied missions and functions,
including, but not limited to: The enforcement of civil and criminal
laws (including the immigration law); investigations, inquiries, and
proceedings there under; and national security and intelligence
activities. ICEPIC contains information that is collected by, on
behalf of, in support of, or in cooperation with DHS and its
components and may contain personally identifiable information
collected by other Federal, State, local, tribal, foreign, or
international government agencies.
Pursuant to exemption 5 U.S.C. 552a(j)(2) of the Privacy Act,
portions of this system are exempt from 5 U.S.C. 552a(c)(3) and (4);
(d); (e)(1), (e)(2), (e)(3), (e)(4)(G), (e)(4)(H), (e)(5) and
(e)(8); (f), and (g). Pursuant to 5 U.S.C. 552a(k)(2), this system
is exempt from the following provisions of the Privacy Act, subject
to the limitations set forth in those subsections: 5 U.S.C.
552a(c)(3), (d), (e)(1), (e)(4)(G), (e)(4)(H), and (f). Exemptions
from these particular subsections are justified, on a case-by-case
basis to be determined at the time a request is made, for the
following reasons:
(a) From subsection (c)(3) and (4) (Accounting for Disclosures)
because release of the accounting of disclosures could alert the
subject of an investigation of an actual or potential criminal,
civil, or regulatory violation to the existence of the
investigation, and reveal investigative interest on the part of DHS
as well as the recipient agency. Disclosure of the accounting would
therefore present a serious impediment to law enforcement efforts
and/or efforts to preserve national security. Disclosure of the
accounting would also permit the individual who is the subject of a
record to impede the investigation, to tamper with witnesses or
evidence, and to avoid detection or apprehension, which would
undermine the entire investigative process.
(b) From subsection (d) (Access to Records) because access to
the records contained in this system of records could inform the
subject of an investigation of an actual or potential criminal,
civil, or regulatory violation, to the existence of the
investigation, and reveal investigative interest on the part of DHS
or another agency. Access to the records could permit the individual
who is the subject of a record to impede the investigation, to
tamper with witnesses or evidence, and to avoid detection or
apprehension. Amendment of the records could interfere with ongoing
investigations and law enforcement activities and would impose an
impossible administrative burden by requiring investigations to be
continuously reinvestigated. In addition, permitting access and
amendment to such information could disclose security-sensitive
information that could be detrimental to homeland security.
(c) From subsection (e)(1) (Relevancy and Necessity of
Information) because in the course of investigations into potential
violations of Federal law, the accuracy of information obtained or
introduced occasionally may be unclear or the information may not be
strictly relevant or necessary to a specific investigation. In the
interests of effective law enforcement, it is appropriate to retain
all information that may aid in establishing patterns of unlawful
activity.
(d) From subsection (e)(2) (Collection of Information from
Individuals) because requiring that information be collected from
the subject of an investigation would alert the subject to the
nature or existence of an investigation, thereby interfering with
the related investigation and law enforcement activities.
[[Page 48119]]
(e) From subsection (e)(3) (Notice to Subjects) because
providing such detailed information would impede law enforcement in
that it could compromise investigations by: revealing the existence
of an otherwise confidential investigation and thereby provide an
opportunity for the subject of an investigation to conceal evidence,
alter patterns of behavior, or take other actions that could thwart
investigative efforts; reveal the identity of witnesses in
investigations, thereby providing an opportunity for the subjects of
the investigations or others to harass, intimidate, or otherwise
interfere with the collection of evidence or other information from
such witnesses; or reveal the identity of confidential informants,
which would negatively affect the informant's usefulness in any
ongoing or future investigations and discourage members of the
public from cooperating as confidential informants in any future
investigations.
(f) From subsections (e)(4)(G) and (H) (Agency Requirements),
and (f) (Agency Rules) because portions of this system are exempt
from the individual access provisions of subsection (d) for the
reasons noted above, and therefore DHS is not required to establish
requirements, rules, or procedures with respect to such access.
Providing notice to individuals with respect to existence of records
pertaining to them in the system of records or otherwise setting up
procedures pursuant to which individuals may access and view records
pertaining to themselves in the system would undermine investigative
efforts and reveal the identities of witnesses, and potential
witnesses, and confidential informants.
(g) From subsection (e)(5) (Collection of Information) because
in the collection of information for law enforcement purposes it is
impossible to determine in advance what information is accurate,
relevant, timely, and complete. Compliance with (e)(5) would
preclude DHS agents from using their investigative training and
exercise of good judgment to both conduct and report on
investigations.
(h) From subsection (e)(8) (Notice on Individuals) because
compliance would interfere with DHS' ability to obtain, serve, and
issue subpoenas, warrants, and other law enforcement mechanisms that
may be filed under seal, and could result in disclosure of
investigative techniques, procedures, and evidence.
(i) From subsection (g) to the extent that the system is exempt
from other specific subsections of the Privacy Act relating to
individuals' rights to access and amend their records contained in
the system. Therefore DHS is not required to establish rules or
procedures pursuant to which individuals may seek a civil remedy for
the agency's: Refusal to amend a record; Refusal to comply with a
request for access to records; failure to maintain accurate,
relevant timely and complete records; or failure to otherwise comply
with an individual's right to access or amend records.
Hugo Teufel III,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. E8-19033 Filed 8-15-08; 8:45 am]
BILLING CODE 4410-10-P