[Federal Register Volume 73, Number 190 (Tuesday, September 30, 2008)]
[Rules and Regulations]
[Pages 56922-56924]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E8-22603]
[[Page 56921]]
-----------------------------------------------------------------------
Part II
Department of Homeland Security
-----------------------------------------------------------------------
6 CFR Part 5
Privacy Act of 1974: Implementation of Exemptions; System of Records;
Final Rules and Notice
��Federal Register / Vol. 73, No. 190 / Tuesday, September 30, 2008 /
Rules and Regulations��
[[Page 56922]]
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
Office of the Secretary
6 CFR Part 5
[Docket No. DHS-2008-0090]
Privacy Act of 1974: Implementation of Exemptions; Privacy Act;
Office of Intelligence and Analysis Enterprise Records System
AGENCY: Privacy Office, DHS.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Department of Homeland Security is issuing a final rule to
amend its regulations to exempt portions of a new system of records
entitled the ``Office of Intelligence and Analysis (I&A) Enterprise
Records System (ERS)'' from certain provisions of the Privacy Act.
Specifically, the Department exempts portions of the ERS system from
one or more provisions of the Privacy Act because of criminal, civil,
and administrative enforcement requirements.
DATES: Effective Date: This final rule is effective September 30, 2008.
FOR FURTHER INFORMATION CONTACT: For general questions, please contact
the Information Sharing and Knowledge Management Division, Office of
Intelligence and Analysis, Department of Homeland Security, Washington,
DC 20528. For privacy issues, please contact: Hugo Teufel III, Chief
Privacy Officer, Department of Homeland Security, Washington, DC 20528.
SUPPLEMENTARY INFORMATION:
Background
The Department of Homeland Security (DHS) published a notice of
proposed rulemaking in the Federal Register, 73 FR 28060, May 15, 2008,
proposing to exempt portions of the system of records from one or more
provisions of the Privacy Act because of criminal, civil, and
administrative enforcement requirements. The system of records is the
Office of Intelligence and Analysis Enterprise Records System (ERS).
The ERS system of records notice was published concurrently in the
Federal Register, 73 FR 28128, May 15, 2008, and comments were invited
on both the proposed rule and SORN. No comments were received.
Pursuant to the requirements of the Regulatory Flexibility Act, 5
U.S.C. 601-612, DHS certifies that these regulations will not
significantly affect a substantial number of small entities. The final
rule imposes no duties or obligations on small entities. Further, in
accordance with the provisions of the Paperwork Reduction Act of 1995,
44 U.S.C. 3501, DHS has determined that this final rule would not
impose new record keeping, application, reporting, or other types of
information collection requirements.
Public Comments
I&A received no comments on the system of records notice and notice
of proposed rulemaking. I&A will implement the rulemaking as proposed.
Regulatory Requirements
A. Regulatory Impact Analyses
Changes to Federal regulations must undergo several analyses. In
conducting these analyses, DHS has determined:
1. Executive Order 12866 Assessment
This rule is not a significant regulatory action under Executive
Order 12866, ``Regulatory Planning and Review'' (as amended).
Accordingly, this rule has not been reviewed by the Office of
Management and Budget (OMB). Nevertheless, DHS has reviewed this
rulemaking, and concluded that there will not be any significant
economic impact.
2. Regulatory Flexibility Act Assessment
Pursuant to section 605 of the Regulatory Flexibility Act (RFA), 5
U.S.C. 605(b), as amended by the Small Business Regulatory Enforcement
and Fairness Act of 1996 (SBREFA), DHS certifies that this rule will
not have a significant impact on a substantial number of small
entities. The rule would impose no duties or obligations on small
entities. Further, the exemptions to the Privacy Act apply to
individuals, and individuals are not covered entities under the RFA.
3. International Trade Impact Assessment
This rulemaking will not constitute a barrier to international
trade. The exemptions relate to criminal investigations and agency
documentation and, therefore, do not create any new costs or barriers
to trade.
4. Unfunded Mandates Assessment
Title II of the Unfunded Mandates Reform Act of 1995 (UMRA), (Pub.
L. 104-4, 109 Stat. 48), requires Federal agencies to assess the
effects of certain regulatory actions on State, local, and tribal
governments, and the private sector. This rulemaking will not impose an
unfunded mandate on State, local, or tribal governments, or on the
private sector.
B. Paperwork Reduction Act
The Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3501 et seq.)
requires that DHS consider the impact of paperwork and other
information collection burdens imposed on the public and, under the
provisions of PRA section 3507(d), obtain approval from the Office of
Management and Budget (OMB) for each collection of information it
conducts, sponsors, or requires through regulations. DHS has determined
that there are no current or new information collection requirements
associated with this rule.
C. Executive Order 13132, Federalism
This action will not have a substantial direct effect on the
States, on the relationship between the national Government and the
States, or on the distribution of power and responsibilities among the
various levels of government, and therefore will not have federalism
implications.
D. Environmental Analysis
DHS has reviewed this action for purposes of the National
Environmental Policy Act of 1969 (NEPA) (42 U.S.C. 4321-4347) and has
determined that this action will not have a significant effect on the
human environment.
E. Energy Impact
The energy impact of this action has been assessed in accordance
with the Energy Policy and Conservation Act (EPCA) Public Law 94-163,
as amended (42 U.S.C. 6362). This rulemaking is not a major regulatory
action under the provisions of the EPCA.
List of Subjects in 6 CFR Part 5
Freedom of information; Privacy.
0
For the reasons stated in the preamble, DHS amends Chapter I of Title
6, Code of Federal Regulations, as follows:
PART 5--DISCLOSURE OF RECORDS AND INFORMATION
0
1. The authority citation for Part 5 continues to read as follows:
Authority: Pub. L. 107-296, 116 Stat. 2135, 6 U.S.C. 101 et
seq.; 5 U.S.C. 301. Subpart A also issued under 5 U.S.C. 552.
0
2. At the end of Appendix C to Part 5, add the following new paragraph
7 to read as follows:
Appendix C to Part 5--DHS Systems of Records Exempt From the Privacy
Act
* * * * *
7. The Office of Intelligence and Analysis (I&A) Enterprise
Records System (ERS) consists of records including intelligence
information and other properly acquired information received from
agencies and
[[Page 56923]]
components of the federal government, foreign governments,
organizations or entities, international organizations, state and
local government agencies (including law enforcement agencies), and
private sector entities, as well as information provided by
individuals, regardless of the medium used to submit the information
or the agency to which it was submitted. This system also contains:
Information regarding persons on watch lists with known or suspected
links to terrorism; the results of intelligence analysis and
reporting; ongoing law enforcement investigative information,
information systems security analysis and reporting; active
immigration, customs, border and transportation, security related
records; historical law enforcement, operational, immigration,
customs, border and transportation security, and other
administrative records; relevant and appropriately acquired
financial information; and public-source data such as that contained
in media reports and commercially available databases, as
appropriate. Data about the providers of information, including the
means of transmission of the data, is also retained.
(a) Pursuant to 5 U.S.C. 552a(k)(1), (2), (3), and (5), this
system of records is exempt from 5 U.S.C. 552a(c)(3), (d)(1), (2),
(3), (4), and (5), (e)(1), (e)(4)(G), (H), and (I), and (f). These
exemptions apply only to the extent that information in this system
is subject to exemption. Where compliance would not appear to
interfere with or adversely affect the intelligence,
counterterrorism, homeland security, and related law enforcement
purposes of this system, the applicable exemption may be waived by
DHS.
(b) Exemptions from the particular subsections are justified for
the following reasons:
(1) From subsection (c)(3) (Accounting for Disclosures) because
making available to a record subject the accounting of disclosures
from records concerning him/her would specifically reveal any
interest in the individual of an intelligence, counterterrorism,
homeland security, or related investigative nature. Revealing this
information could reasonably be expected to compromise ongoing
efforts of the Department to identify, understand, analyze,
investigate, and counter the activities of:
(i) Known or suspected terrorists and terrorist groups;
(ii) Groups or individuals known or believed to be assisting or
associated with known or suspected terrorists or terrorist groups;
(iii) Individuals known, believed to be, or suspected of being
engaged in activities constituting a threat to homeland security,
including (1) activities which impact or concern the security,
safety, and integrity of our international borders, including any
illegal activities that either cross our borders or are otherwise in
violation of the immigration or customs laws and regulations of the
United States; (2) activities which could reasonably be expected to
assist in the development or use of a weapon of mass effect; (3)
activities meant to identify, create, or exploit the vulnerabilities
of, or undermine, the ``key resources'' (as defined in section 2(9)
of the Homeland Security Act of 2002) and ``critical
infrastructure'' (as defined in 42 U.S.C. 5195c(c)) of the United
States, including the cyber and national telecommunications
infrastructure and the availability of a viable national security
and emergency preparedness communications infrastructure; (4)
activities detrimental to the security of transportation and
transportation systems; (5) activities which violate or are
suspected of violating the laws relating to counterfeiting of
obligations and securities of the United States and other financial
crimes, including access device fraud, financial institution fraud,
identity theft, computer fraud; and computer-based attacks on our
nation's financial, banking, and telecommunications infrastructure;
(6) activities, not wholly conducted within the United States, which
violate or are suspected of violating the laws which prohibit the
production, transfer, or sale of narcotics or substances controlled
in accordance with Title 21 of the United States Code, or those
associated activities otherwise prohibited by Titles 21 and 46 of
the United States Code; (7) activities which impact, concern, or
otherwise threaten the safety and security of the President and Vice
President, their families, heads of state, and other designated
individuals; the White House, Vice President's residence, foreign
missions, and other designated buildings within the United States;
(8) activities which impact, concern, or otherwise threaten domestic
maritime safety and security, maritime mobility and navigation, or
the integrity of the domestic maritime environment; (9) activities
which impact, concern, or otherwise threaten the national
operational capability of the Department to respond to natural and
manmade major disasters and emergencies, including acts of
terrorism; (10) activities involving the importation, possession,
storage, development, or transportation of nuclear or radiological
material without authorization or for use against the United States;
(iv) Foreign governments, organizations, or persons (foreign
powers); and
(v) Individuals engaging in intelligence activities on behalf of
a foreign power or terrorist group.
Thus, by notifying the record subject that he/she is the focus
of such efforts or interest on the part of DHS, or other agencies
with whom DHS is cooperating and to whom the disclosures were made,
this information could permit the record subject to take measures to
impede or evade such efforts, including the taking of steps to
deceive DHS personnel and deny them the ability to adequately assess
relevant information and activities, and could inappropriately
disclose to the record subject the sensitive methods and/or
confidential sources used to acquire the relevant information
against him/her. Moreover, where the record subject is the actual
target of a law enforcement investigation, this information could
permit him/her to take measures to impede the investigation, for
example, by destroying evidence, intimidating potential witnesses,
or avoiding detection or apprehension.
(2) From subsections (d)(1), (2), (3), and (4) (Access to
Records) because these provisions concern individual rights of
access to and amendment of records (including the review of agency
denials of either) contained in this system, which consists of
intelligence, counterterrorism, homeland security, and related
investigatory records concerning efforts of the Department, as
described more fully in subsection (b)(1), above. Compliance with
these provisions could inform or alert the subject of an
intelligence, counterterrorism, homeland security, or investigatory
effort undertaken on behalf of the Department, or by another agency
with whom DHS is cooperating, of the fact and nature of such
efforts, and/or the relevant intelligence, counterterrorism,
homeland security, or investigatory interest of DHS and/or other
intelligence, counterterrorism, or law enforcement agencies.
Moreover, compliance could also compromise sensitive information
either classified in the interest of national security, or which
otherwise requires, as appropriate, safeguarding and protection from
unauthorized disclosure; identify a confidential source or disclose
information which would constitute an unwarranted invasion of
another individual's personal privacy; reveal a sensitive
intelligence or investigative technique or method, including
interfering with intelligence or law enforcement investigative
processes by permitting the destruction of evidence, improper
influencing or intimidation of witnesses, fabrication of statements
or testimony, and flight from detection or apprehension; or
constitute a potential danger to the health or safety of
intelligence, counterterrorism, homeland security, and law
enforcement personnel, confidential sources and informants, and
potential witnesses. Amendment of the records would interfere with
ongoing intelligence, counterterrorism, homeland security, and law
enforcement investigations and activities, including incident
reporting and analysis activities, and impose an impossible
administrative burden by requiring investigations, reports, and
analyses to be continuously reinvestigated and revised.
(3) From subsection (e)(1) (Relevant and Necessary) because it
is not always possible for DHS to know in advance of its receipt the
relevance and necessity of each piece of information it acquires in
the course of an intelligence, counterterrorism, or investigatory
effort undertaken on behalf of the Department, or by another agency
with whom DHS is cooperating. In the context of the authorized
intelligence, counterterrorism, and investigatory activities
undertaken by DHS personnel, relevance and necessity are questions
of analytic judgment and timing, such that what may appear relevant
and necessary when acquired ultimately may be deemed unnecessary
upon further analysis and evaluation. Similarly, in some situations,
it is only after acquired information is collated, analyzed, and
evaluated in light of other available evidence and information that
its relevance and necessity can be established or made clear.
Constraining the initial acquisition of information included within
the ERS in accordance with the relevant and necessary requirement of
subsection (e)(1) could discourage the appropriate receipt of
[[Page 56924]]
and access to information which DHS and I&A are otherwise authorized
to receive and possess under law, and thereby impede efforts to
detect, deter, prevent, disrupt, or apprehend terrorists or
terrorist groups, and/or respond to terrorist or other activities
which threaten homeland security. Notwithstanding this claimed
exemption, which would permit the acquisition and temporary
maintenance of records whose relevance to the purpose of the ERS may
be less than fully clear, DHS will only disclose such records after
determining whether such disclosures are themselves consistent with
the published ERS routine uses. Moreover, it should be noted that,
as concerns the receipt by I&A, for intelligence purposes, of
information in any record which identifies a U.S. Person, as defined
in Executive Order 12333, as amended, such receipt, and any
subsequent use or dissemination of that identifying information, is
undertaken consistent with the procedures established and adhered to
by I&A pursuant to that Executive Order. Specifically, I&A
intelligence personnel may acquire information which identifies a
particular U.S. Person, retain it within or disseminate it from ERS,
as appropriate, only when it is determined that the personally
identifying information is necessary for the conduct of I&A's
functions, and otherwise falls into one of a limited number of
authorized categories, each of which reflects discrete activities
for which information on individuals would be utilized by the
Department in the overall execution of its statutory mission.
(4) From subsections (e)(4) (G), (H) and (I) (Access), and (f)
(Agency Rules), inasmuch as it is unnecessary for the publication of
rules and procedures contemplated therein since the ERS, pursuant to
subsections (1) and (2), above, will be exempt from the underlying
duties to provide to individuals notification about, access to, and
the ability to amend or correct the information pertaining to them
in, this system of records. Furthermore, to the extent that
subsection (e)(4)(I) is construed to require more detailed
disclosure than the information accompanying the system notice for
ERS, as published in today's Federal Register, exemption from it is
also necessary to protect the confidentiality, privacy, and physical
safety of sources of information, as well as the methods for
acquiring it. Finally, greater specificity concerning the
description of categories of sources of properly classified records
could also compromise or otherwise cause damage to the national or
homeland security.
Hugo Teufel III,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. E8-22603 Filed 9-29-08; 8:45 am]
BILLING CODE 4410-10-P