[Federal Register Volume 75, Number 22 (Wednesday, February 3, 2010)]
[Rules and Regulations]
[Pages 5487-5491]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2010-2201]



========================================================================
Rules and Regulations
                                                Federal Register
________________________________________________________________________

This section of the FEDERAL REGISTER contains regulatory documents 
having general applicability and legal effect, most of which are keyed 
to and codified in the Code of Federal Regulations, which is published 
under 50 titles pursuant to 44 U.S.C. 1510.

The Code of Federal Regulations is sold by the Superintendent of Documents. 
Prices of new books are listed in the first FEDERAL REGISTER issue of each 
week.

========================================================================


Federal Register / Vol. 75, No. 22 / Wednesday, February 3, 2010 / 
Rules and Regulations

[[Page 5487]]



DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

6 CFR Part 5

[Docket No. DHS-2009-0055]


Privacy Act of 1974: Implementation of Exemptions; Department of 
Homeland Security/U.S. Customs and Border Protection--006 Automated 
Targeting System of Records

AGENCY: Privacy Office, DHS.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Department of Homeland Security is issuing a final rule to 
amend its regulations to exempt portions of a Department of Homeland 
Security/U.S. Customs and Border Protection system of records entitled 
the, ``Department of Homeland Security/U.S. Customs and Border 
Protection--006 Automated Targeting System of Records'' from certain 
provisions of the Privacy Act. Specifically, the Department exempts 
portions of the Department of Homeland Security/U.S. Customs and Border 
Protection--006 Automated Targeting system of records from one or more 
provisions of the Privacy Act because of criminal, civil, and 
administrative enforcement requirements.

DATES: Effective Date: This final rule is effective February 3, 2010.

FOR FURTHER INFORMATION CONTACT: For general questions please contact: 
Laurence E. Castelli (202-325-0280), Privacy Officer, U.S. Customs and 
Border Protection, Office of International Trade, Mint Annex, 799 Ninth 
Street, NW., Washington, DC 20001-4501. For privacy issues please 
contact: Mary Ellen Callahan (703-235-0780), Chief Privacy Officer, 
Privacy Office, U.S. Department of Homeland Security, Washington, DC 
20528.

SUPPLEMENTARY INFORMATION:

Background

    The Department of Homeland Security (DHS) published a notice of 
proposed rulemaking in the Federal Register, 72 FR 43567, August 6, 
2007, proposing to exempt portions of the system of records from one or 
more provisions of the Privacy Act because of criminal, civil, and 
administrative enforcement requirements. The system of records is the 
DHS/U.S. Customs and Border Protection (CBP)--006 Automated Targeting 
system. The DHS/CBP--006 Automated Targeting system of records notice 
was published concurrently in the Federal Register, 72 FR 43650, August 
6, 2007, and comments were invited on both the notice of proposed 
rulemaking and system of records notice. Comments were received on both 
notice of proposed rulemaking and system of records notice.

Public Comments

    DHS received thirteen comments on the notice of proposed rulemaking 
(NPRM) and three comments on the system of records notice (SORN). Of 
the total sixteen comments: (1) Five comments are duplicate 
submissions; (2) four comments were erroneously filed relating to a 
Transportation Security Administration (TSA) publication pertaining to 
Secure Flight; (3) one comment was erroneously filed relating to a U.S. 
Customs and Border Protection publication pertaining to the Border 
Crossing Information system; and (4) of the discrete six comments filed 
in connection with this system, two comments agreed with the DHS/CBP--
006 Automated Targeting (ATS) system of records. The following is an 
analysis of the substantive related comments and questions submitted by 
the public.

General Comments

    Comment: ATS continues to lack transparency.
    Response: DHS disagrees. In recognition of the importance of 
providing the public with increased notice and transparency regarding 
CBP's screening efforts, DHS removed ATS from coverage under the legacy 
Treasury/CS.244 Treasury Enforcement Communication System (66 FR 52984, 
October 18, 2001), where it has been operational for nearly a decade, 
and created a separate SORN for ATS (72 FR 43650, August 6, 2007) that 
details with particularity the collection of information by the system 
and its use.
    Comment: Mission creep is inevitable.
    Response: ATS is designed to assist CBP in ensuring compliance not 
only with customs (Title 19) and immigration laws (Title 8) under its 
jurisdiction, but also with the numerous other U.S. laws that CBP 
enforces on behalf of many Federal agencies, such as: (1) The 
Agricultural Bioterrorism Protection Act of 2002 (7 U.S.C. 8401); (2) 
the Honeybee Act (7 U.S.C. 281-286); (3) the Export Administration Act 
of 1979 (15 U.S.C. 4605); (4) the Copyright Act (17 U.S.C. 101-120); 
(5) the Clean Air Act (42 U.S.C. 7521-7543); and (6) the Trading with 
the Enemy Act (50 U.S.C. App 1-Sec.  44). By necessity, ATS is designed 
to accommodate changes in both the law and the intelligence landscape. 
However, the use of ATS is governed by a number of policy and 
administrative checks and balances to ensure that ATS, and the PNR, are 
maintained specifically in the ATS module, referred to as that 
Automated Targeting System--Passenger (ATS-P), and used in a manner 
appropriate with the mission of DHS.
    Comment: Computer algorithms cannot make accurate security 
judgments.
    Response: ATS does not, by itself, form administrative decisions or 
institute law enforcement actions against travelers and cargo. Instead, 
ATS is a decision-support tool that assists CBP officers in identifying 
individuals who, and cargo which, warrant additional screening. Any 
legal actions are the result of a trained CBP officer's hands-on 
interaction and examination of a person or cargo and a consideration of 
additional evidence or information obtained from the traveler and other 
sources, or in the case of cargo, the entry documents and other 
available data.
    Comment: ATS will result in the creation of `security ratings' for 
citizens.
    Response: Unlike the ATS components relating to cargo, ATS-P does 
not assign a ``risk score'' to travelers. Instead, travelers that ATS, 
and more specifically, ATS-P, identifies for possible further scrutiny 
are not selected because of any rating or objective physical 
characteristic or political, religious, racial, or ethnic affiliation. 
Travelers are so identified as the result of threshold targeting rules 
in

[[Page 5488]]

ATS, which are based on current intelligence or past case experience. 
Travelers may also be identified for further screening if their date of 
birth or identifier match an entry placed for subject query in DHS/
CBP--011 TECS (73 FR 77778, December 19, 2008). A subject query is a 
query of records that pertains to persons, aircraft, businesses, or 
vehicles.

SORN Routine Use Comments

    Comment: The Routine Uses categories are so broad as to be almost 
meaningless.
    Response: CBP is a law enforcement agency that enforces over 400 
statutes on behalf of more than 40 agencies in the Federal government. 
In addition, CBP and its predecessor agencies (the U.S. Customs Service 
and the Immigration and Naturalization Service), have signed Memoranda 
of Understandings (MOUs) or similar agreements with a wide variety of 
Federal, State and local agencies with border security and law 
enforcement interests and have similar arrangements with other nations, 
including customs mutual assistance agreements (CMAAs). The Routine 
Uses are established to facilitate the sharing of specific information 
in furtherance of these shared law enforcement missions. The Routine 
Uses set forth at great length in the ATS SORN also provide notice and 
transparency to the public as to the nature and extent of the sharing 
of ATS data while containing appropriate parameters to limit the 
sharing of discrete law enforcement purposes.
    Comment: Routine Use C duplicates and weakens the statutory 
condition of disclosure in (b)(8) because it does not include 
notification to the individual required by statute.
    Response: The statutory condition of disclosure set forth in 
section (b)(8) of the Privacy Act permits disclosure of a record ``to a 
person pursuant to a showing of compelling circumstances affecting the 
health and safety of an individual if upon such disclosure notification 
is transmitted to the last known address of such individual.'' As set 
forth in the ATS SORN (72 FR 43650, August 6, 2007), Routine Use C 
permits disclosure of ATS data to an organization or individual that is 
or could become the target of a particular terrorist activity or 
conspiracy. As such, Routine Use C does not weaken the statutory 
condition, which is most commonly utilized in compelling public health 
situations involving exposure to communicable or quarantinable 
diseases, but instead, illustrates circumstances appropriate to a 
disclosure for compelling safety reasons involving both organizations 
and individuals. With regard to the statutory provisions of section 
(b)(8) of the Privacy Act, in the instance of a potential pandemic 
outbreak resulting from exposure to a communicable or quarantinable 
disease during travel and the possible subsequent dispersal throughout 
a region or the nation, CBP's first responsibility is to inform the 
proper health agencies and professionals of this risk to facilitate a 
rapid response to protect the public health. Routine Use D also 
eliminates potential duplicative reporting requirements to U.S. 
authorities responsible for protecting public health and combating 
pandemics. As such, it reduces the economic burden on air carriers. It 
also promotes the privacy interest of travelers by minimizing the 
processing of their information by U.S. authorities.
    Comment: Routine Use M, which provides access to the Federal 
government and unnamed third parties while keeping the data secret from 
the individual, is a strange use of Privacy Act exemptions.
    Response: The language of Routine Use M was drafted by the 
Department of Justice (DOJ) in connection with the Identity Theft Task 
Force (See ``Combating Identity Theft: A Strategic Plan'' at http://www.identitytheft.gov) to address security breaches where disclosure 
under statutory condition (b)(1) is not applicable. In particular, this 
Routine Use is intended to cover situations where a breach has occurred 
and DHS may need to share information with agencies or entities 
conducting an investigation or to facilitate notifying the individuals 
whose information has been breached. The ``unnamed third party'' will 
be an entity under contract and subject to a non-disclosure agreement 
to provide services related to the security breach. The ``unnamed third 
party'' would only receive the minimum information necessary to perform 
contracted services such as determining the specific circumstances of 
the data breach and informing individuals of the breach, its extent, 
and remedies to be offered, as appropriate. Normally, the type of 
information to be shared is restricted to name and address, ``contact 
information,'' and would not include information about the context of 
the records or non-identity related facts.

Legality of ATS System Comments

    Comment: ATS is prohibited by the Privacy Act because it involves 
the collection and retention of records pertaining to activities 
protected by the First Amendment (i.e., ``right of assembly'').
    Response: CBP has broad authority to conduct activities relating to 
the entry into, or exit from the United States, of persons or goods. 
See 19 U.S.C. 482, 1461, 1496, 1499, 1581-83; 8 U.S.C. 1225, 1357; 31 
U.S.C. 5332. ATS is a decision-support tool used by CBP officers to 
execute this lawful border enforcement authority and does not violate 
the right of citizens to assemble.
    Comment: ATS is in violation of the funding prohibitions in section 
514 of the 2007 Department of Homeland Security Appropriations Act.
    Response: As specified with particularity, Section 514 of the 2007 
Homeland Security Appropriations Act, Public Law 109-295, and the 
funding restrictions set forth therein, pertain to the ``Secure Flight 
program administered by the Transportation Security Administration or 
any other follow-on or successor passenger screening program.'' 
Inasmuch as ATS has been funded by Congress since the late 1990s, it is 
clearly not a ``follow-on or successor'' to Secure Flight.'' Secure 
Flight is intended to screen domestic passengers attempting to board 
aircraft; ATS-P is used in connection with individuals seeking 
admission to the U.S. at ports of entry. Unlike Secure Flight, Congress 
has not imposed any independent restriction on ATS-P for passenger 
screening and instead, has appropriated funding for ATS's Passenger 
Screening Program.

Privacy Act Exemption Comments

    Comment: Exempting business confidential information, PNR data, 
received from commercial third parties from access is contrary to the 
Privacy Act.
    Response: ATS does not exempt access to PNR data about the 
requestor, obtained from either the requestor or from a booking agent, 
broker, or another person submitting on behalf of the requestor. DHS 
will provide the first party requestor with the information in the form 
in which it was received from the respective carrier about the 
individual. ATS does exempt business confidential information 
pertaining to the carrier from access, but this information is not 
submitted by or on behalf of the requestor, nor does it pertain 
personally to the requestor. ATS provides access to the raw PNR data in 
the form that it was submitted, upon request by the individual to whom 
the data pertains.
    Comment: The proposed exemptions violate the requirements of 
relevance, necessity, accuracy, timeliness and completeness under the 
Privacy Act.
    Response: The Privacy Act requires that an agency ``maintain in its 
records

[[Page 5489]]

only such information about an individual as is relevant and necessary 
to accomplish a purpose of the agency required to be accomplished by 
statute or executive order of the President.'' 5 U.S.C. 552a (e)(1). 
CBP, in consideration of its law enforcement mission, claims an 
exemption from this requirement. The purpose of this Privacy Act 
exemption is to strike a balance between protecting information 
collected about persons, while permitting law enforcement agencies to 
effectively carry out their missions. Here, the information used by ATS 
and specifically ATS-P, including PNR, has a long history of supporting 
successful targeting and investigations and is not available from other 
sources to support the prescreening of travelers prior to arrival in 
and departure from the United States. ATS is a unique tool that adds to 
an officer's ability to identify travelers who, and cargo which, may 
pose a higher risk of violating U.S. law. Without ATS-P, DHS would be 
unable to identify many travelers whose suspicious behavior is revealed 
only after considering past case experience and available intelligence. 
PNR, for example, is often only relevant when considered in light of 
information obtained from other law enforcement or intelligence 
sources. In this way, ATS-P complements and does not duplicate other 
border enforcement tools, such as training to identify false documents 
and in questioning travelers.
    Comment: The proposed Privacy Act (j)(2) exemption contravenes the 
intent of the statute because the three statutory requirements are not 
met. Even if DHS asserts that innocent citizens are considered to be 
criminal offenders, the information qualifying for exemption must 
consist only of identifying data and notations of arrests, the nature 
and disposition of criminal charges, sentencing, confinement, release 
and parole and probation status.
    Response: Exemption (j)(2) permits CBP to assert an exemption for 
ATS because CBP is a law enforcement agency and the information in ATS 
is compiled to identify suspected and known criminal offenders or 
alleged criminal offenders. CBP is charged with screening all persons 
crossing U.S. borders to ensure compliance with U.S. laws. ATS exists 
for, among other reasons, to assist DHS in identifying those persons 
who, and cargo which, may pose a higher risk for violating U.S. law, 
while not impeding the flow of legitimate travelers, cargo, and 
conveyances.
    Comment: The proposed Privacy Act (k)(2) exemption is inappropriate 
unless DHS agrees to provide ATS records to travelers who have been 
denied the opportunity to fly because their names were on a ``list.''
    Response: The access provisions in the current ATS SORN clarify 
that a requestor may obtain access to the PNR submitted on his or her 
behalf by his or her respective carrier. This means that an individual 
may gain access to his or her PNR data, upon request. CBP has long made 
this information available to U.S. and non-U.S. citizens and thus this 
represents only a clarification of the prior ATS SORN, not a change of 
policy. Lastly, this access permits the requestor to seek redress for 
the fact that their name may be on a ``list.''
    Comment: The proposed exemptions of the system are so broad that 
CBP would be allowed to use ATS with little accountability.
    Response: CBP has asserted Privacy Act exemptions (j)(2) and (k)(2) 
to protect information maintained in a law enforcement system. These 
exemptions and their justifications are routinely employed throughout 
the Federal Government to protect official information maintained in a 
law enforcement system. The Privacy Act provides authority to assert as 
many as seven exemptions for records maintained in a system. These 
exemptions must be asserted in accordance with the provisions of 
sections (j) and (k) for purposes consistent with the provisions of the 
Privacy Act. CBP has only asserted exemptions (j)(2) and (k)(2), with 
respect to ATS, because these two exemptions covered the types and uses 
of information maintained in ATS. With respect to accountability, DHS 
already receives significant and constructive oversight by Congress and 
the Inspector General with respect to many of its programs, including 
ATS. Individuals may also seek judicial review of most enforcement 
actions taken by CBP, including those which may stem from the results 
of an ATS analysis.

Contents of ATS and PNR Comments

    Comment: ATS contains passenger information obtained during a 
secondary screening, such as the title of a book carried by a passenger 
that will be used to discriminate against travelers.
    Response: Secondary screening results are not collected or 
maintained in ATS. Instead, information relating to secondary screening 
is collected and maintained in other CBP data systems, in particular, 
DHS/CBP--011 TECS.
    Comment: Data concerning race, ethnicity, political affiliation and 
other personal matters can be contained in PNR and used in risk 
assessments, which may result in discrimination against travelers.
    Response: One of the many reasons travelers may be selected for 
additional screening is as a result of threshold targeting rules in 
ATS, which are based on current intelligence or past case experience 
and not on physical characteristics, or political, religious, racial, 
ethnic or sexual affiliation. Moreover, CBP policy prohibits improper 
discrimination and violators are subject to penalties.
    Comment: Much of the ATS data in PNRs is not provided by air 
passengers seeking to book travel but are commercial records created 
and maintained by travel companies for their own purposes. The 
aggregation and use of PNR data from airlines permits DHS to be the 
enforcer of a joint blacklist by all the airlines of anyone secretly 
tagged with derogatory PNR sent to DHS.
    Response: DHS disagrees. The PNR data that is transmitted to CBP 
and collected through ATS is composed primarily of information that is 
provided to airlines and travel agents by or on behalf of air travelers 
seeking to book travel. The commercial information, such as frequent 
flier information and internal annotations to the air fare, are 
transmitted to CBP as part of the PNR collected by ATS, and is limited 
in amount and proprietary to the submitting company.

Retention Comments

    Comment: Two comments noted that the 15-year retention period for 
ATS is too long.
    Response: Terrorist suspects often have no prior criminal record 
and, at the time of travel, the U.S. Government may have no other 
derogatory background information about them. CBP uses PNR, including 
historical PNR, to attempt to identify such previously unknown 
terrorists before they enter the United States. Specifically, ATS-P is 
able to analyze PNR data to uncover links between known and previously 
unidentified terrorists or terrorist suspects, as well as suspicious or 
irregular travel patterns.
    CBP believes that the 15 year retention period enhances privacy 
protections for travelers whose information is collected, while at the 
same time permitting it to effectively carry out its proper law 
enforcement mission. Specifically, the retention period for information 
maintained in ATS will not exceed fifteen years, after which time it 
will be deleted in accordance with an approved records disposition 
schedule except as noted below.

[[Page 5490]]

    Additionally, the following further access restrictions pertain to 
the retention and use of PNR, which is contained only in ATS-P: ATS-P 
users will have general access to PNR for seven years, after which time 
the PNR data will be moved to dormant, non-operational status. PNR data 
in dormant status will be retained for eight years and may be accessed 
only with approval of a senior DHS official designated by the Secretary 
of Homeland Security and only in response to an identifiable case, 
threat, or risk. Notwithstanding the above, information that is 
maintained only in ATS that is linked to law enforcement lookout 
records, CBP matches to enforcement activities, investigations or 
cases, such as specific and credible threats and flights, individuals 
and routes of concern, or other defined sets of circumstances, will 
remain accessible for the life of the law enforcement matter.

Redress and Accuracy Material Comments

    Comment: Two comments noted that the supporting databases used by 
ATS contained inaccurate information.
    Response: ATS is a decision-support tool that provides a risk 
analysis by comparing information contained in various databases. With 
the exception of PNR, ATS does not actively maintain the information 
from those databases; the information is merely analyzed by ATS. 
Therefore, when an individual is seeking redress for information other 
than PNR, which is maintained in ATS-P, such redress may be 
accomplished by referring to the databases that maintain that 
information. With regard to the information that is actively collected 
by ATS PNR data, an individual may utilize the comprehensive DHS 
Traveler Redress Inquiry Program (DHS TRIP) that was created to receive 
all traveler related comments, complaints and redress requests 
affecting its component agencies. Through DHS TRIP, a traveler can seek 
correction of erroneous information stored in ATS, as well as other 
databases. Although not required to do so under the provisions of the 
Privacy Act, which are applicable only to U.S. citizens and legal 
permanent residents, DHS policy extends the opportunity to access and 
correct data to foreign nationals as well.
    Comment: No meaningful redress is provided because an individual 
does not know if incorrect information is kept in ATS.
    Response: DHS disagrees. As noted earlier ATS provides a requestor 
with access to PNR that was submitted by or on behalf of the requestor. 
Should the requestor discover that the PNR record or records are 
inaccurate, then the requestor may seek redress to inform DHS of the 
inaccuracy and correct it.
    Comment: No meaningful redress process is provided because source 
systems are also exempt from the protections of the Privacy Act.
    Response: DHS disagrees. For example, ATS provides access to raw 
PNR data provided by or on behalf of the requestor. Similarly, the DHS/
CBP--005 Advance Passenger Information System (73 FR 68435, November 
18, 2008, 73 FR 68435) also provides access to information submitted by 
or on behalf of a requestor. DHS TRIP provides a means for persons to 
seek redress regarding information in CBP maintained databases as well 
as permits CBP to coordinate with other appropriate entities which may 
have information on a traveler. The results of screening in ATS are a 
decision-support tool that must still be reviewed by a CBP analyst 
before further action, such as a referral to secondary inspection, may 
occur.
    Upon careful review of the submitted public comments, having taken 
into consideration public comments resulting from this NPRM and SORN, 
as well as the Department's position on these public comments, DHS has 
determined that for the reasons stated, it is important that the 
exemptions remain in place. DHS will implement the rulemaking as 
proposed.

List of Subjects in 6 CFR Part 5

    Freedom of information; Privacy.

0
For the reasons stated in the preamble, DHS amends Chapter I of Title 
6, Code of Federal Regulations, as follows:

PART 5--DISCLOSURE OF RECORDS AND INFORMATION

0
1. The authority citation for Part 5 continues to read as follows:

    Authority: Pub. L. 107-296, 116 Stat. 2135, 6 U.S.C. 101 et 
seq.; 5 U.S.C. 301. Subpart A also issued under 5 U.S.C. 552. 
Subpart B also issued under 5 U.S.C. 552a.


0
2. Add at the end of Appendix C to Part 5, Exemption of Record Systems 
under the Privacy Act, the following new paragraph ``45'':

Appendix C to Part 5--DHS Systems of Records Exempt From the Privacy 
Act

* * * * *
    45. The DHS/CBP--006 Automated Targeting system of records 
performs screening of both inbound and outbound cargo, travelers, 
and conveyances. As part of this screening function and to 
facilitate DHS's border enforcement mission, the DHS/CBP--006 
Automated Targeting system of records compares information received 
with CBP's law enforcement databases, the Federal Bureau of 
Investigation Terrorist Screening Center's Terrorist Screening 
Database (TSDB), information on outstanding wants or warrants, 
information from other government agencies regarding high-risk 
parties, and risk-based rules developed by analysts using law 
enforcement data, intelligence, and past case experience. The 
modules also facilitate analysis of the screening results of these 
comparisons. This supports the several and varied missions and 
functions of DHS, including but not limited to: The enforcement of 
civil and criminal laws (including the immigration law); 
investigations, inquiries; national security and intelligence 
activities in support of the DHS mission to identify and prevent 
acts of terrorism against the United States. The information is 
collected by, on behalf of, in support of, or in cooperation with 
DHS and its components and may contain personally identifiable 
information collected by other Federal, State, local, tribal, 
foreign, or international government agencies. Certain records or 
information in DHS/CBP--006 Automated Targeting system of records 
are exempt from the Privacy Act. With respect to the ATS-P module, 
exempt records are the targeting rule sets, risk assessment 
analyses, and business confidential information contained in the PNR 
that relates to the air and vessel carriers. No exemption shall be 
asserted regarding PNR data about the requester, provided by either 
the requester or a booking agent, brokers, or another person on the 
requester's behalf. This information, upon request, may be provided 
to the requester in the form in which it was collected from the 
respective carrier, but may not include certain business 
confidential information of the air carrier that is also contained 
in the record, such as use and application of frequent flier miles, 
internal annotations to the air fare, etc. For other DHS/CBP--006 
Automated Targeting system of records modules the only information 
maintained in the system is the targeting rule sets, risk assessment 
analyses, and a pointer to the data from the source system of 
records. The Secretary of Homeland Security has exempted this system 
from the following provisions of the Privacy Act, subject to the 
limitations set forth in 5 U.S.C. 552a(c)(3) and (4); (d)(1), (2), 
(3), and (4); (e)(1), (2), (3), (4)(G) through (I), (e)(5), and (8); 
(f); and (g) pursuant to 5 U.S.C. 552a(j)(2). Additionally, the 
Secretary of Homeland Security has exempted this system from the 
following provisions of the Privacy Act, subject to the limitations 
set forth in 5 U.S.C. 552a(c)(3) and (4); (d)(1), (2), (3), and (4); 
(e)(1), (2), (3), (4)(G) through (I), (e)(5), and (8); (f); and (g) 
pursuant to 5 U.S.C. 552a(k)(2). These exemptions also apply to the 
extent that information in this system of records is recompiled or 
is created from information contained in other systems of records. 
After conferring with the appropriate component or agency, DHS may 
waive applicable exemptions in appropriate circumstances and where 
it would not appear to interfere with or adversely affect the law 
enforcement purposes of the systems from which the information is 
recompiled or in which it is contained. Exemptions from these 
particular

[[Page 5491]]

subsections are justified, on a case-by-case basis to be determined 
at the time a request is made, for the following reasons:
    (a) From subsection (c)(3) and (4) (Accounting for Disclosure) 
because making available to a record subject the accounting of 
disclosures from records concerning him or her would specifically 
reveal any investigative interest in the individual. Revealing this 
information could reasonably be expected to compromise ongoing 
efforts to investigate a known or suspected criminal or terrorist, 
or other person of interest, by notifying the record subject that he 
or she is under investigation. This information could also permit 
the record subject to take measures to impede the investigation, 
e.g., destroy evidence, intimidate potential witnesses, or flee the 
area to avoid or impede the investigation. Exemptions from these 
particular subsections are justified, on a case-by-case basis to be 
determined at the time a request is made, for the following reasons: 
(a) From subsection (c)(3) (Accounting for Disclosure) because 
making available to a record subject the accounting of disclosures 
from records concerning him or her would specifically reveal any 
investigative interest in the individual. Revealing this information 
could reasonably be expected to compromise ongoing efforts to 
investigate a known or suspected terrorist by notifying the record 
subject that he or she is under investigation. This information 
could also permit the record subject to take measures to impede the 
investigation, e.g., destroy evidence, intimidate potential 
witnesses, or flee the area to avoid or impede the investigation.
    (b) From subsection (c)(4) (Accounting for Disclosure, notice of 
dispute) because certain records in this system are exempt from the 
access and amendment provisions of subsection (d), this requirement 
to inform any person or other agency about any correction or 
notation of dispute that the agency made with regard to those 
records, should not apply.
    (c) From subsections (d)(1), (2), (3), and (4) (Access to 
Records) because these provisions concern individual access to and 
amendment of certain records contained in this system, including law 
enforcement, counterterrorism, and investigatory records. Compliance 
with these provisions could alert the subject of an investigation to 
the fact and nature of the investigation, and/or the investigative 
interest of intelligence or law enforcement agencies; compromise 
sensitive information related to law enforcement, including matters 
bearing on national security; interfere with the overall law 
enforcement process by leading to the destruction of evidence, 
improper influencing of witnesses, fabrication of testimony, and/or 
flight of the subject; could identify a confidential source; reveal 
a sensitive investigative or intelligence technique; or constitute a 
potential danger to the health or safety of law enforcement 
personnel, confidential informants, and witnesses. Amendment of 
these records would interfere with ongoing counterterrorism or law 
enforcement investigations and analysis activities and impose an 
impossible administrative burden by requiring investigations, 
analyses, and reports to be continuously reinvestigated and revised.
    (d) From subsection (e)(1) (Relevancy and Necessity of 
Information) because it is not always possible for DHS or other 
agencies to know in advance what information is relevant and 
necessary for it to complete screening of cargo, conveyances, and 
passengers. Information relating to known or suspected criminals or 
terrorists or other persons of interest, is not always collected in 
a manner that permits immediate verification or determination of 
relevancy to a DHS purpose. For example, during the early stages of 
an investigation, it may not be possible to determine the immediate 
relevancy of information that is collected--only upon later 
evaluation or association with further information, obtained 
subsequently, may it be possible to establish particular relevance 
to a law enforcement program. Lastly, this exemption is required 
because DHS and other agencies may not always know what information 
about an encounter with a known or suspected criminal or terrorist 
or other person of interest will be relevant to law enforcement for 
the purpose of conducting an operational response.
    (e) From subsection (e)(2) (Collection of Information from 
Individuals) because application of this provision could present a 
serious impediment to counterterrorism or other law enforcement 
efforts in that it would put the subject of an investigation, study 
or analysis on notice of that fact, thereby permitting the subject 
to engage in conduct designed to frustrate or impede that activity. 
The nature of counterterrorism, and law enforcement investigations 
is such that vital information about an individual frequently can be 
obtained only from other persons who are familiar with such 
individual and his/her activities. In such investigations it is not 
feasible to rely solely upon information furnished by the individual 
concerning his own activities.
    (f) From subsection (e)(3) (Notice to Subjects), to the extent 
that this subsection is interpreted to require DHS to provide notice 
to an individual if DHS or another agency receives or collects 
information about that individual during an investigation or from a 
third party. Should the subsection be so interpreted, exemption from 
this provision is necessary to avoid impeding counterterrorism or 
other law enforcement efforts by putting the subject of an 
investigation, study or analysis on notice of that fact, thereby 
permitting the subject to engage in conduct intended to frustrate or 
impede that activity.
    (g) From subsections (e)(4)(G), (H) and (I) (Agency 
Requirements) because portions of this system are exempt from the 
access and amendment provisions of subsection (d).
    (h) From subsection (e)(5) (Collection of Information) because 
many of the records in this system coming from other systems of 
records are derived from other domestic and foreign agency record 
systems and therefore it is not possible for DHS to vouch for their 
compliance with this provision; however, the DHS has implemented 
internal quality assurance procedures to ensure that data used in 
its screening processes is as complete, accurate, and current as 
possible. In addition, in the collection of information for law 
enforcement and counterterrorism purposes, it is impossible to 
determine in advance what information is accurate, relevant, timely, 
and complete. With the passage of time, seemingly irrelevant or 
untimely information may acquire new significance as further 
investigation brings new details to light. The restrictions imposed 
by (e)(5) would limit the ability of those agencies' trained 
investigators and intelligence analysts to exercise their judgment 
in conducting investigations and impede the development of 
intelligence necessary for effective law enforcement and 
counterterrorism efforts.
    (i) From subsection (e)(8) (Notice on Individuals) because to 
require individual notice of disclosure of information due to 
compulsory legal process would pose an impossible administrative 
burden on DHS and other agencies and could alert the subjects of 
counterterrorism or law enforcement investigations to the fact of 
those investigations when not previously known.
    (j) From subsection (f) (Agency Rules) because portions of this 
system are exempt from the access and amendment provisions of 
subsection (d). Access to, and amendment of, system records that are 
not exempt or for which exemption is waived may be obtained under 
procedures described in the related SORN or Subpart B of this Part.
    (k) From subsection (g) (Civil Remedies) to the extent that the 
system is exempt from other specific subsections of the Privacy Act.

    Dated: January 21, 2010.
Mary Ellen Callahan
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2010-2201 Filed 2-2-10; 8:45 am]
BILLING CODE 9110-06-P