[Federal Register Volume 82, Number 8 (Thursday, January 12, 2017)]
[Notices]
[Pages 3764-3765]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-31974]


-----------------------------------------------------------------------

DEPARTMENT OF ENERGY

Energy Information Administration


CIPSEA Confidentiality Pledge Revision Notice

AGENCY: U.S. Energy Information Administration (EIA), Department of 
Energy

ACTION: Notice of Revision of Confidentiality Pledges under the 
Confidential Information Protection and Statistical Efficiency Act

-----------------------------------------------------------------------

SUMMARY: EIA is announcing revisions to the confidentiality pledge(s) 
it provides to its respondents under the Confidential Information 
Protection and Statistical Efficiency Act. These revisions are required 
by the passage and implementation of provisions of the Federal 
Cybersecurity Enhancement Act of 2015 which permit and require the 
Secretary of the Department of Homeland Security (DHS) to provide 
Federal civilian agencies' information technology systems with 
cybersecurity protection for their Internet traffic.

DATES: These revisions become effective upon publication of this notice 
in the Federal Register.

ADDRESSES: Questions about this notice should be addressed to Jacob 
Bournazian, U.S. Energy Information Administration, 1000 Independence 
Avenue SW., Washington, DC 20585 or by fax at 202-586-3045 or by email 
at [email protected].

FOR FURTHER INFORMATION CONTACT: Jacob Bournazian, U.S. Energy 
Information Administration, 1000 Independence Avenue SW., Washington, 
DC 20585, phone: 202-586-5562 (this is not a toll-free number), email: 
[email protected]. Because of delays in the receipt of regular 
mail related to security screening, respondents are encouraged to use 
electronic communications.

SUPPLEMENTARY INFORMATION: Under 44 U.S.C. 3506(e), and 44 U.S.C. 3501 
(note), EIA is revising the confidentiality pledge(s) it provides to 
its respondents under the Confidential Information Protection and 
Statistical Efficiency Act (44 U.S.C. 3501 (note)) (CIPSEA). These 
revisions are required by provisions of the Federal Cybersecurity 
Enhancement Act of 2015 (Pub. L. 114-11, Division N, Title II, Subtitle 
B, Sec. 223), which permit and require the Secretary of the Department 
of Homeland Security (DHS) to provide Federal civilian agencies' 
information technology systems with cybersecurity protection for their 
Internet traffic. Federal statistics provide key information that the 
Nation uses to measure its performance and make informed choices about 
budgets, employment, health, investments, taxes, and a host of other 
significant topics. The overwhelming majority of Federal surveys are 
conducted on a voluntary basis. Respondents, ranging from businesses to 
households to institutions, may choose whether or not to provide the 
requested information. Many of the most valuable Federal statistics 
come from surveys that ask for highly sensitive information such as 
proprietary business data from companies or particularly personal 
information or practices from individuals. Strong and trusted 
confidentiality and exclusively statistical use pledges under the 
Confidential Information Protection and Statistical Efficiency Act 
(CIPSEA) and similar statistical confidentiality pledges are effective 
and necessary in honoring the trust that businesses, individuals, and 
institutions, by their responses, place in statistical agencies.
    Under CIPSEA and similar statistical confidentiality protection 
statutes, many Federal statistical agencies make statutory pledges that 
the information respondents provide will be seen only by statistical 
agency personnel or their sworn agents, and will be used only for 
statistical purposes. CIPSEA and similar statutes protect the 
confidentiality of information that agencies collect solely for 
statistical purposes and under a pledge of confidentiality. These acts 
protect such statistical information from administrative, law 
enforcement, taxation, regulatory, or any other non-statistical use and 
immunize the information submitted to statistical agencies from legal 
process. Moreover, many of these statutes carry criminal penalties of a 
Class E felony (fines up to $250,000, or up to five years in prison, or 
both) for conviction of a knowing and willful unauthorized disclosure 
of covered information.
    As part of the Consolidated Appropriations Act for Fiscal Year 2016 
signed on December 17, 2015, the Congress included the Federal 
Cybersecurity Enhancement Act of 2015 (Pub. L. 114-11, Division N, 
Title II,

[[Page 3765]]

Subtitle B, Sec. 223). This Act, among other provisions, permits and 
requires DHS to provide Federal civilian agencies' information 
technology systems with cybersecurity protection for their Internet 
traffic. The technology currently used to provide this protection 
against cyber malware is known as Einstein 3A; it electronically 
searches Internet traffic in and out of Federal civilian agencies in 
real time for malware signatures.
    When such a signature is found, the Internet packets that contain 
the malware signature are moved to a secured area for further 
inspection by DHS personnel. Because it is possible that such packets 
entering or leaving a statistical agency's information technology 
system may contain a small portion of confidential statistical data, 
statistical agencies can no longer promise their respondents that their 
responses will be seen only by statistical agency personnel or their 
sworn agents. However, they can promise, in accordance with provisions 
of the Federal Cybersecurity Enhancement Act of 2015, that such 
monitoring can be used only to protect information and information 
systems from cybersecurity risks, thereby, in effect, providing 
stronger protection to the integrity of the respondents' submissions.
    The DHS cybersecurity program's objective is to protect Federal 
civilian information systems from malicious malware attacks. The 
Federal statistical system's objective is to ensure that the DHS 
Secretary performs those essential duties in a manner that honors the 
Government's statutory promises to the public to protect their 
confidential data. Given that the Department of Homeland Security is 
not a Federal statistical agency, both DHS and the Federal statistical 
system worked to balance both objectives and achieve these mutually 
reinforcing objectives.
    Accordingly, DHS and Federal statistical agencies, in cooperation 
with their parent departments, developed a Memorandum of Agreement for 
the installation of Einstein 3A cybersecurity protection technology to 
monitor their Internet traffic. However, EIA's current CIPSEA 
statistical confidentiality pledge promises that respondents' data will 
be seen only by statistical agency personnel or their sworn agents. 
Since it is possible that DHS personnel could see some portion of those 
confidential data in the course of examining the suspicious Internet 
packets identified by Einstein 3A sensors, EIA needs to revise its 
confidentiality pledge to reflect this process change.
    Therefore, EIA is providing this notice to alert the public of this 
revision in its confidentiality pledge in an efficient and coordinated 
fashion. Below is a listing of EIA's current Paperwork Reduction Act 
OMB numbers and information collection titles and their associated 
revised confidentiality pledge(s) for the Information Collections whose 
confidentiality pledges will change to reflect the statutory 
implementation of DHS' Einstein 3A monitoring for cybersecurity 
protection purposes.
    The following EIA statistical confidentiality pledge will now apply 
to the Information Collections whose Paperwork Reduction Act Office of 
Management and Budget numbers and titles are listed below.

    The information you provide on Form EIA-XXX will be used for 
statistical purposes only and is confidential by law. In accordance 
with the Confidential Information Protection and Statistical 
Efficiency Act of 2002 and other applicable Federal laws, your 
responses will not be disclosed in identifiable form without your 
consent. Per the Federal Cybersecurity Enhancement Act of 2015, 
Federal information systems are protected from malicious activities 
through cybersecurity screening of transmitted data. Every EIA 
employee, as well as every agent, is subject to a jail term, a fine, 
or both if he or she makes public ANY identifiable information you 
reported.
OMB No: 1905-0174 Petroleum Marketing Program
    Form EIA-863, ``Petroleum Product Sales Identification Survey''
    Form EIA-878, ``Motor Gasoline Price Survey''
    Form EIA-888, ``On-Highway Diesel Fuel Price Survey''
OMB No: 1905-0175 Natural Gas Data Collection Program
    Form EIA-910, ``Monthly Natural Gas Marketers Survey''
    Form EIA-912, ``Weekly Underground Natural Gas Storage Report''
OMB No: 1905-0205 Monthly Natural Gas Production Report
    Form EIA-914, ``Monthly Crude Oil, Lease Condensate, and Natural 
Gas Production Report''
OMB No: 1905-0160 Uranium Data Program
    Form EIA-851Q, ``Domestic Uranium Production Report--Quarterly''
    Form EIA-851A, ``Domestic Uranium Production Report--Annual''
    Form EIA-858, ``Uranium Marketing Annual Survey''
OMB No: 1905-0145 Commercial Buildings Energy Consumption Survey
    Form EIA-871, ``Commercial Buildings Energy Consumption Survey''
OMB No. 1905-0092 Residential Energy Consumption Survey
    Form EIA-457, ``Residential Energy Consumption Survey''

The pledge provided to respondents over the telephone is shorter for 
the respondents to Forms EIA-878 and EIA-888. The statistical 
confidentiality pledge for collecting information over the telephone 
reads:

    The information you provide on Form EIA-xxx will be used for 
statistical purposes only. Your responses will be kept confidential 
and will not be disclosed in identifiable form. Per the Federal 
Cybersecurity Enhancement Act of 2015, Federal information systems 
are protected from malicious activities through cybersecurity 
screening of transmitted data. By law, every EIA employee, as well 
as every agent, is subject to a jail term, a fine, or both if he or 
she makes public ANY identifiable information you reported.

    Issued in Washington, DC, on December 28, 2016.
Nanda Srinivasan,
Director, Office of Survey Development and Statistical Integration, 
U.S. Energy Information Administration.
[FR Doc. 2016-31974 Filed 1-11-17; 8:45 am]
 BILLING CODE 6450-01-P