Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Transportation Security Administration, DHS/TSA-021, TSA Pre✓TM, 2-5 [2013-31183]

Download as PDF 2 Federal Register / Vol. 79, No. 1 / Thursday, January 2, 2014 / Rules and Regulations withdrew and rescinded the notice of revocation and final rule amending Appendix A to part 2641 of title 5. See 78 FR 70191. In the withdrawal notice, OGE indicated that it planned to republish this notice and final rule in January 2014. Accordingly, OGE is now republishing that notice and final rule. OGE hereby gives notice that the abovereferenced post-employment exemptions, granted on October 29, 1991; November 10, 2003; and December 4, 2003, respectively, will expire and are revoked effective on April 2, 2014. As of the effective date, a person occupying any one of these positions will become subject to the post-employment restrictions of 18 U.S.C. 207(c) and (f) if the rate of basic pay for the position is equal to or greater than 86.5 percent of the rate of basic pay payable for level II of the Executive Schedule. As stated in 5 CFR 2641.301(j)(3)(ii), the Director of OGE is required to ‘‘maintain a listing of positions or categories of positions in Appendix A to [5 CFR part 2641] for which the 18 U.S.C. 207(c) restriction has been waived.’’ As such, Appendix A of this part is being amended to remove references to those SEC positions that are no longer exempt from the restrictions of 18 U.S.C. 207(c) and (f). These positions include: Solicitor, Office of General Counsel; Chief Litigation Counsel, Division of Enforcement; Deputy Chief Litigation Counsel, Division of Enforcement; SK– 17 Positions; SK–16 and lower-graded SK positions supervised by employees in SK–17 positions; and SK–16 and lower-graded SK positions not supervised by employees in SK–17 positions. chapter 6) that this final rule would not have a significant economic impact on a substantial number of small entities because it primarily affects current and former Federal executive branch employees. II. Matters of Regulatory Procedure List of Subjects in 5 CFR Part 2641 Conflict of interests, Government employees. mstockstill on DSK4VPTVN1PROD with RULES Administrative Procedure Act Pursuant to the Administrative Procedure Act (APA), 5 U.S.C. 553(b), OGE finds good cause to waive the notice-and-comment requirements of the APA, as the codification of OGE’s revocation of exempted positions is technical in nature, and it is important and in the public interest that the codification of OGE’s revocation of exempted positions be published in the Federal Register as promptly as possible. For these reasons, OGE is issuing this regulation as a final rule effective 90 days after publication. Paperwork Reduction Act The Paperwork Reduction Act (44 U.S.C. chapter 35) does not apply because this regulation does not contain information collection requirements that require approval of the Office of Management and Budget. Unfunded Mandates Reform Act For purposes of the Unfunded Mandates Reform Act of 1995 (2 U.S.C. chapter 5, subchapter II), this final rule would not significantly or uniquely affect small governments and will not result in increased expenditures by State, local, and tribal governments, in the aggregate, or by the private sector, of $100 million or more (as adjusted for inflation) in any one year. Executive Order 12866 In promulgating this final rule, the Office of Government Ethics has adhered to the regulatory philosophy and the applicable principles of regulation set forth in section 1 of Executive Order 12866, Regulatory Planning and Review. This rule has not been reviewed by the Office of Management and Budget under that Executive order since it is not ‘‘significant’’ under the order. Executive Order 12988 As Director of the Office of Government Ethics, I have reviewed this final rule in light of section 3 of Executive Order 12988, Civil Justice Reform, and certify that it meets the applicable standards provided therein. Approved: December 18, 2013. Walter M. Shaub, Jr., Director, Office of Government Ethics. Accordingly, for the reasons set forth in the preamble, the Office of Government Ethics is amending part 2641 of subchapter B of chapter XVI of title 5 of the Code of Federal Regulations as follows: PART 2641—POST-EMPLOYEMENT CONFLICT OF INTEREST RESTRICTIONS Regulatory Flexibility Act ■ As Director of the Office of Government Ethics, I certify under the Regulatory Flexibility Act (5 U.S.C. Authority: 5 U.S.C. App. (Ethics in Government Act of 1978); 18 U.S.C. 207; E.O. VerDate Mar<15>2010 18:52 Dec 31, 2013 Jkt 232001 1. The authority citation for part 2641 continues to read as follows: PO 00000 Frm 00002 Fmt 4700 Sfmt 4700 12674, 54 FR 15159, 3 CFR, 1989 Comp., p. 215, as modified by E.O. 12731, 55 FR 42547, 3 CFR, 1990 Comp., p. 306. Appendix A to Part 2641 [Amended] 2. Appendix A to part 2641 is amended by removing the listing for the Securities and Exchange Commission (and all positions thereunder). ■ [FR Doc. 2013–30668 Filed 12–31–13; 8:45 am] BILLING CODE 6345–03–P DEPARTMENT OF HOMELAND SECURITY Office of the Secretary 6 CFR Part 5 [Docket No. DHS–2013–0041] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Transportation Security Administration, DHS/TSA–021, TSA Pre✓TM Application Program System of Records Department of Homeland Security. ACTION: Final rule. AGENCY: The Department of Homeland Security is issuing a final rule to amend its regulations to exempt portions of a newly established system of records titled, ‘‘Department of Homeland Security/Transportation Security Administration–021, TSA Pre✓TM Application Program System of Records,’’ from one or more provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements. SUMMARY: DATES: Effective January 2, 2014. For general questions please contact: Peter Pietra, TSA Privacy Officer, TSA–036, 601 South 12th Street, Arlington, VA 20598–6036; or email at TSAprivacy@ dhs.gov. For privacy questions, please contact: Karen L. Neuman, (202) 343– 1717, Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528. SUPPLEMENTARY INFORMATION: FOR FURTHER INFORMATION CONTACT: Background The Department of Homeland Security (DHS)/Transportation Security Administration (TSA) published a Notice of Proposed Rulemaking (NPRM) in the Federal Register, 78 FR 55657 (Sept. 11, 2013), proposing to exempt portions of the newly established ‘‘DHS/ TSA–021, TSA Pre✓TM Application Program System of Records’’ from one or more provisions of the Privacy Act E:\FR\FM\02JAR1.SGM 02JAR1 Federal Register / Vol. 79, No. 1 / Thursday, January 2, 2014 / Rules and Regulations because of criminal, civil, and administrative enforcement requirements. The DHS/TSA–021 TSA Pre✓TM Application Program System of Records Notice (SORN) was published in the Federal Register, 78 FR 55274 (Sept. 10, 2013), and comments were invited on both the NPRM and SORN. Public Comments DHS received 12 comments on the NPRM and five comments on the SORN. NPRM mstockstill on DSK4VPTVN1PROD with RULES Several comments exceeded the scope of the exemption rulemaking and chose instead to comment on TSA security measures. DHS/TSA will not respond to those comments. DHS/TSA received a few comments that objected to the proposal to claim any exemptions from the Privacy Act for the release of information collected pursuant to the SORN. As stated in the NPRM, no exemption will be asserted regarding information in the system that is submitted by a person if that person, or his or her agent, seeks access to or amendment of such information. However, this system may contain records or information created or recompiled from information contained in other systems of records that are exempt from certain provisions of the Privacy Act, such as law enforcement or national security investigation or encounter records, or terrorist screening records. Disclosure of these records from other systems, as noted in the NPRM, could compromise investigatory material compiled for law enforcement or national security purposes. DHS will examine each request on a case-by-case basis and, after conferring with the appropriate component or agency, may waive applicable exemptions in appropriate circumstances and when it would not appear to interfere with or adversely affect the investigatory purposes of the systems from which the information is recompiled or in which it is contained.1 1 The TSA Pre✓TM Application Program performs checks that are very similar to those performed for populations such as TSA Transportation Worker Identification Credential (TWIC) and Hazardous Material Endorsement (HME) programs. Accordingly, TSA proposed most of the same Privacy Act exemptions for the TSA Pre✓TM Application Program that are claimed for the applicable System of Records Notice for the TWIC and HME programs. The Privacy Act exemptions claimed from the Transportation Security Threat Assessment System of Records strike the right balance of permitting TWIC and HME applicants to correct errors or incomplete information in other systems of records that may affect their ability to receive one of these credentials, while also protecting sensitive law enforcement or national security information that may be included in other systems of records. VerDate Mar<15>2010 17:09 Dec 31, 2013 Jkt 232001 DHS/TSA received one comment from a private individual recommending that foreign service employees and their families be automatically included this program. The comment misapprehends the program for which the NPRM was published. The NPRM was published in association with the SORN for the TSA Pre✓TM Application program, which is designed to allow individuals to apply to be included in the program. Separately, DHS/TSA continues to evaluate populations that may otherwise be eligible for TSA Pre✓TM screening. DHS/TSA received one comment from a private individual concerned that exemptions under the Privacy Act would allow TSA to engage in discriminatory conduct based on race and appearance, and that an individual whose application is denied would have limited recourse because TSA would not provide enough information. The security threat assessment involves recurrent checks against law enforcement, immigration, and intelligence databases. TSA does not make decisions regarding eligibility for the TSA Pre✓TM Application Program based on race or appearance. Eligibility for the TSA Pre✓TM Application Program is within the sole discretion of TSA, which will notify individuals who are denied eligibility in writing of the reasons for the denial. If initially deemed ineligible, applicants will have an opportunity to correct cases of misidentification or inaccurate criminal or immigration records. Individuals whom TSA determines are ineligible for the TSA Pre✓TM Application Program will continue to be screened at airport security checkpoints according to TSA standard screening protocols. DHS/TSA received one comment from a public interest research center that asserting Privacy Act exemptions contravenes the intent of the Privacy Act. DHS does not agree that asserting exemptions provided within the Privacy Act contravenes the Privacy Act. As reflected in the OMB Privacy Act Implementation Guidelines, ‘‘the drafters of the Act recognized that application of all the requirements of the Act to certain categories of records would have had undesirable and often unacceptable effects upon agencies in the conduct of necessary public business.’’ 40 FR 28948, 28971 (July 9, 1975). The same commenter recognized the need to withhold information pursuant to Privacy Act exemptions during the period of the investigation, but also stated that individuals should be able to receive such information after an investigation is completed or made public, with appropriate redactions to PO 00000 Frm 00003 Fmt 4700 Sfmt 4700 3 protect the identities of witnesses and informants. This commenter stated that such post-investigation disclosures would provide individuals with the ability to address potential inaccuracies in these records, and noted that the TSA Pre✓TM Application Program will provide applicants an opportunity to correct inaccurate or incomplete criminal records or immigration records. As stated above, DHS will consider requests on a case-by-case basis, and in certain instances may waive applicable exemptions and release material that otherwise would be withheld. However, certain information gathered in the course of law enforcement or national security investigations or encounters, and created or recompiled from information contained in other exempt systems of records, will continue to be exempted from disclosure. Some of these records would reveal investigative techniques, sensitive security information, and classified information, or permit the subjects of investigations to interfere with related investigations. Continuing to exempt these sensitive records from disclosure is consistent with the intent and spirit of the Privacy Act. This information contained in a document qualifying for exemption does not lose its exempt status when recompiled in another record if the purposes underlying the exemption of the original document pertain to the recompilation as well. While access under the Privacy Act may be withheld under an appropriate exemption, the DHS Traveler Redress Inquiry Program (DHS TRIP) is a single point of contact for individuals who have inquiries or seek resolution regarding difficulties they experienced during their travel screening at transportation hubs, and has been used by individuals whose names are the same or similar to those of individuals on watch lists. See https://www.dhs.gov/ dhs-trip. SORN DHS/TSA received five comments on the SORN. One commenter asked if TSA Pre✓TM Application Program applicants would be advised as to the reasons for a denial of that application. As explained in the SORN and NPRM, TSA will notify applicants who are denied eligibility in writing of the reasons for the denial. If initially deemed ineligible, applicants will have an opportunity to correct cases of misidentification or inaccurate criminal or immigration records. Consistent with 28 CFR 50.12 in cases involving criminal records, and before making a final eligibility decision, TSA will advise the applicant that the FBI E:\FR\FM\02JAR1.SGM 02JAR1 mstockstill on DSK4VPTVN1PROD with RULES 4 Federal Register / Vol. 79, No. 1 / Thursday, January 2, 2014 / Rules and Regulations criminal record discloses information that would disqualify him or her from the TSA ✓TM Application Program. Within 30 days after being advised that the criminal record received from the FBI discloses a disqualifying criminal offense, the applicant must notify TSA in writing of his or her intent to correct any information he or she believes to be inaccurate. The applicant must provide a certified revised record, or the appropriate court must forward a certified true copy of the information, prior to TSA approving eligibility of the applicant for the TSA ✓TM Application Program. With respect to immigration records, within 30 days after being advised that the immigration records indicate that the applicant is ineligible for the TSA Pre✓TM Application Program, the applicant must notify TSA in writing of his or her intent to correct any information believed to be inaccurate. TSA will review any information submitted and make a final decision. If neither notification nor a corrected record is received by TSA, TSA may make a final determination to deny eligibility. One advocacy group stated that records of travel itineraries should be expunged because, as the commenter claimed, they are records of how individuals exercise their First Amendment rights. The TSA Pre✓TM Application Program neither requests nor maintains applicant travel itinerary records, so this comment is inapplicable. Contrary to some commenters’ assertion that the TSA Pre✓TM Application Program infringes upon an individual’s right to travel, this program will provide an added convenience to the majority of the traveling public. A public interest research center noted that according to the SORN, Known Traveler Numbers (KTNs) will be granted to individuals who pose a ‘‘low’’ risk to transportation security, while the Secure Flight regulation (see 49 CFR 1560.3) provides that when a known traveler program is instituted, individuals for whom the Federal government has conducted a security threat assessment and who do ‘‘not pose a security threat’’ will be provided a KTN. This commenter stated that DHS thus used the SORN to amend the Secure Flight regulation. DHS disagrees that the use of these two phrases constitutes a change in the Secure Flight regulation for who may receive a KTN. In response to comments on the Secure Flight proposed rule, TSA stated that it intended ‘‘to develop and implement the Known Traveler Number as part of the Secure Flight program. . . .’’ and that a KTN will be assigned to VerDate Mar<15>2010 17:09 Dec 31, 2013 Jkt 232001 individuals ‘‘for whom the Federal government has already conducted a terrorist security threat assessment and has determined does not pose a terrorist security threat.’’ See 73 FR 64018, 64034 (Oct. 28, 2008). TSA will compare TSA Pre✓TM Application Program applicants to terrorist watch lists to determine whether the individuals pose a terrorist threat, but its threat assessment also will include law enforcement records checks to determine whether applicants in other ways pose a security threat.2 Applicants who are found to present a low risk to security, i.e., they do not pose either a terrorist security threat nor a more general security threat, will be provided a KTN.3 The use of the phrase ‘‘low risk’’ is neither an expansion nor a contraction of the population that was anticipated to receive KTNs under the Secure Flight rule; rather, as the TSA Pre✓TM program was developed, the use of the term ‘‘low risk’’ was employed to more accurately describe who will receive a KTN. The TSA Pre✓TM Application Program is a trusted traveler program, not a program open to all except those who present a terrorist threat. This standard also is consistent with the statutory authorization TSA received from the Congress to ‘‘[e]stablish requirements to implement trusted passenger programs and use available technologies to expedite security screening of passengers who participate in such programs, thereby allowing security screening personnel to focus on those passengers who should be subject to more extensive screening.’’ See sec. 109(a)(3) of the Aviation and Transportation Security Act (ATSA), Public Law 107–71 (115 Stat. 597, 613, 2 As TSA developed its known traveler program under the Secure Flight rule, it determined that it would require a security threat assessment similar to the threat assessment used for the TWIC and HME programs. The threat assessments for the TWIC and HME programs compare applicant names to watch lists and to law enforcement records to determine whether applicants pose a terrorist threat or other security threat. As part of this assessment, certain criminal convictions (e.g., espionage) are determined to be permanent bars to receiving a TWIC or HME, while other convictions (e.g., smuggling) require a period of time to have passed post-conviction or post-imprisonment before the applicant will be considered for the program. See 49 CFR 1572.103. The TWIC and HME programs thus consider not only whether an applicant poses a terrorist threat, but also whether the applicant otherwise poses a security threat. 3 In developing its known traveler program, TSA relied on its expertise in aviation security to determine that a ‘‘threat’’ includes a declaration of intent to cause harm, or something likely to cause harm. Furthermore, TSA determined that a ‘‘risk’’ only represents a chance of something going wrong or a possibility of danger. Therefore, TSA deemed that ‘‘low risk’’ individuals ‘‘do not pose a security threat’’ to aviation security. PO 00000 Frm 00004 Fmt 4700 Sfmt 4700 Nov. 19, 2001, codified at 49 U.S.C. 114 note). TSA promulgated the Secure Flight rule under the Administrative Procedure Act (APA), 5 U.S.C. 553, and clearly indicated that TSA was still developing its KTN program. The method that TSA selected to determine who receives KTNs under the TSA Pre✓TM Application Program does not substantively affect the public to a degree sufficient to implicate the policy interests underlying notice-andcomment rulemaking requirements. As noted in the SORN, the TSA Pre✓TM Application Program does not impose any impediment on any individual traveler that is different from that experienced by the general traveling public, and individuals who TSA determines to be ineligible for the program will continue to be screened at airport security checkpoints according to TSA standard screening protocols. See 78 FR 55274, 55275. Specifically, a traveler denied admission into a TSA Pre✓TM lane because he or she does not have a KTN will face no greater screening impediment than anyone in the standard screening lane. Thus, notice-and-comment rulemaking is not required because the Secure Flight regulation notified the public that TSA would retain the ability to determine who might receive a KTN, and also because no new substantive burden or impediment for any traveler has been created. As such, the use of the phrase ‘‘low risk’’ does not constitute an amendment to the Secure Flight regulation. The same commenter also suggested that TSA should make public its algorithms or thresholds for determining which TSA Pre✓TM; Application Program applicants are approved. If TSA were to make its algorithms public, it would be possible for individuals who seek to disrupt civil aviation to circumvent the algorithms. Such disclosure would be contrary to TSA’s mission and might endanger the flying public. Other commenters suggested that applicant information should be destroyed immediately after providing eligible individuals a KTN. For those individuals granted KTNs, TSA will maintain the application data while the KTN is valid and for one additional year to ensure that the security mission of the agency is properly protected. Without the application data, TSA would be unable to identify instances of fraud, identity theft, evolving risks, and other security issues. Moreover, destruction of the underlying application information will hinder TSA’s ability to assist KTN holders who E:\FR\FM\02JAR1.SGM 02JAR1 Federal Register / Vol. 79, No. 1 / Thursday, January 2, 2014 / Rules and Regulations have lost their numbers and could cause them to have to reapply for the program. TSA also will retain application data to protect applicants’ right to correct underlying information in the case of an initial denial. Two commenters questioned whether applicant information should be shared both within and outside DHS. TSA follows standard information-sharing principles among DHS components in accordance with the Privacy Act. In addition, TSA has narrowly tailored the routine uses that it has proposed to serve its mission and promote efficiency within the Federal Government. A public interest research center objected to three of the routine uses proposed for the system of records, arguing that the routine uses would result in blanket sharing with law enforcement agencies, foreign entities, and the public for other purposes. DHS has considered the comment but disagrees. The exercise of any routine use is subject to the requirement that sharing be compatible with the purposes for which the information was collected. Several commenters objected that the TSA Pre✓TM Application Program violates the U.S. Constitution or international treaty. DHS disagrees with the commenters as to the Constitutionality of the program, and notes that the treaty cited by an advocacy group expressly contradicts the position taken by the commenter by excluding requirements provided by law or necessary for national security from the treaty’s proscription. After careful consideration of public comments, the Department will implement the rulemaking as proposed. List of Subjects in 6 CFR Part 5 Freedom of information; Privacy. For the reasons stated in the preamble, DHS amends Chapter I of Title 6, Code of Federal Regulations, as follows: PART 5—DISCLOSURE OF RECORDS AND INFORMATION 1. The authority citation for Part 5 continues to read as follows: ■ Authority: 6 U.S.C. 101 et seq.; Pub. L. 107–296, 116 Stat. 2135; 5 U.S.C. 301. Subpart A also issued under 5 U.S.C. 552. Subpart B also issued under 5 U.S.C. 552a. 2. Add new paragraph 71 to Appendix C to Part 5 to read as follows: mstockstill on DSK4VPTVN1PROD with RULES ■ Appendix C to Part 5—DHS Systems of Records Exempt From the Privacy Act * * * * * 71. The Department of Homeland Security (DHS)/Transportation Security Administration (TSA)-021 TSA Pre✓TM VerDate Mar<15>2010 17:09 Dec 31, 2013 Jkt 232001 Application Program System of Records consists of electronic and paper records and will be used by DHS/TSA. The DHS/TSA– 021 Pre✓TM Application Program System of Records is a repository of information held by DHS/TSA on individuals who voluntarily provide personally identifiable information (PII) to TSA in return for enrollment in a program that will make them eligible for expedited security screening at designated airports. This System of Records contains PII in biographic application data, biometric information, pointer information to law enforcement databases, payment tracking, and U.S. application membership decisions that support the TSA Pre✓TM Application Program membership decisions. The DHS/ TSA–021 TSA Pre✓TM Application Program System of Records contains information that is collected by, on behalf of, in support of, or in cooperation with DHS and its components and may contain PII collected by other federal, state, local, tribal, territorial, or foreign government agencies. The Secretary of Homeland Security, pursuant to 5 U.S.C. 552a(k)(1) and (k)(2), has exempted this system from the following provisions of the Privacy Act: 5 U.S.C. 552a(c)(3); (d); (e)(1); (e)(4)(G), (H), and (I); and (f). Where a record received from another system has been exempted in that source system under 5 U.S.C. 552a(k)(1) and (k)(2), DHS will claim the same exemptions for those records that are claimed for the original primary systems of records from which they originated and claims any additional exemptions set forth here. Exemptions from these particular subsections are justified, on a case-by-case basis to be determined at the time a request is made, for the following reasons: (a) From subsection (c)(3) (Accounting for Disclosures) because release of the accounting of disclosures could alert the subject of an investigation of an actual or potential criminal, civil, or regulatory violation to the existence of that investigation and reveal investigative interest on the part of DHS as well as the recipient agency. Disclosure of the accounting would therefore present a serious impediment to law enforcement efforts and/or efforts to preserve national security. Disclosure of the accounting also would permit the individual who is the subject of a record to impede the investigation, to tamper with witnesses or evidence, and to avoid detection or apprehension, which would undermine the entire investigative process. (b) From subsection (d) (Access to Records) because access to the records contained in this system of records could inform the subject of an investigation of an actual or potential criminal, civil, or regulatory violation to the existence of that investigation and reveal investigative interest on the part of DHS or another agency. Access to the records could permit the individual who is the subject of a record to impede the investigation, to tamper with witnesses or evidence, and to avoid detection or apprehension. Amendment of the records could interfere with ongoing investigations and law enforcement activities and would impose an unreasonable administrative burden by requiring investigations to be continually reinvestigated. In addition, PO 00000 Frm 00005 Fmt 4700 Sfmt 4700 5 permitting access and amendment to such information could disclose security-sensitive information that could be detrimental to homeland security. (c) From subsection (e)(1) (Relevancy and Necessity of Information) because in the course of investigations into potential violations of federal law, the accuracy of information obtained or introduced occasionally may be unclear, or the information may not be strictly relevant or necessary to a specific investigation. In the interests of effective law enforcement, it is appropriate to retain all information that may aid in establishing patterns of unlawful activity. (d) From subsections (e)(4)(G), (H), and (I) (Agency Requirements) and (f) (Agency Rules), because portions of this system are exempt from the individual access provisions of subsection (d) for the reasons noted above, and therefore DHS is not required to establish requirements, rules, or procedures with respect to such access. Providing notice to individuals with respect to the existence of records pertaining to them in the system of records or otherwise setting up procedures pursuant to which individuals may access and view records pertaining to themselves in the system would undermine investigative efforts and reveal the identities of witnesses, potential witnesses, and confidential informants. Dated: December 20, 2013. Karen L. Neuman, Chief Privacy Officer, Department of Homeland Security. [FR Doc. 2013–31183 Filed 12–31–13; 8:45 am] BILLING CODE 9110–9M–P DEPARTMENT OF AGRICULTURE Food and Nutrition Service 7 CFR Part 271, 272, 274, 276, and 277 RIN 0584–AD99 Automated Data Processing and Information Retrieval System Requirements: System Testing Food and Nutrition Service, USDA. ACTION: Final rule. AGENCY: The Food and Nutrition Service (FNS) is adopting as a final rule, without substantive changes, the proposed rule that amends the Supplemental Nutrition Assistance Program (SNAP) regulations to implement Section 4121 of the Food, Conservation, and Energy Act of 2008 (the Farm Bill), which requires adequate system testing before and after implementation of a new State automated data processing (ADP) and information retrieval system, including the evaluation of data from pilot projects in limited areas for major SUMMARY: E:\FR\FM\02JAR1.SGM 02JAR1

Agencies

[Federal Register Volume 79, Number 1 (Thursday, January 2, 2014)]
[Rules and Regulations]
[Pages 2-5]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2013-31183]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

6 CFR Part 5

[Docket No. DHS-2013-0041]


Privacy Act of 1974: Implementation of Exemptions; Department of 
Homeland Security Transportation Security Administration, DHS/TSA-021, 
TSA Pre[check]TM Application Program System of Records

AGENCY: Department of Homeland Security.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Department of Homeland Security is issuing a final rule to 
amend its regulations to exempt portions of a newly established system 
of records titled, ``Department of Homeland Security/Transportation 
Security Administration-021, TSA Pre[check]TM Application 
Program System of Records,'' from one or more provisions of the Privacy 
Act because of criminal, civil, and administrative enforcement 
requirements.

DATES: Effective January 2, 2014.

FOR FURTHER INFORMATION CONTACT: For general questions please contact: 
Peter Pietra, TSA Privacy Officer, TSA-036, 601 South 12th Street, 
Arlington, VA 20598-6036; or email at TSAprivacy@dhs.gov. For privacy 
questions, please contact: Karen L. Neuman, (202) 343-1717, Chief 
Privacy Officer, Privacy Office, Department of Homeland Security, 
Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

Background

    The Department of Homeland Security (DHS)/Transportation Security 
Administration (TSA) published a Notice of Proposed Rulemaking (NPRM) 
in the Federal Register, 78 FR 55657 (Sept. 11, 2013), proposing to 
exempt portions of the newly established ``DHS/TSA-021, TSA 
Pre[check]TM Application Program System of Records'' from 
one or more provisions of the Privacy Act

[[Page 3]]

because of criminal, civil, and administrative enforcement 
requirements. The DHS/TSA-021 TSA Pre[check]TM Application 
Program System of Records Notice (SORN) was published in the Federal 
Register, 78 FR 55274 (Sept. 10, 2013), and comments were invited on 
both the NPRM and SORN.

Public Comments

    DHS received 12 comments on the NPRM and five comments on the SORN.

NPRM

    Several comments exceeded the scope of the exemption rulemaking and 
chose instead to comment on TSA security measures. DHS/TSA will not 
respond to those comments.
    DHS/TSA received a few comments that objected to the proposal to 
claim any exemptions from the Privacy Act for the release of 
information collected pursuant to the SORN. As stated in the NPRM, no 
exemption will be asserted regarding information in the system that is 
submitted by a person if that person, or his or her agent, seeks access 
to or amendment of such information. However, this system may contain 
records or information created or recompiled from information contained 
in other systems of records that are exempt from certain provisions of 
the Privacy Act, such as law enforcement or national security 
investigation or encounter records, or terrorist screening records. 
Disclosure of these records from other systems, as noted in the NPRM, 
could compromise investigatory material compiled for law enforcement or 
national security purposes. DHS will examine each request on a case-by-
case basis and, after conferring with the appropriate component or 
agency, may waive applicable exemptions in appropriate circumstances 
and when it would not appear to interfere with or adversely affect the 
investigatory purposes of the systems from which the information is 
recompiled or in which it is contained.\1\
---------------------------------------------------------------------------

    \1\ The TSA Pre[check]TM Application Program performs 
checks that are very similar to those performed for populations such 
as TSA Transportation Worker Identification Credential (TWIC) and 
Hazardous Material Endorsement (HME) programs. Accordingly, TSA 
proposed most of the same Privacy Act exemptions for the TSA 
Pre[check]TM Application Program that are claimed for the 
applicable System of Records Notice for the TWIC and HME programs. 
The Privacy Act exemptions claimed from the Transportation Security 
Threat Assessment System of Records strike the right balance of 
permitting TWIC and HME applicants to correct errors or incomplete 
information in other systems of records that may affect their 
ability to receive one of these credentials, while also protecting 
sensitive law enforcement or national security information that may 
be included in other systems of records.
---------------------------------------------------------------------------

    DHS/TSA received one comment from a private individual recommending 
that foreign service employees and their families be automatically 
included this program. The comment misapprehends the program for which 
the NPRM was published. The NPRM was published in association with the 
SORN for the TSA Pre[check]TM Application program, which is 
designed to allow individuals to apply to be included in the program. 
Separately, DHS/TSA continues to evaluate populations that may 
otherwise be eligible for TSA Pre[check]TM screening.
    DHS/TSA received one comment from a private individual concerned 
that exemptions under the Privacy Act would allow TSA to engage in 
discriminatory conduct based on race and appearance, and that an 
individual whose application is denied would have limited recourse 
because TSA would not provide enough information. The security threat 
assessment involves recurrent checks against law enforcement, 
immigration, and intelligence databases. TSA does not make decisions 
regarding eligibility for the TSA Pre[check]TM Application 
Program based on race or appearance. Eligibility for the TSA 
Pre[check]TM Application Program is within the sole 
discretion of TSA, which will notify individuals who are denied 
eligibility in writing of the reasons for the denial. If initially 
deemed ineligible, applicants will have an opportunity to correct cases 
of misidentification or inaccurate criminal or immigration records. 
Individuals whom TSA determines are ineligible for the TSA 
Pre[check]TM Application Program will continue to be 
screened at airport security checkpoints according to TSA standard 
screening protocols.
    DHS/TSA received one comment from a public interest research center 
that asserting Privacy Act exemptions contravenes the intent of the 
Privacy Act. DHS does not agree that asserting exemptions provided 
within the Privacy Act contravenes the Privacy Act. As reflected in the 
OMB Privacy Act Implementation Guidelines, ``the drafters of the Act 
recognized that application of all the requirements of the Act to 
certain categories of records would have had undesirable and often 
unacceptable effects upon agencies in the conduct of necessary public 
business.'' 40 FR 28948, 28971 (July 9, 1975).
    The same commenter recognized the need to withhold information 
pursuant to Privacy Act exemptions during the period of the 
investigation, but also stated that individuals should be able to 
receive such information after an investigation is completed or made 
public, with appropriate redactions to protect the identities of 
witnesses and informants. This commenter stated that such post-
investigation disclosures would provide individuals with the ability to 
address potential inaccuracies in these records, and noted that the TSA 
Pre[check]TM Application Program will provide applicants an 
opportunity to correct inaccurate or incomplete criminal records or 
immigration records.
    As stated above, DHS will consider requests on a case-by-case 
basis, and in certain instances may waive applicable exemptions and 
release material that otherwise would be withheld. However, certain 
information gathered in the course of law enforcement or national 
security investigations or encounters, and created or recompiled from 
information contained in other exempt systems of records, will continue 
to be exempted from disclosure. Some of these records would reveal 
investigative techniques, sensitive security information, and 
classified information, or permit the subjects of investigations to 
interfere with related investigations. Continuing to exempt these 
sensitive records from disclosure is consistent with the intent and 
spirit of the Privacy Act. This information contained in a document 
qualifying for exemption does not lose its exempt status when 
recompiled in another record if the purposes underlying the exemption 
of the original document pertain to the recompilation as well.
    While access under the Privacy Act may be withheld under an 
appropriate exemption, the DHS Traveler Redress Inquiry Program (DHS 
TRIP) is a single point of contact for individuals who have inquiries 
or seek resolution regarding difficulties they experienced during their 
travel screening at transportation hubs, and has been used by 
individuals whose names are the same or similar to those of individuals 
on watch lists. See https://www.dhs.gov/dhs-trip.

SORN

    DHS/TSA received five comments on the SORN. One commenter asked if 
TSA Pre[check]TM Application Program applicants would be 
advised as to the reasons for a denial of that application. As 
explained in the SORN and NPRM, TSA will notify applicants who are 
denied eligibility in writing of the reasons for the denial. If 
initially deemed ineligible, applicants will have an opportunity to 
correct cases of misidentification or inaccurate criminal or 
immigration records.
    Consistent with 28 CFR 50.12 in cases involving criminal records, 
and before making a final eligibility decision, TSA will advise the 
applicant that the FBI

[[Page 4]]

criminal record discloses information that would disqualify him or her 
from the TSA [check]TM Application Program. Within 30 days 
after being advised that the criminal record received from the FBI 
discloses a disqualifying criminal offense, the applicant must notify 
TSA in writing of his or her intent to correct any information he or 
she believes to be inaccurate. The applicant must provide a certified 
revised record, or the appropriate court must forward a certified true 
copy of the information, prior to TSA approving eligibility of the 
applicant for the TSA [check]TM Application Program. With 
respect to immigration records, within 30 days after being advised that 
the immigration records indicate that the applicant is ineligible for 
the TSA Pre[check]TM Application Program, the applicant must 
notify TSA in writing of his or her intent to correct any information 
believed to be inaccurate. TSA will review any information submitted 
and make a final decision. If neither notification nor a corrected 
record is received by TSA, TSA may make a final determination to deny 
eligibility.
    One advocacy group stated that records of travel itineraries should 
be expunged because, as the commenter claimed, they are records of how 
individuals exercise their First Amendment rights. The TSA 
Pre[check]TM Application Program neither requests nor 
maintains applicant travel itinerary records, so this comment is 
inapplicable.
    Contrary to some commenters' assertion that the TSA 
Pre[check]TM Application Program infringes upon an 
individual's right to travel, this program will provide an added 
convenience to the majority of the traveling public.
    A public interest research center noted that according to the SORN, 
Known Traveler Numbers (KTNs) will be granted to individuals who pose a 
``low'' risk to transportation security, while the Secure Flight 
regulation (see 49 CFR 1560.3) provides that when a known traveler 
program is instituted, individuals for whom the Federal government has 
conducted a security threat assessment and who do ``not pose a security 
threat'' will be provided a KTN. This commenter stated that DHS thus 
used the SORN to amend the Secure Flight regulation. DHS disagrees that 
the use of these two phrases constitutes a change in the Secure Flight 
regulation for who may receive a KTN. In response to comments on the 
Secure Flight proposed rule, TSA stated that it intended ``to develop 
and implement the Known Traveler Number as part of the Secure Flight 
program. . . .'' and that a KTN will be assigned to individuals ``for 
whom the Federal government has already conducted a terrorist security 
threat assessment and has determined does not pose a terrorist security 
threat.'' See 73 FR 64018, 64034 (Oct. 28, 2008).
    TSA will compare TSA Pre[check]TM Application Program 
applicants to terrorist watch lists to determine whether the 
individuals pose a terrorist threat, but its threat assessment also 
will include law enforcement records checks to determine whether 
applicants in other ways pose a security threat.\2\ Applicants who are 
found to present a low risk to security, i.e., they do not pose either 
a terrorist security threat nor a more general security threat, will be 
provided a KTN.\3\
---------------------------------------------------------------------------

    \2\ As TSA developed its known traveler program under the Secure 
Flight rule, it determined that it would require a security threat 
assessment similar to the threat assessment used for the TWIC and 
HME programs. The threat assessments for the TWIC and HME programs 
compare applicant names to watch lists and to law enforcement 
records to determine whether applicants pose a terrorist threat or 
other security threat. As part of this assessment, certain criminal 
convictions (e.g., espionage) are determined to be permanent bars to 
receiving a TWIC or HME, while other convictions (e.g., smuggling) 
require a period of time to have passed post-conviction or post-
imprisonment before the applicant will be considered for the 
program. See 49 CFR 1572.103. The TWIC and HME programs thus 
consider not only whether an applicant poses a terrorist threat, but 
also whether the applicant otherwise poses a security threat.
    \3\ In developing its known traveler program, TSA relied on its 
expertise in aviation security to determine that a ``threat'' 
includes a declaration of intent to cause harm, or something likely 
to cause harm. Furthermore, TSA determined that a ``risk'' only 
represents a chance of something going wrong or a possibility of 
danger. Therefore, TSA deemed that ``low risk'' individuals ``do not 
pose a security threat'' to aviation security.
---------------------------------------------------------------------------

    The use of the phrase ``low risk'' is neither an expansion nor a 
contraction of the population that was anticipated to receive KTNs 
under the Secure Flight rule; rather, as the TSA 
Pre[check]TM program was developed, the use of the term 
``low risk'' was employed to more accurately describe who will receive 
a KTN. The TSA Pre[check]TM Application Program is a trusted 
traveler program, not a program open to all except those who present a 
terrorist threat. This standard also is consistent with the statutory 
authorization TSA received from the Congress to ``[e]stablish 
requirements to implement trusted passenger programs and use available 
technologies to expedite security screening of passengers who 
participate in such programs, thereby allowing security screening 
personnel to focus on those passengers who should be subject to more 
extensive screening.'' See sec. 109(a)(3) of the Aviation and 
Transportation Security Act (ATSA), Public Law 107-71 (115 Stat. 597, 
613, Nov. 19, 2001, codified at 49 U.S.C. 114 note).
    TSA promulgated the Secure Flight rule under the Administrative 
Procedure Act (APA), 5 U.S.C. 553, and clearly indicated that TSA was 
still developing its KTN program. The method that TSA selected to 
determine who receives KTNs under the TSA Pre[check]TM 
Application Program does not substantively affect the public to a 
degree sufficient to implicate the policy interests underlying notice-
and-comment rulemaking requirements. As noted in the SORN, the TSA 
Pre[check]TM Application Program does not impose any 
impediment on any individual traveler that is different from that 
experienced by the general traveling public, and individuals who TSA 
determines to be ineligible for the program will continue to be 
screened at airport security checkpoints according to TSA standard 
screening protocols. See 78 FR 55274, 55275. Specifically, a traveler 
denied admission into a TSA Pre[check]TM lane because he or 
she does not have a KTN will face no greater screening impediment than 
anyone in the standard screening lane. Thus, notice-and-comment 
rulemaking is not required because the Secure Flight regulation 
notified the public that TSA would retain the ability to determine who 
might receive a KTN, and also because no new substantive burden or 
impediment for any traveler has been created. As such, the use of the 
phrase ``low risk'' does not constitute an amendment to the Secure 
Flight regulation.
    The same commenter also suggested that TSA should make public its 
algorithms or thresholds for determining which TSA 
Pre[check]TM; Application Program applicants are approved. 
If TSA were to make its algorithms public, it would be possible for 
individuals who seek to disrupt civil aviation to circumvent the 
algorithms. Such disclosure would be contrary to TSA's mission and 
might endanger the flying public.
    Other commenters suggested that applicant information should be 
destroyed immediately after providing eligible individuals a KTN. For 
those individuals granted KTNs, TSA will maintain the application data 
while the KTN is valid and for one additional year to ensure that the 
security mission of the agency is properly protected. Without the 
application data, TSA would be unable to identify instances of fraud, 
identity theft, evolving risks, and other security issues. Moreover, 
destruction of the underlying application information will hinder TSA's 
ability to assist KTN holders who

[[Page 5]]

have lost their numbers and could cause them to have to reapply for the 
program. TSA also will retain application data to protect applicants' 
right to correct underlying information in the case of an initial 
denial.
    Two commenters questioned whether applicant information should be 
shared both within and outside DHS. TSA follows standard information-
sharing principles among DHS components in accordance with the Privacy 
Act. In addition, TSA has narrowly tailored the routine uses that it 
has proposed to serve its mission and promote efficiency within the 
Federal Government.
    A public interest research center objected to three of the routine 
uses proposed for the system of records, arguing that the routine uses 
would result in blanket sharing with law enforcement agencies, foreign 
entities, and the public for other purposes. DHS has considered the 
comment but disagrees. The exercise of any routine use is subject to 
the requirement that sharing be compatible with the purposes for which 
the information was collected.
    Several commenters objected that the TSA Pre[check]TM 
Application Program violates the U.S. Constitution or international 
treaty. DHS disagrees with the commenters as to the Constitutionality 
of the program, and notes that the treaty cited by an advocacy group 
expressly contradicts the position taken by the commenter by excluding 
requirements provided by law or necessary for national security from 
the treaty's proscription.
    After careful consideration of public comments, the Department will 
implement the rulemaking as proposed.

List of Subjects in 6 CFR Part 5

    Freedom of information; Privacy.

    For the reasons stated in the preamble, DHS amends Chapter I of 
Title 6, Code of Federal Regulations, as follows:

PART 5--DISCLOSURE OF RECORDS AND INFORMATION

0
1. The authority citation for Part 5 continues to read as follows:

    Authority:  6 U.S.C. 101 et seq.; Pub. L. 107-296, 116 Stat. 
2135; 5 U.S.C. 301. Subpart A also issued under 5 U.S.C. 552. 
Subpart B also issued under 5 U.S.C. 552a.


0
2. Add new paragraph 71 to Appendix C to Part 5 to read as follows:

Appendix C to Part 5--DHS Systems of Records Exempt From the Privacy 
Act

* * * * *
    71. The Department of Homeland Security (DHS)/Transportation 
Security Administration (TSA)-021 TSA Pre[check]TM 
Application Program System of Records consists of electronic and 
paper records and will be used by DHS/TSA. The DHS/TSA-021 
Pre[check]TM Application Program System of Records is a 
repository of information held by DHS/TSA on individuals who 
voluntarily provide personally identifiable information (PII) to TSA 
in return for enrollment in a program that will make them eligible 
for expedited security screening at designated airports. This System 
of Records contains PII in biographic application data, biometric 
information, pointer information to law enforcement databases, 
payment tracking, and U.S. application membership decisions that 
support the TSA Pre[check]TM Application Program 
membership decisions. The DHS/TSA-021 TSA Pre[check]TM 
Application Program System of Records contains information that is 
collected by, on behalf of, in support of, or in cooperation with 
DHS and its components and may contain PII collected by other 
federal, state, local, tribal, territorial, or foreign government 
agencies. The Secretary of Homeland Security, pursuant to 5 U.S.C. 
552a(k)(1) and (k)(2), has exempted this system from the following 
provisions of the Privacy Act: 5 U.S.C. 552a(c)(3); (d); (e)(1); 
(e)(4)(G), (H), and (I); and (f). Where a record received from 
another system has been exempted in that source system under 5 
U.S.C. 552a(k)(1) and (k)(2), DHS will claim the same exemptions for 
those records that are claimed for the original primary systems of 
records from which they originated and claims any additional 
exemptions set forth here. Exemptions from these particular 
subsections are justified, on a case-by-case basis to be determined 
at the time a request is made, for the following reasons:
    (a) From subsection (c)(3) (Accounting for Disclosures) because 
release of the accounting of disclosures could alert the subject of 
an investigation of an actual or potential criminal, civil, or 
regulatory violation to the existence of that investigation and 
reveal investigative interest on the part of DHS as well as the 
recipient agency. Disclosure of the accounting would therefore 
present a serious impediment to law enforcement efforts and/or 
efforts to preserve national security. Disclosure of the accounting 
also would permit the individual who is the subject of a record to 
impede the investigation, to tamper with witnesses or evidence, and 
to avoid detection or apprehension, which would undermine the entire 
investigative process.
    (b) From subsection (d) (Access to Records) because access to 
the records contained in this system of records could inform the 
subject of an investigation of an actual or potential criminal, 
civil, or regulatory violation to the existence of that 
investigation and reveal investigative interest on the part of DHS 
or another agency. Access to the records could permit the individual 
who is the subject of a record to impede the investigation, to 
tamper with witnesses or evidence, and to avoid detection or 
apprehension. Amendment of the records could interfere with ongoing 
investigations and law enforcement activities and would impose an 
unreasonable administrative burden by requiring investigations to be 
continually reinvestigated. In addition, permitting access and 
amendment to such information could disclose security-sensitive 
information that could be detrimental to homeland security.
    (c) From subsection (e)(1) (Relevancy and Necessity of 
Information) because in the course of investigations into potential 
violations of federal law, the accuracy of information obtained or 
introduced occasionally may be unclear, or the information may not 
be strictly relevant or necessary to a specific investigation. In 
the interests of effective law enforcement, it is appropriate to 
retain all information that may aid in establishing patterns of 
unlawful activity.
    (d) From subsections (e)(4)(G), (H), and (I) (Agency 
Requirements) and (f) (Agency Rules), because portions of this 
system are exempt from the individual access provisions of 
subsection (d) for the reasons noted above, and therefore DHS is not 
required to establish requirements, rules, or procedures with 
respect to such access. Providing notice to individuals with respect 
to the existence of records pertaining to them in the system of 
records or otherwise setting up procedures pursuant to which 
individuals may access and view records pertaining to themselves in 
the system would undermine investigative efforts and reveal the 
identities of witnesses, potential witnesses, and confidential 
informants.

    Dated: December 20, 2013.
Karen L. Neuman,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2013-31183 Filed 12-31-13; 8:45 am]
BILLING CODE 9110-9M-P
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.