[Federal Register Volume 76, Number 250 (Thursday, December 29, 2011)]
[Rules and Regulations]
[Pages 81787-81789]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2011-33428]
�========================================================================
�Rules and Regulations
� Federal Register
�________________________________________________________________________
�
�This section of the FEDERAL REGISTER contains regulatory documents
�having general applicability and legal effect, most of which are keyed
�to and codified in the Code of Federal Regulations, which is published
�under 50 titles pursuant to 44 U.S.C. 1510.
�
�The Code of Federal Regulations is sold by the Superintendent of Documents.
�Prices of new books are listed in the first FEDERAL REGISTER issue of each
�week.
�
�========================================================================
�
��Federal Register / Vol. 76, No. 250 / Thursday, December 29, 2011 /
Rules and Regulations��
[[Page 81787]]
DEPARTMENT OF HOMELAND SECURITY
Office of the Secretary
6 CFR Part 5
[Docket No. DHS-2011-0100]
Privacy Act of 1974: Implementation of Exemptions; Department of
Homeland Security/ALL-030 Use of the Terrorist Screening Database
System of Records
AGENCY: Privacy Office, DHS.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Department of Homeland Security is issuing a final rule to
amend its regulations to exempt portions of a newly established system
of records titled, ``Department of Homeland Security/ALL-030 Use of the
Terrorist Screening Database System of Records'' from certain
provisions of the Privacy Act. Specifically, the Department exempts
portions of the ``Department of Homeland Security/ALL-030 Use of the
Terrorist Screening Database System of Records'' from one or more
provisions of the Privacy Act because of criminal, civil, and
administrative enforcement requirements.
DATES: Effective Date: This final rule is effective December 29, 2011.
FOR FURTHER INFORMATION CONTACT: For general questions and privacy
issues please contact: Mary Ellen Callahan (703) 235-0780), Chief
Privacy Officer, Privacy Office, Department of Homeland Security,
Washington, DC 20528.
SUPPLEMENTARY INFORMATION:
Background
The Department of Homeland Security (DHS) published a notice of
proposed rulemaking (NPRM) in the Federal Register, July 6, 2011, 76 FR
39315, proposing to exempt portions of the system of records from one
or more provisions of the Privacy Act because of criminal, civil, and
administrative enforcement requirements. The system of records is
titled, ``DHS/ALL-030 Use of the Terrorist Screening Database System of
Records.'' The DHS/ALL-030 Use of the Terrorist Screening Database
system of records notice (SORN) was published concurrently in the
Federal Register, July 6, 2011, 76 FR 39408, and comments were invited
on both the NPRM and SORN.
Public Comments
DHS received a total of two comments, one on the NPRM and one that
addressed both the NPRM and the SORN.
Comments on the NPRM
DHS received two comments on the NPRM. One of the comments on the
NPRM also included comments on the SORN. That comment will be addressed
in its entirety under SORN below. The one comment exclusively on the
NPRM was from a private individual. The individual raised a series of
philosophical questions regarding the policy behind homeland security
issues that were unrelated to this proposed rulemaking. The individual
also mentioned several times that this is a ``new database.'' This is
not a new database. The system of records addressed by this NPRM and
the accompanying SORN represents a mirror copy of the Department of
Justice (DOJ)/Federal Bureau of Investigation (FBI)-019 Terrorist
Screening Records System of Records (August 22, 2007, 72 FR 47073). The
same rules outlined in the DOJ/FBI-019 Terrorist Screening Records
System of Records (August 22, 2007, 72 FR 47073) transfer and apply.
The individual goes on to discuss the historical relevance of the
Terrorist Screening Database and outlines the positives and negatives
of the system. The individual also raises concerns about the security
of the system. The DHS mirrored copy of the system will receive the
same security and protection as it does at the FBI and Terrorist
Screening Center (TSC). The individual also speculates that, as a
matter of fiscal priority, the system could be subject to less funding
over time based on priorities. The system will meet the same
requirements at DHS as it does at FBI/TSC. The individual concludes the
general comments by saying the benefits outweigh the risks. On Privacy
Act exemptions, the individual states that the proposed rule was nicely
drafted. The individual asks the question of who will make the
determination on when an exemption will be applied. In response to that
question, that determination will be made by DHS privacy or disclosure
staff in consultation with counsel. If the exemption is applied and an
appeal is necessary, individuals may appeal the decision. That process
can be found at www.dhs.gov/foia. The individual expresses appreciation
for the Department's decision to consider requests on a case-by-case
basis when applying exemptions. The individual states that the system
should be implemented and that it be a model for other agencies.
Comment on the SORN
DHS received one comment on the SORN from a public interest
research center that was joined in filing its comments by seventeen
other privacy, consumer rights, and civil rights organizations. The
comment addressed both the NPRM and SORN jointly and is addressed in
this section. The authors start by stating that DHS should ``suspend
the proposal pending a full review of the privacy, security, and legal
implications of the program, including compliance with the Federal
Privacy Act.'' The NPRM and SORN received internal coordination and
clearance by program and compliance officials, including, but not
limited to, the Office of General Counsel and the Chief Privacy
Officer. The organizations further stated that ``if the agency (DHS)
proceeds with the Watch List System (WLS) program, the system must, at
a minimum: (1) Adhere to Congress's intent to maintain transparent and
secure government recordkeeping systems; (2) provide individuals
judicially enforceable rights of notice, access, and correction; (3)
conform to a revised SORN and NPRM that includes requirements for the
agency (DHS) to respect individuals' rights to control their
information in possession of Federal agencies, as the Privacy Act
requires; and (4) premise its technological and security approach on
decentralization.'' With respect to these points, the Department
follows the complete privacy legal framework as well as additional
privacy policy it has
[[Page 81788]]
put in place. The organizations go on to state that the Department is
intentionally circumventing a number of provisions under the Privacy
Act as well as the intent of the Privacy Act. As noted above, the NPRM
and SORN received internal coordination and clearance by program and
compliance officials, including, but not limited to, the Office of
General Counsel and the Chief Privacy Officer. This addresses the
author's points covering ``meaningful privacy protections Congress
established in the Privacy Act.'' The fact that Privacy Act exemptions
are taken within this system of records, and explained within the NPRM,
does not mean that the act is illegal or outside of the intent of
Congress. The exemptions are contemplated by the Privacy Act and the
Department implemented them consistent with that statute. The
Department maintains that, for a variety of national security and law
enforcement purposes, the exemptions taken within the system of
records, and outlined in the NRPM, are necessary and are unchanged. The
organizations go on to refute the Privacy Act exemptions claimed and
recommend changing the way the Department does business including the
way it conducts investigations. The organizations recommend that the
Department void the claimed exemptions. The Department maintains that,
for national security and law enforcement purposes, the exemptions
taken within the system of records, and outlined in the NRPM, are
necessary and remain in place. The organizations also go on to cite
concerns regarding privacy risks contemplated in previously published
Privacy Impact Assessments (PIAs) where the Terrorist Screening
Database (TSDB) is used. In response, the Department emphasizes that
this is not a new database. This NPRM and SORN represent a mirror copy
of the DOJ/FBI-019 Terrorist Screening Records System of Records
(August 22, 2007, 72 FR 47073). The same rules outlined in the FBI SORN
transfer and apply. The Department has taken additional steps to
further ensure privacy protections by conducting appropriate privacy
analysis through a published PIA as well as SORN. Doing so provides
additional transparency on the risks, mitigations, and privacy rules
associated with maintaining a mirror copy of the TSDB.
After consideration of public comments and reviewing the NPRM, the
Department determined it did not require exemptions to subsections
(e)(12) or (h) of the Privacy Act. Thus, the Department has removed
proposed paragraphs (i) and (k) from the Final Rule. No additional
changes were made.
List of Subjects in 6 CFR Part 5
Freedom of information, Privacy.
For the reasons stated in the preamble, DHS amends Chapter I of
Title 6, Code of Federal Regulations, as follows:
PART 5--DISCLOSURE OF RECORDS AND INFORMATION
0
1. The authority citation for Part 5 continues to read as follows:
Authority: 6 U.S.C. 101 et seq.; Pub. L. 107-296, 116 Stat.
2135; 5 U.S.C. 301. Subpart A also issued under 5 U.S.C. 552.
Subpart B also issued under 5 U.S.C. 552a.
0
2. Add at the end of Appendix C to Part 5, the following new paragraph
``66'':
Appendix C to Part 5--DHS Systems of Records Exempt From the Privacy
Act
* * * * *
66. The DHS/ALL-030 Use of Terrorist Screening Database System of
Records consists of electronic and paper records and will be used by
DHS and its components. The DHS/ALL-030 Use of Terrorist Screening
Database System of Records is a repository of information held by DHS
in connection with its several and varied missions and functions,
including, but not limited to the enforcement of civil and criminal
laws; investigations, inquiries, and proceedings there under; national
security and intelligence activities; and protection of the President
of the U.S. or other individuals pursuant to Section 3056 and 3056A of
Title 18. The DHS/ALL-030 Use of Terrorist Screening Database System of
Records contains information that is collected by, on behalf of, in
support of, or in cooperation with DHS and its components and may
contain personally identifiable information collected by other Federal,
state, local, tribal, foreign, or international government agencies.
Pursuant to 5 U.S.C. 552a(j)(2), the Secretary of Homeland Security has
exempted this system from the following provisions of the Privacy Act,
subject to the limitations set forth in 5 U.S.C. 552a(c)(3) and (c)(4);
(d); (e)(1), (e)(2), (e)(3), (e)(4)(G), (e)(4)(H), (e)(4)(I), (e)(5),
(e)(8); (f); and (g)(1). Additionally, pursuant to 5 U.S.C. 552a(k)(1)
and (k)(2), the Secretary of Homeland Security has exempted this system
from the following provisions of the Privacy Act, subject to the
limitation set forth in 5 U.S.C. 552a(c)(3); (d); (e)(1), (e)(4)(G),
(e)(4)(H), (e)(4)(I); and (f). Exemptions from these particular
subsections are justified, on a case-by-case basis to be determined at
the time a request is made, for the following reasons:
(a) From subsection (c)(3) and (c)(4) (Accounting for Disclosures)
because release of the accounting of disclosures could alert the
subject of an investigation of an actual or potential criminal, civil,
or regulatory violation to the existence of that investigation and
reveal investigative interest on the part of DHS as well as the
recipient agency. Disclosure of the accounting would therefore present
a serious impediment to law enforcement efforts and/or efforts to
preserve national security. Disclosure of the accounting would also
permit the individual who is the subject of a record to impede the
investigation, to tamper with witnesses or evidence, and to avoid
detection or apprehension, which would undermine the entire
investigative process.
(b) From subsection (d) (Access to Records) because access to the
records contained in this system of records could inform the subject of
an investigation of an actual or potential criminal, civil, or
regulatory violation to the existence of that investigation and reveal
investigative interest on the part of DHS or another agency. Access to
the records could permit the individual who is the subject of a record
to impede the investigation, to tamper with witnesses or evidence, and
to avoid detection or apprehension. Amendment of the records could
interfere with ongoing investigations and law enforcement activities
and would impose an unreasonable administrative burden by requiring
investigations to be continually reinvestigated. In addition,
permitting access and amendment to such information could disclose
security-sensitive information that could be detrimental to homeland
security.
(c) From subsection (e)(1) (Relevancy and Necessity of Information)
because in the course of investigations into potential violations of
Federal law, the accuracy of information obtained or introduced
occasionally may be unclear, or the information may not be strictly
relevant or necessary to a specific investigation. In the interests of
effective law enforcement, it is appropriate to retain all information
that may aid in establishing patterns of unlawful activity.
(d) From subsection (e)(2) (Collection of Information from
Individuals) because requiring that information be collected from the
subject of an investigation would alert the subject to the nature or
existence of the investigation, thereby interfering with
[[Page 81789]]
that investigation and related law enforcement activities.
(e) From subsection (e)(3) (Notice to Subjects) because providing
such detailed information could impede law enforcement by compromising
the existence of a confidential investigation or reveal the identity of
witnesses or confidential informants.
(f) From subsections (e)(4)(G), (e)(4)(H), and (e)(4)(I) (Agency
Requirements) and (f) (Agency Rules), because portions of this system
are exempt from the individual access provisions of subsection (d) for
the reasons noted above, and therefore DHS is not required to establish
requirements, rules, or procedures with respect to such access.
Providing notice to individuals with respect to existence of records
pertaining to them in the system of records or otherwise setting up
procedures pursuant to which individuals may access and view records
pertaining to themselves in the system would undermine investigative
efforts and reveal the identities of witnesses, and potential
witnesses, and confidential informants.
(g) From subsection (e)(5) (Collection of Information) because with
the collection of information for law enforcement purposes, it is
impossible to determine in advance what information is accurate,
relevant, timely, and complete. Compliance with subsection (e)(5) would
preclude DHS agents from using their investigative training and
exercise of good judgment to both conduct and report on investigations.
(h) From subsection (e)(8) (Notice on Individuals) because
compliance would interfere with DHS's ability to obtain, serve, and
issue subpoenas, warrants, and other law enforcement mechanisms that
may be filed under seal and could result in disclosure of investigative
techniques, procedures, and evidence.
(i) From subsection (g)(1) (Civil Remedies) to the extent that the
system is exempt from other specific subsections of the Privacy Act.
Dated: November 23, 2011.
Mary Ellen Callahan,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2011-33428 Filed 12-28-11; 8:45 am]
BILLING CODE 9110-9M-P