Privacy Act of 1974; Implementation, 35651-35654 [2017-15423]
Download as PDF
<![CDATA[
Federal Register / Vol. 82, No. 146 / Tuesday, August 1, 2017 / Rules and Regulations
date and time will thereafter be continuously
published in the Chart Supplement.
*
*
*
*
*
Paragraph 6002 Class E Airspace
Designated as Surface Areas.
*
*
*
*
*
AGL WI E2 Kenosha, WI [Amended]
Kenosha Regional Airport, WI
(Lat. 42°35′45″ N., long. 87°55′40″ W.)
That airspace extending upward from the
surface to and including 3,200 feet within a
4.2-mile radius of Kenosha Regional Airport.
This Class E airspace area is effective during
the specific dates and times established in
advance by Notice to Airmen. The effective
date and time will thereafter be continuously
published in the Chart Supplement.
*
*
*
*
*
Paragraph 6004 Class E Airspace Area
Designated as an Extension of Class D
Airspace.
*
*
*
AGL WI E4
*
*
*
*
Kenosha, WI [Removed]
*
*
*
Paragraph 6005 Class E Airspace Areas
Extending Upward From 700 Feet or More
Above the Surface of the Earth.
*
*
*
*
*
AGL WI E5 Kenosha, WI [Amended]
Kenosha Regional Airport, WI
(Lat. 42°35′45″ N., long. 87°55′40″ W.)
Kenosha Localizer
(Lat. 42°36′04″ N., long. 87°55′11″ W.)
That airspace extending upward from 700
feet above the surface within a 6.7-mile
radius of Kenosha Regional Airport, and
within 9.9 miles north and 5.9 miles south
of a 246° bearing from the Kenosha Localizer
to 10 miles west of the Kenosha Localizer.
Issued in Fort Worth, Texas, on July 24,
2017.
Walter Tweedy,
Acting Manager, Operations Support Group,
ATO Central Service Center.
[FR Doc. 2017–16098 Filed 7–31–17; 8:45 am]
BILLING CODE 4910–13–P
DEPARTMENT OF JUSTICE
28 CFR Part 16
[CPCLO Order No. 007–2017]
Privacy Act of 1974; Implementation
Federal Bureau of
Investigation, United States Department
of Justice.
ACTION: Final rule.
mstockstill on DSK30JT082PROD with RULES
AGENCY:
The Federal Bureau of
Investigation (FBI), a component of the
United States Department of Justice
(DOJ or Department), is issuing a final
rule to amend its Privacy Act exemption
regulations for the system of records
SUMMARY:
VerDate Sep<11>2014
17:30 Jul 31, 2017
Jkt 241001
titled, ‘‘Next Generation Identification
(NGI) System,’’ JUSTICE/FBI–009, last
published in full on May 5, 2016.
Specifically, the FBI exempts the
records maintained in JUSTICE/FBI–009
from one or more provisions of the
Privacy Act. The listed exemptions are
necessary to avoid interference with the
Department’s law enforcement and
national security functions and
responsibilities of the FBI. This
document addresses public comments
on the proposed rule.
DATES: This final rule is effective August
31, 2017.
FOR FURTHER INFORMATION CONTACT:
Roxane M. Panarella, Assistant General
Counsel, Privacy and Civil Liberties
Unit, Office of the General Counsel, FBI,
Washington DC, telephone 304–625–
4000.
SUPPLEMENTARY INFORMATION:
Background
In 1990, the FBI published in the
Federal Register a System of Records
Notice (SORN) for the FBI system of
records titled, ‘‘Identification Division
Records System,’’ JUSTICE/FBI–009.
JUSTICE/FBI–009 evolved into the
‘‘Fingerprint Identification Records
System (FIRS),’’ also referred to as the
‘‘Integrated Automated Fingerprint
Identification System (IAFIS),’’
published at 61 FR 6386 (February 20,
1996), which covered individuals
arrested or incarcerated, individuals
applying for Federal employment or
military service, registered aliens or
naturalized citizens, and individuals
wishing to place their fingerprints on
record for personal identification
purposes. The FIRS SORN included the
following records:
A. Criminal fingerprint cards and/or
related criminal justice information
submitted by authorized agencies
having criminal justice responsibilities;
B. Civil fingerprint cards submitted by
Federal agencies and civil fingerprint
cards submitted by persons desiring to
have their fingerprints placed on record
for personal identification purposes;
C. Identification records sometimes
referred to as ‘‘rap sheets’’ which are
compilations of criminal history
information pertaining to individuals
who have criminal fingerprint cards
maintained in the system; and
D. A name index pertaining to all
individuals whose fingerprints are
maintained in the system.
As the system expanded, records
continued to fall within the general
categories of records specified in the
SORN. As a policy matter, however, and
in an effort to better detail the
enhancements made to the system, the
PO 00000
Frm 00029
Fmt 4700
Sfmt 4700
35651
FBI and DOJ determined that JUSTICE/
FBI–009 should be modified to more
fully describe the features and
capabilities of the system, which has
since been renamed the Next Generation
Identification (NGI) System. Important
enhancements to the NGI System
include the increased retention and
searching of fingerprints obtained for
the purposes of licensing, employment,
obtaining government benefits, and
biometric services such as improved
latent fingerprint searching and face
recognition technology. Leading up to
the publication of the modified SORN
and a Notice of Proposed Rulemaking
(NPRM) for the NGI System, the FBI
conducted a series of Privacy Impact
Assessments that detailed the steps
taken by the FBI to fully assess the
privacy impacts of new and modified
NGI System components, addressing
potential risks and mitigation
techniques.
On May 5, 2016, the FBI issued a
Notice of a Modified System of Records
for the NGI System in the Federal
Register at 81 FR 27284 (May 5, 2016),
and an NPRM at 81 FR 27288 (May 5,
2016). In determining whether to claim
exemptions, the FBI did not simply rely
on exemptions granted to the
predecessor system of records, but
thoroughly evaluated the NGI System
and its various components to
determine whether exemptions were
necessary. The necessary exemptions
were proposed in the NPRM along with
supporting rationales, and are to be
codified in accordance with the
issuance of this final rule.
Response to Public Comments
In its NGI System NPRM and Notice
of a Modified System of Records,
published on May 5, 2016, the
Department invited public comment.
The comment periods for both
documents were originally set to close
on June 6, 2016, but were extended 30
days to allow interested individuals
additional time to analyze the proposal
and prepare their comments. The FBI
received over 100 comments and letters
from individuals, and from nongovernment, public interest, civil
liberties, non-profit, and academic
organizations. The FBI has closely
reviewed and considered these
comments. The following discussion is
provided to respond to the NPRM
comments and provide greater insight
into the FBI’s assessment of the need to
claim exemptions from certain
provisions of the Privacy Act for the
NGI System.
Many questions and comments were
received concerning the breadth and
scope of the exemptions claimed. As
E:\FR\FM\01AUR1.SGM
01AUR1
35652
Federal Register / Vol. 82, No. 146 / Tuesday, August 1, 2017 / Rules and Regulations
mstockstill on DSK30JT082PROD with RULES
noted in the NPRM and reiterated here,
the following exemptions apply only to
the extent information in this system is
subject to exemption pursuant to 5
U.S.C. 552a(j) or (k). Where compliance
with an exempted section of the Privacy
Act would not appear to interfere with
or adversely affect the purposes of the
NGI System to support law enforcement
and to protect national security, the
applicable exemption may be waived by
the FBI in its sole discretion.
These exemptions are claimed with
respect to the NGI System’s records,
which are compiled for the purposes of
identifying criminal offenders or alleged
criminal offenders, criminal
investigations, and reports identifiable
to an individual compiled throughout
the criminal law enforcement process,
including fingerprints, as well as
associated biographic data, the nature
and disposition of any criminal charges,
and additional biometrics such as
mugshots and palm prints, if available
and if provided by the submitting
agency. The NGI System records qualify
for exemption from sections of the
Privacy Act under 5 U.S.C. 552a(j)(2)
because the FBI’s principal function is
the enforcement of criminal laws and
the records maintained in the NGI
System fall into one or more of the
categories listed in (j)(2). Due to the
evolving nature of identity records and
investigations and the scope of the NGI
System, certain NGI System records may
fall outside the scope of (j)(2) and would
qualify for the specific exemptions
under 5 U.S.C. 552a(k)(2) and (5). The
exercise of all exemptions is
discretionary and the FBI will not
exercise an exemption of any section of
the Privacy Act that is not appropriate
and necessary.
5 U.S.C. 552a(c)(3), Accounting of
Disclosures Upon Request of the Named
Subject
Some of the comments communicated
concerns about claiming exemptions
from accounting and audit disclosure
requirements. As with exemptions
claimed under subsections (c)(4) and
(d), exemption from (c)(3) disclosure
requirements is necessary to preserve
the integrity of ongoing investigations.
Revealing this information could
compromise ongoing, authorized law
enforcement and national security
efforts by alerting an individual to
collaborative law enforcement and
national security investigations as well
as the relative interests of the FBI and/
or other investigatory agencies.
Although the vast majority of NGI
System disclosures need not be
provided in an accounting request, the
FBI must claim this additional
VerDate Sep<11>2014
17:30 Jul 31, 2017
Jkt 241001
exemption to ensure its ability to protect
the integrity of ongoing investigations.
It is important to note that, despite
claiming this exemption, the Privacy
Act does not permit the FBI to exempt
this system of records from the
requirements codified under
subsections 5 U.S.C. 552a(c)(1) and
(c)(2). As a result, except under limited
circumstances as outlined in the Privacy
Act, the FBI is obligated to keep an
accurate accounting of the date, nature,
and purpose of each disclosure of a
record maintained within this system of
records, and retain the accounting for at
least five years or the life of the record,
whichever is longer, after the disclosure
for which the accounting is made.
5 U.S.C. 552a(d)(1), (2), (3) and (4),
(e)(4)(G) and (H), (e)(8), (f), Access to
and Amendment of Records
Many of the comments received
concerned exemptions regarding the
access to and amendment of records
pursuant to 5 U.S.C. 552a(d)(1), (2), (3)
and (4), (e)(4)(G) and (H), (e)(8), and (f).
As with exemptions claimed to (c)(3)
and (c)(4), providing access to these
records could compromise ongoing
investigations. It is necessary for the FBI
to claim these exemptions because the
NGI System also contains latent
fingerprints, as well as other biometrics,
and associated personal information
that may be law enforcement or national
security sensitive. Compliance with
these provisions could alert the subject
of an authorized law enforcement
activity about that particular activity
and the interest of the FBI and/or other
law enforcement agencies. With that
said, as cited in both the SORN and the
NPRM, separate federal regulations (see
28 CFR 16.30–16.34 and 28 CFR 20.34)
inform individuals of the process to
access and amend their criminal history
records in the NGI System. These
regulations permit any person to receive
his or her criminal history record for
review and correction. If the individual
has no criminal history record in the
NGI System, he or she receives a letter
confirming the absence of such record.
Pursuant to the regulations, after an
individual receives his or her criminal
history record, he or she may consult
both the FBI and the relevant criminal
justice agency to correct or update the
record. The vast majority of records in
the NGI System have been entered by
state and local law enforcement and
require coordination with those
agencies.
In addition, pursuant to 28 CFR 50.12,
agencies submitting fingerprints to the
FBI for individuals seeking
employment, licensing, or similar
benefits are required to inform the
PO 00000
Frm 00030
Fmt 4700
Sfmt 4700
applicants that their fingerprints will be
searched in the NGI System and of the
process for access and amendment
under 28 CFR 16.30–16.34. The
regulation also advises that agencies
should afford the applicants the
opportunity to correct or complete their
records before making licensing or
employment decisions. Additionally, for
records claiming specific exemption
under 5 U.S.C. 552a(k), if an individual
is denied any right, privilege, or benefit
that he would otherwise be entitled by
Federal law, or for which he would
otherwise be eligible, further access may
be available.
Consequently, although the FBI has
claimed exemptions to the notification,
access, and amendment provisions of
the Privacy Act for the NGI System, the
FBI generally does not exercise these
exemptions when doing so would not
interfere with its law enforcement
functions and responsibilities.
5 U.S.C. 552a(g), Rights of Judicial
Redress
The comments received also
expressed concerns about the FBI’s
exemption from 5 U.S.C. 552a(g), which
grants individuals the right to certain
civil remedies under the Privacy Act. As
a matter of clarification, the Privacy Act
only permits an agency to exempt 5
U.S.C. 552a(g) if the records in the
system of records qualify for the general
exemption provisions under 5 U.S.C.
552a(j). This exemption cannot be, and
has not been, claimed for the records
within the NGI System that qualify for
only the specific exemptions under 5
U.S.C. 552a(k).
Additionally, many comments
expressed concern that by claiming an
exemption from 5 U.S.C. 552a(g), the
FBI would somehow absolve itself of
meeting even those provisions of the
Privacy Act that are not subject to
exemption because an individual’s right
to seek a cause of action for any
provisions of the Privacy Act would be
exempted. First, the FBI takes all of its
constitutional and statutory
requirements seriously, and does not
limit its compliance to only those
provisions of the Privacy Act subject to
judicial redress. As addressed
throughout this SUPPLEMENTARY
INFORMATION section, even when an
exemption is claimed, the FBI takes all
reasonable and appropriate steps
necessary to meet the requirements of
the Privacy Act that would not interfere
with its law enforcement functions and
responsibilities. The FBI is subject to a
number of oversight mechanisms to
ensure compliance with its
requirements under the Privacy Act,
E:\FR\FM\01AUR1.SGM
01AUR1
Federal Register / Vol. 82, No. 146 / Tuesday, August 1, 2017 / Rules and Regulations
mstockstill on DSK30JT082PROD with RULES
including internal and external audits
and inspections.
Second, while the FBI has proposed
an exemption from this provision for the
NGI System, the exemption regulation is
clear that the FBI will only claim
exemptions to the extent that
information in this system of records is
subject to an exemption pursuant to the
Privacy Act. Many courts have
interpreted an agency’s decision to
exempt the Privacy Act’s civil remedies
provisions as only an exemption from a
cause of action based on an exempted
provision. In those jurisdictions,
individuals are still permitted to
exercise their right of judicial redress,
pursuant to 5 U.S.C. 552a(g), for those
provisions of the Privacy Act that are
not subject to exemption.
5 U.S.C. 552a(e)(2), and (3), Collection
Directly From the Individual
Commenters also expressed concerns
regarding the exemption from (e)(2) and
(3) of the requirement to collect
information directly from the
individual.
The vast majority of the records in the
NGI System are contributed by state and
local law enforcement agencies. Because
the FBI is neither the arresting official,
nor the agency issuing the license,
evaluating the individual for
employment, or offering the benefit, it is
impossible for the FBI to collect
information directly from the subject.
However, in most circumstances these
other agencies create the records using
information obtained directly from the
subject with his or her knowledge.
Fingerprints and other biometrics and
information are collected by other
government agencies based on their
legal authorities to collect such
information and submit it to the FBI.
For records created for the purpose of
licensing, employment, or to obtain a
government benefit, the FBI requires
that specific notice be provided to the
applicant. This notice, in the form of a
Privacy Act statement, discloses the
authority which authorizes the
solicitation of the information, whether
disclosure of such information is
mandatory or voluntary, the principal
purpose for which the information is
intended to be used, the routine uses
which may be made of the information,
and the effects on the individual, if any,
of not providing all or any part of the
requested information.
5 U.S.C. 552a(e)(4)(I), Categories of
Sources of Records
The FBI also received a comment
concerning exemption of the
requirement to disclose sources of
records contained in the NGI System.
VerDate Sep<11>2014
17:30 Jul 31, 2017
Jkt 241001
Despite claiming this exemption, the
FBI has published in the NGI SORN the
categories of sources of records to the
extent that such disclosure would not
compromise confidential sources or the
safety of witnesses. However, to the
extent such additional details would be
required, it is believed that such detail
may interfere with the Department’s law
enforcement functions and the
responsibilities of the FBI. The FBI
claims the exemption to (e)(4)(I) because
greater specificity than was provided in
the NGI SORN cannot be disclosed
without compromising confidential
sources or the safety of witnesses.
5 U.S.C. 552a(e)(5), Accurate, Relevant,
Timely, and Complete
The comments also expressed
concerns regarding the NGI System’s
exemption from the (e)(5) requirements
to maintain accurate, relevant, timely,
and complete records. When collecting
information for authorized law
enforcement purposes, it is not always
possible to determine in advance what
information is accurate, relevant, timely,
or complete. With time, additional facts,
and analysis, information may acquire
new significance. Although the FBI has
claimed this exemption, it continuously
works with its federal, state, local,
tribal, and international law
enforcement partners to maintain the
accuracy of records to the greatest extent
possible. The FBI does so with
established policies and practices that
include the review, audit, and
validation of records, and formal
agreements with partner agencies that
require regular records updates. The law
enforcement and national security
communities have a strong operational
interest in using up-to-date and accurate
records and will foster relationships
with partners to further this interest. If
alterations are made to criminal record
sources outside the FBI, we encourage
subject individuals to bring said
documentation to the FBI’s attention to
ensure timely modification of an NGI
System record.
General Comments on the NGI System
A few commenters expressed
concerns about the safety and security
of the system. It should be noted that
the FBI is not and cannot claim
exemption from 5 U.S.C. 552a(e)(10),
which requires agencies to establish
appropriate administrative, technical,
and physical safeguards to ensure the
security and confidentiality of records
and to protect against any anticipated
threats or hazards to their security or
integrity. In compliance with this
provision of the Privacy Act and other
security mandates, the NGI System has
PO 00000
Frm 00031
Fmt 4700
Sfmt 4700
35653
been developed and implemented in
compliance with all federal information
technology standards designed to
safeguard personal information from
loss, destruction, or unauthorized
access.
Many commenters communicated
concerns about the NGI System being
used to track the expression of First
Amendment rights. The NGI System is
a biometric database. It is not utilized to
conduct surveillance or track the
expression of a citizen’s First
Amendment rights. It should be noted
that the FBI is not and cannot claim
exemption from 5 U.S.C. 552a(e)(7),
which, absent specific authorization or
consent, prohibits the maintenance of
records describing how any individual
exercises rights guaranteed by the First
Amendment.
The FBI is not exempting the NGI
System from all provisions of the
Privacy Act. The protections of many of
the provisions of the Privacy Act and
the E-Government Act of 2002 are still
in place; only the named Privacy Act
exemptions have been claimed, if
needed, to protect sensitive law
enforcement and national security
operations.
Overall, the FBI has made only minor,
administrative edits to the rule as
originally proposed to ensure accuracy
and consistency with the listed
authorities and other subsections of 28
CFR part 16. The FBI has made no
substantive changes to the rule as it was
originally proposed. For the reasons
identified in this publication, the
Department and the FBI are issuing this
final rule.
List of Subjects in 28 CFR Part 16
Administrative practices and
procedures, Courts, Freedom of
information, Privacy Act.
Pursuant to the authority vested in the
Attorney General by 5 U.S.C. 552a and
delegated to me by Attorney General
Order 2940–2008, 28 CFR part 16 is
amended as follows:
PART 16—PRODUCTION OR
DISCLOSURE OF MATERIAL OR
INFORMATION
1. The authority citation for part 16
continues to read as follows:
■
Authority: 5 U.S.C. 301, 552, 552a, 553; 28
U.S.C. 509, 510, 534; 31 U.S.C. 3717.
Subpart E—Exemption of Records
Systems Under the Privacy Act
2. Amend § 16.96 by revising
paragraphs (e) and (f) to read as follows:
■
E:\FR\FM\01AUR1.SGM
01AUR1
35654
Federal Register / Vol. 82, No. 146 / Tuesday, August 1, 2017 / Rules and Regulations
§ 16.96 Exemption of Federal Bureau of
Investigation Systems—limited access.
mstockstill on DSK30JT082PROD with RULES
*
*
*
*
*
(e) The following system of records is
exempt from 5 U.S.C. 552a(c)(3) and (4);
(d)(1), (2), (3) and (4); (e)(1), (2) and (3);
(e)(4)(G), (H) and (I); (e)(5) and (8); (f)
and (g):
(1) The Next Generation Identification
(NGI) System (JUSTICE/FBI–009).
(2) These exemptions apply only to
the extent that information in this
system is subject to exemption pursuant
to 5 U.S.C. 552a(j) or (k). Where
compliance would not appear to
interfere with or adversely affect the
purpose of this system to detect, deter,
and prosecute crimes and to protect the
national security, the applicable
exemption may be waived by the FBI in
its sole discretion.
(f) Exemptions from the particular
subsections are justified for the
following reasons:
(1) From subsection (c)(3), the
requirement that an accounting be made
available to the named subject of a
record, because this system is exempt
from the access provisions of subsection
(d). Also, because making available to a
record subject the accounting of
disclosures from records concerning the
subject would specifically reveal
investigative interest by the FBI or
agencies that are recipients of the
disclosures. Revealing this information
could compromise ongoing, authorized
law enforcement and national security
efforts and may provide the record
subject with the opportunity to evade or
impede the investigation.
(2) From subsection (c)(4) notification
requirements because this system is
exempt from the access and amendment
provisions of subsection (d) as well as
the accounting of disclosures provision
of subsection (c)(3). The FBI takes
seriously its obligation to maintain
accurate records despite its assertion of
this exemption, and to the extent it, in
its sole discretion, agrees to permit
amendment or correction of FBI records,
it will share that information in
appropriate cases.
(3) From subsection (d) (1), (2), (3)
and (4), (e)(4)(G) and (H), (e)(8), (f) and
(g) because these provisions concern
individual access to and amendment of
law enforcement records and
compliance and could alert the subject
of an authorized law enforcement
activity about that particular activity
and the interest of the FBI and/or other
law enforcement agencies. Providing
access could compromise sensitive law
enforcement information, disclose
information that would constitute an
unwarranted invasion of another’s
personal privacy, reveal a sensitive
VerDate Sep<11>2014
17:30 Jul 31, 2017
Jkt 241001
investigative technique, provide
information that would allow a subject
to avoid detection or apprehension, or
constitute a potential danger to the
health or safety of law enforcement
personnel, confidential sources, or
witnesses. Also, an alternate system of
access has been provided in 28 CFR
16.30 through 16.34, and 28 CFR 20.34,
for record subjects to obtain a copy of
their criminal history records. However,
the vast majority of criminal history
records concern local arrests for which
it would be inappropriate for the FBI to
undertake correction or amendment.
(4) From subsection (e)(1) because it
is not always possible to know in
advance what information is relevant
and necessary for law enforcement
purposes. The relevance and utility of
certain information may not always be
evident until and unless it is vetted and
matched with other sources of
information that are necessarily and
lawfully maintained by the FBI. Most
records in this system are acquired from
state and local law enforcement
agencies and it is not possible for the
FBI to review that information as
relevant and necessary.
(5) From subsection (e)(2) and (3)
because application of this provision
could present a serious impediment to
the FBI’s responsibilities to detect,
deter, and prosecute crimes and to
protect the national security.
Application of these provisions would
put the subject of an investigation on
notice of that fact and allow the subject
an opportunity to engage in conduct
intended to impede that activity or
avoid apprehension. Also, the majority
of criminal history records and
associated biometrics in this system are
collected by state and local agencies at
the time of arrest; therefore it is not
feasible for the FBI to collect directly
from the individual or to provide notice.
Those persons who voluntarily submit
fingerprints into this system pursuant to
state and federal statutes for licensing,
employment, and similar civil purposes
receive an (e)(3) notice.
(6) From subsection (e)(4)(I), to the
extent that this subsection is interpreted
to require more detail regarding the
record sources in this system than has
been published in the Federal Register.
Should the subsection be so interpreted,
exemption from this provision is
necessary to protect the sources of law
enforcement information and to protect
the privacy and safety of witnesses and
informants and others who provide
information to the FBI.
(7) From subsection (e)(5) because in
the collection of information for
authorized law enforcement purposes it
is impossible to determine in advance
PO 00000
Frm 00032
Fmt 4700
Sfmt 4700
what information is accurate, relevant,
timely and complete. With time,
seemingly irrelevant or untimely
information may acquire new
significance when new details are
brought to light. Additionally, the
information may aid in establishing
patterns of activity and providing
criminal leads. Most records in this
system are acquired from state and local
law enforcement agencies and it would
be impossible for the FBI to vouch for
the compliance of these agencies with
this provision. The FBI does
communicate to these agencies the need
for accurate and timely criminal history
records, including criminal
dispositions.
*
*
*
*
*
Dated: July 13, 2017.
Peter A. Winn,
Acting Chief Privacy and Civil Liberties
Officer, Department of Justice.
[FR Doc. 2017–15423 Filed 7–31–17; 8:45 am]
BILLING CODE 4410–02–P
DEPARTMENT OF HOMELAND
SECURITY
Coast Guard
33 CFR Part 100
[Docket No. USCG–2017–0673]
Special Local Regulations; SUP3Rivers
the Southside Outside, Pittsburgh, PA
Coast Guard, DHS.
Notice of enforcement of
regulation.
AGENCY:
ACTION:
The Coast Guard will enforce
a special local regulation for navigable
waters of the Allegheny and
Monongahela Rivers during the
SUP3Rivers the Southside Outside
event. This regulation is needed to
provide for the safety of life during the
marine event. During the enforcement
period, entry into this regulated area is
prohibited to all vessels not registered
with the sponsor as participants or
official patrol vessels, unless
specifically authorized by the Captain of
the Port Marine Safety Unit Pittsburgh
(COTP) or a designated representative.
DATES: The regulations in 33 CFR
100.801, Table 1, Sector Ohio Valley,
line 29, will be enforced from 6:30 a.m.
through 11:30 a.m. on September 2,
2017.
SUMMARY:
If
you have questions about this notice of
enforcement, call or email MST1
Jennifer Haggins, Marine Safety Unit
Pittsburgh, U.S. Coast Guard; telephone
FOR FURTHER INFORMATION CONTACT:
E:\FR\FM\01AUR1.SGM
01AUR1
]]>Agencies
[Federal Register Volume 82, Number 146 (Tuesday, August 1, 2017)]
[Rules and Regulations]
[Pages 35651-35654]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-15423]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF JUSTICE
28 CFR Part 16
[CPCLO Order No. 007-2017]
Privacy Act of 1974; Implementation
AGENCY: Federal Bureau of Investigation, United States Department of
Justice.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Federal Bureau of Investigation (FBI), a component of the
United States Department of Justice (DOJ or Department), is issuing a
final rule to amend its Privacy Act exemption regulations for the
system of records titled, ``Next Generation Identification (NGI)
System,'' JUSTICE/FBI-009, last published in full on May 5, 2016.
Specifically, the FBI exempts the records maintained in JUSTICE/FBI-009
from one or more provisions of the Privacy Act. The listed exemptions
are necessary to avoid interference with the Department's law
enforcement and national security functions and responsibilities of the
FBI. This document addresses public comments on the proposed rule.
DATES: This final rule is effective August 31, 2017.
FOR FURTHER INFORMATION CONTACT: Roxane M. Panarella, Assistant General
Counsel, Privacy and Civil Liberties Unit, Office of the General
Counsel, FBI, Washington DC, telephone 304-625-4000.
SUPPLEMENTARY INFORMATION:
Background
In 1990, the FBI published in the Federal Register a System of
Records Notice (SORN) for the FBI system of records titled,
``Identification Division Records System,'' JUSTICE/FBI-009. JUSTICE/
FBI-009 evolved into the ``Fingerprint Identification Records System
(FIRS),'' also referred to as the ``Integrated Automated Fingerprint
Identification System (IAFIS),'' published at 61 FR 6386 (February 20,
1996), which covered individuals arrested or incarcerated, individuals
applying for Federal employment or military service, registered aliens
or naturalized citizens, and individuals wishing to place their
fingerprints on record for personal identification purposes. The FIRS
SORN included the following records:
A. Criminal fingerprint cards and/or related criminal justice
information submitted by authorized agencies having criminal justice
responsibilities;
B. Civil fingerprint cards submitted by Federal agencies and civil
fingerprint cards submitted by persons desiring to have their
fingerprints placed on record for personal identification purposes;
C. Identification records sometimes referred to as ``rap sheets''
which are compilations of criminal history information pertaining to
individuals who have criminal fingerprint cards maintained in the
system; and
D. A name index pertaining to all individuals whose fingerprints
are maintained in the system.
As the system expanded, records continued to fall within the
general categories of records specified in the SORN. As a policy
matter, however, and in an effort to better detail the enhancements
made to the system, the FBI and DOJ determined that JUSTICE/FBI-009
should be modified to more fully describe the features and capabilities
of the system, which has since been renamed the Next Generation
Identification (NGI) System. Important enhancements to the NGI System
include the increased retention and searching of fingerprints obtained
for the purposes of licensing, employment, obtaining government
benefits, and biometric services such as improved latent fingerprint
searching and face recognition technology. Leading up to the
publication of the modified SORN and a Notice of Proposed Rulemaking
(NPRM) for the NGI System, the FBI conducted a series of Privacy Impact
Assessments that detailed the steps taken by the FBI to fully assess
the privacy impacts of new and modified NGI System components,
addressing potential risks and mitigation techniques.
On May 5, 2016, the FBI issued a Notice of a Modified System of
Records for the NGI System in the Federal Register at 81 FR 27284 (May
5, 2016), and an NPRM at 81 FR 27288 (May 5, 2016). In determining
whether to claim exemptions, the FBI did not simply rely on exemptions
granted to the predecessor system of records, but thoroughly evaluated
the NGI System and its various components to determine whether
exemptions were necessary. The necessary exemptions were proposed in
the NPRM along with supporting rationales, and are to be codified in
accordance with the issuance of this final rule.
Response to Public Comments
In its NGI System NPRM and Notice of a Modified System of Records,
published on May 5, 2016, the Department invited public comment. The
comment periods for both documents were originally set to close on June
6, 2016, but were extended 30 days to allow interested individuals
additional time to analyze the proposal and prepare their comments. The
FBI received over 100 comments and letters from individuals, and from
non-government, public interest, civil liberties, non-profit, and
academic organizations. The FBI has closely reviewed and considered
these comments. The following discussion is provided to respond to the
NPRM comments and provide greater insight into the FBI's assessment of
the need to claim exemptions from certain provisions of the Privacy Act
for the NGI System.
Many questions and comments were received concerning the breadth
and scope of the exemptions claimed. As
[[Page 35652]]
noted in the NPRM and reiterated here, the following exemptions apply
only to the extent information in this system is subject to exemption
pursuant to 5 U.S.C. 552a(j) or (k). Where compliance with an exempted
section of the Privacy Act would not appear to interfere with or
adversely affect the purposes of the NGI System to support law
enforcement and to protect national security, the applicable exemption
may be waived by the FBI in its sole discretion.
These exemptions are claimed with respect to the NGI System's
records, which are compiled for the purposes of identifying criminal
offenders or alleged criminal offenders, criminal investigations, and
reports identifiable to an individual compiled throughout the criminal
law enforcement process, including fingerprints, as well as associated
biographic data, the nature and disposition of any criminal charges,
and additional biometrics such as mugshots and palm prints, if
available and if provided by the submitting agency. The NGI System
records qualify for exemption from sections of the Privacy Act under 5
U.S.C. 552a(j)(2) because the FBI's principal function is the
enforcement of criminal laws and the records maintained in the NGI
System fall into one or more of the categories listed in (j)(2). Due to
the evolving nature of identity records and investigations and the
scope of the NGI System, certain NGI System records may fall outside
the scope of (j)(2) and would qualify for the specific exemptions under
5 U.S.C. 552a(k)(2) and (5). The exercise of all exemptions is
discretionary and the FBI will not exercise an exemption of any section
of the Privacy Act that is not appropriate and necessary.
5 U.S.C. 552a(c)(3), Accounting of Disclosures Upon Request of the
Named Subject
Some of the comments communicated concerns about claiming
exemptions from accounting and audit disclosure requirements. As with
exemptions claimed under subsections (c)(4) and (d), exemption from
(c)(3) disclosure requirements is necessary to preserve the integrity
of ongoing investigations. Revealing this information could compromise
ongoing, authorized law enforcement and national security efforts by
alerting an individual to collaborative law enforcement and national
security investigations as well as the relative interests of the FBI
and/or other investigatory agencies. Although the vast majority of NGI
System disclosures need not be provided in an accounting request, the
FBI must claim this additional exemption to ensure its ability to
protect the integrity of ongoing investigations.
It is important to note that, despite claiming this exemption, the
Privacy Act does not permit the FBI to exempt this system of records
from the requirements codified under subsections 5 U.S.C. 552a(c)(1)
and (c)(2). As a result, except under limited circumstances as outlined
in the Privacy Act, the FBI is obligated to keep an accurate accounting
of the date, nature, and purpose of each disclosure of a record
maintained within this system of records, and retain the accounting for
at least five years or the life of the record, whichever is longer,
after the disclosure for which the accounting is made.
5 U.S.C. 552a(d)(1), (2), (3) and (4), (e)(4)(G) and (H), (e)(8), (f),
Access to and Amendment of Records
Many of the comments received concerned exemptions regarding the
access to and amendment of records pursuant to 5 U.S.C. 552a(d)(1),
(2), (3) and (4), (e)(4)(G) and (H), (e)(8), and (f). As with
exemptions claimed to (c)(3) and (c)(4), providing access to these
records could compromise ongoing investigations. It is necessary for
the FBI to claim these exemptions because the NGI System also contains
latent fingerprints, as well as other biometrics, and associated
personal information that may be law enforcement or national security
sensitive. Compliance with these provisions could alert the subject of
an authorized law enforcement activity about that particular activity
and the interest of the FBI and/or other law enforcement agencies. With
that said, as cited in both the SORN and the NPRM, separate federal
regulations (see 28 CFR 16.30-16.34 and 28 CFR 20.34) inform
individuals of the process to access and amend their criminal history
records in the NGI System. These regulations permit any person to
receive his or her criminal history record for review and correction.
If the individual has no criminal history record in the NGI System, he
or she receives a letter confirming the absence of such record.
Pursuant to the regulations, after an individual receives his or her
criminal history record, he or she may consult both the FBI and the
relevant criminal justice agency to correct or update the record. The
vast majority of records in the NGI System have been entered by state
and local law enforcement and require coordination with those agencies.
In addition, pursuant to 28 CFR 50.12, agencies submitting
fingerprints to the FBI for individuals seeking employment, licensing,
or similar benefits are required to inform the applicants that their
fingerprints will be searched in the NGI System and of the process for
access and amendment under 28 CFR 16.30-16.34. The regulation also
advises that agencies should afford the applicants the opportunity to
correct or complete their records before making licensing or employment
decisions. Additionally, for records claiming specific exemption under
5 U.S.C. 552a(k), if an individual is denied any right, privilege, or
benefit that he would otherwise be entitled by Federal law, or for
which he would otherwise be eligible, further access may be available.
Consequently, although the FBI has claimed exemptions to the
notification, access, and amendment provisions of the Privacy Act for
the NGI System, the FBI generally does not exercise these exemptions
when doing so would not interfere with its law enforcement functions
and responsibilities.
5 U.S.C. 552a(g), Rights of Judicial Redress
The comments received also expressed concerns about the FBI's
exemption from 5 U.S.C. 552a(g), which grants individuals the right to
certain civil remedies under the Privacy Act. As a matter of
clarification, the Privacy Act only permits an agency to exempt 5
U.S.C. 552a(g) if the records in the system of records qualify for the
general exemption provisions under 5 U.S.C. 552a(j). This exemption
cannot be, and has not been, claimed for the records within the NGI
System that qualify for only the specific exemptions under 5 U.S.C.
552a(k).
Additionally, many comments expressed concern that by claiming an
exemption from 5 U.S.C. 552a(g), the FBI would somehow absolve itself
of meeting even those provisions of the Privacy Act that are not
subject to exemption because an individual's right to seek a cause of
action for any provisions of the Privacy Act would be exempted. First,
the FBI takes all of its constitutional and statutory requirements
seriously, and does not limit its compliance to only those provisions
of the Privacy Act subject to judicial redress. As addressed throughout
this SUPPLEMENTARY INFORMATION section, even when an exemption is
claimed, the FBI takes all reasonable and appropriate steps necessary
to meet the requirements of the Privacy Act that would not interfere
with its law enforcement functions and responsibilities. The FBI is
subject to a number of oversight mechanisms to ensure compliance with
its requirements under the Privacy Act,
[[Page 35653]]
including internal and external audits and inspections.
Second, while the FBI has proposed an exemption from this provision
for the NGI System, the exemption regulation is clear that the FBI will
only claim exemptions to the extent that information in this system of
records is subject to an exemption pursuant to the Privacy Act. Many
courts have interpreted an agency's decision to exempt the Privacy
Act's civil remedies provisions as only an exemption from a cause of
action based on an exempted provision. In those jurisdictions,
individuals are still permitted to exercise their right of judicial
redress, pursuant to 5 U.S.C. 552a(g), for those provisions of the
Privacy Act that are not subject to exemption.
5 U.S.C. 552a(e)(2), and (3), Collection Directly From the Individual
Commenters also expressed concerns regarding the exemption from
(e)(2) and (3) of the requirement to collect information directly from
the individual.
The vast majority of the records in the NGI System are contributed
by state and local law enforcement agencies. Because the FBI is neither
the arresting official, nor the agency issuing the license, evaluating
the individual for employment, or offering the benefit, it is
impossible for the FBI to collect information directly from the
subject. However, in most circumstances these other agencies create the
records using information obtained directly from the subject with his
or her knowledge.
Fingerprints and other biometrics and information are collected by
other government agencies based on their legal authorities to collect
such information and submit it to the FBI. For records created for the
purpose of licensing, employment, or to obtain a government benefit,
the FBI requires that specific notice be provided to the applicant.
This notice, in the form of a Privacy Act statement, discloses the
authority which authorizes the solicitation of the information, whether
disclosure of such information is mandatory or voluntary, the principal
purpose for which the information is intended to be used, the routine
uses which may be made of the information, and the effects on the
individual, if any, of not providing all or any part of the requested
information.
5 U.S.C. 552a(e)(4)(I), Categories of Sources of Records
The FBI also received a comment concerning exemption of the
requirement to disclose sources of records contained in the NGI System.
Despite claiming this exemption, the FBI has published in the NGI SORN
the categories of sources of records to the extent that such disclosure
would not compromise confidential sources or the safety of witnesses.
However, to the extent such additional details would be required, it is
believed that such detail may interfere with the Department's law
enforcement functions and the responsibilities of the FBI. The FBI
claims the exemption to (e)(4)(I) because greater specificity than was
provided in the NGI SORN cannot be disclosed without compromising
confidential sources or the safety of witnesses.
5 U.S.C. 552a(e)(5), Accurate, Relevant, Timely, and Complete
The comments also expressed concerns regarding the NGI System's
exemption from the (e)(5) requirements to maintain accurate, relevant,
timely, and complete records. When collecting information for
authorized law enforcement purposes, it is not always possible to
determine in advance what information is accurate, relevant, timely, or
complete. With time, additional facts, and analysis, information may
acquire new significance. Although the FBI has claimed this exemption,
it continuously works with its federal, state, local, tribal, and
international law enforcement partners to maintain the accuracy of
records to the greatest extent possible. The FBI does so with
established policies and practices that include the review, audit, and
validation of records, and formal agreements with partner agencies that
require regular records updates. The law enforcement and national
security communities have a strong operational interest in using up-to-
date and accurate records and will foster relationships with partners
to further this interest. If alterations are made to criminal record
sources outside the FBI, we encourage subject individuals to bring said
documentation to the FBI's attention to ensure timely modification of
an NGI System record.
General Comments on the NGI System
A few commenters expressed concerns about the safety and security
of the system. It should be noted that the FBI is not and cannot claim
exemption from 5 U.S.C. 552a(e)(10), which requires agencies to
establish appropriate administrative, technical, and physical
safeguards to ensure the security and confidentiality of records and to
protect against any anticipated threats or hazards to their security or
integrity. In compliance with this provision of the Privacy Act and
other security mandates, the NGI System has been developed and
implemented in compliance with all federal information technology
standards designed to safeguard personal information from loss,
destruction, or unauthorized access.
Many commenters communicated concerns about the NGI System being
used to track the expression of First Amendment rights. The NGI System
is a biometric database. It is not utilized to conduct surveillance or
track the expression of a citizen's First Amendment rights. It should
be noted that the FBI is not and cannot claim exemption from 5 U.S.C.
552a(e)(7), which, absent specific authorization or consent, prohibits
the maintenance of records describing how any individual exercises
rights guaranteed by the First Amendment.
The FBI is not exempting the NGI System from all provisions of the
Privacy Act. The protections of many of the provisions of the Privacy
Act and the E-Government Act of 2002 are still in place; only the named
Privacy Act exemptions have been claimed, if needed, to protect
sensitive law enforcement and national security operations.
Overall, the FBI has made only minor, administrative edits to the
rule as originally proposed to ensure accuracy and consistency with the
listed authorities and other subsections of 28 CFR part 16. The FBI has
made no substantive changes to the rule as it was originally proposed.
For the reasons identified in this publication, the Department and the
FBI are issuing this final rule.
List of Subjects in 28 CFR Part 16
Administrative practices and procedures, Courts, Freedom of
information, Privacy Act.
Pursuant to the authority vested in the Attorney General by 5
U.S.C. 552a and delegated to me by Attorney General Order 2940-2008, 28
CFR part 16 is amended as follows:
PART 16--PRODUCTION OR DISCLOSURE OF MATERIAL OR INFORMATION
0
1. The authority citation for part 16 continues to read as follows:
Authority: 5 U.S.C. 301, 552, 552a, 553; 28 U.S.C. 509, 510,
534; 31 U.S.C. 3717.
Subpart E--Exemption of Records Systems Under the Privacy Act
0
2. Amend Sec. 16.96 by revising paragraphs (e) and (f) to read as
follows:
[[Page 35654]]
Sec. 16.96 Exemption of Federal Bureau of Investigation Systems--
limited access.
* * * * *
(e) The following system of records is exempt from 5 U.S.C.
552a(c)(3) and (4); (d)(1), (2), (3) and (4); (e)(1), (2) and (3);
(e)(4)(G), (H) and (I); (e)(5) and (8); (f) and (g):
(1) The Next Generation Identification (NGI) System (JUSTICE/FBI-
009).
(2) These exemptions apply only to the extent that information in
this system is subject to exemption pursuant to 5 U.S.C. 552a(j) or
(k). Where compliance would not appear to interfere with or adversely
affect the purpose of this system to detect, deter, and prosecute
crimes and to protect the national security, the applicable exemption
may be waived by the FBI in its sole discretion.
(f) Exemptions from the particular subsections are justified for
the following reasons:
(1) From subsection (c)(3), the requirement that an accounting be
made available to the named subject of a record, because this system is
exempt from the access provisions of subsection (d). Also, because
making available to a record subject the accounting of disclosures from
records concerning the subject would specifically reveal investigative
interest by the FBI or agencies that are recipients of the disclosures.
Revealing this information could compromise ongoing, authorized law
enforcement and national security efforts and may provide the record
subject with the opportunity to evade or impede the investigation.
(2) From subsection (c)(4) notification requirements because this
system is exempt from the access and amendment provisions of subsection
(d) as well as the accounting of disclosures provision of subsection
(c)(3). The FBI takes seriously its obligation to maintain accurate
records despite its assertion of this exemption, and to the extent it,
in its sole discretion, agrees to permit amendment or correction of FBI
records, it will share that information in appropriate cases.
(3) From subsection (d) (1), (2), (3) and (4), (e)(4)(G) and (H),
(e)(8), (f) and (g) because these provisions concern individual access
to and amendment of law enforcement records and compliance and could
alert the subject of an authorized law enforcement activity about that
particular activity and the interest of the FBI and/or other law
enforcement agencies. Providing access could compromise sensitive law
enforcement information, disclose information that would constitute an
unwarranted invasion of another's personal privacy, reveal a sensitive
investigative technique, provide information that would allow a subject
to avoid detection or apprehension, or constitute a potential danger to
the health or safety of law enforcement personnel, confidential
sources, or witnesses. Also, an alternate system of access has been
provided in 28 CFR 16.30 through 16.34, and 28 CFR 20.34, for record
subjects to obtain a copy of their criminal history records. However,
the vast majority of criminal history records concern local arrests for
which it would be inappropriate for the FBI to undertake correction or
amendment.
(4) From subsection (e)(1) because it is not always possible to
know in advance what information is relevant and necessary for law
enforcement purposes. The relevance and utility of certain information
may not always be evident until and unless it is vetted and matched
with other sources of information that are necessarily and lawfully
maintained by the FBI. Most records in this system are acquired from
state and local law enforcement agencies and it is not possible for the
FBI to review that information as relevant and necessary.
(5) From subsection (e)(2) and (3) because application of this
provision could present a serious impediment to the FBI's
responsibilities to detect, deter, and prosecute crimes and to protect
the national security. Application of these provisions would put the
subject of an investigation on notice of that fact and allow the
subject an opportunity to engage in conduct intended to impede that
activity or avoid apprehension. Also, the majority of criminal history
records and associated biometrics in this system are collected by state
and local agencies at the time of arrest; therefore it is not feasible
for the FBI to collect directly from the individual or to provide
notice. Those persons who voluntarily submit fingerprints into this
system pursuant to state and federal statutes for licensing,
employment, and similar civil purposes receive an (e)(3) notice.
(6) From subsection (e)(4)(I), to the extent that this subsection
is interpreted to require more detail regarding the record sources in
this system than has been published in the Federal Register. Should the
subsection be so interpreted, exemption from this provision is
necessary to protect the sources of law enforcement information and to
protect the privacy and safety of witnesses and informants and others
who provide information to the FBI.
(7) From subsection (e)(5) because in the collection of information
for authorized law enforcement purposes it is impossible to determine
in advance what information is accurate, relevant, timely and complete.
With time, seemingly irrelevant or untimely information may acquire new
significance when new details are brought to light. Additionally, the
information may aid in establishing patterns of activity and providing
criminal leads. Most records in this system are acquired from state and
local law enforcement agencies and it would be impossible for the FBI
to vouch for the compliance of these agencies with this provision. The
FBI does communicate to these agencies the need for accurate and timely
criminal history records, including criminal dispositions.
* * * * *
Dated: July 13, 2017.
Peter A. Winn,
Acting Chief Privacy and Civil Liberties Officer, Department of
Justice.
[FR Doc. 2017-15423 Filed 7-31-17; 8:45 am]
BILLING CODE 4410-02-P
