AGENCY:

Department of the Army, DoD.

ACTION:

Notice to Alter a System of Records.

SUMMARY:

The Department of the Army is proposing to alter a system of records in its existing inventory of records systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended.

DATES:

The proposed action will be effective on April 27, 2007 unless comments are received that would result in a contrary determination.

ADDRESSES:

Department of the Army, Freedom of Information/Privacy Office, U.S. Army Records Management and Declassification Agency, 7701 Telegraph Road, Casey Building, Suite 144, Alexandria, VA 22325-3905.

FOR FURTHER INFORMATION CONTACT:

Mr. Robert Dickerson at (703) 428-6513.

SUPPLEMENTARY INFORMATION:

The Department of the Army systems of records notices subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended, have been published in the Federal Register and are available from the address above.

The proposed system report, as required by 5 U.S.C. 552a(r) of the Privacy Act of 1974, as amended, was submitted on March 13, 2007, to the House Committee on Government Reform, the Senate Committee on Homeland Security and Governmental Affairs, and the Office of Management and Budget (OMB) pursuant to paragraph 4c of Appendix I to OMB Circular No. A-130, ‘Federal Agency Responsibilities for Maintaining Records About Individuals,’ dated February 8, 1996 (February 20, 1996, 61 FR 6427).

A0025-2 SAIS

System name:

Information Assurance for Automated Information Systems (AIS) and Department of Defense Biometric Information Systems (February 25, 2005, 70 FR 9287).

Changes:

System identifier:

Add to entry “DoD.”

System name:

Delete entry and replace with “Department of Defense Biometric Information Systems and Information Assurance for Automated Information Systems (AIS).”

System location:

Delete entry and replace with “Department of Defense Biometrics Fusion Center, 347 West Main Street, Clarksburg, WV 26306-2947 and at any Department of Defense activity that receives, compares, retains, accesses, or uses biometric technology to recognize the identity or to verify the claimed identity of an individual.”

Categories of individuals covered by the system:

Delete entry and replace with “Individuals covered include, but are not limited to, members of the U.S. Armed Forces, DoD civilian and contractor personnel, military reserve personnel, Army and Air National Guard personnel, and other individuals (who are U.S. citizens or aliens lawfully admitted for permanent residence) requiring or requesting access to DoD or DoD controlled information systems and/or DoD or DoD contractor operated, controlled, or secured facilities.”

Categories of records in the system:

Delete “Operator's/user's name” replace with “Individual's name.”

Authority for maintenance of the system:

Delete entry and replace with “10 U.S.C. 113, Secretary of Defense; 10 U.S.C. 3013, Secretary of the Army; 10 U.S.C. 5013, Secretary of the Navy; 10 U.S.C. 8013, Secretary of the Air Force; Public Law 106-246, Section 112, Emergency Supplemental Act; Department of Defense Directive 8500.1, Information Assurance (IA); DoD Instruction 8500.2, Information Assurance Implementation; Army Regulation 25-2, Information Assurance;; Deputy Secretary of Defense Memorandum, “Executive Agent for the Department of Defense (DoD) Biometrics Project”; Deputy Secretary of Defense Memorandum, “Collection of Biometric Data from Certain U.S. Persons in USCENTCOM AOR”; and E.O. 9397 (SSN).

Purpose(s):

Delete entry and replace with “To control logical and physical access to DoD and DoD controlled information systems and DoD or DoD contractor operated, controlled, or secured facilities and to support the DoD physical and logical security, force protection, identity management, and information assurance programs, by identifying an individual or verifying/authenticating the identity of an individual through the use of biometrics (i.e., measurable physiological or behavioral characteristics) for purposes of protecting U.S./Coalition/allied government and/or U.S./Coalition/allied national security areas of responsibility and information.

Information assurance purposes include the administration of passwords and identification numbers for operators/users of data in automated media; identifying data processing and communication customers authorized access to or disclosure from data residing in information processing and/or communication activities; and determining the propriety of individual access into the physical data residing in automated media.”

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

Add “Information may be disclosed to Federal, State, tribal, local, or foreign agencies for the purposes of law enforcement, counterterrorism, immigration management and control, and homeland security, or for purposes of protecting the territory, people, and interests of the United States of America against breaches of security related to DoD controlled information or facilities, and against terrorist activity.”

Safeguards:

Delete entry and replace with “Computerized records maintained in a controlled area are accessible only to authorized personnel. Records are maintained in a controlled facility. Physical entry is restricted by the use of locks, guards, and is accessible only to authorized personnel. Physical and electronic access is restricted to designated individuals having a need therefore in the performance of official duties and who are properly screened and cleared for need-to-know”.

Retention and disposal:

Delete entry and replace with “Data is destroyed when superseded or when no longer needed for operational purposes, whichever is later.”

System manager(s) and address:

Delete entry and replace with “Director of Operations, Department of Defense Biometrics Task Force, 2530 Crystal Drive, Arlington, VA 22202-3934.” Start Printed Page 14539

Notification procedure:

Delete entry and replace with “Individuals seeking to determine whether information about themselves is contained in this system should address written inquiries to the Director of Operations, Department of Defense Biometrics Task Force, 2530 Crystal Drive, Arlington, VA 22202-3934.

For verification purposes, individual should provide full name, sufficient details to permit locating pertinent records, and signature.”

Record access procedures:

Delete entry and replace with “Individuals seeking access to information about themselves contained in this system should address written inquiries to the Director of Operations, Department of Defense Biometrics Task Force, 2530 Crystal Drive, Arlington, VA 22202-3934.

For verification purposes, individual should provide full name, sufficient details to permit locating pertinent records, and signature.”

Record source categories:

Delete entry and replace with “From the individual, DoD security offices, system managers, computer facility managers, automated interfaces for user codes on file at Department of Defense sites.”

A0025-2 SAIS DoD

System name:

Department of Defense Biometric Information Systems and Information Assurance for Automated Information Systems (AIS).

System location:

Department of Defense Biometrics Fusion Center, 347 West Main Street, Clarksburg, WV 26306-2947 and at any Department of Defense activity that receives, compares, retains, accesses, or uses biometric technology to recognize the identity or to verify the claimed identity of an individual.

Categories of individuals covered by the system:

Individuals covered include, but are not limited to, members of the U.S. Armed Forces, DoD civilian and contractor personnel, military reserve personnel, Army and Air National Guard personnel, and other individuals (who are U.S. citizens or aliens lawfully admitted for permanent residence) requiring or requesting access to DoD or DoD controlled information systems and/or DoD or DoD contractor operated, controlled, or secured facilities.

Categories of records in the system:

Individual's name, Social Security Number (SSN); organization name, telephone number, and office symbol; security clearance; level of access; subject interest code; user identification code; data files retained by users; assigned password; magnetic tape reel identification; abstracts of computer programs and names and phone numbers of contributors; biometrics templates, biometric images, supporting documents; biographic information including, but not limited to, name, date and place of birth, height, weight, eye color, hair color, race and gender, and similar relevant information.

Authority for maintenance of the system:

10 U.S.C. 113, Secretary of Defense; 10 U.S.C. 3013, Secretary of the Army; 10 U.S.C. 5013, Secretary of the Navy; 10 U.S.C. 8013, Secretary of the Air Force; Public Law 106-246, Section 112, Emergency Supplemental Act; Department of Defense Directive 8500.1, Information Assurance (IA); DoD Instruction 8500.2, Information Assurance Implementation; Army Regulation 25-2, Information Assurance; Deputy Secretary of Defense Memorandum, “Executive Agent for the Department of Defense (DoD) Biometrics Project”; Deputy Secretary of Defense Memorandum, “Collection of Biometric Data from Certain U.S. Persons in USCENTCOM AOR”; and E.O.937(SSN).

Purpose(s):

To control logical and physical access to DoD and DoD controlled information systems and DoD or DoD contractor operated, controlled, or secured facilities and to support the DoD physical and logical security, force protection, identity management, and information assurance programs, by identifying an individual or verifying/authenticating the identity of an individual through the use of biometrics (i.e., measurable physiological or behavioral characteristics) for purposes of protecting U.S./Coalition/allied government and/or U.S./Coalition/allied national security areas of responsibility and information.

Information assurance purposes include the administration of passwords and identification numbers for operators/users of data in automated media; identifying data processing and communication customers authorized access to or disclosure from data residing in information processing and/or communication activities; and determining the propriety of individual access into the physical data residing in automated media.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records or information contained therein may specifically be disclosed outside the DoD as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

To Federal, State, tribal, local, or foreign agencies for the purposes of law enforcement, counterterrorism, immigration management and control, and homeland security, or for purposes of protecting the territory, people, and interests of the United States of America against breaches of security related to DoD controlled information or facilities, and against terrorist activity.

The DoD Blanket Routine Uses' set forth at the beginning of the Army's compilation of systems of records notices also apply to this system.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

Paper records in file folders and electronic storage media.

Retrievability:

Name, Social Security Number, subject, application program key, biometric template, and other biometric data.

Safeguards:

Computerized records maintained in a controlled area are accessible only to authorized personnel. Records are maintained in a controlled facility. Physical entry is restricted by the use of locks, guards, and is accessible only to authorized personnel. Physical and electronic access is restricted to designated individuals having a need therefore in the performance of official duties and who are properly screened and cleared for need-to-know.

Retention and disposal:

Data is destroyed when superseded or when no longer needed for operational purposes, whichever is later.

System manager(s) and address:

Director of Operations, Department of Defense Biometrics Task Force, 2530 Crystal Drive, Arlington, VA 22202-3934.

Notification procedure:

Individuals seeking to determine whether information about themselves is contained in this system should address written inquiries to the Director of Operations, Department of Defense Biometrics Task Force, 2530 Crystal Drive, Arlington, VA 22202-3934. Start Printed Page 14540

For verification purposes, individual should provide full name, sufficient details to permit locating pertinent records, and signature.

Record access procedures:

Individuals seeking access to information about themselves contained in this system should address written inquiries to the Director of Operations, Department of Defense Biometrics Task Force, 2530 Crystal Drive, Arlington, VA 22202-3934.

For verification purposes, individual should provide full name, sufficient details to permit locating pertinent records, and signature.

Contesting record procedures:

The Army's rules for accessing records, and for contesting contents and appealing initial agency determinations are contained in Army Regulation 340-21; 32 CFR part 505; or may be obtained from the system manager.

Record source categories:

From the individual, DoD security offices, system managers, computer facility managers, automated interfaces for user codes on file at Department of Defense sites.

Exemptions claimed for the system:

None.