AGENCY:

Privacy Office; DHS.

ACTION:

Notice of Privacy Act system of records.

SUMMARY:

Pursuant to the Privacy Act of 1974, the Department of Homeland Security, United States Coast Guard is updating and re-issuing a legacy system of records, Department of Transportation DOT/CG 642 System of Records Notice known as Joint Maritime Information Element, JMIE, Support System, JSS. This system of records will be replaced by DHS/USCG-061 Maritime Awareness Global Network (MAGNET).

DATES:

Written comments must be submitted on or before June 16, 2008.

ADDRESSES:

You may submit comments, identified by DOCKET NUMBER DHS-2007-0074 by one of the following methods:

• Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments. All comments received will be posted without change to http://www.regulations.gov, including any personal information provided.
• Fax: 1-866-466-5370.
• Mail: Hugo Teufel III, Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528.

FOR FURTHER INFORMATION CONTACT:

For system related questions please contact: Mr. Frank Sisto, Program Officer, ISR Data Analysis & Manipulation Division (CG-262), Phone 202-372-2795 or by mail correspondence U.S. Coast Guard 2100 Second Street, SW., Washington, DC 20593-0001. For privacy issues, please contact: Hugo Teufel III, Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

I. Background Information

In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Department of Homeland Security (DHS) is replacing a legacy system of records, Department of Transportation DOT/CG 642 System of Records Notice known as Joint Maritime Information Element, JMIE, Support System, JSS (67 FR 19475). DHS/USCG-001 Maritime Awareness Global Network (MAGNET) will replace the JMIS/JSS System of Records. Coast Guard Intelligence Directorate, Office of ISR (CG-26) will serve as MAGNET's executive agent.

The JMIE JSS provided storage and access of maritime information with some basic search capabilities such as vessel searches by name, hull identification and registration number and person's searches by passport or merchant mariner license number. MAGNET will enhance JMIE/JSS capabilities by adding additional data sources, media storage, access capabilities, and infrastructure to provide rapid, near real-time data to the Coast Guard and other authorized organizations that need it. DHS, Coast Guard, and MAGNET users will have the ability to share, correlate, and provide classified/unclassified data across agency lines to provide Maritime Domain Awareness critical to homeland and national security.

Taken together the information in MAGNET establishes Maritime Domain Awareness. Maritime Domain Awareness is the collection of as much information as possible about the maritime world. In other words, MAGNET establishes a full awareness of the entities (people, places, things) and their activities within the maritime industry. MAGNET collects the information described above and connects the information in order to fulfill this need.

Coast Guard Intelligence (through MAGNET) will provide awareness to the field as well as to strategic planners by aggregating data from existing sources internal and external to the Coast Guard or DHS. MAGNET will correlate and provide the medium to display information such as ship registry, current ship position, crew background, passenger lists, port history, cargo, known criminal vessels, and suspect lists. Coast Guard Intelligence (CG-2) will serve as MAGNET's executive agent and will share appropriate aggregated data to other law enforcement and intelligence agencies.

MAGNET could relate to an individual in a few ways. As one example, MAGNET may collect information on individuals associated with ports, port facilities, and maritime vessels. Individuals may be passengers, crew, owners, operators, or any other employee in support of maritime business or other activities. The primary collection vehicle for people information is through the Ships Arrival Notification System (SANS). Certain vessels, as defined in 33 CFR part 160, are required to report arrivals to U.S. ports and included is crew and passenger information. The SANS information is replicated into MAGNET. MAGNET will also contain information about passenger ships that are required to report arrivals via SANS.

The MAGNET system receives data from several systems within DHS and outside of DHS through electronic transfers of information. These systems include Ships Arrival and Notification System (SANS), National Automated Identification System (NAIS), Maritime Information for Safety and Law Enforcement and the Coast Guard and U.S. Navy Common Operational Pictures. These electronic transfers include the use of an Internet Protocol called Secure File Transfer Protocol (SFTP), delivery of data on CD-ROM or DVD-ROM, system-to-system communications via specially written Internet Protocol socket-based data streaming, database-to-database replication of data, electronic transfer of database transactional backup files, and delivery of formatted data via electronic mail.

MAGNET will provide output to the Common Operating Picture (COP) as viewed using the Global Command and Control System, Integrated Imagery and Intelligence (GCCS-I3) platform. The COP is an integrated, or “common”, view of the vessels operating in water that is important to the United States government, including geographic positions of the vessels, as well as, characteristics of the vessel. The COP is integrated (or “shared”) amongst users of the GCCS-I3, which is commonly used within the U.S. Coast Guard and the Department of Defense to monitor areas of operation. The output destined for the COP may be submitted to the Common Intelligence Picture (CIP) for review prior to the data being transferred to the COP. In addition, users will be able to run queries about specific vessels or tracks from a GCCS-I3 workstation and retrieve additional information from the MAGNET database. MAGNET will be able to accept input from the GCCS-I3 environment and process this data into the MAGNET database. This will allow MAGNET to accumulate position reports from the COP.

Types of information sharing that may result from the routine uses outlined in this notice include: (1) Disclosure to individuals who are working as a contractor or with a similar relationship working on behalf of DHS; (2) sharing with Congressional offices asking on behalf of an individual; (3) sharing when there appears to be a specific violation or potential violation of law, or identified threat or potential threat to national or international security, such as criminal or terrorist Start Printed Page 28144activities, based on individual records in this system; (4) sharing with the National Archives and Records Administration (NARA) for proper handling of government records; (5) sharing when relevant to litigation associated with the Federal government; (6) sharing to protect the individual who is the subject of the record from the harm of identity theft in the case of a data breach affecting this system; and (7) sharing with U.S. or foreign intelligence personnel in the development or execution of intelligence activities or exercises.

Elsewhere in today's Federal Register, DHS has published a notice of proposed rulemaking (NPRM) to exempt this system of records from one or more provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements pursuant to 5 U.S.C. 552a(j)(2), (k)(1), and (k)(2).

II. Privacy Act

The Privacy Act embodies fair information principles in a statutory framework governing the means by which the United States Government collects, maintains, uses, and disseminates individuals' records. The Privacy Act applies to information that is maintained in a “system of records.” A “system of records” is a group of any records under the control of an agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. In the Privacy Act, an individual is defined to encompass United States citizens and legal permanent residents. MAGNET involves the collection and creation of information that is maintained in a system of records.

The Privacy Act requires each agency to publish in the Federal Register a description denoting the type and character of each system of records that the agency maintains, and the routine uses that are contained in each system in order to make agency recordkeeping practices transparent, to notify individuals regarding the uses to which personally identifiable information is put, and to assist the individual to more easily find such files within the agency. DHS is hereby publishing a description of the system of records referred to as the Maritime Awareness Global Network (MAGNET).

In accordance with 5 U.S.C. 552a(r), a report concerning this record system has been sent to the Office of Management and Budget and to the Congress.

DHS/USCG-061

SYSTEM NAME:

Maritime Awareness Global Network (MAGNET).

SYSTEM LOCATION:

The computer database is located at U.S. Coast Guard Intelligence Coordination Center, Department of Homeland Security, National Maritime Intelligence Center, Washington, DC 20395. A redundant capability for continuity of operation in the event of a primary system failure is located at the Coast Guard Operations System Center, Martinsburg, West Virginia.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

1. Individuals, who are U.S. citizens, lawful permanent residents, and non-citizens, associated with vessels, facilities, companies, organizations, and ports involved in the maritime sector.

2. Individuals identified through observation by and interaction with Coast Guard personnel during Coast Guard operations that include but not limited to boarding of vessels, conducting aircraft over-flights, and through Field Intelligence Support team (FIST) sightings and reports.

3. Individuals identified during Coast Guard enforcement actions as violating, suspected of violating, or witnessing the violations of United States (U.S.) laws, international laws, or treaties.

4. Individuals associated with vessels or other individuals that are known, suspected, or alleged to be involved in contraband trafficking, illegal migrant activity (smuggling, trafficking, and otherwise), or terrorist activity.

CATEGORIES OF RECORDS IN THE SYSTEM:

1. Information related to: Individuals associated with vessels, companies, organizations, and ports involved in the maritime sector and this information may include: Name, nationality, address, telephone number, and taxpayer or other identification number; date of birth, relationship to vessels and facilities; the individuals' relationship to other individuals, companies, government agencies, and organizations in MAGNET; individuals involved with pollution incidents, and violations of laws and international treaties; and casualties.

2. Information on individuals who are associated with vessels involved in contraband trafficking, illegal migrant activity (smuggling, trafficking, and otherwise), or any other unlawful act within the maritime sector, and with other individuals who are known, suspected, or alleged to be involved in contraband trafficking, illegal migrant activity (smuggling, trafficking, and otherwise), terrorist activities, or any other unlawful act within the maritime sector.

3. Information on individuals, companies, vessels, or entities associated with the maritime industry to include: vessel owners, vessel operators, vessel characteristics, crewmen, passengers, facility owners, facility managers, facility employees or any other individuals affiliated with the maritime community. In addition to information on individuals, commodities handled, equipment, location, certificates, approvals, inspection data, pollution incidents, casualties, and violations of all laws and international treaties may also be included.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Federal Records Act of 1950, Title 44 U.S.C. 3101; Title 36, Code of Federal Regulations, chapter XII; The Maritime Transportation Security Act of 2002, Pub L. 107-295 The Homeland Security Act of 2002, Pub L. 107-296; 5 U.S.C. 301; 14 U.S.C. 632; 46 U.S.C. 3717; 46 U.S.C. 12501; 33 U.S.C. 1223.

Purpose(s):

MAGNET will assist DHS and the United States Coast Guard in performing its mission of protecting the United States against potential terrorist threats and respond to natural and man-made disaster by providing Maritime Domain Awareness. MAGNET has been established to enable the United States Coast Guard and various United States Government agencies or military services/commands from the Law Enforcement and Intelligence Communities to share multi-source maritime information that will assist them in the performance of their missions. Most recently these missions have been expanded and are enumerated through National Security Presidential Directive NSPD 41 and Homeland Security Presidential Directive HSPD-13 and other federal instruction.

MAGNET will provide MDA to the field as well as to USCG strategic planners by aggregating data from existing sources internal and external to the Coast Guard or DHS. MAGNET will organize and provide the mechanism to display information such as ship registry, current ship position, crew background, passenger lists, port history, cargo, known criminal vessels, and suspect lists as such information is collected from various sources.Start Printed Page 28145

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

MAGNET Records may be disclosed to the following:

A. To U.S. Department of Defense and related entities including, but not limited to, the Military Sealift Command and the U.S. Navy, to provide safety and security information on vessels chartered or operated by those agencies.

B. To a Federal State, or local agency, or other appropriate entities or individuals, or through established liaison channels to selected foreign governments, in order to provide intelligence, counterintelligence, or other information for the purposes of intelligence, counterintelligence, or antiterrorism activities authorized by U.S. law, Executive Order, or other applicable national security directive.

C. To the National Transportation Safety Board and its related State counterparts for safety investigation and transportation safety.

D. To the International Maritime Organization (IMO) or intergovernmental organizations, nongovernmental organizations, or foreign governments in order to conduct joint investigations, operations, and inspections.

E. To Federal, State, or local agencies with which the Coast Guard has a Memorandum of Understanding (MOU), Memorandum of Agreement (MOA), or Inspection and Certification Agreement (ICA) pertaining to marine safety, maritime security, maritime intelligence, maritime law enforcement, and marine environmental protection activities.

F. To an organization or individual in either the public or private sector, either foreign or domestic, where there is a reason to believe that the recipient is or could become the target of a particular terrorist activity or conspiracy, to the extent the information is relevant to the protection of life or property and disclosure is appropriate to the proper performance of the official duties of the person making the disclosure.

G. To a Congressional office from the record of an individual in response to an inquiry from that Congressional office made at the request of the individual to whom the record pertains.

H. To contractors and their agents, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for DHS, when necessary to accomplish an agency function related to this system of records. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to DHS officers and employees.

I. To appropriate federal, state, local, tribal, or foreign governmental agencies or multilateral governmental organizations responsible for investigating or prosecuting the violations of, or for enforcing or implementing, a statute, rule, regulation, order, license, or treaty where DHS determines that the information would assist in the enforcement of civil or criminal laws.

J. To the Department of Justice or other Federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body, when: (a) DHS or any component thereof, or (b) any employee of DHS in his/her official capacity, or (c) any employee of DHS in his/her individual capacity where DOJ or DHS has agreed to represent the employee, or (d) the United States or any agency thereof, is a party to the litigation or has an interest in such litigation, and DHS determines that the records are both relevant and necessary to the litigation and the use of such records is compatible with the purpose for which DHS collected the records.

K. To a court, magistrate, or administrative tribunal in the course of presenting evidence, including disclosures to opposing counsel or witnesses in the course of civil discovery, litigation, or settlement negotiations or in connection with criminal law proceedings or in response to a subpoena.

L. To the National Archives and Records Administration or other Federal government agencies pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.

M. To appropriate Federal, state, local, tribal, foreign governmental agencies, multilateral governmental organizations, and non-governmental or private organizations for the purpose of protecting the vital interests of a data subject or other persons, including to assist such agencies or organizations in preventing exposure to or transmission of a communicable or quarantinable disease or to combat other significant public health threats; appropriate notice will be provided of any identified health threat or risk.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

Records in this system are stored in electronic form in an automated data processing (ADP) system operated and maintained by the U.S. Coast Guard. Backups are performed daily. Copies of backups are stored at an offsite location. Personal, Sensitive but Unclassified (SBU), Unclassified, and classified data and records reside commingled with each other. Classified and non-classified information from member agencies and other sources may be merged into a classified domain within this data base.

Classified information, downloaded from the host and then extracted from the personal computer (PC) workstations and recorded on paper or electronic media, will be stored at user sites in appropriately classified storage containers or on secured electronic media.

Unclassified information will be stored in accordance with each user sites' handling procedures. Unclassified information derived from MAGNET remains U.S. Coast Guard information and is For Official Use Only. Determinations by any user to further disseminate, in any form, MAGNET derived information to other entities or agencies, foreign or domestic, must include prior authorization from the executive agent.

Retrievability:

Records are retrieved by name (individual, company, government agency or organization), boat registration number, documented vessel name/number, Social Security Number, drivers license number, foreign ID number, passport number, VISA number military ID number, USCG license number, resident alien number, Merchant Mariners License number, or Merchant Mariner documentation number.

Safeguards:

Information in this system is safeguarded in accordance with applicable laws, rules and policies, including the DHS Information Technology Security Program Handbook. All records are protected from unauthorized access through appropriate administrative, physical, and technical safeguards. These safeguards include restricting access to authorized personnel who have a need-to-know, using locks, and password protection identification features. DHS Start Printed Page 28146file areas are locked after normal duty hours and the facilities are protected from the outside by security personnel.

MAGNET falls under the security guidelines of the National Maritime Intelligence Center and has its own approved System Security Plan which provides that:

All classified MAGNET equipment, records and storage devices are located within facilities or stored in containers approved for the storage of all levels of classified information.

All statutory and regulatory requirements pertinent to classified and unclassified information have been identified in the MAGNET System Security Plan and have been implemented, and

Access to records requiring TOP SECRET level is limited strictly to personnel with TOP SECRET or higher level clearances and who have been determined to have the appropriate “need to know.”

Access to records requiring SECRET level is limited strictly to personnel with SECRET or higher level clearances and who have been determined to have the appropriate “need to know”.

Access to records requiring CONFIDENTIAL level is limited strictly to personnel with CONFIDENTIAL or higher level clearances and who have been determined to have the appropriate “need to know”.

Access to any classified records is restricted by login and password protection. The scope of access to any records via login and password is further limited based on the official need of each individual authorized access. The U.S. Coast Guard will take precautions in accordance with OMB Circular A-130, Appendix III.

The U.S. Coast Guard will operate MAGNET in consonance with Federal security regulations, policy, procedures, standards and guidance for implementing the Automated Information Systems Security Program. Specific operating rules to ensure compliance with national policy are reflected in each site's Standard Operating Procedures. These rules include specifications that accesses to records containing information on U.S. persons are as follows:

Only authorized personnel may access such records.

MAGNET transactions that include Privacy Act and Classified data require an active pre-screened account, username and password and have a unique identifier to differentiate them from other MAGNET transactions. This allows for additional oversight and audit capabilities to ensure that the data are being handled consistent with all applicable federal laws and regulations regarding privacy and data integrity.

Retention and disposal:

Dynamic information on vessel position(s) and movement(s) will be stored for not more than ten (10) years but may be reduced in detail to comply with media storage procedures and requirements. Other information such as characteristics, identification status and associate records is updated to remain current and is retained for twenty (20) years. The requirements supporting the collection and storage of data are reviewed regularly. Records will be kept accessible online for three (3) years then archived offline within MAGNET to support ongoing investigations or law enforcement activities.

Audit records, maintained to document access to information relating to specific individuals, are maintained for five (5) years or the life of the MAGNET whichever is longer. Access to audit records will only be granted to authorized personnel.

System manager(s) and address:

Department of Homeland Security United States Coast Guard (MAGNET Executive Agent), Intelligence Directorate, Office of ISR (CG-26), 2100 2nd Street, SW., Washington, DC 20593-0001.

Notification procedure:

Because this system contains classified and sensitive unclassified information related to intelligence, counterterrorism, homeland security, and law enforcement programs, records in this system have been exempted from notification, access, and amendment to the extent permitted by subsections (j)(2) and (k)(1) and (2) of the Privacy Act. Nonetheless, DHS will examine each separate request on a case-by-case basis, and, after conferring with the appropriate component or agency, may waive applicable exemptions in appropriate circumstances and where it would not appear to interfere with or adversely affect the law enforcement or national security purposes of the systems from which the information is recompiled or in which it is contained.

To determine whether this system contains records relating to you, write to the System Manager identified above. Your written request should include your name and mailing address. You may also provide any additional information that will assist in determining if there is a record relating to you if applicable, such as your Merchant Mariner License or document number, the name and identifying number (documentation number, state registration number, Social Security Number, International Maritime Organization (IMO) number, etc.) of any vessel with which you have been associated and the name and address of any facility (including platforms, bridges, deep water ports, marinas, terminals and factories) with which you have been associated. The request must be signed by the individual, or his/her legal representative, and must be notarized to certify the identity of the requesting individual pursuant to 28 U.S.C. 1746 (unsworn declarations under penalty of perjury). Submit a written request identifying the record system and the category and types of records sought to the Executive Agent.

Record access procedures:

Because this system contains classified and sensitive unclassified information related to intelligence, counterterrorism, homeland security, and law enforcement programs, records in this system have been exempted from notification, access, and amendment to the extent permitted by subsections (j)(2) and (k)(1) and (2) of the Privacy Act. Nonetheless, DHS will examine each separate request on a case-by-case basis, and, after conferring with the appropriate component or agency, may waive applicable exemptions in appropriate circumstances and where it would not appear to interfere with or adversely affect the law enforcement or national security purposes of the systems from which the information is recompiled or in which it is contained.

Write the System Manager at the address given above in accordance with the “Notification Procedure”. Provide your full name and a description of the information you seek, including the time frame during which the record(s) may have been generated. Individuals requesting access to their own records must comply with DHS's Privacy Act regulation on verification of identity (6 CFR 5.21(d)). Further information may also be found at http://www.dhs.gov/​foia.

Contesting record procedures:

Because this system contains classified and sensitive unclassified information related to intelligence, counterterrorism, homeland security, and law enforcement programs, records in this system have been exempted from notification, access, and amendment to the extent permitted by subsections (j)(2) and (k)(1) and (2) of the Privacy Act. A request to amend non-exempt records in this system may be made by writing to the System Manager, identified above, in conformance with 6 CFR Part 5, Subpart B, which provides Start Printed Page 28147the rules for requesting access to Privacy Act records maintained by DHS.

Record source categories:

Information contained in MAGNET is gathered from a variety of sources both internal and external to the Coast Guard. Source information may come from sensors, inspections, boardings, investigations, documentation offices, vessel notice of arrival reports, owners, operators, crew members, agents, passengers, witnesses, employees, U.S. Coast Guard personnel, law enforcement notices, commercial sources, as well as other federal, state, local and international agencies who are related to the maritime sector and/or national security sector.

Exemptions claimed for the system:

The records and information in this system are exempt from 5 U.S.C. 552a(c)(3) and (4), (d)(1), (d)(2), (d)(3), (d)(4), (e)(1), (e)(2), (e)(3), (e)(4)(G), (H), and (I), (e)(5), (e)(8), (e)(12), (f), and (g) of the Privacy Act pursuant to 5 U.S.C. 552a(j)(2), (k)(1), and (k)(2). A Notice of Proposed Rulemaking for exempting this record system has been promulgated in accordance with the requirements of 5 U.S.C. 553(b)(1), (2), and (3), (c), and (e) and is being published [in 6 CFR part 5] concurrently with publication of this Notice Establishing a New Systems of Records in the Federal Register.