Privacy Act of 1974; U.S. Customs and Border Protection, DHS/CBP-006-Automated Targeting System, System of Records, 30297-30304 [2012-12396]

Agencies

• DEPARTMENT OF HOMELAND SECURITY
• Office of the Secretary

[Federal Register Volume 77, Number 99 (Tuesday, May 22, 2012)]
[Notices]
[Pages 30297-30304]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2012-12396]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

[Docket No. DHS-2012-0019]


Privacy Act of 1974; U.S. Customs and Border Protection, DHS/CBP-
006--Automated Targeting System, System of Records

AGENCY: Privacy Office, DHS.

ACTION: Notice of Privacy Act system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of 
Homeland Security proposes to update and expand an existing Department 
of Homeland Security system of records notice titled, U.S. Customs and 
Border Protection, DHS/CBP-006--Automated Targeting System (ATS) 72 FR 
43650, August 6, 2007. The Department of Homeland Security (DHS) and 
U.S. Customs and Border Protection (CBP) have designed ATS to 
efficiently perform risk assessments on information pertaining to 
international travelers and import and export shipments attempting to 
enter or leave the United States. ATS uses a rule-managed technology 
that facilitates the targeting of high-risk travelers and cargo.
    DHS/CBP is publishing this System of Records Notice (SORN) to 
update ATS and to update and expand the categories of individuals, 
categories of records, routine uses, access provisions, and sources of 
data stored in ATS. Elsewhere in the Federal Register, the Department 
of Homeland Security is concurrently issuing a Notice of Proposed 
Rulemaking exempting this system of records from certain provisions of 
the Privacy Act. This updated and expanded system will be included in 
the Department of Homeland Security's inventory of record systems.

DATES: Submit comments on or before June 21, 2012. This system will be 
effective June 21, 2012.

ADDRESSES: You may submit comments, identified by docket number DHS-
2012-0019 by one of the following methods:
     Federal e-Rulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: 703-483-2999.
     Mail: Mary Ellen Callahan, Chief Privacy Officer, Privacy 
Office, Department of Homeland Security, Washington, DC 20528.
    Instructions: All submissions received must include the agency name 
and docket number for this rulemaking. All comments received will be 
posted without change to https://www.regulations.gov, including any 
personal information provided.
    Docket: For access to the docket to read background documents or 
comments received go to https://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: For general questions please contact: 
Laurence E. Castelli (202-325-0280), CBP Privacy Officer, Office of

[[Page 30298]]

International Trade, U.S. Customs and Border Protection, Mint Annex, 
799 Ninth Street NW., Washington, DC 20229. For privacy issues please 
contact: Mary Ellen Callahan (703-235-0780), Chief Privacy Officer, 
Privacy Office, U.S. Department of Homeland Security, Washington, DC 
20528.

SUPPLEMENTARY INFORMATION:

I. Background

    In accordance with the Privacy Act of 1974, the Department of 
Homeland Security proposes to update and expand an existing Department 
of Homeland Security SORN titled, U.S. Customs and Border Protection, 
DHS/CBP-006--Automated Targeting System (ATS) 72 FR 43650, August 6, 
2007.
    This SORN is being updated and expanded to inform the public about 
changes to the Automated Targeting System (ATS) categories of 
individuals, categories of records, routine uses, access provisions, 
and sources of data. DHS/CBP is updating and expanding the categories 
of individuals, categories of records, and sources of records stored in 
ATS because it has certain data that it must ingest for performance 
purposes. The Privacy Impact Assessment (PIA), which DHS will publish 
on its Web site (https://www.dhs.gov/privacy) concurrently with the 
publication of this SORN in the Federal Register, provides a full 
discussion of the functional capabilities of ATS and its modules. DHS 
and CBP have previously exempted portions of ATS from the notification, 
access, amendment, and public accounting provisions of the Privacy Act 
because it is a law enforcement system. DHS and CBP, however, will 
consider each request for access to records maintained in ATS to 
determine whether or not information may be released. DHS and CBP 
further note that despite the exemption taken on this system of records 
they are providing access and amendment to passenger name records (PNR) 
collected by CBP pursuant to its statutory authority, 49 U.S.C. 44909, 
as implemented by 19 CFR 122.49d, Importer Security Filing (10+2 
documentation) information, and any records that were ingested by ATS 
where the source system of records already provides access and/or 
amendment under the Privacy Act.
    ATS provides the following basic functionalities to support CBP in 
identifying individuals and cargo that need additional review across 
the different means or modes of travel to and from the United States:
     Comparison: ATS compares information on travelers and 
cargo coming into and going out of the country against law enforcement 
and intelligence databases to identify individuals and cargo requiring 
additional scrutiny. For example, ATS compares information on 
individuals (identified as passengers, travelers, crewmembers, or 
persons appearing on documents supporting the movement of cargo) trying 
to enter the country or trying to enter merchandise into the country 
against the Terrorist Screening Database (TSDB), which ATS ingests from 
the DHS Watchlist Service (WLS), and outstanding wants and warrants.
     Rules: ATS compares existing information on individuals 
and cargo entering and exiting the country with patterns identified as 
requiring additional scrutiny. The patterns are based on CBP officer 
experience, analysis of trends of suspicious activity, and raw 
intelligence corroborating those trends. For example, ATS might compare 
information on cargo entering the country against a set of scenario-
based targeting rules that indicate a particular type of fish rarely is 
imported from a given country.
     Federated Query: ATS allows users to search data across 
many different databases and correlate it across the various systems to 
provide a person centric view of all data responsive to a query about 
the person's identity from the selected databases.
    In order to do the above, ATS pulls data from many different source 
systems. In some instances ATS is the official record for the 
information, while in other instances ATS ingests and maintains the 
information as a copy or provides a pointer to the information in the 
underlying system. Below is a summary:
     Official Record: ATS maintains the official record for 
Passenger Name Records (PNR) collected by CBP pursuant to its statutory 
authority, 49 U.S.C. 44909, as implemented by 19 CFR 122.49d; for 
Importer Security Filing (10+2 documentation) information, which 
provides advanced information about cargo and related persons and 
entities for risk assessment and targeting purposes; for results of 
Cargo Enforcement Exams; for the combination of license plate, 
Department of Motor Vehicle (DMV) registration data and biographical 
data associated with a border crossing; for law enforcement and/or 
intelligence data, reports, and projects developed by CBP analysts that 
may include public source and/or classified information; and 
information obtained through memoranda of understanding or other 
arrangements because the information is relevant to the border security 
mission of the Department.
     Ingestion of Data: ATS maintains copies of key elements of 
certain CBP databases in order to minimize the processing time for 
searches on the operational systems and to act as a backup for certain 
operational systems, including, but not limited to: Automated 
Commercial Environment (ACE), Automated Commercial System (ACS), 
Automated Export System (AES), Advance Passenger Information System 
(APIS), Border Crossing Information (BCI), Consular Electronic 
Application Center (CEAC), Enforcement Integrated Database (EID)[which 
includes the Enforcement Case Tracking System (ENFORCE)], Electronic 
System for Travel Authorization (ESTA), Global Enrollment System (GES), 
Non-Immigrant Information System (NIIS), historical National Security 
Entry-Exit Registration System (NSEERS), Seized Asset and Case Tracking 
System (SEACATS), U.S. Immigration and Customs Enforcement (ICE) 
Student Exchange and Visitor Information System (SEVIS), Social 
Security Administration (SSA) Death Master File, TECS, Terrorist 
Screening Database (TSDB) through the DHS Watchlist Service (WLS), and 
WebIDENT. If additional data is ingested and that additional data does 
not require amendment of the categories of individuals or categories of 
records in this SORN, the PIA for ATS will be updated to reflect that 
information. The updated PIA can be found at www.dhs.gov/privacy.
     Pointer System: ATS accesses and uses additional databases 
without ingesting the data, including, but not limited to: CBP Border 
Patrol Enforcement Tracking System (BPETS), Department of State 
Consular Consolidated Database (CCD), commercial data aggregators, 
CBP's Enterprise Geospatial Information Services (eGIS), DHS/USVISIT 
IDENT, National Law Enforcement Telecommunications System (Nlets), 
DOJ's National Crime Information Center (NCIC), the results of queries 
in the FBI's Interstate Identification Index (III), and the National 
Insurance Crime Bureau's (NICB's) private database of stolen vehicles. 
If additional data is ingested and that additional data does not 
require amendment of the categories of individuals or categories of 
records in this SORN, the PIA for ATS will be updated to reflect that 
information. The updated PIA can be found at www.dhs.gov/privacy.
    DHS/CBP has reorganized the ATS routine uses to provide greater 
uniformity across DHS systems. Consistent with DHS's information 
sharing mission, information stored in

[[Page 30299]]

ATS may be shared with other DHS components, as well as appropriate 
federal, state, local, tribal, foreign, or international government 
agencies. This sharing will only take place after DHS determines that 
the recipient has a need to know the information to carry out functions 
consistent with the routine uses set forth in this SORN.
    DHS has exempted the system from the notification, access, 
amendment, and certain accounting provisions of the Privacy Act of 1974 
because of the law enforcement nature of ATS. Despite the exemptions 
taken on this system of records, CBP and DHS are not exempting the 
following records from the access and amendment provisions of the 
Privacy Act: passenger name records (PNR) collected by CBP pursuant to 
its statutory authority, 49 U.S.C. 44909, as implemented by 19 CFR 
122.49d, Importer Security Filing (10+2 documentation) information, and 
any records that were ingested by ATS where the source system of 
records already provides access and/or amendment under the Privacy Act. 
A traveler may obtain access to his or her PNR and request amendment as 
appropriate, but records concerning the targeting rules, the responses 
to rules, case events, law enforcement and/or intelligence data, 
reports, projects developed by CBP that may include public source and/
or classified information, information obtained through memoranda of 
understanding or other arrangements because the information is relevant 
to the border security mission of the Department, or records exempted 
from access by the system from which ATS ingested or accessed the 
information, will not be accessible to the individual.

II. Privacy Act

    The Privacy Act embodies fair information principles in a statutory 
framework governing the means by which the United States Government 
collects, maintains, uses, and disseminates individuals' records. The 
Privacy Act applies to information that is maintained in a ``system of 
records.'' A ``system of records'' is a group of any records under the 
control of an agency for which information is retrieved by the name of 
an individual or by some identifying number, symbol, or other 
identifying particular assigned to the individual. In the Privacy Act, 
an individual is defined to encompass United States citizens and lawful 
permanent residents. As a matter of policy (Privacy Policy Guidance 
Memorandum 2007-1, most recently updated January 7, 2009), DHS extends 
administrative Privacy Act protections to all persons, regardless of 
citizenship, where a system of records maintains information on U.S. 
citizens, lawful permanent residents, and visitors. Individuals may 
request access to their own records that are maintained in a system of 
records in the possession or under the control of DHS by complying with 
DHS Privacy Act regulations, 6 CFR Part 5.
    The Privacy Act requires each agency to publish in the Federal 
Register a description denoting the type and character of each system 
of records that the agency maintains, and the routine uses that are 
contained in each system in order to make agency record keeping 
practices transparent, to notify individuals regarding the uses to 
which their records are put, and to assist individuals with more easily 
finding such files within the agency. Below is the description of the 
U.S. Customs and Border Protection DHS/CBP-006 Automated Targeting 
System system of records.
    In accordance with 5 U.S.C.552a(r), DHS has provided a report of 
this system of records to the Office of Management and Budget and to 
Congress.
System of Records
    DHS/CBP-006.

System name:
    U.S. Customs and Border Protection Automated Targeting System.

Security classification:
    Unclassified, sensitive, classified.

System location:
    Records are maintained at the CBP Headquarters in Washington, DC, 
and can be accessed from field offices and from locations abroad where 
ATS users are stationed.

Categories of individuals covered by the system:
    ATS handles information relating to the following individuals:
    A. Persons, including operators, crew, and passengers, who seek to, 
or do in fact, enter, exit, or transit through the United States or 
through other locations where CBP maintains an enforcement or 
operational presence by land, air, or sea.
    B. Crew members traveling on commercial aircraft that fly over the 
United States.
    C. Persons who engage in any form of trade or other commercial 
transaction related to the importation or exportation of merchandise, 
including those required to submit an Importer Security Filing.
    D. Persons who are employed in any capacity related to the transit 
of merchandise intended to cross the United States border.
    E. Persons who serve as booking agents, brokers, or other persons 
who provide information on behalf of persons seeking to enter, exit, or 
transit through the United States, or on behalf of persons seeking to 
import, export or ship merchandise through the United States.
    F. Owners of vehicles that cross the border.
    G. Persons whose data was received by the Department as the result 
of memoranda of understanding or other information sharing agreement or 
arrangement because the information is relevant to the border security 
mission of the Department.
    H. Persons who were identified in a narrative report, prepared by 
an officer or agent, as being related to or associated with other 
persons who are alleged to be involved in, who are suspected of, or who 
have been arrested for violations of the laws enforced or administered 
by DHS.
    I. Persons who may pose a threat to the United States.

Categories of records in the system:
    ATS contains various types of data to support its targeting 
missions, incorporating information germane to the identification of 
individuals, including, but not limited to:

 Name
 Addresses (home, work, and/or destination, as appropriate)
 Telephone and fax numbers
 Tax ID number (e.g., Employer Identification Number (EIN) or 
Social Security Number (SSN), where available)
 Date and place of birth
 Gender
 Nationality
 Country of Residence
 Citizenship
 Alias
 Physical characteristics, including biometrics where available 
(e.g., height, weight, race, eye and hair color, scars, tattoos, marks, 
fingerprints)
 Familial relationships and other contact information
 Property information
 Occupation and employment information
 Biographical and biometric information from or associated with 
online immigrant and non-immigrant visa applications, including (as 
available):
    [cir] U.S. sponsor's name, address, and phone number
    [cir] U.S. contact name, address, and phone number

[[Page 30300]]

    [cir] Employer name, address, and phone number
    [cir] Email address, IP Address, applicant ID
    [cir] Marital Status
    [cir] Alien number
    [cir] Social Security Number
    [cir] Tax Identification Number
    [cir] Organization Name
    [cir] U.S. Status
    [cir] Income information for Joint Sponsors
    [cir] Education, military experience, relationship information
    [cir] Responses to vetting questions pertaining to admissibility or 
eligibility
 Information from documents used to verify the identity of 
individuals (e.g., driver's license, passport, visa, alien 
registration, citizenship card, border crossing card, birth 
certificate, certificate of naturalization, re-entry permit, military 
card) including the:
     type
     number
     date of issuance
     place of issuance

    The system contains travel information pertaining to individuals, 
including:

 The combination of license plate, Department of Motor Vehicle 
(DMV) registration data and biographical data associated with a border 
crossing
 Information derived from an ESTA application including 
responses to vetting questions pertaining to admissibility (where 
applicable)
 Travel itinerary
 Date of arrival or departure, and means of conveyance with 
associated identification (e.g., Vehicle Identification Number, year, 
make, model, registration)
 Passenger Name Record (PNR):
    1. PNR record locator code
    2. Date of reservation/issue of ticket
    3. Date(s) of intended travel
    4. Name(s)
    5. Available frequent flier and benefit information (i.e., free 
tickets, upgrades)
    6. Other names on PNR, including number of travelers on PNR
    7. All available contact information (including originator of 
reservation)
    8. All available payment/billing information (e.g., credit card 
number)
    9. Travel itinerary for specific PNR
    10. Travel agency/travel agent
    11. Code share information (e.g., when one air carrier sells seats 
on another air carrier's flight)
    12. Split/divided information (e.g., when one PNR contains a 
reference to another PNR)
    13. Travel status of passenger (including confirmations and check-
in status)
    14. Ticketing information, including ticket number, one way tickets 
and Automated Ticket Fare Quote (ATFQ) fields
    15. Baggage information
    16. Seat information, including seat number
    17. General remarks including Other Service Indicated (OSI), 
Special Service Indicated (SSI) and Supplemental Service Request (SSR) 
information
    18. Any collected APIS information (e.g., Advance Passenger 
Information (API)) that is initially captured by an air carrier within 
its PNR, such as passport number, date of birth and gender)
    19. All historical changes to the PNR listed in numbers 1 to 18

    Note:  Not all air carriers maintain the same sets of 
information for PNR, and a particular individual's PNR likely will 
not include information for all possible categories. In addition, 
PNR does not routinely include information that could directly 
indicate the racial or ethnic origin, political opinions, religious 
or philosophical beliefs, trade union membership, health, or sex 
life of the individual. To the extent PNR does include terms that 
reveal such personal matters, DHS employs an automated system that 
filters certain of these terms and only uses this information in 
exceptional circumstances where the life of an individual could be 
imperiled or seriously impaired.

    The system contains information collected for the importation or 
exportation of cargo and/or property, including:
 Bill of lading
 Commodity type
 License number and license country for Office of Defense Trade 
Controls registrants
 Inspection and examination results

    The system contains Importer Security Filing (ISF) information, 
which must contain the following items, in addition to the Vessel Stow 
Plan (VSP) and the Container Status Message (CSM):

 Manufacturer (or supplier)
 Seller (i.e., full name and address or widely accepted 
business number such as a Data Universal Numbering System (DUNS) 
number)
 Buyer (i.e., full name and address)
 Ship to party (full name and/or business name and address)
 Container stuffing location
 Consolidator (stuffer)
 Importer of record number/Foreign Trade Zone applicant 
identification number
 Consignee number(s)
 Country of origin
 Commodity: Harmonized Tariff Schedule of the United States 
(HTSUS) number
    Alternatively, for shipments consisting entirely of Freight 
Remaining on Board (FROB) or shipments consisting of goods intended to 
move through the United States, ISF Importers, or their agents, must 
submit the following five elements, unless an element is specifically 
exempted:

 Booking party (i.e., name and address)
 Foreign port of unlading
 Place of delivery
 Ship to party
 Commodity HTSUS number

    The system contains assessments and other information obtained in 
accordance with the terms of memoranda of understanding or other 
arrangement because the information is relevant to the border security 
mission of the Department.

    The system also contains information created by CBP, including:

 Admissibility determinations
 Results of Cargo Enforcement Exams
 Law enforcement or intelligence information regarding an 
individual
 Risk-based rules developed by analysts to assess and identify 
high-risk cargo, conveyances, or travelers that should be subject to 
further scrutiny or examination
 Assessments resulting from the rules, with a record of which 
rules were used to develop the assessment
 Operational and analytical reports and/or projects developed 
that may include public source information and/or classified 
information obtained by users/analysts for reference or incorporation 
into the report or project.

Authority for maintenance of the system:
    ATS derives its authority from 19 U.S.C. 482, 1461, 1496, 1581, 
1582; 8 U.S.C. 1357; 49 U.S.C. 44909; the Enhanced Border Security and 
Visa Reform Act of 2002 (EBSVRA) (Pub. L. 107-173); the Trade Act of 
2002 (Pub. L. 107-210); the Intelligence Reform and Terrorism 
Prevention Act of 2004 (IRTPA) (Pub.L. 108-458); and the Security and 
Accountability for Every Port Act of 2006 (SAFE Port Act) (Pub. L. 109-
347).

Purpose(s):
    PURPOSES FOR PNR IN ATS: PNR may be used,
    (1). To prevent, detect, investigate, and prosecute:
    a. Terrorist offenses and related crimes, including

[[Page 30301]]

    i. Conduct that--
    1. involves a violent act or an act dangerous to human life, 
property, or infrastructure; and
    2. appears to be intended to--
    a. intimidate or coerce a civilian population;
    b. influence the policy of a government by intimidation or 
coercion; or
    c. affect the conduct of a government by mass destruction, 
assassination, kidnapping, or hostage-taking.
    ii. Activities constituting an offense within the scope of and as 
defined in applicable international conventions and protocols relating 
to terrorism;
    iii. Providing or collecting funds, by any means, directly or 
indirectly, with the intention that they should be used or in the 
knowledge that they are to be used, in full or in part, in order to 
carry out any of the acts described in subparagraphs (i) or (ii);
    iv. Attempting to commit any of the acts described in subparagraphs 
(i), (ii), or (iii);
    v. Participating as an accomplice in the commission of any of the 
acts described in subparagraphs (i), (ii), or (iii);
    vi. Organizing or directing others to commit any of the acts 
described in subparagraphs (i), (ii), or (iii);
    vii. Contributing in any other way to the commission of any of the 
acts described in subparagraphs (i), (ii), or (iii);
    viii. Threatening to commit an act described in subparagraph (i) 
under circumstances which indicate that the threat is credible;
    b. Other crimes that are punishable by a sentence of imprisonment 
of three years or more and that are transnational in nature;
    A crime is considered as transnational in nature in particular if:
    i. It is committed in more than one country;
    ii. It is committed in one country but a substantial part of its 
preparation, planning, direction or control takes place in another 
country;
    iii. It is committed in one country but involves an organized 
criminal group that engages in criminal activities in more than one 
country;
    iv. It is committed in one country but has substantial effects in 
another country; or
    v. It is committed in one country and the offender is in or intends 
to travel to another country;
    (2) on a case-by-case basis where necessary in view of a serious 
threat and for the protection of vital interests of any individual or 
if ordered by a court;
    (3) to identify persons who would be subject to closer questioning 
or examination upon arrival to or departure from the United States or 
who may require further examination.
    (4) for domestic law enforcement, judicial powers, or proceedings, 
where violations of law or indications thereof are detected in the 
course of the use and processing of PNR.
    PURPOSES OF ATS (EXCEPT for PNR):
    ATS uses all other data for purposes listed above as well as below:
    (a) To perform targeting of individuals who may pose a risk to 
border security or public safety, may be a terrorist or suspected 
terrorist, or may otherwise be engaged in activity in violation of U.S. 
law;
    (b) To perform a risk-based assessment of conveyances and cargo to 
focus CBP's resources for inspection and examination and enhance CBP's 
ability to identify potential violations of U.S. law, possible 
terrorist threats, and other threats to border security; and
    (c) To otherwise assist in the enforcement of the laws enforced or 
administered by DHS, including those related to counterterrorism.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    Information ingested into this system from another source system is 
to be handled consistent with the published system of records notice 
for the source system and will continue to be governed by the routine 
uses for that source system. The routine uses below apply only to 
records that are maintained as official records in ATS (i.e., records 
which are maintained in ATS that are not covered by other originating 
systems of record, including: PNR; Importer Security Filings; Cargo 
Enforcement Exams; the combination of license plate, Department of 
Motor Vehicle (DMV) registration data and biographical data associated 
with a border crossing; law enforcement and/or intelligence data, 
reports, and projects developed by CBP analysts that may include public 
source information and/or classified information; and information 
obtained through memoranda of understanding or other arrangements 
because the information is relevant to the border security mission of 
the Department). With respect to PNR, DHS only discloses information to 
those authorities who intend to use the information consistent with the 
purposes identified above, and have sufficient capability to protect 
and safeguard the information. In addition to those disclosures 
generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a 
portion of the records or information contained in this system may be 
disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3) 
as follows:
    A. To the Department of Justice (including United States Attorney 
Offices) or other federal agency conducting litigation or in 
proceedings before any court, adjudicative or administrative body, when 
it is necessary or relevant to the litigation and one of the following 
is a party to the litigation or has an interest in such litigation:
    1. DHS or any component thereof;
    2. any employee of DHS in his/her official capacity;
    3. any employee of DHS in his/her individual capacity where DOJ or 
DHS has agreed to represent the employee; or
    4. the United States or any agency thereof.
    B. To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made pursuant to 
a written Privacy Act waiver at the request of the individual to whom 
the record pertains.
    C. To the National Archives and Records Administration or General 
Services Administration pursuant to records management inspections 
being conducted under the authority of 44 U.S.C. 2904 and 2906.
    D. To an agency or organization for the purpose of performing audit 
or oversight operations as authorized by law, but only such information 
as is necessary and relevant to such audit or oversight function.
    E. To appropriate agencies, entities, and persons when:
    1. DHS suspects or has confirmed that the security or 
confidentiality of information in the system of records has been 
compromised;
    2. DHS has determined that as a result of the suspected or 
confirmed compromise there is a risk of harm to economic or property 
interests, of identity theft or fraud, or of harm to the security or 
integrity of this system or of harm to other systems or programs 
(whether maintained by DHS or another agency or entity) or harm to the 
individuals that rely upon the compromised information; and
    3. The disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with DHS's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.
    F. To contractors and their agents, grantees, experts, consultants, 
and others performing or working on a contract, service, grant, 
cooperative agreement, or other assignment for the

[[Page 30302]]

federal government when necessary to accomplish an agency function 
related to this system of records. Individuals provided information 
under this routine use are subject to the same Privacy Act requirements 
and limitations on disclosure as are applicable to DHS officers and 
employees.
    G. To appropriate federal, state, tribal, local, or foreign 
governmental agencies or multilateral governmental organizations 
responsible for investigating or prosecuting the violations of, or for 
enforcing or implementing, a statute, rule, regulation, order, or 
license, where CBP believes the information would assist enforcement of 
applicable civil or criminal laws;
    H. To federal and foreign government intelligence or 
counterterrorism agencies or components where DHS becomes aware of an 
indication of a threat or potential threat to national or international 
security, or to assist in anti-terrorism efforts;
    I. To an organization or person in either the public or private 
sector, either foreign or domestic, where there is a reason to believe 
that the recipient is or could become the target of a particular 
terrorist activity or conspiracy, or where the information is relevant 
to the protection of life, property, or other vital interests of a 
person;
    J. To appropriate federal, state, local, tribal, or foreign 
governmental agencies or multilateral governmental organizations for 
the purpose of protecting the vital interests of a data subject or 
other persons, including to assist such agencies or organizations in 
preventing exposure to or transmission of a communicable or 
quarantinable disease or to combat other significant public health 
threats; appropriate notice will be provided of any identified health 
threat or risk;
    K. To a court, magistrate, or administrative tribunal in the course 
of presenting evidence, including disclosures to opposing counsel or 
witnesses in the course of civil discovery, litigation, or settlement 
negotiations, or in response to a subpoena, or in connection with 
criminal law proceedings;
    L. To third parties during the course of a law enforcement 
investigation to the extent necessary to obtain information pertinent 
to the investigation, provided disclosure is appropriate in the proper 
performance of the official duties of the officer making the 
disclosure;
    M. To appropriate federal, state, local, tribal, or foreign 
governmental agencies or multilateral governmental organizations where 
CBP is aware of a need to utilize relevant data for purposes of testing 
new technology and systems designed to enhance ATS;
    N. To the news media and the public, with the approval of the Chief 
Privacy Officer in consultation with counsel, when there exists a 
legitimate public interest in the disclosure of the information or when 
disclosure is necessary to preserve confidence in the integrity of DHS 
or is necessary to demonstrate the accountability of DHS's officers, 
employees, or individuals covered by the system, except to the extent 
it is determined that release of the specific information in the 
context of a particular case would constitute an unwarranted invasion 
of personal privacy.

Disclosure to consumer reporting agencies:
    None.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    Records in this system are stored electronically or on paper in 
secure facilities in a locked drawer behind a locked door. The records 
are stored on magnetic disc, tape, digital media, and CD-ROM.

Retrievability:
    Records may be retrieved by any of the data elements described in 
``Categories of Records,'' including by name or personal identifier 
from an electronic database.

Safeguards:
    Records in this system are safeguarded in accordance with 
applicable rules and policies, including all applicable DHS automated 
systems security and access policies. Strict controls have been imposed 
to minimize the risk of compromising the information that is being 
stored. Access to the computer system containing the records in this 
system is limited to those individuals who have a need to know the 
information for the performance of their official duties and who have 
appropriate clearances or permissions.

Retention and disposal:
    Official Records in this system (Passenger Name Records (PNR); 
Importer Security Filings (10+2 documentation); results of Cargo 
Enforcement Exams; the combination of license plate, Department of 
Motor Vehicle registration data, and biographical data associated with 
a border crossing; law enforcement and/or intelligence data, reports, 
and projects developed by CBP analysts that may include public source 
information and/or classified information; and information obtained 
through memoranda of understanding or other arrangements because the 
information is relevant to the border security mission of the 
Department will be retained and disposed of in accordance with a 
records schedule approved by the National Archives and Records 
Administration on April 12, 2008. ATS collects information directly, 
ingests information from various systems, and accesses other systems 
without ingesting the data. To the extent information is ingested from 
other systems, data is retained in ATS in accordance with the record 
retention requirements of those systems, or the retention period for 
ATS, whichever is shortest.
    The retention period for the official records maintained in ATS 
will not exceed fifteen years, after which time the records will be 
deleted, except as noted below. The retention period for PNR will be 
subject to the following further access restrictions: ATS users with 
PNR access will have access to PNR in an active database for up to five 
years, during which time the PNR will be depersonalized following the 
first six months retention. After this initial five-year retention, the 
PNR data will be transferred to a dormant database for a period of up 
to ten years. PNR data in dormant status will be subject to additional 
controls including the requirement of obtaining access approval from a 
senior DHS official designated by the Secretary of Homeland Security. 
Furthermore, PNR in the dormant database may only be repersonalized in 
connection with a law enforcement operation and only in response to an 
identifiable case, threat, or risk. Such limited access and use for 
older PNR strikes a reasonable balance between protecting this 
information and allowing CBP to continue to identify potential high-
risk travelers. Notwithstanding the foregoing, information maintained 
only in ATS that is linked to active law enforcement lookout records, 
CBP matches to enforcement activities, and/or investigations or cases 
(i.e., specific and credible threats; flights, individuals, and routes 
of concern; or other defined sets of circumstances) will remain 
accessible for the life of the law enforcement matter to support that 
activity and other enforcement activities that may become related.
    The justification for a fifteen-year retention period for the 
official records is based on CBP's law enforcement and security 
functions at the border. This retention period is based on CBP's

[[Page 30303]]

historical encounters with suspected terrorists and other criminals, as 
well as the broader expertise of the law enforcement and intelligence 
communities. It is well known, for example, that potential terrorists 
may make multiple visits to the United States in advance of performing 
an attack. It is over the course of time and multiple visits that a 
potential risk becomes clear. Travel records, including historical 
records, are essential in assisting CBP Officers with their risk-based 
assessment of travel indicators and identifying potential links between 
known and previously unidentified terrorist facilitators. Analyzing 
these records for these purposes allows CBP to continue to effectively 
identify suspect travel patterns and irregularities.

System Manager and address:
    Executive Director, Automation and Targeting Division, Office of 
Intelligence and Investigative Liaison, U.S. Customs and Border 
Protection, and Director, Targeting and Analysis, Systems Program 
Office, Office of Information and Technology, U.S. Customs and Border 
Protection, both of whom are located at 1300 Pennsylvania Avenue NW., 
Washington, DC 20229.

Notification procedure:
    The Secretary of Homeland Security has exempted this system from 
the notification, access, amendment, and certain accounting procedures 
of the Privacy Act because it is a law enforcement system. These 
exemptions also apply to the extent that information in this system of 
records is recompiled or is created from information contained in other 
systems of records with appropriate exemptions in place. To the extent 
that a record is exempted in a source system, the exemption will 
continue to apply. Despite the exemptions taken on this system of 
records, CBP and DHS are not exempting the following records from the 
access and amendment provisions of the Privacy Act: passenger name 
records (PNR) collected by CBP pursuant to its statutory authority, 49 
U.S.C. 44909, as implemented by 19 CFR 122.49d; Importer Security 
Filing (10+2 documentation) information; and any records that were 
ingested by ATS where the source system of records already provides 
access and/or amendment under the Privacy Act. Individuals seeking 
notification of and access to records contained in this system of 
records, or seeking to contest its content, may submit a request in 
writing to the Headquarters or CBP FOIA Officer, whose contact 
information can be found at https://www.dhs.gov/foia under ``contacts.'' 
If an individual believes more than one component maintains Privacy Act 
records concerning him or her the individual may submit the request to 
the Chief Privacy Officer, Department of Homeland Security, 245 Murray 
Drive SW., Building 410, STOP-0655, Washington, DC 20528.
    When seeking records about yourself from this system of records or 
any other Departmental system of records your request must conform with 
the Privacy Act regulations set forth in 6 CFR Part 5. You must first 
verify your identity, meaning that you must provide your full name, 
current address and date and place of birth. You must sign your 
request, and your signature must either be notarized or submitted under 
28 U.S.C. 1746, a law that permits statements to be made under penalty 
of perjury as a substitute for notarization. While no specific form is 
required, you may obtain forms for this purpose from the Director, 
Disclosure and FOIA, https://www.dhs.gov or 1-866-431-0486. In addition 
you should provide the following:
     An explanation of why you believe the Department would 
have information on you,
     Identify which component(s) of the Department you believe 
may have the information about you,
     Specify when you believe the records would have been 
created,
     Provide any other information that will help the FOIA 
staff determine which DHS component agency may have responsive records, 
and
     If your request is seeking records pertaining to another 
living individual, you must include a statement from that individual 
certifying his/her agreement for you to access his/her records.
    Without this bulleted information the component(s) may not be able 
to conduct an effective search, and your request may be denied due to 
lack of specificity or lack of compliance with applicable regulations.

Record access procedures:
    See ``Notification procedure'' above.

Contesting record procedures:
    See ``Notification procedure'' above.

Record source categories:
    Records are ingested from other DHS and federal systems, and from 
foreign governments (in accordance with the terms of international 
agreements and arrangements), including but not limited to ACE, ACS, 
AES, APIS, BCI, CEAC (including Forms DS-160 and DS-260), ENFORCE, 
ESTA, GES, NIIS, NSEERS, SEACATS, SEVIS, TECS, TSDB-WLS, Social 
Security Administration's Death Master File, and WebIDENT, 
Additionally, PNR is obtained from travel reservation systems of 
commercial carriers. Information from Importer Security Filings is 
received from importers and ocean carriers. Records are accessed from 
BPETS, CCD, eGIS, NCIC, and Nlets. Also, the results of queries in the 
FBI's Interstate Identification Index (III), the National Insurance 
Crime Bureau's (NICB's) private database of stolen vehicles, and 
commercial data aggregators are stored in ATS. Lastly, records are also 
developed from analysis created by users as a result of their use of 
the system.

Exemptions claimed for the system:
    Pursuant to 6 CFR Part 5, Appendix C, certain records and 
information in this system are exempt from 5 U.S.C. 552a(c)(3) and (4); 
(d)(1), (2), (3), and (4); (e)(1), (2), (3), (4)(G) through (I), 
(e)(5), and (8); (f), and (g) of the Privacy Act pursuant to 5 U.S.C. 
552a(j)(2). Additionally, the Secretary of Homeland Security has 
exempted this system from the following provisions of the Privacy Act, 
pursuant to 5 U.S.C. 552a (k)(1) and (k)(2): 5 U.S.C. 552a(c)(3); 
(d)(1), (d)(2), (d)(3), and (d)(4); (e)(1), (e)(4)(G), (e)(4)(H), 
(e)(4)(I); and (f).
    Despite the exemptions taken on this system of records, CBP and DHS 
are not exempting the following records from the access and amendment 
provisions of the Privacy Act: passenger name records (PNR) collected 
by CBP pursuant to its statutory authority, 49 U.S.C. 44909, as 
implemented by 19 CFR 122.49d; Importer Security Filing (10+2 
documentation) information; and any records that were ingested by ATS 
where the source system of records already provides access and/or 
amendment under the Privacy Act. A traveler may obtain access to his or 
her PNR, but records concerning the targeting rules, the responses to 
rules, case events, law enforcement and/or intelligence data, reports, 
and projects developed by CBP analysts that may include public source 
information and/or classified information, information obtained through 
memoranda of understanding or other arrangements because the 
information is relevant to the border security mission of the 
Department, or records exempted from access by the system from which 
ATS

[[Page 30304]]

ingested or accessed the information will not be accessible to the 
individual.

Mary Ellen Callahan,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2012-12396 Filed 5-21-12; 8:45 am]
BILLING CODE 9110-06-P