Privacy Act of 1974: Implementation of Exemptions; US-VISIT Technical Reconciliation Analysis Classification System (TRACS), 33928-33931 [E8-13386]

Agencies

• DEPARTMENT OF HOMELAND SECURITY

[Federal Register Volume 73, Number 116 (Monday, June 16, 2008)]
[Proposed Rules]
[Pages 33928-33931]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E8-13386]


========================================================================
Proposed Rules
                                                Federal Register
________________________________________________________________________

This section of the FEDERAL REGISTER contains notices to the public of 
the proposed issuance of rules and regulations. The purpose of these 
notices is to give interested persons an opportunity to participate in 
the rule making prior to the adoption of the final rules.

========================================================================


Federal Register / Vol. 73, No. 116 / Monday, June 16, 2008 / 
Proposed Rules

[[Page 33928]]



DEPARTMENT OF HOMELAND SECURITY

6 CFR Part 5

[Docket No. DHS-2007-0057]


Privacy Act of 1974: Implementation of Exemptions; US-VISIT 
Technical Reconciliation Analysis Classification System (TRACS)

AGENCY: Office of the Secretary, Department of Homeland Security.

ACTION: Notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: The Department of Homeland Security is concurrently 
establishing a new system of records pursuant to the Privacy Act of 
1974 entitled the Technical Reconciliation Analysis Classification 
System (TRACS). This system of records will serve as an information 
management tool and be used to perform a range of information 
management and analytical functions to enhance the integrity of the 
United States' immigration system by detecting, deterring, and pursuing 
immigration fraud, and by identifying persons who pose a threat to 
national security and/or public safety. In this proposed rulemaking, 
the Department proposes to exempt portions of this system of records 
from one or more provisions of the Privacy Act because of criminal, 
civil, and administrative enforcement requirements.

DATES: Comments must be received on or before July 16, 2008.

ADDRESSES: You may submit comments, identified by docket number DHS-
2007-0057, by one of the following methods:
     Federal e-Rulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: 1-866-466-5370.
     Mail: Hugo Teufel III, Chief Privacy Officer, Department 
of Homeland Security, 601 S. 12th Street, Arlington, VA 22202-4220.
    Instructions: All submissions received must include the agency name 
and docket number for this notice. All comments received will be posted 
without change to https://www.regulations.gov, including any personal 
information provided.
    Docket: For access to the docket to read background documents or 
comments received, go to https://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: TRACS System Manager, US-VISIT 
Program, U.S. Department of Homeland Security, Washington, DC 20528 
(202) 298-5200 or by facsimile (202) 298-5201; Hugo Teufel III, Chief 
Privacy Officer, Privacy Office, Department of Homeland Security, 
Washington, DC 20528; telephone 703-235-0780.

SUPPLEMENTARY INFORMATION: 

Background

    In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the 
Department of Homeland Security (DHS), National Protection and Program 
Directorate (NPPD), United States--Visitor and Immigrant Status 
Indicator Technology (US-VISIT) program, is establishing a Privacy Act 
system of records known as Technical Reconciliation Analysis 
Classification System (TRACS). This system of records is an information 
management tool used for management and analysis of US-VISIT records. 
TRACS will help enhance the integrity of the United States immigration 
system by detecting, deterring, and pursuing immigration fraud, and by 
identifying persons who pose a threat to national security and/or 
public safety. TRACS will consist of paper files and electronic 
databases.
    The Secretary of the Department of Homeland Security has delegated 
to NPPD and US-VISIT the responsibility for enhancing the security of 
U.S. citizens and visitors; facilitating safe, efficient, and 
legitimate travel to the U.S.; promoting border security and the 
integrity of the immigration system; safeguarding the privacy of 
visitors to the U.S.
    NPPD and US-VISIT have also been delegated authority for assisting 
in the prevention of immigration identity fraud or theft; and serving 
law enforcement, border officials, and others who make decisions on 
immigration matters, including decisions on immigration benefits and 
status, by identifying aliens seeking permission to enter, entering, 
visiting, residing in, changing status within, or exiting the U.S.
    Finally, NPPD and US-VISIT have been delegated the responsibility 
for providing technical assistance and analytic services to other DHS 
functions and components and other to Federal agencies, as well as to 
State, local, tribal, and foreign governments, including multinational 
and international organizations, to better protect the Nation's 
physical and virtual borders.
    To discharge the above responsibilities, TRACS will be used to: (1) 
Identify individuals who have remained in the United States beyond 
their authorized period of admission (overstays); (2) maintain 
information on why individuals are promoted to or demoted from the 
Automated Biometric Identification System (IDENT) list of subjects of 
interest; (3) provide the means for additional research in regards to 
individuals whose biometrics are collected by DHS, and subsequently 
matched to the list of subjects of interest during a routine IDENT 
query. A query of this nature would take place following a background 
check or security screening relating to the individual's hiring or 
retention, performance of a job function, or the issuance of a license 
or credential, allowing them access to secured facilities to perform 
mission and non-mission related work. Examples of this include 
credentialing of Federal, non-Federal, and contractor employees who 
work within the secured areas of our nation's airports; (4) to further 
analyze information about individuals who may be identified as a 
subject of interest following a routine query against IDENT while 
applying for visas or other benefits on behalf of domestic partners, 
such as the U.S. Department of State or foreign partners, as is the 
case with the United Kingdom Border Agency's (UKBA) International Group 
Visa Services program, which supports the DHS mission; and (5) to 
provide information in response to queries from law enforcement and 
intelligence agencies charged with national security, law enforcement, 
immigration, or other DHS mission-related functions.
    Specifically, TRACS will be used for the analysis of overstays, for 
changes to the IDENT subject of interest lists, law enforcement and 
intelligence research, and to assist in developing and fostering 
foreign partnerships that enhance the

[[Page 33929]]

goals and mission of US-VISIT, such as the work being done in 
association with the UKBA's International Group Visa Services project.
    To identify possible overstays, US-VISIT reviews and analyzes 
information in the Arrival and Departure Information System (ADIS), a 
US-VISIT system used for the storage and use of biographic, biometric 
indicator, and encounter data on aliens who have applied for entry, 
entered, or departed the United States. ADIS consolidates information 
from various systems in order to provide a repository of data held by 
DHS for pre-entry, entry, status management, and exit tracking of 
immigrants and non-immigrants. Its primary use is to facilitate the 
investigation of subjects of interest who may have violated their 
immigration status by remaining in the United States beyond their 
authorized stay. To assist in the resolution of overstays, information 
related to them may be copied to TRACS for review and further analysis 
against other US-VISIT programs and systems to better determine their 
status.
    Regarding changes to the IDENT Subject of Interest List, in order 
to maintain the integrity of the immigration and customs programs, DHS 
maintains records within IDENT to identify individuals who may present 
a terrorist threat to the United States as well as those individuals 
who may not be allowed to enter the country because of past violations 
of immigration or customs law. An individual is either promoted to or 
demoted from the list of subjects of interest within IDENT. As IDENT is 
not a case management system, it merely records the change, not the 
justification for the change. TRACS will have the ability to serve as a 
case management system and not only use the information regarding the 
changes to the list of subjects of interest that is recorded in IDENT 
but also to record and store the actual justification for any change. 
The user will also have the ability to enter data in pre-determined 
selectable categories or manually by either free text or by cutting and 
pasting information retrieved from other systems and placing it into a 
workspace in TRACS so that analysis can be performed.
    For assistance in background checks and security clearance 
processes for employment at DHS or receipt of a DHS license or 
credential, applicants may have their information searched against ADIS 
or IDENT records. Clearance, employment eligibility, or other license 
or credential applications that have a match against ADIS or IDENT may 
require additional research regarding the applicant. Such information 
would be maintained and tracked in TRACS.
    Regarding analyzing information on behalf of domestic or foreign 
partners, US-VISIT will assist its partners in analyzing information 
held by US-VISIT where such analysis supports the DHS mission. For 
example, for the UKBA visa services project, US-VISIT will receive 
biometric information from the UK for UK visa applicants and query 
their biometric information against the IDENT list of subjects of 
interest. US-VISIT will then provide the results from the query back to 
the UK for purposes of visa adjudication.
    Regarding law enforcement and intelligence research, US-VISIT may 
also receive requests from law enforcement agencies, such as 
Immigration and Customs Enforcement (ICE), Customs and Border 
Protection (CBP), and the Federal Bureau of Investigation (FBI), as 
well as from other intelligence agencies, to provide further 
information regarding the immigration status for individuals of 
interest to those organizations. US-VISIT tracks these requests and the 
responses in TRACS.
    Information in TRACS comes primarily from ADIS and IDENT. TRACS may 
also contain information from other DHS component programs or systems, 
or publicly available source systems that are manually queried while 
researching a particular case. Data researched or identified through 
publicly available source systems, such as the internet, will be 
identified and referenced in the individual's record in TRACS. If it 
becomes routine for a specific public source system(s) to be used on a 
regular basis, the PIA will be updated to reflect this system(s) as a 
common source of information and data. For research conducted, based on 
an external request, information may also be provided from the 
requesting entity, as described in the system of records notice.
    The data contained in TRACS is primarily from the US-VISIT systems 
Arrival and Departure Information System (ADIS) (72 FR 47057, Arrival 
and Departure Information System (ADIS), System of Records Notice, 
August 22, 2007); the Automated Biometric Identification System (IDENT) 
(72 FR 31080, Automated Biometric Identification System (IDENT), System 
of Records Notice, June 5, 2007); and a Customs and Border Protection 
(CBP) system called the Treasury Enforcement Communications System 
(TECS) (66 FR 53029, Treasury Enforcement Communication System (TECS), 
System of Records Notice, October 18, 2001). TRACS also receives data 
from a Department of State (DOS) system called the Consolidated 
Consular Database (CCD); the Student and Exchange Visitor Information 
System (SEVIS) (70 FR 14477, Student and Exchange Visitor Information 
System (SEVIS), System of Records Notice, March 22, 2005); the Central 
Index System (CIS) (72 FR 1755, Central Index System (CIS), System of 
Records Notice, January 16, 2007); the Computer-linked Application 
Information Management System (CLAIMS 3 and 4) (64 FR 18052, Computer 
Linked Application Information Management System (CLAIMS 3 and 4), 
System of Records Notice, April 13, 1999); the Refugees, Asylum & 
Parole System (RAPS); the Deportable Alien Control System (DACS) (67 FR 
64136, Deportable Alien Control System (DACS), System of Records 
Notice, October 17, 2002); and the Enforcement Case Tracking System 
(ENFORCE). TRACS also contains data from web searches for addresses and 
phone numbers.
    The Privacy Act allows Government agencies to exempt certain 
records from the access and amendment provisions. If an agency claims 
an exemption, however, it must issue a Notice of Proposed Rulemaking to 
make clear to the public the reasons why a particular exemption is 
claimed an issue a Final Rule.
    In this notice of proposed rulemaking, DHS is now proposing to 
exempt TRACS, in part, from certain provisions of the Privacy Act. Some 
information in TRACS relates to official DHS national security, law 
enforcement, immigration, intelligence, and preparedness and critical 
infrastructure protection activities. These exemptions are needed to 
protect information relating to DHS activities from disclosure to 
subjects or others related to these activities. Specifically, the 
exemptions are required to preclude subjects of these activities from 
frustrating these processes; to avoid disclosure of activity 
techniques; to protect the identities and physical safety of 
confidential informants and of immigration and border management and 
law enforcement personnel; to ensure DHS's ability to obtain 
information from third parties and other sources; to protect the 
privacy of third parties; and to safeguard classified information. 
Disclosure of information to the subject of the inquiry could also 
permit the subject to avoid detection or apprehension.
    An individual who is the subject of a record in this system may 
access or correction of those records that are not exempt from 
disclosure. A determination whether a record may be accessed will be 
made at the time a request is received. DHS will review

[[Page 33930]]

and comply appropriately with information requests on a case by case 
basis. An individual desiring copies of records maintained in this 
system should direct his or her request to the FOIA Officer (https://
WWW.DHS.GOV/FOIA, under ``contacts''. See also the system of records 
notice also in today's Federal Register). Requests for correction of 
records in this system may be made through the Traveler Redress Inquiry 
Program (TRIP) at https://www.dhs.gov/trip or via mail, facsimile or e-
mail in accordance with instructions available at https://www.dhs.gov/
trip.
    The exemptions proposed here are standard law enforcement and 
national security exemptions exercised by a large number of Federal law 
enforcement and intelligence agencies. In appropriate circumstances, 
where compliance would not appear to interfere with or adversely affect 
the law enforcement purposes of this system and the overall law 
enforcement process, the applicable exemptions may be waived.

Regulatory Requirements

A. Regulatory Impact Analyses

    Changes to Federal regulations must undergo several analyses. In 
conducting these analyses, DHS has determined:
1. Executive Order 12866 Assessment
    This rule is not a significant regulatory action under Executive 
Order 12866, ``Regulatory Planning and Review'' (as amended). 
Accordingly, this rule has not been reviewed by the Office of 
Management and Budget (OMB). Nevertheless, DHS has reviewed this 
rulemaking, and concluded that there will not be any significant 
economic impact.
2. Regulatory Flexibility Act Assessment
    Pursuant to section 605 of the Regulatory Flexibility Act (RFA), 5 
U.S.C. 605(b), as amended by the Small Business Regulatory Enforcement 
and Fairness Act of 1996 (SBREFA), DHS certifies that this rule will 
not have a significant impact on a substantial number of small 
entities. The rule would impose no duties or obligations on small 
entities. Further, the exemptions to the Privacy Act apply to 
individuals, and individuals are not covered entities under the RFA.
3. International Trade Impact Assessment
    This rulemaking will not constitute a barrier to international 
trade. The exemptions relate to criminal investigations and agency 
documentation and, therefore, do not create any new costs or barriers 
to trade.
4. Unfunded Mandates Assessment
    Title II of the Unfunded Mandates Reform Act of 1995 (UMRA), (Pub. 
L. 104-4, 109 Stat. 48), requires Federal agencies to assess the 
effects of certain regulatory actions on State, local, and tribal 
governments, and the private sector. This rulemaking will not impose an 
unfunded mandate on State, local, or tribal governments, or on the 
private sector.

B. Paperwork Reduction Act

    The Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3501 et seq.) 
requires that DHS consider the impact of paperwork and other 
information collection burdens imposed on the public and, under the 
provisions of PRA section 3507(d), obtain approval from the Office of 
Management and Budget (OMB) for each collection of information it 
conducts, sponsors, or requires through regulations. DHS has determined 
that there are no current or new information collection requirements 
associated with this rule.

C. Executive Order 13132, Federalism

    This action will not have a substantial direct effect on the 
States, on the relationship between the national Government and the 
States, or on the distribution of power and responsibilities among the 
various levels of government, and therefore will not have federalism 
implications.

D. Environmental Analysis

    DHS has reviewed this action for purposes of the National 
Environmental Policy Act of 1969 (NEPA) (42 U.S.C. 4321-4347) and has 
determined that this action will not have a significant effect on the 
human environment.

E. Energy Impact

    The energy impact of this action has been assessed in accordance 
with the Energy Policy and Conservation Act (EPCA) Public Law 94-163, 
as amended (42 U.S.C. 6362). This rulemaking is not a major regulatory 
action under the provisions of the EPCA.

List of Subjects in 6 CFR Part 5

    Privacy; Freedom of information.

    For the reasons stated in the preamble, DHS proposes to amend 
Chapter I of Title 6, Code of Federal Regulations, as follows:

PART 5--DISCLOSURE OF RECORDS AND INFORMATION

    1. The authority citation for part 5 continues to read as follows:

    Authority: Pub. L. 107-296, 116 Stat. 2135, 6 U.S.C. 101 et 
seq.; 5 U.S.C. 301. Subpart A also issued under 5 U.S.C. 552. 
Subpart B also issued under 5 U.S.C. 552a.

    2. At the end of appendix C to part 5, Exemption of Record Systems 
Under the Privacy Act, add the following new section 6 to read as 
follows:

Appendix C to Part 5--DHS Systems of Records Exempt From the Privacy 
Act

* * * * *
    6. The Department of Homeland Security Technical Reconciliation 
Analysis Classification System (TRACS) consists of a stand alone 
database and paper files that will be used by DHS and its 
components. This system of records will be used to perform a range 
of information management and analytic functions involving 
collecting, verifying, and resolution tracking of data primarily on 
individuals who are not United States citizens or legal permanent 
residents (LPRs). However, it will contain data on: (1) U.S. 
citizens or LPRs who have a connection to the DHS mission (e.g., 
individuals who have submitted a visa application to the UK, or have 
made requests for a license or credential as part of a background 
check or security screening in connection with their hiring or 
retention, performance of a job function or the issuance a license 
or credential for employment at DHS); (2) U.S. citizens and LPRs who 
have an incidental connection to the DHS mission (e.g., individuals 
living at the same address as individuals who have remained in this 
country beyond their authorized stays); and (3) individuals who 
have, over time, changed their status and became U.S. citizens or 
LPRs. TRACS is managed and maintained by the United States Visitor 
and Immigrant Status Indicator Technology (US-VISIT) Program. The 
data contained in TRACS is primarily derived from the Arrival and 
Departure Information System (ADIS) (72 FR 47057, Arrival and 
Departure Information System (ADIS), System of Records Notice, 
August 22, 2007); the Automated Biometric Identification System 
(IDENT) (72 FR 31080, Automated Biometric Identification System 
(IDENT), System of Records Notice, June 5, 2007); and a Customs and 
Border Protection (CBP) system called the Treasury Enforcement 
Communications System (TECS) (66 FR 53029, Treasury Enforcement 
Communication System (TECS), System of Records Notice, October 18, 
2001). TRACS also receives data from a Department of State (DOS) 
system called the Consolidated Consular Database (CCD); the Student 
and Exchange Visitor Information System (SEVIS) (70 FR 14477, 
Student and Exchange Visitor Information System (SEVIS), System of 
Records Notice, March 22, 2005); the Central Index System (CIS) (72 
FR 1755, Central Index System (CIS), System of Records Notice, 
January 16, 2007); the Computer-linked Application Information 
Management System (CLAIMS 3 and 4) (64 FR 18052, Computer Linked 
Application Information Management System (CLAIMS 3 and 4), System 
of Records Notice, April 13, 1999); the Refugees, Asylum & Parole 
System (RAPS); the Deportable Alien Control System (DACS) (67 FR 
64136, Deportable Alien Control System (DACS), System of Records

[[Page 33931]]

Notice, October 17, 2002); and the Enforcement Case Tracking System 
(ENFORCE). TRACS also contains data from web searches for addresses 
and phone numbers. This data is collected by, on behalf of, in 
support of, or in cooperation with DHS and its components. The 
Secretary of Homeland Security has exempted this system from 5 
U.S.C. 552a(c)(3) and (4); (d); (e)(1), (e)(2), (e)(3), (e)(4)(G), 
(e)(4)(H), (e)(4)(I), (e)(5) and (e)(8); (f); and (g) pursuant to 5 
U.S.C. 552a(j)(2). In addition, the Secretary of Homeland Security 
has exempted this system from 5 U.S.C. 552a(c)(3); (d); (e)(1), 
(e)(4)(G), (e)(4)(H), (e)(4)(I), and (f) pursuant to 5 U.S.C. 
552a(k)(1), (k)(2), and (k)(5). These exemptions apply only to the 
extent that records in the system are subject to exemption pursuant 
to 5 U.S.C. 552a (j)(2), (k)(1), (k)(2), and (k)(5). Exemptions from 
these particular subsections are justified, on a case-by-case basis 
to be determined at the time a request is made, for the following 
reasons:
    (a) From subsection (c)(3) and (4) (Accounting for Disclosures) 
because release of the accounting of disclosures could alert the 
subject of an investigation of an actual or potential criminal, 
civil, or regulatory violation to the existence of the 
investigation; and reveal investigative interest on the part of DHS 
as well as the recipient agency. Disclosure of the accounting would 
therefore present a serious impediment to law enforcement efforts 
and/or efforts to preserve national security. Disclosure of the 
accounting would also permit the individual who is the subject of a 
record to impede the investigation, to tamper with witnesses or 
evidence, and to avoid detection or apprehension, which would 
undermine the entire investigative process.
    (b) From subsection (d) (Access to Records) because access to 
the records contained in this system of records could inform the 
subject of an investigation of an actual or potential criminal, 
civil, or regulatory violation, to the existence of the 
investigation, and reveal investigative interest on the part of DHS 
or another agency. Access to the records could permit the individual 
who is the subject of a record to impede the investigation, to 
tamper with witnesses or evidence, and to avoid detection or 
apprehension. Amendment of the records could interfere with ongoing 
investigations and law enforcement activities and would impose an 
impossible administrative burden by requiring investigations to be 
continuously reinvestigated. In addition, permitting access and 
amendment to such information could disclose security-sensitive 
information that could be detrimental to homeland security.
    (c) From subsection (e)(1) (Relevancy and Necessity of 
Information) because in the course of investigations into potential 
violations of Federal law, the accuracy of information obtained or 
introduced occasionally may be unclear or the information may not be 
strictly relevant or necessary to a specific investigation. In the 
interests of effective law enforcement, it is appropriate to retain 
all information that may aid in establishing patterns of unlawful 
activity.
    (d) From subsection (e)(2) (Collection of Information from 
Individuals) because requiring that information be collected from 
the subject of an investigation would alert the subject to the 
nature or existence of an investigation, thereby interfering with 
the related investigation and law enforcement activities.
    (e) From subsection (e)(3) (Notice to Subjects) because 
providing such detailed information would impede law enforcement in 
that it could compromise the existence of a confidential 
investigation or reveal the identity of witnesses or confidential 
informants.
    (f) From subsections (e)(4)(G) and (e)(4)(H) (Agency 
Requirements) because portions of this system are exempt from the 
individual access provisions of subsection (d) which exempts 
providing access because it could alert a subject to the nature or 
existence of an investigation, and thus there could be no procedures 
for that particular data. Procedures do exist for access for those 
portions of the system that are not exempted.
    (g) From subsection (e)(4)(I) (Agency Requirements) because 
providing such source information would impede law enforcement or 
intelligence by compromising the nature or existence of a 
confidential investigation.
    (h) From subsection (e)(5) (Collection of Information) because 
in the collection of information for law enforcement purposes it is 
impossible to determine in advance what information is accurate, 
relevant, timely, and complete. Compliance with (e)(5) would 
preclude DHS agents from using their investigative training and 
exercise of good judgment to both conduct and report on 
investigations.
    (i) From subsection (e)(8) (Notice on Individuals) because 
compliance would interfere with DHS' ability to obtain, serve, and 
issue subpoenas, warrants, and other law enforcement mechanisms that 
may be filed under seal, and could result in disclosure of 
investigative techniques, procedures, and evidence.
    (j) From subsection (f) (Agency Rules) because portions of this 
system are exempt from the access and amendment provisions of 
subsection (d).
    (k) From subsection (g) to the extent that the system is exempt 
from other specific subsections of the Privacy Act.

Hugo Teufel III,
Chief Privacy Officer, Department of Homeland Security.

[FR Doc. E8-13386 Filed 6-13-08; 8:45 am]
BILLING CODE 4410-10-P