Privacy Act; Implementation

Federal Register, Volume 79 Issue 88 (Wednesday, May 7, 2014)

Federal Register Volume 79, Number 88 (Wednesday, May 7, 2014)

Rules and Regulations

Pages 26120-26122

From the Federal Register Online via the Government Printing Office www.gpo.gov

FR Doc No: 2014-10432

=======================================================================

-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary

32 CFR Part 320

Docket ID: DoD-2014-OS-0026

Privacy Act; Implementation

AGENCY: National Geospatial-Intelligence Agency (NGA), DoD.

ACTION: Direct final rule with request for comments.

-----------------------------------------------------------------------

SUMMARY: National Geospatial-Intelligence Agency (NGA) is updating the NGA Privacy Act Program regarding NGA Threat Mitigation Records. Additionally, NGA initiated a rulemaking to exempt this system of records from a number of provisions of the Privacy Act, because this system may contain records or information recompiled from or created from information contained in other systems of records, which are exempt from certain provisions of the Privacy Act. For these records or information only, NGA will also claim the original exemptions for these records or information from the Privacy Act of 1974, as amended, as necessary and appropriate to protect such information. Such exempt records or information may be law enforcement or national security investigation records, law enforcement activity and encounter records.

DATES: The rule is effective on July 16, 2014 unless adverse comments are received by July 7, 2014. If adverse comment is received, the Department of Defense will publish a timely withdrawal of the rule in the Federal Register.

ADDRESSES: You may submit comments, identified by docket number and title, by any of the following methods:

* Federal Rulemaking Portal: http://www.regulations.gov.

Follow the instructions for submitting comments.

* Mail: Federal Docket Management System Office, 4800 Mark Center Drive; East Tower, 2nd Floor, Suite 02G09, Alexandria, VA 22350-3100.

Instructions: All submissions received must include the agency name and docket number for this Federal Register document. The general policy for comments and other submissions from members of the public is to make these submissions available for public viewing on the Internet at http://www.regulations.gov as they are received without change, including any personal identifiers or contact information.

FOR FURTHER INFORMATION CONTACT: National Geospatial-Intelligence Agency (NGA), ATTN: Security Specialist, Mission Support, MSRS P-12, 7500 GEOINT Drive, Springfield, VA 22150.

SUPPLEMENTARY INFORMATION: This direct final rule makes non-substantive changes to the NGA rules. This will improve the efficiency and effectiveness of DoD's program by ensuring the integrity of the security and counterintelligence records by the NGA and the Department of Defense.

This rule is being published as a direct final rule as the Department of Defense does not expect to receive any adverse comments, and so a proposed rule is unnecessary.

National Geospatial-Intelligence Agency (NGA) is updating the NGA Privacy Act Program by adding the (k)(1) and (k)(5) exemptions to NGA-

004, NGA Threat Mitigation Records. Additionally, NGA initiated a rulemaking to exempt this system of records from a number of provisions of the Privacy Act, because this system may contain records or information recompiled from or created from information contained in other systems of records, which are exempt from certain provisions of the Privacy Act. For these records or information only, in accordance with 5 U.S.C. 552a(j)(2), (k)(2), (k)(1), and (k)(5), NGA will also claim the original exemptions for these records or information from subsections (c)(3) and (4); (d)(1), (2), (3), and (4); (e)(1), (2), (3), (4)(G) through (I), (5), and (8); (f), and (g) of the Privacy Act of 1974, as amended, as necessary and appropriate to protect such information. Such exempt records or information may be law enforcement or national security investigation records, law enforcement activity and encounter records.

Direct Final Rule and Significant Adverse Comments

DoD has determined this rulemaking meets the criteria for a direct final rule because it involves nonsubstantive changes dealing with DoD's management of its Privacy Programs. DoD expects no opposition to the changes and no significant adverse comments. However, if DoD receives a significant adverse comment, the Department will withdraw this direct final rule by publishing a notice in the Federal Register. A significant adverse comment is one that explains: (1) Why the direct final rule is inappropriate, including challenges to the rule's underlying premise or approach; or (2) why the direct final rule will be ineffective or unacceptable without a change. In determining whether a comment necessitates withdrawal of this direct final rule, DoD will consider whether it warrants a substantive response in a notice and comment process.

Executive Order 12866, ``Regulatory Planning and Review'' and Executive Order 13563, ``Improving Regulation and Regulatory Review''

It has been determined that Privacy Act rules for the Department of Defense are not significant rules. This rule does not (1) Have an annual effect on the economy of $100 million or more or adversely affect in a material way the economy; a sector of the economy; productivity; competition; jobs; the environment; public health or safety; or State, local, or tribal governments or

Page 26121

communities; (2) Create a serious inconsistency or otherwise interfere with an action taken or planned by another Agency; (3) Materially alter the budgetary impact of entitlements, grants, user fees, or loan programs, or the rights and obligations of recipients thereof; or (4) Raise novel legal or policy issues arising out of legal mandates, the President's priorities, or the principles set forth in these Executive orders.

Public Law 96-354, ``Regulatory Flexibility Act'' (5 U.S.C. Chapter 6)

It has been determined that Privacy Act rules for the Department of Defense do not have significant economic impact on a substantial number of small entities because they are concerned only with the administration of Privacy Act systems of records within the Department of Defense. A Regulatory Flexibility Analysis is not required.

Public Law 96-511, ``Paperwork Reduction Act'' (44 U.S.C. Chapter 35)

It has been determined that Privacy Act rules for the Department of Defense impose no additional information collection requirements on the public under the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.).

Section 202, Public Law 104-4, ``Unfunded Mandates Reform Act''

It has been determined that Privacy Act rules for the Department of Defense do not involve a Federal mandate that may result in the expenditure by State, local and tribal governments, in the aggregate, or by the private sector, of $100 million or more and that such rulemaking will not significantly or uniquely affect small governments.

Executive Order 13132, ``Federalism''

It has been determined that Privacy Act rules for the Department of Defense do not have federalism implications. The rules do not have substantial direct effects on the States, on the relationship between the National Government and the States, or on the distribution of power and responsibilities among the various levels of government. Therefore, no Federalism assessment is required.

List of Subjects in 32 CFR Part 320

Privacy.

Accordingly, 32 CFR part 320 is amended as follows:

PART 320--NATIONAL GEOSPATIAL-INTELLIGENCE AGENCY (NGA)

0

1. The authority citation for 32 CFR part 320 continues to read as follows:

   Authority: Pub. L. 93-579, 88 Stat. 1896 (5 U.S.C. 552a).

   0

2. In Sec. 320.12, revise paragraph (c) to read as follows:

   Sec. 320.12 Exemptions.

   * * * * *

   (c) System identifier and name: NGA-004, NGA Threat Mitigation Records.

   (1) Exemptions: Exempt materials from JUSTICE/FBI--019 Terrorist Screening Records System may become part of the case records in this system of records. To the extent that copies of exempt records from JUSTICE/FBI--019, Terrorist Screening Records System are entered into these Threat Mitigation case records, NGA hereby claims the same exemptions (j)(2) and (k)(2), for the records as claimed in JUSTICE/

   FBI--019, Terrorist Screening Records system of records of which they are a part.

   (2) Information specifically authorized to be classified under E.O. 12958, as implemented by DoD 5200.1-R, may be exempt pursuant to 5 U.S.C. 552a(k)(1).

   (3) Investigative material compiled solely for the purpose of determining suitability, eligibility, or qualifications for federal civilian employment, military service, federal contracts, or access to classified information may be exempt pursuant to 5 U.S.C. 552a(k)(5), but only to the extent that such material would reveal the identity of a confidential source.

   (4) Authority: 5 U.S.C. 552a(j)(2), (k)(1), (k)(2) and (k)(5).

   (5) Reasons: (i) Pursuant to 5 U.S.C. 552a(j)(2), (k)(2), and (k)(5) NGA is claiming the following exemptions for certain records within the Threat Mitigation Records system: 5 U.S.C. 552a(c)(3) and (4); (d)(1), (2), (3), and (4); (e)(1), (2), (3), (4)(G) through (I), (5), and (8); (f), and (g). Additionally, pursuant to 5 U.S.C. 552a(k)(1) and (k)(2), NGA has exempted this system from the following provisions of the Privacy Act, subject to the limitation set forth in 5 U.S.C. 552a(c)(3); (d); (e)(1), (e)(4)(G), (e)(4)(H), (e)(4)(I); and (f). Exemptions from these particular subsections are justified, on a case-by-case basis to be determined at the time a request is made.

   (ii) In addition to records under the control of NGA, the Threat Mitigation system of records may include records originating from systems of records of other law enforcement and intelligence agencies which may be exempt from certain provisions of the Privacy Act. However, NGA does not assert exemption to any provisions of the Privacy Act with respect to information submitted by or on behalf of individuals.

   (iii) To the extent the Threat Mitigation system contains records originating from other systems of records, NGA will rely on the exemptions claimed for those records in the originating system of records. Exemptions for certain records within the Threat Mitigation system from particular subsections of the Privacy Act are justified for the following reasons:

   (A) From subsection (c)(3) (Accounting for Disclosures) because giving a record subject access to the accounting of disclosures from records concerning him or her could reveal investigative interest on the part of the recipient agency that obtained the record pursuant to a routine use. Disclosure of the accounting could therefore present a serious impediment to law enforcement efforts on the part of the recipient agency because the individual who is the subject of the record would learn of third agency investigative interests and could take steps to evade detection or apprehension. Disclosure of the accounting also could reveal the details of watch list matching measures under the Threat Mitigation system, as well as capabilities and vulnerabilities of the watch list matching process, the release of which could permit an individual to evade future detection and thereby impede efforts to ensure security.

   (B) From subsection (c)(4) because portions of this system are exempt from the access and amendment provisions of subsection (d).

   (C) From subsection (d) (Access to Records) because access to the records contained in this system of records could inform the subject of an investigation of an actual or potential criminal, civil, or regulatory violation to the existence of that investigation and reveal investigative interest on the part of Department of Homeland Security or another agency. Access to the records could permit the individual who is the subject of a record to impede the investigation, to tamper with witnesses or evidence, and to avoid detection or apprehension. Amendment of the records could interfere with ongoing investigations and law enforcement activities and would impose an unreasonable administrative burden by requiring investigations to be continually reinvestigated. In addition, permitting access and amendment to such information could disclose security-sensitive information that could be detrimental to national security.

   (D) From subsection (e)(1) because it is not always possible for NGA or other agencies to know in advance what information is both relevant and necessary for it to complete an identity comparison between individuals and a

   Page 26122

   known or suspected terrorist. In addition, because NGA and other agencies may not always know what information about an encounter with a known or suspected terrorist will be relevant to law enforcement for the purpose of conducting an operational response.

   (E) From subsection (e)(2) because application of this provision could present a serious impediment to counterterrorism, law enforcement, or intelligence efforts in that it would put the subject of an investigation, study or analysis on notice of that fact, thereby permitting the subject to engage in conduct designed to frustrate or impede that activity. The nature of counterterrorism, law enforcement, or intelligence investigations is such that vital information about an individual frequently can be obtained only from other persons who are familiar with such individual and his/her activities. In such investigations, it is not feasible to rely upon information furnished by the individual concerning his own activities.

   (F) From subsection (e)(3), to the extent that this subsection is interpreted to require NGA to provide notice to an individual if NGA or another agency receives or collects information about that individual during an investigation or from a third party. Should the subsection be so interpreted, exemption from this provision is necessary to avoid impeding counterterrorism, law enforcement, or intelligence efforts by putting the subject of an investigation, study or analysis on notice of that fact, thereby permitting the subject to engage in conduct intended to frustrate or impede that activity.

   (G) From subsections (e)(4)(G) and (H) and (I) (Agency Requirements) and (f) (Agency Rules), because this system is exempt from the access provisions of 5 U.S.C. 552a(d).

   (H) From subsection (e)(5) because many of the records in this system coming from other system of records are derived from other agency record systems and therefore it is not possible for NGA to ensure their compliance with this provision, however, NGA has implemented internal quality assurance procedures to ensure that data used in the matching process is as thorough, accurate, and current as possible. In addition, in the collection of information for law enforcement, counterterrorism, and intelligence purposes, it is impossible to determine in advance what information is accurate, relevant, timely, and complete. With the passage of time, seemingly irrelevant or untimely information may acquire new significance as further investigation brings new details to light. The restrictions imposed by (e)(5) would limit the ability of those agencies' trained investigators and intelligence analysts to exercise their judgment in conducting investigations and impede the development of intelligence necessary for effective law enforcement and counterterrorism efforts. However, NGA has implemented internal quality assurance procedures to ensure that the data used in the matching process is as thorough, accurate, and current as possible.

   (I) From subsection (e)(8) because to require individual notice of disclosure of information due to compulsory legal process would pose an impossible administrative burden on NGA and other agencies and could alert the subjects of counterterrorism, law enforcement, or intelligence investigations to the fact of those investigations when not previously known.

   (J) From subsection (f) (Agency Rules) because portions of this system are exempt from the access and amendment provisions of subsection (d).

   (K) From subsection (g) to the extent that the system is exempt from other specific subsections of the Privacy Act.

   * * * * *

   Dated: May 2, 2014.

   Aaron Siegel,

   Alternate OSD Federal Register Liaison Officer, Department of Defense.

   FR Doc. 2014-10432 Filed 5-6-14; 8:45 am

   BILLING CODE 5001-06-P