Criminal Intelligence Systems Operating Policies, 44673-44677 [E8-17519]

Download as PDF Federal Register / Vol. 73, No. 148 / Thursday, July 31, 2008 / Proposed Rules reactors, we continue to support the view that issues of relevance to both current plant operation and operation during the license renewal period must be addressed as they arise within the present license term rather than at the time of renewal. Emergency planning is such an issue. Through its standards and required exercises, the Commission ensures that existing emergency plans are adequate throughout the life of any plant, even in the face of changing demographics and other site-related factors. The emergency preparedness regulations in 10 CFR part 50 require licensees to test the adequacy of their preparedness and ability to respond to emergency situations through the performance of a full-scale exercise at least once every two years. These drills and independent evaluations provide a process to ensure continued adequacy of emergency preparedness in light of changes in site characteristics. Consequently, consistent with the Commission’s policy to confine the review of issues during license renewal to those uniquely relevant to protecting the public health and safety and common defense and security during the renewal period, we find no lost opportunity here and see no necessity for a review of emergency planning as part of the license renewal process. Dated at Rockville, Maryland, this 25th day of July 2008. For the Nuclear Regulatory Commission. Annette L. Vietti-Cook, Secretary of the Commission. [FR Doc. E8–17544 Filed 7–30–08; 8:45 am] BILLING CODE 7590–01–P DEPARTMENT OF JUSTICE Office of Justice Programs 28 CFR Part 23 [Docket No. OJP 1473] RIN 1121–AA59 Criminal Intelligence Systems Operating Policies Office of Justice Programs, Justice. ACTION: Proposed rule. yshivers on PROD1PC62 with PROPOSALS AGENCY: SUMMARY: The Office of Justice Programs is publishing this proposed rule to amend its regulations that govern the operating policies of criminal intelligence systems that receive federal funding under the Omnibus Crime Control and Safe Streets Act of 1968, as amended (‘‘Crime Control Act’’). The regulations were issued pursuant to 42 U.S.C. 3789(g), which requires that ‘‘criminal intelligence systems’’ receiving Crime Control Act support must collect, maintain, and disseminate criminal intelligence information ‘‘in conformance with policy standards VerDate Aug<31>2005 15:08 Jul 30, 2008 Jkt 214001 which are prescribed by the Office of Justice Programs.’’ The statute specifies that the policy standards must be written to assure that the funding and operation of the systems further the purpose of the funding provisions and assure that such systems ‘‘are not utilized in violation of the privacy and constitutional rights of individuals.’’ The existing regulations were last revised in 1993 and the purpose of the revisions proposed in this document is to clarify and update the regulations in light of the new, post-9/11 information sharing environment and investigative policies aimed at preventing terrorism. DATES: Written comments must be submitted on or before September 2, 2008. ADDRESSES: Comments may be mailed to Michael Dever, Bureau of Justice Assistance, 810 7th Street, NW., Washington, DC 20531. To ensure proper handling, please reference OJP Docket No. 1473 in your correspondence. You may submit comments electronically or view an electronic version of this proposed rule at http://www.regulations.gov. FOR FURTHER INFORMATION CONTACT: Michael Dever, Bureau of Justice Assistance, 810 7th Street, NW., Washington, DC 20531. Telephone: (202) 616–6500. SUPPLEMENTARY INFORMATION: Posting of Public Comments Please note that all comments received are considered part of the public record and made available for public inspection online at http:// www.regulations.gov. Such information includes personal identifying information (such as name and address) voluntarily submitted by the commenter. If you wish to submit personal identifying information (such as your name, address, etc.) as part of your comment, but do not wish for it to be posted online, you must include the phrase ‘‘PERSONAL IDENTIFYING INFORMATION’’ in the first paragraph of your comment. You also must locate all the personal identifying information you do not wish to be posted online in the first paragraph of your comment and identify what information you would like redacted. If you wish to submit confidential business information as part of your comment but do not wish for it to be posted online, you must include the phrase ‘‘CONFIDENTIAL BUSINESS INFORMATION’’ in the first paragraph of your comment. You also must prominently identify confidential business information to be redacted PO 00000 Frm 00003 Fmt 4702 Sfmt 4702 44673 within the comment. If a comment has so much confidential business information that it cannot be effectively redacted, all or part of that comment may not be posted on http:// www.regulations.gov. Personal identifying information and confidential business information identified and located as set forth above will be placed in the agency’s public docket file, but not posted online. If you wish to inspect the agency’s public docket file in person by appointment, please see the FOR FURTHER INFORMATION CONTACT paragraph. Discussion The proposed rule would revise the Office of Justice Program (OJP) regulations in 28 CFR part 23 that set forth policy guidelines for Crime Control Act-funded state criminal intelligence information systems. The part 23 regulations were issued pursuant to a requirement in 42 U.S.C. 3789(g) that ‘‘criminal intelligence systems’’ receiving Crime Control Act support must collect, maintain, and disseminate criminal intelligence information ‘‘in conformance with policy standards which are prescribed by the Office of Justice Programs.’’ The statute specifies that the policy standards must be written to assure that the funding and operation of the systems further the purpose of the funding provisions and assure that such systems ‘‘are not utilized in violation of the privacy and constitutional rights of individuals.’’ The existing part 23 regulations were last revised in 1993 and the purpose of the revisions proposed in this notice is to clarify and update the regulations in light of the new, post-9/11 informationsharing environment and investigative policies aimed at preventing terrorism. Multiple initiatives are being pursued at the federal, state, and local levels to promote and strengthen information sharing among responsible government agencies that can promote risk identification and protective action, including, for example, the creation of state, local, and regional fusion centers across the country and information sharing initiatives involving Joint Terrorism Task Forces. The intent of these proposed revisions to part 23 is to ensure that the standards for sharing criminal intelligence information subject to the regulation be uniform and clear and not create unreasonable impediments to information sharing, whether real or perceived, while at the same time continuing to ensure that the systems not be used in violation of the privacy and constitutional rights of individuals. E:\FR\FM\31JYP1.SGM 31JYP1 44674 Federal Register / Vol. 73, No. 148 / Thursday, July 31, 2008 / Proposed Rules Section 23.1 Section 23.1 contains a parenthetical list of statutory amendments to the Crime Control Act that is out of date. It is proposed that this section be revised to strike this parenthetical. Section 23.2 Section 23.2 describes the background for the part 23 criminal intelligence operating policies. It recognizes that certain criminal activities often involve some degree of regular coordination and permanent organization involving a large number of participants over a broad geographical area. The examples currently cited of such ongoing networks of criminal activities do not include a reference to terrorism or the material support of terrorism. To clarify that the detection, exposure, investigation, and prevention of terrorist activity and conduct is an important part of the role played by criminal intelligence systems, it is proposed that ‘‘domestic and international terrorism, including the material support thereof,’’ be added to the examples of criminal activities about which it is important to gather, maintain, and share criminal intelligence information. yshivers on PROD1PC62 with PROPOSALS Section 23.3 It is proposed to remove the outdated parenthetical statutory references and to make some non-substantive grammatical/syntactical changes in this section. Section 23.20 Paragraph (a) of section 23.20 currently states the basic operating principle that a project shall collect and maintain criminal intelligence information concerning ‘‘an individual’’ only if there is reasonable suspicion that the individual is involved in criminal conduct or activity and the information is relevant to that conduct or activity. Because criminal conduct or activities can be engaged in by organizations as well as individuals, it is proposed that this section be amended to clarify that criminal intelligence information can be collected and maintained about organizations, as well as individuals. This clarification is consistent with section 23.3(b)(3)(i), which defines the term ‘‘criminal intelligence information’’ as meaning data that has been evaluated to determine that it ‘‘is relevant to the identification of criminal activity engaged in by an individual who or organization which is reasonably suspected of involvement in criminal activity.’’ (Emphasis added.) It should be noted that the inclusion of the term ‘‘organization’’ in section 23.20(a) does not affect the prohibition in section VerDate Aug<31>2005 15:08 Jul 30, 2008 Jkt 214001 23.20(b) of the ‘‘[collection] or [maintenance of] criminal intelligence information about the political, religious or social views, associations, or activities of any individual or any group, association, corporation, business, partnership, or other organization. * * *’’ Paragraph (e) is proposed to be revised to define more clearly the circumstances under which criminal intelligence information subject to the regulations may be shared. The existing language provides that such information shall only be disseminated ‘‘where there is a need to know and a right to know the information in the performance of a law enforcement activity.’’ The terms ‘‘need to know’’ or ‘‘right to know’’ are not defined in the regulation. Instead, section 23.20(g) requires that ‘‘[e]ach project must establish written definitions for the need to know and right to know standards for dissemination to other agencies as provided in paragraph (e) of this section.’’ While some agencies may broadly interpret these terms to allow efficient sharing of criminal intelligence information with all authorized officials or entities, other agencies may construe this language more restrictively. There is no uniform definition of the information sharing standard. In addition, there is no reference in this provision to disseminating criminal intelligence information for preventative law enforcement, homeland security, or counterterrorism purposes. The terrorist attacks of September 11, 2001, have made it clear that the sharing of intelligence information should be maximized, to the extent consistent with applicable law and protection for privacy and civil liberties, among federal, state, and local agencies responsible for law enforcement, preventing terrorism, and securing our homeland. Reducing real or perceived barriers to the sharing of investigative and intelligence information that could aid in law enforcement or in the prevention of crime or terrorism is now a well-recognized priority of federal, state, and local agencies. Therefore, to provide clearer guidance on the circumstances under which criminal intelligence information may be shared, a revision to paragraph (e) is proposed that would establish a uniform standard of permissible purposes for the dissemination of criminal intelligence information, authorizing dissemination when the information falls within the law enforcement, counterterrorism, or national security responsibility of the receiving agency or may assist in preventing crime or the use of violence PO 00000 Frm 00004 Fmt 4702 Sfmt 4702 or any conduct dangerous to human life or property. The proposed revision also would clarify the authorities to whom information may be disseminated, including agencies with law enforcement, homeland security, or counterterrorism missions. The proposed revision also would provide that criminal intelligence information may be disseminated to officials of the Office of Justice Programs when such officials are monitoring or auditing compliance by a project with the operating principles and funding guidelines under Part 23. Paragraph (f)(1) currently limits dissemination of criminal intelligence information only to ‘‘law enforcement authorities’’ that ‘‘agree to follow procedures regarding information receipt, maintenance, security, and dissemination which are consistent with’’ part 23 principles. Consistent with the change in the dissemination rule in section 23.20(e), this section is proposed to be amended to clarify that the authorities to which information may be disseminated would include agencies qualified to receive the information under paragraph (e). In addition, it is proposed that paragraph (f)(1) be further amended to provide that the receiving agencies have information procedures in place that are consistent with part 23’s operating principles, rather than that they ‘‘agree to follow’’ such procedures. This retains the requirement that receiving agencies implement part 23 principles, while removing the potential barrier to information sharing that requiring an ‘‘agreement’’ for each sharing arrangement might entail. It is important to note that a new proposed provision— section 23.30, paragraph (f)—will require projects to have in place, or establish within timeframes specified by OJP’s Bureau of Justice Assistance (BJA), a written privacy policy specifying the operational steps being followed to comply with section 23.20 principles. Paragraph (f)(2) creates an exception to the requirement in paragraph (f)(1) allowing the dissemination of ‘‘an assessment of criminal intelligence information to a government official or any other individual, when necessary to avoid imminent danger to life or property.’’ The term ‘‘imminent’’ is not defined. Because the provision already requires a determination that the sharing of the information assessment is ‘‘necessary’’ to avoid danger to life or property, it is proposed that the term ‘‘imminent’’ be deleted. Changes are proposed to paragraph (g) to conform to the proposed change in paragraph (e) that substitutes a national standard of dissemination for the E:\FR\FM\31JYP1.SGM 31JYP1 yshivers on PROD1PC62 with PROPOSALS Federal Register / Vol. 73, No. 148 / Thursday, July 31, 2008 / Proposed Rules existing, locally-defined ‘‘need to know and right to know’’ dissemination standard. The proposed changes do not substantively alter the longstanding requirement that criminal intelligence systems record certain information regarding the dissemination of criminal intelligence information. Taking this into account, OJP has determined that there is no need for a new Information Collection Review or burden calculation for this recordkeeping requirement in this notice of proposed rulemaking. Paragraph (h) provides rules for projects to assure the continuing relevance and importance of criminal intelligence information and requires projects to have procedures for the periodic review of information and destruction of any information that is misleading, obsolete, or otherwise unreliable. The regulation limits the retention period to a maximum of five years without a review and validation of the information. When information has been reviewed or updated and a determination has been made that it continues to meet system submission criteria, the information has been ‘‘validated’’ and a new retention period begins. The five-year retention period was established before the events of 9/ 11 and the advent of the current terrorist threat environment. This relativelyshort retention period may not be long enough to cover terrorist planning cycles and/or the need for historical data for terrorism threat assessment. New technologies for data storage and analysis make possible the extended retention and potential usefulness of this information for purposes of such threat assessments. In addition, information about subjects of criminal intelligence incarcerated during the five-year retention period may be unavailable to a jurisdiction upon the subject’s release from prison. For these reasons, it is proposed that the retention period be changed to 10 years and that an exception be made to allow the tolling of the retention period during a subject’s incarceration so that the intelligence file can be available to law enforcement upon the subject’s release from prison. Finally, paragraph (i)(1) currently prohibits making remote terminal access to intelligence information available to system participants except as specifically approved by OJP upon a determination that the system has adequate policies and procedures in place to insure that such access is available only to authorized users. System managers have informed the Department that this provision’s requirement of pre-approval by OJP is outdated, given the modern access VerDate Aug<31>2005 15:08 Jul 30, 2008 Jkt 214001 controls that routinely provide appropriate security for remote access arrangements. It is therefore proposed that this provision be revised to remove the requirement that OJP approve a system’s security policy and procedures before remote-access may be implemented. Although this would remove the requirement of OJP approval, OJP expects to continue to provide projects with training and technical assistance regarding information privacy and security practices and polices, including those prescribed through the Department of Justice’s Global Justice Information Sharing Initiative or successor entity. Finally, a few non-substantive grammatical/syntactical changes are proposed variously throughout the section. Section 23.30 Section 23.30 specifies funding guidelines that require, among other things, that intelligence systems agree to adhere to the principles set forth in section 23.20, have an agency head or official with general policy-making authority certify in writing that he takes responsibility and will be accountable for the information in the system and the system’s compliance with the section 23.20 principles. In the case of interjurisdictional systems, section 23.30(d)(2) requires (1) that section 23.20 principles be made part of the system’s by-laws or operating policies and (2) that agencies participating in the interjurisdictional system, as a condition of participation, ‘‘accept in writing’’ section 23.20 principles relating to the submission, maintenance, and dissemination of information. In light of advancements in technology since the rule was first published, it is proposed that the latter requirement be modified to provide that participating agencies, as a condition of ‘‘access’’ thereunder, ‘‘affirmatively accept’’ those principles. This change is proposed to account for new technology that provides methods other than writing for an individual to express acceptance of conditions of access, such as when computer users click on an ‘‘accept’’ button for an end-user’s licensing agreement. Also, changing the affirmative acceptance requirement as a condition of ‘‘access’’ (as opposed to a condition of ‘‘participation’’) means that the user will be required to express his acceptance of section 23.20 principles each time access is sought, and not merely just once at the outset of an agency’s participation in the interjurisdictional system. It is also proposed that a reference to counterterrorism be added in paragraph PO 00000 Frm 00005 Fmt 4702 Sfmt 4702 44675 (a) regarding the purposes for which criminal intelligence information may be collected and exchanged. In addition (aside from some nonsubstantive grammatical/syntactical proposed changes), it is proposed that another requirement be added to section 23.30, in a new paragraph (f), requiring systems to have in place, or establish within timeframes specified in grantmaking or other guidance by BJA, a written privacy policy that details the specific operational steps being followed to comply the section 23.20 privacy and civil liberty safeguards. It is expected that such a requirement would be imposed within BJA-specified timeframes that allow projects adequate time and support to develop such written policies. It is also contemplated that such written policies would be consistent with existing privacy guidance for justice information systems, including the Global Justice Information Sharing Initiative’s privacy recommendations, DOJ privacy guidance, and other relevant privacy guidelines such as the privacy guidance for the information sharing environment. Regulatory Flexibility Act The Attorney General, in accordance with the Regulatory Flexibility Act (5 U.S.C. 605(b)), has reviewed this proposed rule and by approving it certifies that it would not have a significant economic impact on a substantial number of small entities for the following reasons: The proposed clarifying changes in the regulations governing operating policies for federally-funded criminal intelligence systems do not involve changes that would impose significant costs on the state and local projects that manage these systems. Executive Order 12866 This proposed rule has been drafted and reviewed in accordance with Executive Order 12866, ‘‘Regulatory Planning and Review,’’ section 1(b), Principles of Regulation. The Department of Justice has determined that this proposed rule is a ‘‘significant regulatory action’’ under Executive Order 12866, section 3(f), and accordingly it has been reviewed by the Office of Management and Budget. Executive Order 13132 This proposed rule would not have substantial direct effects on the States, on the relationship between the national government and the States, or on the distribution of power and responsibilities among the various levels of government. Therefore, in E:\FR\FM\31JYP1.SGM 31JYP1 44676 Federal Register / Vol. 73, No. 148 / Thursday, July 31, 2008 / Proposed Rules accordance with Executive Order 13132, it is determined that this rule does not have sufficient federalism implications to warrant the preparation of a Federalism Assessment. Executive Order 12988—Civil Justice Reform This proposed rule meets the applicable standards set forth in sections 3(a) and 3(b)(2) of Executive Order 12988. Unfunded Mandates Reform Act of 1995 This proposed rule would not result in the expenditure by State, local and tribal governments, in the aggregate, or by the private sector, of $100 million or more in any one year, and it would not significantly or uniquely affect small governments. Therefore, no actions were deemed necessary under the provisions of the Unfunded Mandates Reform Act of 1995. Small Business Regulatory Enforcement Fairness Act of 1996 This proposed rule is not a major rule as defined by section 251 of the Small Business Regulatory Enforcement Fairness Act of 1996. 5 U.S.C. 804. This proposed rule would not result in an annual effect on the economy of $100 million or more; a major increase in costs or prices; or significant adverse effects on competition, employment, investment, productivity, or innovation, or on the ability of United States-based companies to compete with foreignbased companies in domestic and export markets. List of Subjects in 28 CFR Part 23 Crime, Information, Law enforcement, Recordkeeping. For the reasons stated in the preamble, the Office of Justice Programs proposes to amend 28 CFR Chapter I part 23 as follows: PART 23—CRIMINAL INTELLIGENCE SYSTEMS OPERATING POLICIES 1. The authority citation for part 23 continues to read as follows: Authority: 42 U.S.C. 3782(a); 42 U.S.C. 3789g(c). 2. Section 23.1 is revised to read as follows: yshivers on PROD1PC62 with PROPOSALS § 23.1 Purpose. The purpose of this regulation is to assure that all criminal intelligence systems operating through support under the Omnibus Crime Control and Safe Streets Act of 1968, Public Law 90– 351, codified as amended at 42 U.S.C. 3711, et seq., (‘‘Crime Control Act’’) are VerDate Aug<31>2005 15:08 Jul 30, 2008 Jkt 214001 utilized in conformance with the privacy and constitutional rights of individuals and organizations. § 23.2 [Amended] 3. The first sentence of Section 23.2 is amended by removing ‘‘and’’ after ‘‘bribery,’’ and adding ‘‘and domestic and international terrorism (including the material support thereof)’’ after ‘‘corruption of public officials’’. 4. Section 23.3 is revised to read as follows: § 23.3 Applicability. (a) The provisions of this part are applicable to all criminal intelligence systems described in section 23.1. (b) As used in this part: (1) Criminal Intelligence System or Intelligence System means the arrangements, equipment, facilities, and procedures used for the receipt, storage, interagency exchange or dissemination, and analysis of criminal intelligence information; (2) Interjurisdictional Intelligence System means an intelligence system that involves two or more participating agencies representing different governmental units or jurisdictions; (3) Criminal Intelligence Information means data that have been evaluated to determine that it: (i) Is relevant to the identification of and the criminal activity engaged in by an individual who, or an organization that is reasonably suspected of involvement in criminal activity, and (ii) Meets criminal intelligence system submission criteria; (4) Participating Agency means an agency of local, county, State, Federal, or other governmental unit that exercises law enforcement or criminal investigation authority and that is authorized to submit and receive criminal intelligence information through an interjurisdictional intelligence system. A participating agency may be a member or a nonmember of an interjurisdictional intelligence system; (5) Intelligence Project or Project means either the organizational unit that operates an intelligence system on behalf of and for the benefit of a single agency, or the organization that operates an interjurisdictional intelligence system on behalf of a group of participating agencies; and (6) Validation of Information means the procedures governing the periodic review of criminal intelligence information to assure its continuing compliance with system submission criteria established by regulation or program policy. 5. Section 23.20 is amended as follows: PO 00000 Frm 00006 Fmt 4702 Sfmt 4702 a. In paragraph (a), add ‘‘or organization’’ after ‘‘individual’’ both places it occurs. b. In paragraphs (c), (d), (h), and (n), remove ‘‘which’’ each place it occurs and add ‘‘that’’ in its place; in paragraph (n), remove ‘‘so’’ from the last sentence. c. Remove reserved paragraph (ii) immediately preceding paragraph (j). d. Revise paragraphs (e), (f), and (g) introductory text, revise the last sentence of paragraph (h) and add a new sentence to follow it; and revise paragraph (i) to read as follows: § 23.20 Operating principles. * * * * * (e)(1) Criminal intelligence information may be disseminated to law enforcement, homeland security, or counterterrorism agencies by a project or authorized recipient for any type of detective, investigative, preventive, or intelligence activity only when the information— (i) Falls within the law enforcement, counterterrorism, or national security responsibility of the receiving agency or (ii) May assist in preventing a crime or the use of violence or any conduct dangerous to human life or property. (2) Criminal intelligence information may also be disseminated to officials within the Office of Justice Programs when they are monitoring or auditing a project’s compliance with the provisions of this part. (f)(1) Except as provided in paragraph (f)(2) of this section, a project shall disseminate criminal intelligence information only to agencies qualified to receive the information under paragraph (e) of this section and that have procedures regarding information receipt, maintenance, security, and dissemination that are consistent with the privacy and civil liberties safeguards included in these operating principles. (2) Paragraph (f)(1) of this section shall not limit dissemination of an assessment of criminal intelligence information to a government official or to any other individual, when reasonably necessary to avoid danger to life or property. (g) A project shall ensure the adoption of administrative, technical, and physical safeguards (including audit trails) to protect against unauthorized access and against intentional or unintentional damage. A record indicating to whom information has been disseminated outside the project, the reason for the dissemination, and the date of each such dissemination shall be kept. Information shall be labeled to indicate levels of sensitivity, levels of confidence, and the identity of submitting agencies and control E:\FR\FM\31JYP1.SGM 31JYP1 Federal Register / Vol. 73, No. 148 / Thursday, July 31, 2008 / Proposed Rules officials. Each intelligence project shall assure the implementation and regular review of appropriate security requirements and policies, including the following: * * * (h) * * * Criminal intelligence information retained in an intelligence system must be reviewed and validated for continuing compliance with system submission criteria before the expiration of the information’s retention period, which in no event shall be longer than ten (10) years. The retention period relating to a subject shall be tolled while the subject is incarcerated. (i)(1) A project shall have in place security policies and procedures to ensure that remote access to intelligence information be available only to authorized system users; and (2) A project shall undertake no major modifications to system design without prior grantor agency approval. * * * * * 6. Section 23.30 is amended as follows: a. In paragraph (a), remove ‘‘investigatory or’’ and add ‘‘investigatory,’’ in its place and after ‘‘prosecutorial’’ add ‘‘, or counterterrorism’’. b. In paragraph (b) introductory text, remove ‘‘activity’’ and add ‘‘activities’’ in its place and remove ‘‘areas of’’. c. In paragraph (b)(1), remove ‘‘of citizens’’. d. Revise paragraphs (c) and (d) and add a new paragraph (f), to read as follows: § 23.30 Funding guidelines. yshivers on PROD1PC62 with PROPOSALS * * * * * (c) Control and supervision of information collection and dissemination by an intelligence system shall be retained by the head of a government agency or an individual with general policy making authority who has been expressly delegated such control by the agency head. This official shall certify in writing that he takes full responsibility for the system’s compliance with this part. (d) (1) Official responsibility and accountability for actions taken by an inter-jurisdictional criminal intelligence system shall be assumed by the head of the governmental agency exercising control and supervision over the operation of the system or by an individual with general policy making authority who has been expressly delegated such control or supervision by the agency head. This official shall certify in writing that he takes full responsibility for the inter-jurisdictional system’s compliance with this part. VerDate Aug<31>2005 15:08 Jul 30, 2008 Jkt 214001 (2) The principles set forth in § 23.20 shall be made part of the by-laws or operating procedures for the interjurisdictional system. Each participating agency, as a condition of access, must affirmatively accept those principles that govern the collection, maintenance, and dissemination of information included as part of the interjurisdictional system. * * * * * (f) The project has in place, or will establish within timeframes specified in grant-making or other guidance by BJA, a written privacy policy specifying the operational steps being followed to comply with § 23.20 principles. Dated: July 16, 2008. Jeffrey L. Sedgwick, Acting Assistant Attorney General, Office of Justice Programs. [FR Doc. E8–17519 Filed 7–30–08; 8:45 am] BILLING CODE 4410–18–P FEDERAL COMMUNICATIONS COMMISSION 47 CFR Part 73 [DA 08–1712; MB Docket No. 08–129; RM– 11461] Television Broadcasting Services; Spokane, WA Federal Communications Commission. ACTION: Proposed rule. AGENCY: SUMMARY: The Commission requests comments on a channel substitution proposed by KHQ, Incorporated (‘‘KHQ’’), the licensee of station KHQ– DT, DTV channel 7, Spokane, Washington, and a related channel substitution proposed by Spokane School District #81 (‘‘Spokane School District’’), licensee of noncommercial educational KSPS–DT, DTV channel *8, Spokane, Washington. KHQ requests the substitution of DTV channel 15 for channel 7 at Spokane, and Spokane School District requests substitution of DTV channel *7 for channel *8 at Spokane. Comments must be filed on or before September 2, 2008, and reply comments on or before September 15, 2008. DATES: Federal Communications Commission, Office of the Secretary, 445 12th Street, SW., TW–A325, Washington, DC 20554. In addition to filing comments with the FCC, interested parties should serve each petitioner’s counsel as follows: David H. Pawlik, Esq., Skadden, Arps, Slate, ADDRESSES: PO 00000 Frm 00007 Fmt 4702 Sfmt 4702 44677 Meagher & Flom LLP, 1440 New York Avenue, NW., Washington, DC 20005; Melodie A. Virtue, Esq., Garvey Schubert Barer, 1000 Potomac Street, NW., Fifth Floor, Washington, DC 20007–3501. FOR FURTHER INFORMATION CONTACT: David Brown, david.brown@fcc.gov, Media Bureau, (202) 418–1600. This is a synopsis of the Commission’s Notice of Proposed Rule Making, MB Docket No. 08–129, adopted July 22, 2008, and released July 23, 2008. The full text of this document is available for public inspection and copying during normal business hours in the FCC’s Reference Information Center at Portals II, CY– A257, 445 12th Street, SW., Washington, DC 20554. This document will also be available via ECFS (http:// www.fcc.gov/cgb/ecfs/). (Documents will be available electronically in ASCII, Word 97, and/or Adobe Acrobat.) This document may be purchased from the Commission’s duplicating contractor, Best Copy and Printing, Inc., 445 12th Street, SW., Room CY–B402, Washington, DC 20554, telephone 1–800–478–3160 or via e-mail http:// www.BCPIWEB.com. To request this document in accessible formats (computer diskettes, large print, audio recording, and Braille), send an e-mail to fcc504@fcc.gov or call the Commission’s Consumer and Governmental Affairs Bureau at (202) 418–0530 (voice), (202) 418–0432 (TTY). This document does not contain proposed information collection requirements subject to the Paperwork Reduction Act of 1995, Public Law 104– 13. In addition, therefore, it does not contain any proposed information collection burden ‘‘for small business concerns with fewer than 25 employees,’’ pursuant to the Small Business Paperwork Relief Act of 2002, Public Law 107–198, see 44 U.S.C. 3506(c)(4). Provisions of the Regulatory Flexibility Act of 1980 do not apply to this proceeding. Members of the public should note that from the time a Notice of Proposed Rule Making is issued until the matter is no longer subject to Commission consideration or court review, all ex parte contacts are prohibited in Commission proceedings, such as this one, which involve channel allotments. See 47 CFR 1.1204(b) for rules governing permissible ex parte contacts. For information regarding proper filing procedures for comments, see 47 CFR 1.415 and 1.420. SUPPLEMENTARY INFORMATION: E:\FR\FM\31JYP1.SGM 31JYP1

Agencies

[Federal Register Volume 73, Number 148 (Thursday, July 31, 2008)]
[Proposed Rules]
[Pages 44673-44677]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E8-17519]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF JUSTICE

Office of Justice Programs

28 CFR Part 23

[Docket No. OJP 1473]
RIN 1121-AA59


Criminal Intelligence Systems Operating Policies

AGENCY: Office of Justice Programs, Justice.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The Office of Justice Programs is publishing this proposed 
rule to amend its regulations that govern the operating policies of 
criminal intelligence systems that receive federal funding under the 
Omnibus Crime Control and Safe Streets Act of 1968, as amended (``Crime 
Control Act''). The regulations were issued pursuant to 42 U.S.C. 
3789(g), which requires that ``criminal intelligence systems'' 
receiving Crime Control Act support must collect, maintain, and 
disseminate criminal intelligence information ``in conformance with 
policy standards which are prescribed by the Office of Justice 
Programs.'' The statute specifies that the policy standards must be 
written to assure that the funding and operation of the systems further 
the purpose of the funding provisions and assure that such systems 
``are not utilized in violation of the privacy and constitutional 
rights of individuals.'' The existing regulations were last revised in 
1993 and the purpose of the revisions proposed in this document is to 
clarify and update the regulations in light of the new, post-9/11 
information sharing environment and investigative policies aimed at 
preventing terrorism.

DATES: Written comments must be submitted on or before September 2, 
2008.

ADDRESSES: Comments may be mailed to Michael Dever, Bureau of Justice 
Assistance, 810 7th Street, NW., Washington, DC 20531. To ensure proper 
handling, please reference OJP Docket No. 1473 in your correspondence. 
You may submit comments electronically or view an electronic version of 
this proposed rule at http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Michael Dever, Bureau of Justice 
Assistance, 810 7th Street, NW., Washington, DC 20531. Telephone: (202) 
616-6500.

SUPPLEMENTARY INFORMATION:

Posting of Public Comments

    Please note that all comments received are considered part of the 
public record and made available for public inspection online at http:/
/www.regulations.gov. Such information includes personal identifying 
information (such as name and address) voluntarily submitted by the 
commenter.
    If you wish to submit personal identifying information (such as 
your name, address, etc.) as part of your comment, but do not wish for 
it to be posted online, you must include the phrase ``PERSONAL 
IDENTIFYING INFORMATION'' in the first paragraph of your comment. You 
also must locate all the personal identifying information you do not 
wish to be posted online in the first paragraph of your comment and 
identify what information you would like redacted.
    If you wish to submit confidential business information as part of 
your comment but do not wish for it to be posted online, you must 
include the phrase ``CONFIDENTIAL BUSINESS INFORMATION'' in the first 
paragraph of your comment. You also must prominently identify 
confidential business information to be redacted within the comment. If 
a comment has so much confidential business information that it cannot 
be effectively redacted, all or part of that comment may not be posted 
on http://www.regulations.gov.
    Personal identifying information and confidential business 
information identified and located as set forth above will be placed in 
the agency's public docket file, but not posted online. If you wish to 
inspect the agency's public docket file in person by appointment, 
please see the FOR FURTHER INFORMATION CONTACT paragraph.

Discussion

    The proposed rule would revise the Office of Justice Program (OJP) 
regulations in 28 CFR part 23 that set forth policy guidelines for 
Crime Control Act-funded state criminal intelligence information 
systems. The part 23 regulations were issued pursuant to a requirement 
in 42 U.S.C. 3789(g) that ``criminal intelligence systems'' receiving 
Crime Control Act support must collect, maintain, and disseminate 
criminal intelligence information ``in conformance with policy 
standards which are prescribed by the Office of Justice Programs.'' The 
statute specifies that the policy standards must be written to assure 
that the funding and operation of the systems further the purpose of 
the funding provisions and assure that such systems ``are not utilized 
in violation of the privacy and constitutional rights of individuals.''
    The existing part 23 regulations were last revised in 1993 and the 
purpose of the revisions proposed in this notice is to clarify and 
update the regulations in light of the new, post-9/11 information-
sharing environment and investigative policies aimed at preventing 
terrorism. Multiple initiatives are being pursued at the federal, 
state, and local levels to promote and strengthen information sharing 
among responsible government agencies that can promote risk 
identification and protective action, including, for example, the 
creation of state, local, and regional fusion centers across the 
country and information sharing initiatives involving Joint Terrorism 
Task Forces. The intent of these proposed revisions to part 23 is to 
ensure that the standards for sharing criminal intelligence information 
subject to the regulation be uniform and clear and not create 
unreasonable impediments to information sharing, whether real or 
perceived, while at the same time continuing to ensure that the systems 
not be used in violation of the privacy and constitutional rights of 
individuals.

[[Page 44674]]

Section 23.1

    Section 23.1 contains a parenthetical list of statutory amendments 
to the Crime Control Act that is out of date. It is proposed that this 
section be revised to strike this parenthetical.

Section 23.2

    Section 23.2 describes the background for the part 23 criminal 
intelligence operating policies. It recognizes that certain criminal 
activities often involve some degree of regular coordination and 
permanent organization involving a large number of participants over a 
broad geographical area. The examples currently cited of such ongoing 
networks of criminal activities do not include a reference to terrorism 
or the material support of terrorism. To clarify that the detection, 
exposure, investigation, and prevention of terrorist activity and 
conduct is an important part of the role played by criminal 
intelligence systems, it is proposed that ``domestic and international 
terrorism, including the material support thereof,'' be added to the 
examples of criminal activities about which it is important to gather, 
maintain, and share criminal intelligence information.

Section 23.3

    It is proposed to remove the outdated parenthetical statutory 
references and to make some non-substantive grammatical/syntactical 
changes in this section.

Section 23.20

    Paragraph (a) of section 23.20 currently states the basic operating 
principle that a project shall collect and maintain criminal 
intelligence information concerning ``an individual'' only if there is 
reasonable suspicion that the individual is involved in criminal 
conduct or activity and the information is relevant to that conduct or 
activity. Because criminal conduct or activities can be engaged in by 
organizations as well as individuals, it is proposed that this section 
be amended to clarify that criminal intelligence information can be 
collected and maintained about organizations, as well as individuals. 
This clarification is consistent with section 23.3(b)(3)(i), which 
defines the term ``criminal intelligence information'' as meaning data 
that has been evaluated to determine that it ``is relevant to the 
identification of criminal activity engaged in by an individual who or 
organization which is reasonably suspected of involvement in criminal 
activity.'' (Emphasis added.) It should be noted that the inclusion of 
the term ``organization'' in section 23.20(a) does not affect the 
prohibition in section 23.20(b) of the ``[collection] or [maintenance 
of] criminal intelligence information about the political, religious or 
social views, associations, or activities of any individual or any 
group, association, corporation, business, partnership, or other 
organization. * * *''
    Paragraph (e) is proposed to be revised to define more clearly the 
circumstances under which criminal intelligence information subject to 
the regulations may be shared. The existing language provides that such 
information shall only be disseminated ``where there is a need to know 
and a right to know the information in the performance of a law 
enforcement activity.'' The terms ``need to know'' or ``right to know'' 
are not defined in the regulation. Instead, section 23.20(g) requires 
that ``[e]ach project must establish written definitions for the need 
to know and right to know standards for dissemination to other agencies 
as provided in paragraph (e) of this section.'' While some agencies may 
broadly interpret these terms to allow efficient sharing of criminal 
intelligence information with all authorized officials or entities, 
other agencies may construe this language more restrictively. There is 
no uniform definition of the information sharing standard. In addition, 
there is no reference in this provision to disseminating criminal 
intelligence information for preventative law enforcement, homeland 
security, or counterterrorism purposes. The terrorist attacks of 
September 11, 2001, have made it clear that the sharing of intelligence 
information should be maximized, to the extent consistent with 
applicable law and protection for privacy and civil liberties, among 
federal, state, and local agencies responsible for law enforcement, 
preventing terrorism, and securing our homeland. Reducing real or 
perceived barriers to the sharing of investigative and intelligence 
information that could aid in law enforcement or in the prevention of 
crime or terrorism is now a well-recognized priority of federal, state, 
and local agencies. Therefore, to provide clearer guidance on the 
circumstances under which criminal intelligence information may be 
shared, a revision to paragraph (e) is proposed that would establish a 
uniform standard of permissible purposes for the dissemination of 
criminal intelligence information, authorizing dissemination when the 
information falls within the law enforcement, counterterrorism, or 
national security responsibility of the receiving agency or may assist 
in preventing crime or the use of violence or any conduct dangerous to 
human life or property. The proposed revision also would clarify the 
authorities to whom information may be disseminated, including agencies 
with law enforcement, homeland security, or counterterrorism missions. 
The proposed revision also would provide that criminal intelligence 
information may be disseminated to officials of the Office of Justice 
Programs when such officials are monitoring or auditing compliance by a 
project with the operating principles and funding guidelines under Part 
23.
    Paragraph (f)(1) currently limits dissemination of criminal 
intelligence information only to ``law enforcement authorities'' that 
``agree to follow procedures regarding information receipt, 
maintenance, security, and dissemination which are consistent with'' 
part 23 principles. Consistent with the change in the dissemination 
rule in section 23.20(e), this section is proposed to be amended to 
clarify that the authorities to which information may be disseminated 
would include agencies qualified to receive the information under 
paragraph (e). In addition, it is proposed that paragraph (f)(1) be 
further amended to provide that the receiving agencies have information 
procedures in place that are consistent with part 23's operating 
principles, rather than that they ``agree to follow'' such procedures. 
This retains the requirement that receiving agencies implement part 23 
principles, while removing the potential barrier to information sharing 
that requiring an ``agreement'' for each sharing arrangement might 
entail. It is important to note that a new proposed provision--section 
23.30, paragraph (f)--will require projects to have in place, or 
establish within timeframes specified by OJP's Bureau of Justice 
Assistance (BJA), a written privacy policy specifying the operational 
steps being followed to comply with section 23.20 principles.
    Paragraph (f)(2) creates an exception to the requirement in 
paragraph (f)(1) allowing the dissemination of ``an assessment of 
criminal intelligence information to a government official or any other 
individual, when necessary to avoid imminent danger to life or 
property.'' The term ``imminent'' is not defined. Because the provision 
already requires a determination that the sharing of the information 
assessment is ``necessary'' to avoid danger to life or property, it is 
proposed that the term ``imminent'' be deleted.
    Changes are proposed to paragraph (g) to conform to the proposed 
change in paragraph (e) that substitutes a national standard of 
dissemination for the

[[Page 44675]]

existing, locally-defined ``need to know and right to know'' 
dissemination standard. The proposed changes do not substantively alter 
the longstanding requirement that criminal intelligence systems record 
certain information regarding the dissemination of criminal 
intelligence information. Taking this into account, OJP has determined 
that there is no need for a new Information Collection Review or burden 
calculation for this recordkeeping requirement in this notice of 
proposed rulemaking.
    Paragraph (h) provides rules for projects to assure the continuing 
relevance and importance of criminal intelligence information and 
requires projects to have procedures for the periodic review of 
information and destruction of any information that is misleading, 
obsolete, or otherwise unreliable. The regulation limits the retention 
period to a maximum of five years without a review and validation of 
the information. When information has been reviewed or updated and a 
determination has been made that it continues to meet system submission 
criteria, the information has been ``validated'' and a new retention 
period begins. The five-year retention period was established before 
the events of 9/11 and the advent of the current terrorist threat 
environment. This relatively-short retention period may not be long 
enough to cover terrorist planning cycles and/or the need for 
historical data for terrorism threat assessment. New technologies for 
data storage and analysis make possible the extended retention and 
potential usefulness of this information for purposes of such threat 
assessments. In addition, information about subjects of criminal 
intelligence incarcerated during the five-year retention period may be 
unavailable to a jurisdiction upon the subject's release from prison. 
For these reasons, it is proposed that the retention period be changed 
to 10 years and that an exception be made to allow the tolling of the 
retention period during a subject's incarceration so that the 
intelligence file can be available to law enforcement upon the 
subject's release from prison.
    Finally, paragraph (i)(1) currently prohibits making remote 
terminal access to intelligence information available to system 
participants except as specifically approved by OJP upon a 
determination that the system has adequate policies and procedures in 
place to insure that such access is available only to authorized users. 
System managers have informed the Department that this provision's 
requirement of pre-approval by OJP is outdated, given the modern access 
controls that routinely provide appropriate security for remote access 
arrangements. It is therefore proposed that this provision be revised 
to remove the requirement that OJP approve a system's security policy 
and procedures before remote-access may be implemented. Although this 
would remove the requirement of OJP approval, OJP expects to continue 
to provide projects with training and technical assistance regarding 
information privacy and security practices and polices, including those 
prescribed through the Department of Justice's Global Justice 
Information Sharing Initiative or successor entity.
    Finally, a few non-substantive grammatical/syntactical changes are 
proposed variously throughout the section.

Section 23.30

    Section 23.30 specifies funding guidelines that require, among 
other things, that intelligence systems agree to adhere to the 
principles set forth in section 23.20, have an agency head or official 
with general policy-making authority certify in writing that he takes 
responsibility and will be accountable for the information in the 
system and the system's compliance with the section 23.20 principles. 
In the case of interjurisdictional systems, section 23.30(d)(2) 
requires (1) that section 23.20 principles be made part of the system's 
by-laws or operating policies and (2) that agencies participating in 
the interjurisdictional system, as a condition of participation, 
``accept in writing'' section 23.20 principles relating to the 
submission, maintenance, and dissemination of information. In light of 
advancements in technology since the rule was first published, it is 
proposed that the latter requirement be modified to provide that 
participating agencies, as a condition of ``access'' thereunder, 
``affirmatively accept'' those principles. This change is proposed to 
account for new technology that provides methods other than writing for 
an individual to express acceptance of conditions of access, such as 
when computer users click on an ``accept'' button for an end-user's 
licensing agreement. Also, changing the affirmative acceptance 
requirement as a condition of ``access'' (as opposed to a condition of 
``participation'') means that the user will be required to express his 
acceptance of section 23.20 principles each time access is sought, and 
not merely just once at the outset of an agency's participation in the 
interjurisdictional system.
    It is also proposed that a reference to counterterrorism be added 
in paragraph (a) regarding the purposes for which criminal intelligence 
information may be collected and exchanged.
    In addition (aside from some non-substantive grammatical/
syntactical proposed changes), it is proposed that another requirement 
be added to section 23.30, in a new paragraph (f), requiring systems to 
have in place, or establish within timeframes specified in grant-making 
or other guidance by BJA, a written privacy policy that details the 
specific operational steps being followed to comply the section 23.20 
privacy and civil liberty safeguards. It is expected that such a 
requirement would be imposed within BJA-specified timeframes that allow 
projects adequate time and support to develop such written policies. It 
is also contemplated that such written policies would be consistent 
with existing privacy guidance for justice information systems, 
including the Global Justice Information Sharing Initiative's privacy 
recommendations, DOJ privacy guidance, and other relevant privacy 
guidelines such as the privacy guidance for the information sharing 
environment.

Regulatory Flexibility Act

    The Attorney General, in accordance with the Regulatory Flexibility 
Act (5 U.S.C. 605(b)), has reviewed this proposed rule and by approving 
it certifies that it would not have a significant economic impact on a 
substantial number of small entities for the following reasons: The 
proposed clarifying changes in the regulations governing operating 
policies for federally-funded criminal intelligence systems do not 
involve changes that would impose significant costs on the state and 
local projects that manage these systems.

Executive Order 12866

    This proposed rule has been drafted and reviewed in accordance with 
Executive Order 12866, ``Regulatory Planning and Review,'' section 
1(b), Principles of Regulation. The Department of Justice has 
determined that this proposed rule is a ``significant regulatory 
action'' under Executive Order 12866, section 3(f), and accordingly it 
has been reviewed by the Office of Management and Budget.

Executive Order 13132

    This proposed rule would not have substantial direct effects on the 
States, on the relationship between the national government and the 
States, or on the distribution of power and responsibilities among the 
various levels of government. Therefore, in

[[Page 44676]]

accordance with Executive Order 13132, it is determined that this rule 
does not have sufficient federalism implications to warrant the 
preparation of a Federalism Assessment.

Executive Order 12988--Civil Justice Reform

    This proposed rule meets the applicable standards set forth in 
sections 3(a) and 3(b)(2) of Executive Order 12988.

Unfunded Mandates Reform Act of 1995

    This proposed rule would not result in the expenditure by State, 
local and tribal governments, in the aggregate, or by the private 
sector, of $100 million or more in any one year, and it would not 
significantly or uniquely affect small governments. Therefore, no 
actions were deemed necessary under the provisions of the Unfunded 
Mandates Reform Act of 1995.

Small Business Regulatory Enforcement Fairness Act of 1996

    This proposed rule is not a major rule as defined by section 251 of 
the Small Business Regulatory Enforcement Fairness Act of 1996. 5 
U.S.C. 804. This proposed rule would not result in an annual effect on 
the economy of $100 million or more; a major increase in costs or 
prices; or significant adverse effects on competition, employment, 
investment, productivity, or innovation, or on the ability of United 
States-based companies to compete with foreign-based companies in 
domestic and export markets.

List of Subjects in 28 CFR Part 23

    Crime, Information, Law enforcement, Recordkeeping.

    For the reasons stated in the preamble, the Office of Justice 
Programs proposes to amend 28 CFR Chapter I part 23 as follows:

PART 23--CRIMINAL INTELLIGENCE SYSTEMS OPERATING POLICIES

    1. The authority citation for part 23 continues to read as follows:

     Authority: 42 U.S.C. 3782(a); 42 U.S.C. 3789g(c).

    2. Section 23.1 is revised to read as follows:


Sec.  23.1  Purpose.

    The purpose of this regulation is to assure that all criminal 
intelligence systems operating through support under the Omnibus Crime 
Control and Safe Streets Act of 1968, Public Law 90-351, codified as 
amended at 42 U.S.C. 3711, et seq., (``Crime Control Act'') are 
utilized in conformance with the privacy and constitutional rights of 
individuals and organizations.


Sec.  23.2  [Amended]

    3. The first sentence of Section 23.2 is amended by removing 
``and'' after ``bribery,'' and adding ``and domestic and international 
terrorism (including the material support thereof)'' after ``corruption 
of public officials''.
    4. Section 23.3 is revised to read as follows:


Sec.  23.3  Applicability.

    (a) The provisions of this part are applicable to all criminal 
intelligence systems described in section 23.1.
    (b) As used in this part:
    (1) Criminal Intelligence System or Intelligence System means the 
arrangements, equipment, facilities, and procedures used for the 
receipt, storage, interagency exchange or dissemination, and analysis 
of criminal intelligence information;
    (2) Interjurisdictional Intelligence System means an intelligence 
system that involves two or more participating agencies representing 
different governmental units or jurisdictions;
    (3) Criminal Intelligence Information means data that have been 
evaluated to determine that it:
    (i) Is relevant to the identification of and the criminal activity 
engaged in by an individual who, or an organization that is reasonably 
suspected of involvement in criminal activity, and
    (ii) Meets criminal intelligence system submission criteria;
    (4) Participating Agency means an agency of local, county, State, 
Federal, or other governmental unit that exercises law enforcement or 
criminal investigation authority and that is authorized to submit and 
receive criminal intelligence information through an 
interjurisdictional intelligence system. A participating agency may be 
a member or a nonmember of an interjurisdictional intelligence system;
    (5) Intelligence Project or Project means either the organizational 
unit that operates an intelligence system on behalf of and for the 
benefit of a single agency, or the organization that operates an 
interjurisdictional intelligence system on behalf of a group of 
participating agencies; and
    (6) Validation of Information means the procedures governing the 
periodic review of criminal intelligence information to assure its 
continuing compliance with system submission criteria established by 
regulation or program policy.
    5. Section 23.20 is amended as follows:
    a. In paragraph (a), add ``or organization'' after ``individual'' 
both places it occurs.
    b. In paragraphs (c), (d), (h), and (n), remove ``which'' each 
place it occurs and add ``that'' in its place; in paragraph (n), remove 
``so'' from the last sentence.
    c. Remove reserved paragraph (ii) immediately preceding paragraph 
(j).
    d. Revise paragraphs (e), (f), and (g) introductory text, revise 
the last sentence of paragraph (h) and add a new sentence to follow it; 
and revise paragraph (i) to read as follows:


Sec.  23.20  Operating principles.

* * * * *
    (e)(1) Criminal intelligence information may be disseminated to law 
enforcement, homeland security, or counterterrorism agencies by a 
project or authorized recipient for any type of detective, 
investigative, preventive, or intelligence activity only when the 
information--
    (i) Falls within the law enforcement, counterterrorism, or national 
security responsibility of the receiving agency or
    (ii) May assist in preventing a crime or the use of violence or any 
conduct dangerous to human life or property.
    (2) Criminal intelligence information may also be disseminated to 
officials within the Office of Justice Programs when they are 
monitoring or auditing a project's compliance with the provisions of 
this part.
    (f)(1) Except as provided in paragraph (f)(2) of this section, a 
project shall disseminate criminal intelligence information only to 
agencies qualified to receive the information under paragraph (e) of 
this section and that have procedures regarding information receipt, 
maintenance, security, and dissemination that are consistent with the 
privacy and civil liberties safeguards included in these operating 
principles.
    (2) Paragraph (f)(1) of this section shall not limit dissemination 
of an assessment of criminal intelligence information to a government 
official or to any other individual, when reasonably necessary to avoid 
danger to life or property.
    (g) A project shall ensure the adoption of administrative, 
technical, and physical safeguards (including audit trails) to protect 
against unauthorized access and against intentional or unintentional 
damage. A record indicating to whom information has been disseminated 
outside the project, the reason for the dissemination, and the date of 
each such dissemination shall be kept. Information shall be labeled to 
indicate levels of sensitivity, levels of confidence, and the identity 
of submitting agencies and control

[[Page 44677]]

officials. Each intelligence project shall assure the implementation 
and regular review of appropriate security requirements and policies, 
including the following:
    * * *
    (h) * * * Criminal intelligence information retained in an 
intelligence system must be reviewed and validated for continuing 
compliance with system submission criteria before the expiration of the 
information's retention period, which in no event shall be longer than 
ten (10) years. The retention period relating to a subject shall be 
tolled while the subject is incarcerated.
    (i)(1) A project shall have in place security policies and 
procedures to ensure that remote access to intelligence information be 
available only to authorized system users; and
    (2) A project shall undertake no major modifications to system 
design without prior grantor agency approval.
* * * * *
    6. Section 23.30 is amended as follows:
    a. In paragraph (a), remove ``investigatory or'' and add 
``investigatory,'' in its place and after ``prosecutorial'' add ``, or 
counterterrorism''.
    b. In paragraph (b) introductory text, remove ``activity'' and add 
``activities'' in its place and remove ``areas of''.
    c. In paragraph (b)(1), remove ``of citizens''.
    d. Revise paragraphs (c) and (d) and add a new paragraph (f), to 
read as follows:


Sec.  23.30  Funding guidelines.

* * * * *
    (c) Control and supervision of information collection and 
dissemination by an intelligence system shall be retained by the head 
of a government agency or an individual with general policy making 
authority who has been expressly delegated such control by the agency 
head. This official shall certify in writing that he takes full 
responsibility for the system's compliance with this part.
    (d) (1) Official responsibility and accountability for actions 
taken by an inter-jurisdictional criminal intelligence system shall be 
assumed by the head of the governmental agency exercising control and 
supervision over the operation of the system or by an individual with 
general policy making authority who has been expressly delegated such 
control or supervision by the agency head. This official shall certify 
in writing that he takes full responsibility for the inter-
jurisdictional system's compliance with this part.
    (2) The principles set forth in Sec.  23.20 shall be made part of 
the by-laws or operating procedures for the inter-jurisdictional 
system. Each participating agency, as a condition of access, must 
affirmatively accept those principles that govern the collection, 
maintenance, and dissemination of information included as part of the 
interjurisdictional system.
* * * * *
    (f) The project has in place, or will establish within timeframes 
specified in grant-making or other guidance by BJA, a written privacy 
policy specifying the operational steps being followed to comply with 
Sec.  23.20 principles.

    Dated: July 16, 2008.
Jeffrey L. Sedgwick,
Acting Assistant Attorney General, Office of Justice Programs.
 [FR Doc. E8-17519 Filed 7-30-08; 8:45 am]
BILLING CODE 4410-18-P