[Page 64543-64546]
From the Federal Register Online via GPO Access
[DOCID:fr02no06-51]
=========================
Office of the Secretary
[DHS-2006-0060]
Privacy Act of 1974; System of Records
AGENCY: Privacy Office, Department of Homeland Security.
ACTION: Notice of Privacy Act system of records.
-----------------------------------------------------------------------
SUMMARY:
To provide expanded notice and transparency to the public, the
Department of Homeland Security, U.S. Customs and Border Protection
gives notice regarding the Automated Targeting System, which is the
enforcement screening module associated with the Treasury Enforcement
Communications System and was previously covered by the Treasury
Enforcement Communications System ``System of Records Notice.'' This
system of records is subject to the Privacy Act of 1974, as amended (5
U.S.C. 552a).
The Treasury Enforcement Communications System is established as an
overarching law enforcement information collection, targeting, and sharing environment. This environment is comprised of several modules designed to collect, maintain, and screen data, conduct targeting, and share information. Among these modules, the Automated Targeting System performs screening of both inbound and outbound cargo, travelers, and conveyances. As part of this screening function, the Automated Targeting System compares information obtained from the public with a set series of queries designed to permit targeting of conveyances, goods, cargo, or persons to facilitate DHS's border enforcement mission.The risk assessment and links to information upon which the assessment is based, which are stored in the Automated Targeting System, are created from existing information in a number of sources, including, but not limited to: the trade community through the Automated Commercial System or its successor; the Automated Commercial Environment system; the traveling public through information submitted by their carrier to the Advance Passenger Information System; persons crossing the United States land border by automobile or on foot; theTreasury Enforcement Communications System, or its successor; or law enforcement information maintained in other parts of the Treasury Enforcement Communications System that pertain to persons, goods, or conveyances. As part of the information it accesses for screening, Passenger Name Record (PNR) information, which is currently collected pursuant to an existing CBP regulation (19 CFR 122.49d) from both inbound and outbound travelers through the carrier upon which travel occurs, is stored in the Automated Targeting System. PNR is comprised of data which carriers collect as a matter of their usual business practice in negotiating and arranging the travel transaction.
As noted above, this system of records notice does not identify or create any new collection of information, rather DHS is providing additional notice and transparency of the functionality of these systems.
DATES: The new system of records will be effective December 4, 2006, unless comments are received that result in a contrary determination.
ADDRESSES: You may submit comments, identified by docket number, by one
of the following methods:
Federal eRulemaking Portal: http://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT:
For general questions please contact:
Laurence E. Castelli (202-572-8790), Chief, Privacy Act Policy and
Procedures Branch, Bureau of Customs and Border Protection, Office of
Regulations & Rulings.
For privacy issues please contact: Hugo Teufel
III (571-227-3813), Chief Privacy Officer, Privacy Office, U.S.
Department of Homeland Security.
SUPPLEMENTARY INFORMATION:
The Privacy Act requires each agency to publish in the Federal Register a description denoting the type and character of each system of records that the agency maintains, and the routine uses that are contained in each system in order to make agency record keeping practices transparent, to notify individuals regarding the uses to which personally identifiable information is put, and to assist the individual to more easily find such files within the agency.
DHS is hereby publishing a description of the system of records referred to as the Automated Targeting System. In accordance with 5 U.S.C. 552a(r), a report concerning this record system has been sent to the Office of Management and Budget and to the Congress. DHS/CBP-006
SYSTEM NAME:
Automated Targeting System (ATS)--DHS/CBP.
SYSTEM LOCATION:
This computer database is located at the Bureau of Customs and Border Protection (CBP) National Data Center in Washington, DC. Computer terminals are located at customhouses, border ports of entry,
airport inspection facilities under the jurisdiction of the Department of Homeland Security (DHS) and other locations at which DHS authorized personnel may be posted to facilitate DHS's mission.
CATEGORIES OF RECORDS IN THE SYSTEM:
ATS builds a risk assessment for cargo, conveyances, and travelers based on criteria and rules developed by CBP. ATS maintains the resulting assessment together with a record of which rules were used to develop the assessment. With the exception of PNR information, discussed below, ATS maintains a pointer or reference to the underlying records from other systems that resulted in a particular assessment.
This assessment and related rules history associated with developing a risk assessment for an individual are maintained for up to forty years to support ongoing targeting requirements. ATS--P (Automated Targeting System--Passenger), a component of ATS, maintains the PNR information obtained from commercial carriers for purposes of assessing the risk of international travelers. PNR may include such items as:
PNR record locator code,Department of Homeland Security, U.S. Customs and Border Protection
gives notice regarding the Automated Targeting System, which is the
enforcement screening module associated with the Treasury Enforcement
Communications System and was previously covered by the Treasury
Enforcement Communications System ``System of Records Notice.'' This
system of records is subject to the Privacy Act of 1974, as amended (5
U.S.C. 552a).
The Treasury Enforcement Communications System is established as an
overarching law enforcement information collection, targeting, and sharing environment. This environment is comprised of several modules designed to collect, maintain, and screen data, conduct targeting, and share information. Among these modules, the Automated Targeting System performs screening of both inbound and outbound cargo, travelers, and conveyances. As part of this screening function, the Automated Targeting System compares information obtained from the public with a set series of queries designed to permit targeting of conveyances, goods, cargo, or persons to facilitate DHS's border enforcement mission.The risk assessment and links to information upon which the assessment is based, which are stored in the Automated Targeting System, are created from existing information in a number of sources, including, but not limited to: the trade community through the Automated Commercial System or its successor; the Automated Commercial Environment system; the traveling public through information submitted by their carrier to the Advance Passenger Information System; persons crossing the United States land border by automobile or on foot; theTreasury Enforcement Communications System, or its successor; or law enforcement information maintained in other parts of the Treasury Enforcement Communications System that pertain to persons, goods, or conveyances. As part of the information it accesses for screening, Passenger Name Record (PNR) information, which is currently collected pursuant to an existing CBP regulation (19 CFR 122.49d) from both inbound and outbound travelers through the carrier upon which travel occurs, is stored in the Automated Targeting System. PNR is comprised of data which carriers collect as a matter of their usual business practice in negotiating and arranging the travel transaction.
As noted above, this system of records notice does not identify or create any new collection of information, rather DHS is providing additional notice and transparency of the functionality of these systems.
DATES: The new system of records will be effective December 4, 2006, unless comments are received that result in a contrary determination.
ADDRESSES: You may submit comments, identified by docket number, by one
of the following methods:
Federal eRulemaking Portal: http://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT:
For general questions please contact:
Laurence E. Castelli (202-572-8790), Chief, Privacy Act Policy and
Procedures Branch, Bureau of Customs and Border Protection, Office of
Regulations & Rulings.
For privacy issues please contact: Hugo Teufel
III (571-227-3813), Chief Privacy Officer, Privacy Office, U.S.
Department of Homeland Security.
SUPPLEMENTARY INFORMATION:
The Privacy Act requires each agency to publish in the Federal Register a description denoting the type and character of each system of records that the agency maintains, and the routine uses that are contained in each system in order to make agency record keeping practices transparent, to notify individuals regarding the uses to which personally identifiable information is put, and to assist the individual to more easily find such files within the agency.
DHS is hereby publishing a description of the system of records referred to as the Automated Targeting System. In accordance with 5 U.S.C. 552a(r), a report concerning this record system has been sent to the Office of Management and Budget and to the Congress. DHS/CBP-006
SYSTEM NAME:
Automated Targeting System (ATS)--DHS/CBP.
SYSTEM LOCATION:
This computer database is located at the Bureau of Customs and Border Protection (CBP) National Data Center in Washington, DC. Computer terminals are located at customhouses, border ports of entry,
airport inspection facilities under the jurisdiction of the Department of Homeland Security (DHS) and other locations at which DHS authorized personnel may be posted to facilitate DHS's mission.
CATEGORIES OF RECORDS IN THE SYSTEM:
ATS builds a risk assessment for cargo, conveyances, and travelers based on criteria and rules developed by CBP. ATS maintains the resulting assessment together with a record of which rules were used to develop the assessment. With the exception of PNR information, discussed below, ATS maintains a pointer or reference to the underlying records from other systems that resulted in a particular assessment.
This assessment and related rules history associated with developing a risk assessment for an individual are maintained for up to forty years to support ongoing targeting requirements. ATS--P (Automated Targeting System--Passenger), a component of ATS, maintains the PNR information obtained from commercial carriers for purposes of assessing the risk of international travelers. PNR may include such items as:
Date of reservation,
Date(s) of intended travel,
Name,
Other names on PNR,
Number of travelers on PNR,
Seat information,
Address,
All forms of payment information,
Billing address,
Contact telephone numbers,
All travel itinerary for specific PNR,
Frequent flyer information,
Travel agency,
Travel agent,
Code share PNR information,
Travel status of passenger,
Split/Divided PNR information,
Identifiers for free tickets,
One-way tickets,
E-mail address,
Ticketing field information,
Automated Ticketing Fare Quote (ATFQ) fields,
General remarks,
Ticket number,
Seat number,
Date of ticket issuance,
Any collected APIS information,
No show history,
Number of bags,
Bag tag numbers,
Go show information,
Number of bags on each segment,
Other Supplementary information (OSI),
Special Services information (SSI),
Special Services Request (SSR),
Voluntary/involuntary upgrades,
Received from information, and
All historical changes to the PNR
Not all carriers maintain the same sets of information for PNR.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
19 U.S.C. Title VII of Public Law 104-208, and 49 U.S.C. 44909.
Purpose(s):
(a) To perform targeting of individuals, including passengers and
crew, focusing CBP resources by identifying persons who may pose a risk
to border security, may be a terrorist or suspected terrorist, or may
otherwise be engaged in activity in violation of U.S. law; (b) To perform targeting of conveyances and cargo to focus CBP's resources for inspection and examination and enhance CBP's ability to identify potential violations of U.S. law, possible terrorist threats,
and other threats to border security; and (c) To assist in the enforcement of the laws enforced or administered by DHS, including those related to counterterrorism.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside DHS as a
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To appropriate Federal, state, local, tribal, or foreign
governmental agencies or multilateral governmental organizations
responsible for investigating or prosecuting the violations of, or for
enforcing or implementing, a statute, rule, regulation, order, or
license, where CBP believes the information would assist enforcement of
civil or criminal laws;
B. To appropriate Federal, state, local, tribal, or foreign
governmental agencies maintaining civil, criminal, or other relevant
enforcement information or other pertinent information, which has
requested information relevant or necessary to the requesting agency's
hiring or retention of an individual, or issuance of a security
clearance, license, contract, grant, or other benefit and disclosure is
appropriate to the proper performance of the official duties of the
person making the disclosure;
C. To a court, magistrate, or administrative tribunal in the course
of presenting evidence, including disclosures to opposing counsel or
witnesses in the course of civil discovery, litigation, or settlement
negotiations, or in response to a subpoena, or in connection with
criminal law proceedings;
D. To third parties during the course of a law enforcement
investigation to the extent necessary to obtain information pertinent
to the investigation, provided disclosure is appropriate to the proper
performance of the official duties of the officer making the
disclosure;
E. To an agency, organization, or individual for the purposes of
performing audit or oversight operations as authorized by law;
F. To a Congressional office, for the record of an individual in
response to an inquiry from that Congressional office made at the
request of the individual to whom the record pertains;
G. To contractors, grantees, experts, consultants, students, and
others performing or working on a contract, service, grant, cooperative
agreement, or other assignment for the Federal government, when
necessary to accomplish an agency function related to this system of
records, in compliance with the Privacy Act of 1974, as amended;
H. To an organization or individual in either the public or private
sector, either foreign or domestic, where there is a reason to believe
that the recipient is or could become the target of a particular
terrorist activity or conspiracy, to the extent the information is
relevant to the protection of life or property and disclosure is
appropriate to the proper performance of the official duties of the
person making the disclosure;
I. To the United States Department of Justice (including United
States Attorney offices) or other Federal agency conducting litigation
or in proceedings before any court, adjudicative or administrative
body, when it is necessary to the litigation and one of the following
is a party to the litigation or has an interest in such litigation: ( a)
DHS, or (b) any employee of DHS in his/her offic
ial capacity, or (c) any employee of DHS in his/her individual capacity where DOJ or DHS has agreed to represent said employee, or (d) the United States or any agency thereof;
J. To the National Archives and Records Administration or other
Federal government agencies pursuant to records management inspections
being conducted under the authority of 44 U.S.C. 2904 and 2906;
K. To appropriate Federal, state, local, tribal, or foreign
governmental agencies, if necessary to obtain information relevant to a
DHS decision concerning the hiring or retention of an employee, the
issuance of a security clearance, the reporting of an investigation of
an employee, the letting of a contract, or the issuance of a license,
grant or other benefit and disclosure is appropriate to the proper
performance of the official duties of the individual making the
disclosure;
L. To appropriate Federal, State, local, tribal, or foreign
governmental agencies or multilateral governmental organizations, for
purposes of assisting such agencies or organizations in preventing
exposure to or transmission of a communicable or quarantinable disease
or for combatting other significant public health threats;
M. To Federal and foreign government intelligence or counterterrorism agencies or components where CBP becomes aware of an indication of a threat or potential threat to national or international security, or where such use is to assist in anti-terrorism efforts and
disclosure is appropriate to the proper performance of the official duties of the person making the disclosure;
N. To appropriate Federal, State, local, tribal, or foreign
governmental agencies or multilateral governmental organizations where
CBP is aware of a need to utilize relevant data for purposes of testing
new technology and systems designed to enhance border security or
identify other violations of law;
O. To appropriate agencies, entities, and persons when (1) it is
suspected or confirmed that the security or confidentiality of
information in the system of records has been compromised; (2) CBP has
determined that as a result of the suspected or confirmed compromise
there is a risk of harm to economic or property interests, identity
theft or fraud, or harm to the security or integrity of this system or
other systems or programs (whether maintained by CBP or another agency
or entity) that rely upon the compromised information; and (3) the
disclosure is made to such agencies, entities, and persons when
reasonably necessary to assist in connection with the CBP's efforts to
respond to the suspected or confirmed compromise and prevent, minimize,
or remedy such harm.
SAFEGUARDS:
All records are protected from unauthorized access through
appropriate administrative, physical, and technical safeguards. These
safeguards include all of the following: restricting access to those
with a ``need to know''; using locks, alarm devices, and passwords; compartmentalizing databases; auditing software; and encrypting data communications.
ATS also monitors source systems for changes to the source data.
The system manager, in addition, has the capability to maintain system
back-ups for the purpose of supporting continuity of operations and the
discrete need to isolate and copy specific data access transactions for
the purpose of conducting security incident investigations. ATS
information is secured in full compliance with the requirements of the
DHS IT Security Program Handbook. This handbook establishes a
comprehensive information security program.
Access to the risk assessment results and related rules is
restricted to a limited number of authorized government personnel who
have gone through extensive training on the appropriate use of this
information and CBP policies, including for security and privacy. These
individuals are trained to review the risk assessments and background
information to identify individuals who may likely pose a risk. To
ensure that ATS is being accessed and used appropriately, audit logs
are created and reviewed routinely by CBP's Office of Internal Affairs.
RETENTION AND DISPOSAL:
The information initially collected in ATS is used for entry
screening purposes. Records in this system will be retained and
disposed of in accordance with a records schedule to be approved by the
National Archives and Records Administration. ATS both collects
information directly, and derives other information from various
systems. To the extent information is collected from other systems,
data is retained in accordance with the record retention requirements
of those systems.
The retention period for data specifically maintained in ATS will
not exceed forty years at which time it will be deleted from ATS. Up to
forty years of data retention may be required to cover the potentially
active lifespan of individuals associated with terrorism or other
criminal activities. The touchstone for data retention, however, is its
relevance and utility. Accordingly, CBP will regularly review the data
maintained in ATS to ensure its continued relevance and usefulness. If
no longer relevant and useful, CBP will delete the information. All
risk assessments need to be maintained because the risk assessment for
individuals who are deemed low risk will be relevant if their risk
profile changes in the future, for example, if terrorist associations
are identified. Additionally, certain data collected directly by ATS
may be subject to shorter retention limitations pursuant to separate
arrangements. The adoption of shorter retention periods may not be
publicly disclosed if DHS concludes that disclosure would affect
operational security, for example by giving terrorism suspects the
certainty that their past travel patterns would no longer be known to
U.S. authorities.
.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
Pursuant to 31 CFR 1.36 pertaining to the Treasury Enforcement
Communications System, the Automated Targeting System, which was
previously covered by the Treasury Enforcement Communications System
(TECS) system of records notice and associated with the below
exemptions, records and information in this system are exempt from 5
U.S.C. 552a(c)(3), (d)(1), (d)(2), (d)(3), (d)(4), (e)(1), (e)(4)(G),
(H), and (I), and (f) of the Privacy Act pursuant to 5 U.S.C.
552a(j)(2) and (k)(2). DHS intends to review these exemptions and, if
warranted, issue a new set of exemptions specific to ATS within ninety
(90) days of the publication of this notice.
Dated: October 27, 2006.
Hugo Teufel III,
Chief Privacy Officer.
[FR Doc. 06-9026 Filed 10-30-06; 3:31 pm]
BILLING CODE 4410-10-P
No comments:
Post a Comment