[Federal Register Volume 73, Number 160 (Monday, August 18, 2008)]
[Rules and Regulations]
[Pages 48117-48119]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E8-19033]

Rules and Regulations
                                                Federal Register

This section of the FEDERAL REGISTER contains regulatory documents 
having general applicability and legal effect, most of which are keyed 
to and codified in the Code of Federal Regulations, which is published 
under 50 titles pursuant to 44 U.S.C. 1510.

The Code of Federal Regulations is sold by the Superintendent of Documents. 
Prices of new books are listed in the first FEDERAL REGISTER issue of each 


Federal Register / Vol. 73, No. 160 / Monday, August 18, 2008 / Rules 
and Regulations

[[Page 48117]]


Office of the Secretary

6 CFR Part 5

[Docket No. DHS-2008-0071]

Privacy Act of 1974: Implementation of Exemptions; Immigration 
and Customs Enforcement (ICE) Pattern Analysis and Information 
Collection (ICEPIC) System

AGENCY: Privacy Office, DHS.

ACTION: Final rule.


SUMMARY: The Department of Homeland Security is issuing a final rule to 
amend its regulations to exempt portions of a new system of records 
entitled the ``Immigration and Customs Enforcement (ICE) Pattern 
Analysis and Information Collection (ICEPIC) System'' from certain 
provisions of the Privacy Act. Specifically, the Department exempts 
portions of the ICEPIC system from one or more provisions of the 
Privacy Act because of criminal, civil, and administrative enforcement 

DATES: Effective Date: This final rule is effective August 18, 2008.

FOR FURTHER INFORMATION CONTACT: Lyn Rahilly, Privacy Officer, U.S. 
Immigration and Customs Enforcement, 425 I Street, NW., Washington, DC 
20536, e-mail: [email protected], or Hugo Teufel III (703-235-0780), 
Chief Privacy Officer, Privacy Office, U.S. Department of Homeland 
Security, Washington, DC 20528.



    The Department of Homeland Security (DHS) published a notice of 
proposed rulemaking in the Federal Register, 73 FR 5460 (Jan. 30, 
2008), proposing to exempt portions of the system of records from one 
or more provisions of the Privacy Act because of criminal, civil, and 
administrative enforcement requirements. The system of records is the 
ICE Pattern Analysis and Information Collection (ICEPIC). The ICEPIC 
system of records notice (SORN) was published concurrently in the 
Federal Register, 73 FR 5577 (Jan. 30, 2008), and comments were invited 
on both the proposed rule and SORN. Six comments were received. All 
commenters were generally in favor of implementation of the rule as 
proposed. Accordingly, the Department is adopting the proposed rule as 
final. Concurrently in this issue of the Federal Register, ICE is re-
publishing the SORN for ICEPIC to address comments received through the 
Federal Register comment procedure. Given no changes were made to the 
rule or the SORN, Privacy Impact Assessment for ICEPIC dated January 
30, 2008, remains accurate and is posted on the Department's privacy 
Web site. (See http://www.dhs.gov/privacy and follow the link to 
``Privacy Impact Assessments'').
    Pursuant to the requirements of the Regulatory Flexibility Act, 5 
U.S.C. 601-612, DHS certifies that these regulations will not 
significantly affect a substantial number of small entities. The final 
rule imposes no duties or obligations on small entities. Further, in 
accordance with the provisions of the Paperwork Reduction Act of 1995, 
44 U.S.C. 3501, DHS has determined that this final rule would not 
impose new record keeping, application, reporting, or other types of 
information collection requirements.

Public Comments

    ICE received and considered the public comments, which are 
discussed further below, and concluded that no substantive changes to 
the rule are warranted at this time. While all comments were in favor 
of the proposed rule, two commenters also raised specific concerns 
related to this system of records, which are addressed below.
    One commenter expressed concern that individuals would be unable to 
ensure their personal information in ICEPIC is accurate unless they are 
permitted access to their records. Other means exist to verify the 
accuracy of ICEPIC data and ensure that incorrect data is not used to 
prejudice that individual. ICEPIC users are trained to verify 
information obtained from ICEPIC before including it in analytical 
reports that will be used during investigations or shared with 
government personnel outside of ICE. Verification procedures include 
direct queries to the source databases from which ICEPIC originally 
obtained the information, queries of commercial or other government 
databases, and ICE agent interviews with individuals or others who are 
in a position to confirm the ICEPIC data. These procedures mitigate the 
risk posed by inaccurate data in the system and raise the probability 
that such data will be identified and corrected before any action is 
taken that would prejudice an individual. In addition, the source 
systems from which ICEPIC obtains information may, themselves, have 
mechanisms in place to ensure the accuracy of the data prior to the 
information being accessed through ICEPIC.
    Another commenter, while in favor of the system, expressed these 
concerns as follows:

    ``By limiting access to a small number of people, power and 
responsibility may be monopolized in the hands of some who are never 
given a system of checks and balances over their power. The only other 
concern that I have is that, as domestic and international security 
policies and concerns shift over time, this proposed rule change will 
be stagnant. I would propose then that this rule be revisited in the 
coming years as security threats continue to fluctuate.''

To ensure the system contains appropriate checks and balances to 
oversee those who have access to ICEPIC information, ICE has 
established appropriate controls and safeguards that provide oversight 
of authorized ICEPIC users. All user activity is audited and subject to 
periodic review to identify unauthorized use or activity. ICE 
investigates instances of unauthorized or inappropriate access or use 
of the system and takes appropriate disciplinary actions where 
violations have occurred. The commenter also recommended a review of 
this system in the future because ``security threats continue to 
fluctuate.'' ICE and DHS continue to exercise diligence in the response 
to the evolving threat environment. Should there be a need to 
substantially alter this system in the future, similar public notice 
and an

[[Page 48118]]

opportunity to comment will be provided.

Regulatory Requirements

A. Regulatory Impact Analyses

    Changes to Federal regulations must undergo several analyses. In 
conducting these analyses, DHS has determined:
1. Executive Order 12866 Assessment
    This rule is not a significant regulatory action under Executive 
Order 12866, ``Regulatory Planning and Review'' (as amended). 
Accordingly, this rule has not been reviewed by the Office of 
Management and Budget (OMB). Nevertheless, DHS has reviewed this 
rulemaking, and concluded that there will not be any significant 
economic impact.
2. Regulatory Flexibility Act Assessment
    Pursuant to section 605 of the Regulatory Flexibility Act (RFA), 5 
U.S.C. 605(b), as amended by the Small Business Regulatory Enforcement 
and Fairness Act of 1996 (SBREFA), DHS certifies that this rule will 
not have a significant impact on a substantial number of small 
entities. The rule would impose no duties or obligations on small 
entities. Further, the exemptions to the Privacy Act apply to 
individuals, and individuals are not covered entities under the RFA.
3. International Trade Impact Assessment
    This rulemaking will not constitute a barrier to international 
trade. The exemptions relate to criminal investigations and agency 
documentation and, therefore, do not create any new costs or barriers 
to trade.
4. Unfunded Mandates Assessment
    Title II of the Unfunded Mandates Reform Act of 1995 (UMRA), (Pub. 
L. 104-4, 109 Stat. 48), requires Federal agencies to assess the 
effects of certain regulatory actions on State, local, and tribal 
governments, and the private sector. This rulemaking will not impose an 
unfunded mandate on State, local, or tribal governments, or on the 
private sector.

B. Paperwork Reduction Act

    The Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3501 et seq.) 
requires that DHS consider the impact of paperwork and other 
information collection burdens imposed on the public and, under the 
provisions of PRA section 3507(d), obtain approval from the Office of 
Management and Budget (OMB) for each collection of information it 
conducts, sponsors, or requires through regulations. DHS has determined 
that there are no current or new information collection requirements 
associated with this rule.

C. Executive Order 13132, Federalism

    This action will not have a substantial direct effect on the 
States, on the relationship between the national Government and the 
States, or on the distribution of power and responsibilities among the 
various levels of government, and therefore will not have federalism 

D. Environmental Analysis

    DHS has reviewed this action for purposes of the National 
Environmental Policy Act of 1969 (NEPA) (42 U.S.C. 4321-4347) and has 
determined that this action will not have a significant effect on the 
human environment.

E. Energy Impact

    The energy impact of this action has been assessed in accordance 
with the Energy Policy and Conservation Act (EPCA) Public Law 94-163, 
as amended (42 U.S.C. 6362). This rulemaking is not a major regulatory 
action under the provisions of the EPCA.

List of Subjects in 6 CFR Part 5

    Freedom of information; Privacy.

For the reasons stated in the preamble, DHS amends Chapter I of Title 
6, Code of Federal Regulations, as follows:


1. The authority citation for part 5 continues to read as follows:

    Authority: Pub. L. 107-296, 116 Stat. 2135, 6 U.S.C. 101 et 
seq.; 5 U.S.C. 301. Subpart A also issued under 5 U.S.C. 552.

2. At the end of appendix C to part 5, add the following new paragraph 
6 to read as follows:

Appendix C to Part 5--DHS Systems of Records Exempt From the Privacy 

* * * * *
    6. The Immigration and Customs Enforcement (ICE) Pattern 
Analysis and Information Collection (ICEPIC) System consists of 
electronic and paper records and will be used by DHS and its 
components. ICEPIC is a repository of information held by DHS in 
connection with its several and varied missions and functions, 
including, but not limited to: The enforcement of civil and criminal 
laws (including the immigration law); investigations, inquiries, and 
proceedings there under; and national security and intelligence 
activities. ICEPIC contains information that is collected by, on 
behalf of, in support of, or in cooperation with DHS and its 
components and may contain personally identifiable information 
collected by other Federal, State, local, tribal, foreign, or 
international government agencies.
    Pursuant to exemption 5 U.S.C. 552a(j)(2) of the Privacy Act, 
portions of this system are exempt from 5 U.S.C. 552a(c)(3) and (4); 
(d); (e)(1), (e)(2), (e)(3), (e)(4)(G), (e)(4)(H), (e)(5) and 
(e)(8); (f), and (g). Pursuant to 5 U.S.C. 552a(k)(2), this system 
is exempt from the following provisions of the Privacy Act, subject 
to the limitations set forth in those subsections: 5 U.S.C. 
552a(c)(3), (d), (e)(1), (e)(4)(G), (e)(4)(H), and (f). Exemptions 
from these particular subsections are justified, on a case-by-case 
basis to be determined at the time a request is made, for the 
following reasons:
    (a) From subsection (c)(3) and (4) (Accounting for Disclosures) 
because release of the accounting of disclosures could alert the 
subject of an investigation of an actual or potential criminal, 
civil, or regulatory violation to the existence of the 
investigation, and reveal investigative interest on the part of DHS 
as well as the recipient agency. Disclosure of the accounting would 
therefore present a serious impediment to law enforcement efforts 
and/or efforts to preserve national security. Disclosure of the 
accounting would also permit the individual who is the subject of a 
record to impede the investigation, to tamper with witnesses or 
evidence, and to avoid detection or apprehension, which would 
undermine the entire investigative process.
    (b) From subsection (d) (Access to Records) because access to 
the records contained in this system of records could inform the 
subject of an investigation of an actual or potential criminal, 
civil, or regulatory violation, to the existence of the 
investigation, and reveal investigative interest on the part of DHS 
or another agency. Access to the records could permit the individual 
who is the subject of a record to impede the investigation, to 
tamper with witnesses or evidence, and to avoid detection or 
apprehension. Amendment of the records could interfere with ongoing 
investigations and law enforcement activities and would impose an 
impossible administrative burden by requiring investigations to be 
continuously reinvestigated. In addition, permitting access and 
amendment to such information could disclose security-sensitive 
information that could be detrimental to homeland security.
    (c) From subsection (e)(1) (Relevancy and Necessity of 
Information) because in the course of investigations into potential 
violations of Federal law, the accuracy of information obtained or 
introduced occasionally may be unclear or the information may not be 
strictly relevant or necessary to a specific investigation. In the 
interests of effective law enforcement, it is appropriate to retain 
all information that may aid in establishing patterns of unlawful 
    (d) From subsection (e)(2) (Collection of Information from 
Individuals) because requiring that information be collected from 
the subject of an investigation would alert the subject to the 
nature or existence of an investigation, thereby interfering with 
the related investigation and law enforcement activities.

[[Page 48119]]

    (e) From subsection (e)(3) (Notice to Subjects) because 
providing such detailed information would impede law enforcement in 
that it could compromise investigations by: revealing the existence 
of an otherwise confidential investigation and thereby provide an 
opportunity for the subject of an investigation to conceal evidence, 
alter patterns of behavior, or take other actions that could thwart 
investigative efforts; reveal the identity of witnesses in 
investigations, thereby providing an opportunity for the subjects of 
the investigations or others to harass, intimidate, or otherwise 
interfere with the collection of evidence or other information from 
such witnesses; or reveal the identity of confidential informants, 
which would negatively affect the informant's usefulness in any 
ongoing or future investigations and discourage members of the 
public from cooperating as confidential informants in any future 
    (f) From subsections (e)(4)(G) and (H) (Agency Requirements), 
and (f) (Agency Rules) because portions of this system are exempt 
from the individual access provisions of subsection (d) for the 
reasons noted above, and therefore DHS is not required to establish 
requirements, rules, or procedures with respect to such access. 
Providing notice to individuals with respect to existence of records 
pertaining to them in the system of records or otherwise setting up 
procedures pursuant to which individuals may access and view records 
pertaining to themselves in the system would undermine investigative 
efforts and reveal the identities of witnesses, and potential 
witnesses, and confidential informants.
    (g) From subsection (e)(5) (Collection of Information) because 
in the collection of information for law enforcement purposes it is 
impossible to determine in advance what information is accurate, 
relevant, timely, and complete. Compliance with (e)(5) would 
preclude DHS agents from using their investigative training and 
exercise of good judgment to both conduct and report on 
    (h) From subsection (e)(8) (Notice on Individuals) because 
compliance would interfere with DHS' ability to obtain, serve, and 
issue subpoenas, warrants, and other law enforcement mechanisms that 
may be filed under seal, and could result in disclosure of 
investigative techniques, procedures, and evidence.
    (i) From subsection (g) to the extent that the system is exempt 
from other specific subsections of the Privacy Act relating to 
individuals' rights to access and amend their records contained in 
the system. Therefore DHS is not required to establish rules or 
procedures pursuant to which individuals may seek a civil remedy for 
the agency's: Refusal to amend a record; Refusal to comply with a 
request for access to records; failure to maintain accurate, 
relevant timely and complete records; or failure to otherwise comply 
with an individual's right to access or amend records.

Hugo Teufel III,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. E8-19033 Filed 8-15-08; 8:45 am]