[Federal Register Volume 73, Number 237 (Tuesday, December 9, 2008)]
[Proposed Rules]
[Pages 74635-74637]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E8-29053]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

6 CFR Part 5

[Docket No. DHS-2008-0179]


Privacy Act of 1974: Implementation of Exemptions; United States 
Immigration and Customs Enforcement Confidential and Other Sources of 
Information

AGENCY: Privacy Office, DHS.

ACTION: Notice of Proposed Rule Making.

-----------------------------------------------------------------------

SUMMARY: The Department of Homeland Security is giving concurrent 
notice of a revised and updated system of records pursuant to the 
Privacy Act of 1974 for the United States Immigration and Customs 
Enforcement (ICE) Confidential and Other Sources of Information (COSI) 
system of records and this

[[Page 74636]]

proposed rulemaking. In this proposed rulemaking, the Department 
proposes to exempt portions of the system of records from one or more 
provisions of the Privacy Act because of criminal, civil, and 
administrative enforcement requirements. The exemptions for the legacy 
system of records notices will continue to be applicable until the 
final rule for this SORN has been completed.

DATES: Comments must be received on or before January 8, 2009.

ADDRESSES: You may submit comments, identified by docket number DHS-
2008-0179, by one of the following methods:
     Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: 1-866-466-5370.
     Mail: Hugo Teufel III, Chief Privacy Officer, Department 
of Homeland Security, Washington, DC 20528.
    Instructions: All submissions received must include the agency name 
and docket number for this notice. All comments received will be posted 
without change to http://www.regulations.gov, including any personal 
information provided.
    Docket: For access to the docket to read background documents or 
comments received, go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: For general questions please contact: 
Lyn Rahilly, Privacy Officer, (202-732-3300), Immigration and Customs 
Enforcement, 500 12th Street, SW., Washington, DC 20024, e-mail: 
ICEPrivacy@dhs.gov. For privacy issues, please contact: Hugo Teufel III 
(703-235-0780), Chief Privacy Officer, Privacy Office, Department of 
Homeland Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:
    Background: Pursuant to the savings clause in the Homeland Security 
Act of 2002, Public Law 107-296, section 1512, 116 Stat. 2310 (November 
25, 2002), the DHS and its component agency ICE have relied on 
preexisting Privacy Act systems of records notices for the collection 
and maintenance of records pertaining to information received from 
confidential and other sources. As a law enforcement investigatory 
agency, ICE collects and maintains information regarding possible 
violations of law from a number of sources, including confidential 
sources, State, local, tribal and Federal law enforcement agencies and 
members of the public.
    As part of its efforts to streamline and consolidate its record 
systems, DHS is establishing a component system of records under the 
Privacy Act (5 U.S.C. 552a) for ICE to cover these records. This new 
system of records will allow ICE to collect and maintain records 
concerning the identities of and information received from documented 
confidential sources and other sources who supply information to ICE 
regarding possible violations of law or otherwise in support of law 
enforcement investigations and activities.
    In this notice of proposed rulemaking, DHS is now proposing to 
exempt Confidential and Other Sources of Information, in part, from 
certain provisions of the Privacy Act.
    The Privacy Act embodies fair information principles in a statutory 
framework governing the means by which the United States Government 
collects, maintains, uses, and disseminates personally identifiable 
information. The Privacy Act applies to information that is maintained 
in a ``system of records.'' A ``system of records'' is a group of any 
records under the control of an agency from which information is 
retrieved by the name of the individual or by some identifying number, 
symbol, or other identifying particular assigned to the individual. 
Individuals may request their own records that are maintained in a 
system of records in the possession or under the control of DHS by 
complying with DHS Privacy Act regulations, 6 CFR part 5.
    The Privacy Act requires each agency to publish in the Federal 
Register a description of the type and character of each system of 
records that the agency maintains, and the routine uses that are 
contained in each system in order to make agency recordkeeping 
practices transparent, to notify individuals regarding the uses to 
which personally identifiable information is put, and to assist 
individuals in finding such files within the agency.
    The Privacy Act allows Government agencies to exempt certain 
records from the access and amendment provisions. If an agency claims 
an exemption, however, it must issue a Notice of Proposed Rulemaking to 
make clear to the public the reasons why a particular exemption is 
claimed.
    DHS is claiming exemptions from certain requirements of the Privacy 
Act for Confidential and Other Sources of Information. Some information 
in Confidential and Other Sources of Information relates to official 
DHS national security, law enforcement, immigration, and intelligence 
activities. These exemptions are needed to protect information relating 
to DHS activities from disclosure to subjects or others related to 
these activities. Specifically, the exemptions are required to preclude 
subjects of these activities from frustrating these processes; to avoid 
disclosure of activity techniques; to protect the identities and 
physical safety of confidential informants and law enforcement 
personnel; to ensure DHS's ability to obtain information from third 
parties and other sources; to protect the privacy of third parties; and 
to safeguard classified information. Disclosure of information to the 
subject of the inquiry could also permit the subject to avoid detection 
or apprehension.
    The exemptions proposed here are standard law enforcement and 
national security exemptions exercised by a large number of Federal law 
enforcement and intelligence agencies. In appropriate circumstances, 
where compliance would not appear to interfere with or adversely affect 
the law enforcement purposes of this system and the overall law 
enforcement process, the applicable exemptions may be waived on a case-
by-case basis.
    A notice of system of records for Confidential and Other Sources of 
Information is also published in this issue of the Federal Register.

List of Subjects in 6 CFR Part 5

    Freedom of information, Privacy.

    For the reasons stated in the preamble, DHS proposes to amend 
Chapter I of Title 6, Code of Federal Regulations, as follows:

PART 5--DISCLOSURE OF RECORDS AND INFORMATION

    1. The authority citation for Part 5 continues to read as follows:

    Authority: Pub. L. 107-296, 116 Stat. 2135, 6 U.S.C. 101 et 
seq.; 5 U.S.C. 301. Subpart A also issued under 5 U.S.C. 552. 
Subpart B also issued under 5 U.S.C. 552a.

    2. Add at the end of Appendix C to Part 5, Exemption of Record 
Systems under the Privacy Act, the following new paragraph ``14'':

Appendix C to Part 5--DHS Systems of Records Exempt From the Privacy 
Act

* * * * *
    14. The Department of Homeland Security/United States 
Immigration and Customs Enforcement Confidential and Other Sources 
of Information DHS/ICE-003 system of records consists of electronic 
and paper records and will be used by DHS and its components. 
Confidential and Other Sources of Information (COSI) is a repository 
of information held by DHS in connection with its several and varied 
missions and functions, including, but not limited to: The 
enforcement of civil and criminal laws; and investigations, 
inquiries, and proceedings thereunder; national security and 
intelligence activities. COSI contains information that is collected 
by, on behalf of, in support of, or in cooperation with DHS and its 
components and may contain personally identifiable

[[Page 74637]]

information collected by other Federal, State, local, tribal, 
foreign, or international government agencies. Pursuant to exemption 
5 U.S.C. 552a(j)(2) of the Privacy Act, portions of this system are 
exempt from 5 U.S.C. 552a(c)(3) and (4); (d); (e)(1), (e)(2), 
(e)(3), (e)(4)(G), (e)(4)(H), (e)(5) and (e)(8); (f), and (g). 
Pursuant to 5 U.S.C. 552a(k)(2) of the Privacy Act, this system is 
exempt from the following provisions of the Privacy Act, subject to 
the limitations set forth in those subsections: 5 U.S.C. 552a(c)(3), 
(d), (e)(1), (e)(4)(G), (e)(4)(H), and (f). Exemptions from these 
particular subsections are justified, on a case-by-case basis to be 
determined at the time a request is made, for the following reasons:
    (a) From subsection (c)(3) and (4) (Accounting for Disclosures) 
because release of the accounting of disclosures could alert the 
subject of an investigation of an actual or potential criminal, 
civil, or regulatory violation to the existence of the 
investigation, and reveal investigative interest on the part of DHS 
as well as the recipient agency. Disclosure of the accounting would 
therefore present a serious impediment to law enforcement efforts 
and/or efforts to preserve national security. Disclosure of the 
accounting would also permit the individual who is the subject of a 
record to impede the investigation, to tamper with witnesses or 
evidence, and to avoid detection or apprehension, which would 
undermine the entire investigative process.
    (b) From subsection (d) (Access to Records) because access to 
the records contained in this system of records could inform the 
subject of an investigation of an actual or potential criminal, 
civil, or regulatory violation, to the existence of the 
investigation, and reveal investigative interest on the part of DHS 
or another agency. Access to the records could permit the individual 
who is the subject of a record to impede the investigation, to 
tamper with witnesses or evidence, and to avoid detection or 
apprehension. Amendment of the records could interfere with ongoing 
investigations and law enforcement activities and would impose an 
impossible administrative burden by requiring investigations to be 
continuously reinvestigated. In addition, permitting access and 
amendment to such information could disclose security-sensitive 
information that could be detrimental to homeland security.
    (c) From subsection (e)(1) (Relevancy and Necessity of 
Information) because in the course of investigations into potential 
violations of Federal law, the accuracy of information obtained or 
introduced occasionally may be unclear or the information may not be 
strictly relevant or necessary to a specific investigation. In the 
interests of effective law enforcement, it is appropriate to retain 
all information that may aid in establishing patterns of unlawful 
activity.
    (d) From subsection (e)(2) (Collection of Information from 
Individuals) because requiring that information be collected from 
the subject of an investigation would alert the subject to the 
nature or existence of an investigation, thereby interfering with 
the related investigation and law enforcement activities.
    (e) From subsection (e)(3) (Notice to Subjects) because 
providing such detailed information would impede law enforcement in 
that it could compromise investigations by: Revealing the existence 
of an otherwise confidential investigation and thereby provide an 
opportunity for the subject of an investigation to conceal evidence, 
alter patterns of behavior, or take other actions that could thwart 
investigative efforts; reveal the identity of witnesses in 
investigations, thereby providing an opportunity for the subjects of 
the investigations or others to harass, intimidate, or otherwise 
interfere with the collection of evidence or other information from 
such witnesses; or reveal the identity of confidential informants, 
which would negatively affect the informant's usefulness in any 
ongoing or future investigations and discourage members of the 
public from cooperating as confidential informants in any future 
investigations.
    (f) From subsections (e)(4)(G) and (H) (Agency Requirements), 
and (f) (Agency Rules) because portions of this system are exempt 
from the individual access provisions of subsection (d) for the 
reasons noted above, and therefore DHS is not required to establish 
requirements, rules, or procedures with respect to such access. 
Providing notice to individuals with respect to existence of records 
pertaining to them in the system of records or otherwise setting up 
procedures pursuant to which individuals may access and view records 
pertaining to themselves in the system would undermine investigative 
efforts and reveal the identities of witnesses, and potential 
witnesses, and confidential informants.
    (g) From subsection (e)(5) (Collection of Information) because 
in the collection of information for law enforcement purposes it is 
impossible to determine in advance what information is accurate, 
relevant, timely, and complete. Compliance with (e)(5) would 
preclude DHS agents from using their investigative training and 
exercise of good judgment to both conduct and report on 
investigations.
    (h) From subsection (e)(8) (Notice on Individuals) because 
compliance would interfere with DHS' ability to obtain, serve, and 
issue subpoenas, warrants, and other law enforcement mechanisms that 
may be filed under seal, and could result in disclosure of 
investigative techniques, procedures, and evidence.
    (i) From subsection (g) to the extent that the system is exempt 
from other specific subsections of the Privacy Act relating to 
individuals' rights to access and amend their records contained in 
the system. Therefore DHS is not required to establish rules or 
procedures pursuant to which individuals may seek a civil remedy for 
the agency's: Refusal to amend a record; refusal to comply with a 
request for access to records; failure to maintain accurate, 
relevant, timely and complete records; or failure to otherwise 
comply with an individual's right to access or amend records.

    Dated: November 28, 2008.
Hugo Teufel III,
Chief Privacy Officer, Department of Homeland Security.

 [FR Doc. E8-29053 Filed 12-8-08; 8:45 am]
BILLING CODE 4410-10-P