Privacy Act; Systems of Records

Federal Register: June 10, 2008 (Volume 73, Number 112)

Proposed Rules

Page 32657-32659

From the Federal Register Online via GPO Access [wais.access.gpo.gov]

DOCID:fr10jn08-6

Proposed Rules

Federal Register

This section of the FEDERAL REGISTER contains notices to the public of the proposed issuance of rules and regulations. The purpose of these notices is to give interested persons an opportunity to participate in the rule making prior to the adoption of the final rules.

Page 32657

DEPARTMENT OF HOMELAND SECURITY 6 CFR Part 5

Docket Number DHS-2008-0053

Privacy Act of 1974: Implementation of Exemptions; Electronic

System for Travel Authorization

AGENCY: Privacy Office, Office of the Secretary, DHS.

ACTION: Notice of proposed rulemaking.

SUMMARY: The Department of Homeland Security is amending its regulations to exempt portions of a system of records from certain provisions of the Privacy Act. Specifically, the Department proposes to exempt portions of the Electronic System for Travel Authorization

(ESTA) from one or more provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements.

DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), the public is given a 30-day period in which to comment on this notice; and the

Office of Management and Budget (OMB), which has oversight responsibility under the Act, requires a 40-day period in which to conclude its review of the system. Therefore, the public, OMB, and

Congress are invited to submit comments July 21, 2008.

ADDRESSES: You may submit comments, identified by DOCKET NUMBER DHS- 2008-0053 by one of the following methods:

Federal e-Rulemaking Portal: http://www.regulations.gov.

Follow the instructions for submitting comments.

Fax: 1-866-466-5370.

Mail: Hugo Teufel III, Chief Privacy Officer, Privacy

Office, Department of Homeland Security, Washington, DC 20528.

FOR FURTHER INFORMATION CONTACT: For general questions please contact:

Laurence E. Castelli (202-572-8790), Chief, Privacy Act Policy and

Procedures Branch, U.S. Customs and Border Protection, Regulations and

Rulings, Office of International Trade, Mint Annex, 1300 Pennsylvania

Ave., NW., Washington, DC 20229. For privacy issues please contact:

Hugo Teufel III (703-235-0780), Chief Privacy Officer, Privacy Office,

U.S. Department of Homeland Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

Background

The Department of Homeland Security (DHS), elsewhere in this edition of the Federal Register, published a Privacy Act system of records notice describing records in the Electronic System Travel

Authorization (ESTA).

CBP currently does not require a visa for qualifying nationals traveling from countries that participate in the Visa Waiver Program

(VWP). To ensure the VWP national does not pose a security risk or have a law enforcement reason to prevent his or her travel to the United

States and in response to a Congressional mandate to do so, DHS/CBP will be implementing an Electronic System for Travel Authorization

(ESTA) to permit nationals of VWP countries to electronically submit biographic and admissibility information in advance of their travel to the United States so that CBP can determine whether the applicant is eligible to travel to the United States.

Applicants under this program will electronically provide information, as specified in the ESTA Interim Final Rule, prior to traveling to the United States by air or sea, which will be stored in the ESTA system in an account. The individual will have the opportunity to verify the accuracy of the information entered in ESTA during the application process and before the application is submitted through

ESTA. Applicants will be given a tracking number which, combined with some personal information already provided to the system, will allow the applicant to submit updates to data elements that do not affect their admissibility or apply for a new ESTA.

Once an applicant has verified the application information and submitted the required information to ESTA, the information supplied by the applicant will be used to automatically query terrorist and law enforcement databases to determine whether the applicant is eligible to travel to the United States under VWP. When possible matches to derogatory information are found, the applications will be vetted through normal CBP procedures. During this time, the applicant will receive a ``pending'' status. If the applicant is cleared to travel under the VWP, he or she will receive an ``authorized to travel'' status via the ESTA Web site. If the applicant is not cleared for travel, the applicant will receive a ``not authorized to travel'' status and be directed to the State Department Web site to obtain information on how to apply for a visa at a U.S. consulate or embassy.

The Department of State will have access to the information supplied by the applicant and the ESTA results to assist in determining whether to issue a visa.

Carriers, when querying the applicant through the Advance Passenger

Information System/APIS Quick Query (APIS/AQQ) to determine whether a boarding pass should be issued, will be notified whether the applicant traveler has been authorized to travel, pending, not authorized, or has not applied for an ESTA. VWP travelers must have an authorized ESTA or a visa to be issued a boarding pass.

No exemption shall be asserted with respect to information maintained in the system as it relates to data submitted by or on behalf of a person who travels to visit the United States, nor shall an exemption be asserted with respect to the resulting determination

(authorized to travel, not authorized to travel, pending).

This system may contain records or information pertaining to the accounting of disclosures made from ESTA to other law enforcement agencies (Federal, State, Local, Foreign, International or Tribal) in accordance with the published routine uses. For the accounting of these disclosures only, in accordance with 5 U.S.C. 552a (j)(2), and (k)(2),

DHS will claim the original exemptions for these records or information from subsection (c)(3), (e) (8), and (g) of the Privacy Act of 1974, as amended, as necessary and appropriate to protect such information.

Moreover, DHS will add this exemption to Appendix C to 6 CFR Part 5,

DHS Systems of Records Exempt from the Privacy Act. Such exempt records or information may be law enforcement or national security investigation records,

Page 32658

law enforcement activity and encounter records, or terrorist screening records.

DHS needs these exemptions in order to protect information relating to law enforcement investigations from disclosure to subjects of investigations and others who could interfere with investigatory and law enforcement activities. Specifically, the exemptions are required to: Preclude subjects of investigations from frustrating the investigative process; avoid disclosure of investigative techniques; protect the identities and physical safety of confidential informants and of law enforcement personnel; ensure DHS's and other federal agencies' ability to obtain information from third parties and other sources; protect the privacy of third parties; and safeguard sensitive information.

Nonetheless, DHS will examine each request on a case-by-case basis, and, after conferring with the appropriate component or agency, may waive applicable exemptions in appropriate circumstances and where it would not appear to interfere with or adversely affect the law enforcement or national security investigation.

Again, DHS will not assert any exemption with respect to information maintained in the system that is collected from a person and submitted by that person's air or vessel carrier, if that person, or his or her agent, seeks access or amendment of such information.

Regulatory Requirements

1. Regulatory Impact Analyses

   Changes to Federal regulations must undergo several analyses. In conducting these analyses, DHS has determined: 1. Executive Order 12866 Assessment

   This rule is not a significant regulatory action under Executive

   Order 12866, ``Regulatory Planning and Review'' (as amended).

   Accordingly, this rule has not been reviewed by the Office of

   Management and Budget (OMB). Nevertheless, DHS has reviewed this rulemaking, and concluded that there will not be any significant economic impact. 2. Regulatory Flexibility Act Assessment

   Pursuant to section 605 of the Regulatory Flexibility Act (RFA), 5

   U.S.C. 605(b), as amended by the Small Business Regulatory Enforcement and Fairness Act of 1996 (SBREFA), DHS certifies that this rule will not have a significant impact on a substantial number of small entities. The rule would impose no duties or obligations on small entities. Further, the exemptions to the Privacy Act apply to individuals, and individuals are not covered entities under the RFA. 3. International Trade Impact Assessment

   This rulemaking will not constitute a barrier to international trade. The exemptions relate to criminal investigations and agency documentation and, therefore, do not create any new costs or barriers to trade. 4. Unfunded Mandates Assessment

   Title II of the Unfunded Mandates Reform Act of 1995 (UMRA), (Pub.

   L. 104-4, 109 Stat. 48), requires Federal agencies to assess the effects of certain regulatory actions on State, local, and tribal governments, and the private sector. This rulemaking will not impose an unfunded mandate on State, local, or tribal governments, or on the private sector.

2. Paperwork Reduction Act

   The Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3501 et seq.) requires that DHS consider the impact of paperwork and other information collection burdens imposed on the public and, under the provisions of PRA section 3507(d), obtain approval from the Office of

   Management and Budget (OMB) for each collection of information it conducts, sponsors, or requires through regulations. DHS has determined that there are no current or new information collection requirements associated with this rule.

3. Executive Order 13132, Federalism

   This action will not have a substantial direct effect on the

   States, on the relationship between the national Government and the

   States, or on the distribution of power and responsibilities among the various levels of government, and therefore will not have federalism implications.

4. Environmental Analysis

   DHS has reviewed this action for purposes of the National

   Environmental Policy Act of 1969 (NEPA) (42 U.S.C. 4321-4347) and has determined that this action will not have a significant effect on the human environment.

5. Energy Impact

   The energy impact of this action has been assessed in accordance with the Energy Policy and Conservation Act (EPCA) Public Law 94-163, as amended (42 U.S.C. 6362). This rulemaking is not a major regulatory action under the provisions of the EPCA.

   List of Subjects in 6 CFR Part 5

   Freedom of information, Privacy.

   For the reasons stated in the preamble, DHS proposes to amend

   Chapter I of Title 6, Code of Federal Regulations, as follows:

   PART 5--DISCLOSURE OF RECORDS AND INFORMATION 1. The authority citation for part 5 continues to read as follows:

   Authority: Public Law 107-296, 116 Stat. 2135, 6 U.S.C. 101 et seq.; 5 U.S.C. 301. Subpart A also issued under 5 U.S.C. 552. 2. At the end of Appendix C to part 5, add the following new paragraph:

   Appendix C to Part 5--DHS Systems of Records Exempt From the Privacy

   Act

   * * * * * 6. DHS/CBP-009, Electronic System for Travel Authorization

   (ESTA). A portion of the following system of records is exempt from 5 U.S.C. 552a(c)(3), (e)(8), and (g) pursuant to 5 U.S.C. 552a(j)(2),and (k)(2). Further, no exemption shall be asserted with respect to information maintained in the system as it relates to data submitted by or on behalf of a person who travels to visit the

   United States and crosses the border, nor shall an exemption be asserted with respect to the resulting determination (approval or denial). After conferring with the appropriate component or agency,

   DHS may waive applicable exemptions in appropriate circumstances and where it would not appear to interfere with or adversely affect the law enforcement purposes of the systems from which the information is recompiled or in which it is contained. Exemptions from the above particular subsections are justified, on a case-by-case basis to be determined at the time a request is made, when information in this system of records may impede a law enforcement or national security investigation:

   (a) From subsection (c)(3) (Accounting for Disclosure) because making available to a record subject the accounting of disclosures from records concerning him or her would specifically reveal any investigative interest in the individual. Revealing this information could reasonably be expected to compromise ongoing efforts to investigate a violation of U.S. law, including investigations of a known or suspected terrorist, by notifying the record subject that he or she is under investigation. This information could also permit the record subject to take measures to impede the investigation, e.g., destroy evidence, intimidate potential witnesses, or flee the area to avoid or impede the investigation.

   (b) From subsection (e)(8) (Notice on Individuals) because to require individual notice of disclosure of information due to compulsory legal process would pose an impossible administrative burden on DHS and other agencies and could alert the subjects of counterterrorism or law enforcement investigations to the fact of those investigations when not previously known.

   Page 32659

   (c) From subsection (g) (Civil Remedies) to the extent that the system is exempt from other specific subsections of the Privacy Act.

   Hugo Teufel, III,

   Chief Privacy Officer, Department of Homeland Security.

   FR Doc. E8-12785 Filed 6-9-08; 8:45 am

   BILLING CODE 4410-10-P