[Federal Register Volume 79, Number 88 (Wednesday, May 7, 2014)]
[Rules and Regulations]
[Pages 26120-26122]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2014-10432]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary

32 CFR Part 320

[Docket ID: DoD-2014-OS-0026]


Privacy Act; Implementation

AGENCY: National Geospatial-Intelligence Agency (NGA), DoD.

ACTION: Direct final rule with request for comments.

-----------------------------------------------------------------------

SUMMARY: National Geospatial-Intelligence Agency (NGA) is updating the 
NGA Privacy Act Program regarding NGA Threat Mitigation Records. 
Additionally, NGA initiated a rulemaking to exempt this system of 
records from a number of provisions of the Privacy Act, because this 
system may contain records or information recompiled from or created 
from information contained in other systems of records, which are 
exempt from certain provisions of the Privacy Act. For these records or 
information only, NGA will also claim the original exemptions for these 
records or information from the Privacy Act of 1974, as amended, as 
necessary and appropriate to protect such information. Such exempt 
records or information may be law enforcement or national security 
investigation records, law enforcement activity and encounter records.

DATES: The rule is effective on July 16, 2014 unless adverse comments 
are received by July 7, 2014. If adverse comment is received, the 
Department of Defense will publish a timely withdrawal of the rule in 
the Federal Register.

ADDRESSES: You may submit comments, identified by docket number and 
title, by any of the following methods:
    * Federal Rulemaking Portal: http://www.regulations.gov.
    Follow the instructions for submitting comments.
    * Mail: Federal Docket Management System Office, 4800 Mark Center 
Drive; East Tower, 2nd Floor, Suite 02G09, Alexandria, VA 22350-3100.
    Instructions: All submissions received must include the agency name 
and docket number for this Federal Register document. The general 
policy for comments and other submissions from members of the public is 
to make these submissions available for public viewing on the Internet 
at http://www.regulations.gov as they are received without change, 
including any personal identifiers or contact information.

FOR FURTHER INFORMATION CONTACT: National Geospatial-Intelligence 
Agency (NGA), ATTN: Security Specialist, Mission Support, MSRS P-12, 
7500 GEOINT Drive, Springfield, VA 22150.

SUPPLEMENTARY INFORMATION: This direct final rule makes non-substantive 
changes to the NGA rules. This will improve the efficiency and 
effectiveness of DoD's program by ensuring the integrity of the 
security and counterintelligence records by the NGA and the Department 
of Defense.
    This rule is being published as a direct final rule as the 
Department of Defense does not expect to receive any adverse comments, 
and so a proposed rule is unnecessary.
    National Geospatial-Intelligence Agency (NGA) is updating the NGA 
Privacy Act Program by adding the (k)(1) and (k)(5) exemptions to NGA-
004, NGA Threat Mitigation Records. Additionally, NGA initiated a 
rulemaking to exempt this system of records from a number of provisions 
of the Privacy Act, because this system may contain records or 
information recompiled from or created from information contained in 
other systems of records, which are exempt from certain provisions of 
the Privacy Act. For these records or information only, in accordance 
with 5 U.S.C. 552a(j)(2), (k)(2), (k)(1), and (k)(5), NGA will also 
claim the original exemptions for these records or information from 
subsections (c)(3) and (4); (d)(1), (2), (3), and (4); (e)(1), (2), 
(3), (4)(G) through (I), (5), and (8); (f), and (g) of the Privacy Act 
of 1974, as amended, as necessary and appropriate to protect such 
information. Such exempt records or information may be law enforcement 
or national security investigation records, law enforcement activity 
and encounter records.

Direct Final Rule and Significant Adverse Comments

    DoD has determined this rulemaking meets the criteria for a direct 
final rule because it involves nonsubstantive changes dealing with 
DoD's management of its Privacy Programs. DoD expects no opposition to 
the changes and no significant adverse comments. However, if DoD 
receives a significant adverse comment, the Department will withdraw 
this direct final rule by publishing a notice in the Federal Register. 
A significant adverse comment is one that explains: (1) Why the direct 
final rule is inappropriate, including challenges to the rule's 
underlying premise or approach; or (2) why the direct final rule will 
be ineffective or unacceptable without a change. In determining whether 
a comment necessitates withdrawal of this direct final rule, DoD will 
consider whether it warrants a substantive response in a notice and 
comment process.

Executive Order 12866, ``Regulatory Planning and Review'' and Executive 
Order 13563, ``Improving Regulation and Regulatory Review''

    It has been determined that Privacy Act rules for the Department of 
Defense are not significant rules. This rule does not (1) Have an 
annual effect on the economy of $100 million or more or adversely 
affect in a material way the economy; a sector of the economy; 
productivity; competition; jobs; the environment; public health or 
safety; or State, local, or tribal governments or

[[Page 26121]]

communities; (2) Create a serious inconsistency or otherwise interfere 
with an action taken or planned by another Agency; (3) Materially alter 
the budgetary impact of entitlements, grants, user fees, or loan 
programs, or the rights and obligations of recipients thereof; or (4) 
Raise novel legal or policy issues arising out of legal mandates, the 
President's priorities, or the principles set forth in these Executive 
orders.

Public Law 96-354, ``Regulatory Flexibility Act'' (5 U.S.C. Chapter 6)

    It has been determined that Privacy Act rules for the Department of 
Defense do not have significant economic impact on a substantial number 
of small entities because they are concerned only with the 
administration of Privacy Act systems of records within the Department 
of Defense. A Regulatory Flexibility Analysis is not required.

Public Law 96-511, ``Paperwork Reduction Act'' (44 U.S.C. Chapter 35)

    It has been determined that Privacy Act rules for the Department of 
Defense impose no additional information collection requirements on the 
public under the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et 
seq.).

Section 202, Public Law 104-4, ``Unfunded Mandates Reform Act''

    It has been determined that Privacy Act rules for the Department of 
Defense do not involve a Federal mandate that may result in the 
expenditure by State, local and tribal governments, in the aggregate, 
or by the private sector, of $100 million or more and that such 
rulemaking will not significantly or uniquely affect small governments.

Executive Order 13132, ``Federalism''

    It has been determined that Privacy Act rules for the Department of 
Defense do not have federalism implications. The rules do not have 
substantial direct effects on the States, on the relationship between 
the National Government and the States, or on the distribution of power 
and responsibilities among the various levels of government. Therefore, 
no Federalism assessment is required.

List of Subjects in 32 CFR Part 320

    Privacy.

    Accordingly, 32 CFR part 320 is amended as follows:

PART 320--NATIONAL GEOSPATIAL-INTELLIGENCE AGENCY (NGA)

0
1. The authority citation for 32 CFR part 320 continues to read as 
follows:

    Authority:  Pub. L. 93-579, 88 Stat. 1896 (5 U.S.C. 552a).


0
2. In Sec.  320.12, revise paragraph (c) to read as follows:


Sec.  320.12  Exemptions.

* * * * *
    (c) System identifier and name: NGA-004, NGA Threat Mitigation 
Records.
    (1) Exemptions: Exempt materials from JUSTICE/FBI--019 Terrorist 
Screening Records System may become part of the case records in this 
system of records. To the extent that copies of exempt records from 
JUSTICE/FBI--019, Terrorist Screening Records System are entered into 
these Threat Mitigation case records, NGA hereby claims the same 
exemptions (j)(2) and (k)(2), for the records as claimed in JUSTICE/
FBI--019, Terrorist Screening Records system of records of which they 
are a part.
    (2) Information specifically authorized to be classified under E.O. 
12958, as implemented by DoD 5200.1-R, may be exempt pursuant to 5 
U.S.C. 552a(k)(1).
    (3) Investigative material compiled solely for the purpose of 
determining suitability, eligibility, or qualifications for federal 
civilian employment, military service, federal contracts, or access to 
classified information may be exempt pursuant to 5 U.S.C. 552a(k)(5), 
but only to the extent that such material would reveal the identity of 
a confidential source.
    (4) Authority: 5 U.S.C. 552a(j)(2), (k)(1), (k)(2) and (k)(5).
    (5) Reasons: (i) Pursuant to 5 U.S.C. 552a(j)(2), (k)(2), and 
(k)(5) NGA is claiming the following exemptions for certain records 
within the Threat Mitigation Records system: 5 U.S.C. 552a(c)(3) and 
(4); (d)(1), (2), (3), and (4); (e)(1), (2), (3), (4)(G) through (I), 
(5), and (8); (f), and (g). Additionally, pursuant to 5 U.S.C. 
552a(k)(1) and (k)(2), NGA has exempted this system from the following 
provisions of the Privacy Act, subject to the limitation set forth in 5 
U.S.C. 552a(c)(3); (d); (e)(1), (e)(4)(G), (e)(4)(H), (e)(4)(I); and 
(f). Exemptions from these particular subsections are justified, on a 
case-by-case basis to be determined at the time a request is made.
    (ii) In addition to records under the control of NGA, the Threat 
Mitigation system of records may include records originating from 
systems of records of other law enforcement and intelligence agencies 
which may be exempt from certain provisions of the Privacy Act. 
However, NGA does not assert exemption to any provisions of the Privacy 
Act with respect to information submitted by or on behalf of 
individuals.
    (iii) To the extent the Threat Mitigation system contains records 
originating from other systems of records, NGA will rely on the 
exemptions claimed for those records in the originating system of 
records. Exemptions for certain records within the Threat Mitigation 
system from particular subsections of the Privacy Act are justified for 
the following reasons:
    (A) From subsection (c)(3) (Accounting for Disclosures) because 
giving a record subject access to the accounting of disclosures from 
records concerning him or her could reveal investigative interest on 
the part of the recipient agency that obtained the record pursuant to a 
routine use. Disclosure of the accounting could therefore present a 
serious impediment to law enforcement efforts on the part of the 
recipient agency because the individual who is the subject of the 
record would learn of third agency investigative interests and could 
take steps to evade detection or apprehension. Disclosure of the 
accounting also could reveal the details of watch list matching 
measures under the Threat Mitigation system, as well as capabilities 
and vulnerabilities of the watch list matching process, the release of 
which could permit an individual to evade future detection and thereby 
impede efforts to ensure security.
    (B) From subsection (c)(4) because portions of this system are 
exempt from the access and amendment provisions of subsection (d).
    (C) From subsection (d) (Access to Records) because access to the 
records contained in this system of records could inform the subject of 
an investigation of an actual or potential criminal, civil, or 
regulatory violation to the existence of that investigation and reveal 
investigative interest on the part of Department of Homeland Security 
or another agency. Access to the records could permit the individual 
who is the subject of a record to impede the investigation, to tamper 
with witnesses or evidence, and to avoid detection or apprehension. 
Amendment of the records could interfere with ongoing investigations 
and law enforcement activities and would impose an unreasonable 
administrative burden by requiring investigations to be continually 
reinvestigated. In addition, permitting access and amendment to such 
information could disclose security-sensitive information that could be 
detrimental to national security.
    (D) From subsection (e)(1) because it is not always possible for 
NGA or other agencies to know in advance what information is both 
relevant and necessary for it to complete an identity comparison 
between individuals and a

[[Page 26122]]

known or suspected terrorist. In addition, because NGA and other 
agencies may not always know what information about an encounter with a 
known or suspected terrorist will be relevant to law enforcement for 
the purpose of conducting an operational response.
    (E) From subsection (e)(2) because application of this provision 
could present a serious impediment to counterterrorism, law 
enforcement, or intelligence efforts in that it would put the subject 
of an investigation, study or analysis on notice of that fact, thereby 
permitting the subject to engage in conduct designed to frustrate or 
impede that activity. The nature of counterterrorism, law enforcement, 
or intelligence investigations is such that vital information about an 
individual frequently can be obtained only from other persons who are 
familiar with such individual and his/her activities. In such 
investigations, it is not feasible to rely upon information furnished 
by the individual concerning his own activities.
    (F) From subsection (e)(3), to the extent that this subsection is 
interpreted to require NGA to provide notice to an individual if NGA or 
another agency receives or collects information about that individual 
during an investigation or from a third party. Should the subsection be 
so interpreted, exemption from this provision is necessary to avoid 
impeding counterterrorism, law enforcement, or intelligence efforts by 
putting the subject of an investigation, study or analysis on notice of 
that fact, thereby permitting the subject to engage in conduct intended 
to frustrate or impede that activity.
    (G) From subsections (e)(4)(G) and (H) and (I) (Agency 
Requirements) and (f) (Agency Rules), because this system is exempt 
from the access provisions of 5 U.S.C. 552a(d).
    (H) From subsection (e)(5) because many of the records in this 
system coming from other system of records are derived from other 
agency record systems and therefore it is not possible for NGA to 
ensure their compliance with this provision, however, NGA has 
implemented internal quality assurance procedures to ensure that data 
used in the matching process is as thorough, accurate, and current as 
possible. In addition, in the collection of information for law 
enforcement, counterterrorism, and intelligence purposes, it is 
impossible to determine in advance what information is accurate, 
relevant, timely, and complete. With the passage of time, seemingly 
irrelevant or untimely information may acquire new significance as 
further investigation brings new details to light. The restrictions 
imposed by (e)(5) would limit the ability of those agencies' trained 
investigators and intelligence analysts to exercise their judgment in 
conducting investigations and impede the development of intelligence 
necessary for effective law enforcement and counterterrorism efforts. 
However, NGA has implemented internal quality assurance procedures to 
ensure that the data used in the matching process is as thorough, 
accurate, and current as possible.
    (I) From subsection (e)(8) because to require individual notice of 
disclosure of information due to compulsory legal process would pose an 
impossible administrative burden on NGA and other agencies and could 
alert the subjects of counterterrorism, law enforcement, or 
intelligence investigations to the fact of those investigations when 
not previously known.
    (J) From subsection (f) (Agency Rules) because portions of this 
system are exempt from the access and amendment provisions of 
subsection (d).
    (K) From subsection (g) to the extent that the system is exempt 
from other specific subsections of the Privacy Act.
* * * * *

    Dated: May 2, 2014.
Aaron Siegel,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
[FR Doc. 2014-10432 Filed 5-6-14; 8:45 am]
BILLING CODE 5001-06-P