AGENCY:

Office of the Secretary, Department of Homeland Security.

ACTION:

Notice of proposed rulemaking.

SUMMARY:

The Department of Homeland Security is concurrently establishing a new system of records pursuant to the Privacy Act of 1974 entitled the Technical Reconciliation Analysis Classification System (TRACS). This system of records will serve as an information management tool and be used to perform a range of information management and analytical functions to enhance the integrity of the United States' immigration system by detecting, deterring, and pursuing immigration fraud, and by identifying persons who pose a threat to national security and/or public safety. In this proposed rulemaking, the Department proposes to exempt portions of this system of records from one or more provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements.

DATES:

Comments must be received on or before July 16, 2008.

ADDRESSES:

You may submit comments, identified by docket number DHS-2007-0057, by one of the following methods:

• Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
• Fax: 1-866-466-5370.
• Mail: Hugo Teufel III, Chief Privacy Officer, Department of Homeland Security, 601 S. 12th Street, Arlington, VA 22202-4220.

Instructions: All submissions received must include the agency name and docket number for this notice. All comments received will be posted without change to http://www.regulations.gov,, including any personal information provided.

Docket: For access to the docket to read background documents or comments received, go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT:

TRACS System Manager, US-VISIT Program, U.S. Department of Homeland Security, Washington, DC 20528 (202) 298-5200 or by facsimile (202) 298-5201; Hugo Teufel III, Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528; telephone 703-235-0780.

SUPPLEMENTARY INFORMATION:

Background

In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Department of Homeland Security (DHS), National Protection and Program Directorate (NPPD), United States—Visitor and Immigrant Status Indicator Technology (US-VISIT) program, is establishing a Privacy Act system of records known as Technical Reconciliation Analysis Classification System (TRACS). This system of records is an information management tool used for management and analysis of US-VISIT records. TRACS will help enhance the integrity of the United States immigration system by detecting, deterring, and pursuing immigration fraud, and by identifying persons who pose a threat to national security and/or public safety. TRACS will consist of paper files and electronic databases.

The Secretary of the Department of Homeland Security has delegated to NPPD and US-VISIT the responsibility for enhancing the security of U.S. citizens and visitors; facilitating safe, efficient, and legitimate travel to the U.S.; promoting border security and the integrity of the immigration system; safeguarding the privacy of visitors to the U.S.

NPPD and US-VISIT have also been delegated authority for assisting in the prevention of immigration identity fraud or theft; and serving law enforcement, border officials, and others who make decisions on immigration matters, including decisions on immigration benefits and status, by identifying aliens seeking permission to enter, entering, visiting, residing in, changing status within, or exiting the U.S.

Finally, NPPD and US-VISIT have been delegated the responsibility for providing technical assistance and analytic services to other DHS functions and components and other to Federal agencies, as well as to State, local, tribal, and foreign governments, including multinational and international organizations, to better protect the Nation's physical and virtual borders.

To discharge the above responsibilities, TRACS will be used to: (1) Identify individuals who have remained in the United States beyond their authorized period of admission (overstays); (2) maintain information on why individuals are promoted to or demoted from the Automated Biometric Identification System (IDENT) list of subjects of interest; (3) provide the means for additional research in regards to individuals whose biometrics are collected by DHS, and subsequently matched to the list of subjects of interest during a routine IDENT query. A query of this nature would take place following a background check or security screening relating to the individual's hiring or retention, performance of a job function, or the issuance of a license or credential, allowing them access to secured facilities to perform mission and non-mission related work. Examples of this include credentialing of Federal, non-Federal, and contractor employees who work within the secured areas of our nation's airports; (4) to further analyze information about individuals who may be identified as a subject of interest following a routine query against IDENT while applying for visas or other benefits on behalf of domestic partners, such as the U.S. Department of State or foreign partners, as is the case with the United Kingdom Border Agency's (UKBA) International Group Visa Services program, which supports the DHS mission; and (5) to provide information in response to queries from law enforcement and intelligence agencies charged with national security, law enforcement, immigration, or other DHS mission-related functions.

Specifically, TRACS will be used for the analysis of overstays, for changes to the IDENT subject of interest lists, law enforcement and intelligence research, and to assist in developing and fostering foreign partnerships that enhance the Start Printed Page 33929goals and mission of US-VISIT, such as the work being done in association with the UKBA's International Group Visa Services project.

To identify possible overstays, US-VISIT reviews and analyzes information in the Arrival and Departure Information System (ADIS), a US-VISIT system used for the storage and use of biographic, biometric indicator, and encounter data on aliens who have applied for entry, entered, or departed the United States. ADIS consolidates information from various systems in order to provide a repository of data held by DHS for pre-entry, entry, status management, and exit tracking of immigrants and non-immigrants. Its primary use is to facilitate the investigation of subjects of interest who may have violated their immigration status by remaining in the United States beyond their authorized stay. To assist in the resolution of overstays, information related to them may be copied to TRACS for review and further analysis against other US-VISIT programs and systems to better determine their status.

Regarding changes to the IDENT Subject of Interest List, in order to maintain the integrity of the immigration and customs programs, DHS maintains records within IDENT to identify individuals who may present a terrorist threat to the United States as well as those individuals who may not be allowed to enter the country because of past violations of immigration or customs law. An individual is either promoted to or demoted from the list of subjects of interest within IDENT. As IDENT is not a case management system, it merely records the change, not the justification for the change. TRACS will have the ability to serve as a case management system and not only use the information regarding the changes to the list of subjects of interest that is recorded in IDENT but also to record and store the actual justification for any change. The user will also have the ability to enter data in pre-determined selectable categories or manually by either free text or by cutting and pasting information retrieved from other systems and placing it into a workspace in TRACS so that analysis can be performed.

For assistance in background checks and security clearance processes for employment at DHS or receipt of a DHS license or credential, applicants may have their information searched against ADIS or IDENT records. Clearance, employment eligibility, or other license or credential applications that have a match against ADIS or IDENT may require additional research regarding the applicant. Such information would be maintained and tracked in TRACS.

Regarding analyzing information on behalf of domestic or foreign partners, US-VISIT will assist its partners in analyzing information held by US-VISIT where such analysis supports the DHS mission. For example, for the UKBA visa services project, US-VISIT will receive biometric information from the UK for UK visa applicants and query their biometric information against the IDENT list of subjects of interest. US-VISIT will then provide the results from the query back to the UK for purposes of visa adjudication.

Regarding law enforcement and intelligence research, US-VISIT may also receive requests from law enforcement agencies, such as Immigration and Customs Enforcement (ICE), Customs and Border Protection (CBP), and the Federal Bureau of Investigation (FBI), as well as from other intelligence agencies, to provide further information regarding the immigration status for individuals of interest to those organizations. US-VISIT tracks these requests and the responses in TRACS.

Information in TRACS comes primarily from ADIS and IDENT. TRACS may also contain information from other DHS component programs or systems, or publicly available source systems that are manually queried while researching a particular case. Data researched or identified through publicly available source systems, such as the internet, will be identified and referenced in the individual's record in TRACS. If it becomes routine for a specific public source system(s) to be used on a regular basis, the PIA will be updated to reflect this system(s) as a common source of information and data. For research conducted, based on an external request, information may also be provided from the requesting entity, as described in the system of records notice.

The data contained in TRACS is primarily from the US-VISIT systems Arrival and Departure Information System (ADIS) (72 FR 47057, Arrival and Departure Information System (ADIS), System of Records Notice, August 22, 2007); the Automated Biometric Identification System (IDENT) (72 FR 31080, Automated Biometric Identification System (IDENT), System of Records Notice, June 5, 2007); and a Customs and Border Protection (CBP) system called the Treasury Enforcement Communications System (TECS) (66 FR 53029, Treasury Enforcement Communication System (TECS), System of Records Notice, October 18, 2001). TRACS also receives data from a Department of State (DOS) system called the Consolidated Consular Database (CCD); the Student and Exchange Visitor Information System (SEVIS) (70 FR 14477, Student and Exchange Visitor Information System (SEVIS), System of Records Notice, March 22, 2005); the Central Index System (CIS) (72 FR 1755, Central Index System (CIS), System of Records Notice, January 16, 2007); the Computer-linked Application Information Management System (CLAIMS 3 and 4) (64 FR 18052, Computer Linked Application Information Management System (CLAIMS 3 and 4), System of Records Notice, April 13, 1999); the Refugees, Asylum & Parole System (RAPS); the Deportable Alien Control System (DACS) (67 FR 64136, Deportable Alien Control System (DACS), System of Records Notice, October 17, 2002); and the Enforcement Case Tracking System (ENFORCE). TRACS also contains data from web searches for addresses and phone numbers.

The Privacy Act allows Government agencies to exempt certain records from the access and amendment provisions. If an agency claims an exemption, however, it must issue a Notice of Proposed Rulemaking to make clear to the public the reasons why a particular exemption is claimed an issue a Final Rule.

In this notice of proposed rulemaking, DHS is now proposing to exempt TRACS, in part, from certain provisions of the Privacy Act. Some information in TRACS relates to official DHS national security, law enforcement, immigration, intelligence, and preparedness and critical infrastructure protection activities. These exemptions are needed to protect information relating to DHS activities from disclosure to subjects or others related to these activities. Specifically, the exemptions are required to preclude subjects of these activities from frustrating these processes; to avoid disclosure of activity techniques; to protect the identities and physical safety of confidential informants and of immigration and border management and law enforcement personnel; to ensure DHS's ability to obtain information from third parties and other sources; to protect the privacy of third parties; and to safeguard classified information. Disclosure of information to the subject of the inquiry could also permit the subject to avoid detection or apprehension.

An individual who is the subject of a record in this system may access or correction of those records that are not exempt from disclosure. A determination whether a record may be accessed will be made at the time a request is received. DHS will review Start Printed Page 33930and comply appropriately with information requests on a case by case basis. An individual desiring copies of records maintained in this system should direct his or her request to the FOIA Officer (HTTP://WWW.DHS.GOV/​FOIA,, under “contacts”. See also the system of records notice also in today's Federal Register). Requests for correction of records in this system may be made through the Traveler Redress Inquiry Program (TRIP) at http://www.dhs.gov/​trip or via mail, facsimile or e-mail in accordance with instructions available at http://www.dhs.gov/​trip.

The exemptions proposed here are standard law enforcement and national security exemptions exercised by a large number of Federal law enforcement and intelligence agencies. In appropriate circumstances, where compliance would not appear to interfere with or adversely affect the law enforcement purposes of this system and the overall law enforcement process, the applicable exemptions may be waived.

Regulatory Requirements

A. Regulatory Impact Analyses

Changes to Federal regulations must undergo several analyses. In conducting these analyses, DHS has determined:

1. Executive Order 12866 Assessment

This rule is not a significant regulatory action under Executive Order 12866, “Regulatory Planning and Review” (as amended). Accordingly, this rule has not been reviewed by the Office of Management and Budget (OMB). Nevertheless, DHS has reviewed this rulemaking, and concluded that there will not be any significant economic impact.

2. Regulatory Flexibility Act Assessment

Pursuant to section 605 of the Regulatory Flexibility Act (RFA), 5 U.S.C. 605(b), as amended by the Small Business Regulatory Enforcement and Fairness Act of 1996 (SBREFA), DHS certifies that this rule will not have a significant impact on a substantial number of small entities. The rule would impose no duties or obligations on small entities. Further, the exemptions to the Privacy Act apply to individuals, and individuals are not covered entities under the RFA.

3. International Trade Impact Assessment

This rulemaking will not constitute a barrier to international trade. The exemptions relate to criminal investigations and agency documentation and, therefore, do not create any new costs or barriers to trade.

4. Unfunded Mandates Assessment

Title II of the Unfunded Mandates Reform Act of 1995 (UMRA), (Pub. L. 104-4, 109 Stat. 48), requires Federal agencies to assess the effects of certain regulatory actions on State, local, and tribal governments, and the private sector. This rulemaking will not impose an unfunded mandate on State, local, or tribal governments, or on the private sector.

B. Paperwork Reduction Act

The Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3501 et seq.) requires that DHS consider the impact of paperwork and other information collection burdens imposed on the public and, under the provisions of PRA section 3507(d), obtain approval from the Office of Management and Budget (OMB) for each collection of information it conducts, sponsors, or requires through regulations. DHS has determined that there are no current or new information collection requirements associated with this rule.

C. Executive Order 13132, Federalism

This action will not have a substantial direct effect on the States, on the relationship between the national Government and the States, or on the distribution of power and responsibilities among the various levels of government, and therefore will not have federalism implications.

D. Environmental Analysis

DHS has reviewed this action for purposes of the National Environmental Policy Act of 1969 (NEPA) (42 U.S.C. 4321-4347) and has determined that this action will not have a significant effect on the human environment.

E. Energy Impact

The energy impact of this action has been assessed in accordance with the Energy Policy and Conservation Act (EPCA) Public Law 94-163, as amended (42 U.S.C. 6362). This rulemaking is not a major regulatory action under the provisions of the EPCA.

List of Subjects in 6 CFR Part 5

• Privacy; Freedom of information

For the reasons stated in the preamble, DHS proposes to amend Chapter I of Title 6, Code of Federal Regulations, as follows:

PART 5—DISCLOSURE OF RECORDS AND INFORMATION

1. The authority citation for part 5 continues to read as follows:

Authority: Pub. L. 107-296, 116 Stat. 2135, 6 U.S.C. 101 et seq.; 5 U.S.C. 301. Subpart A also issued under 5 U.S.C. 552. Subpart B also issued under 5 U.S.C. 552a.

2. At the end of appendix C to part 5, Exemption of Record Systems Under the Privacy Act, add the following new section 6 to read as follows:

Appendix C to Part 5—DHS Systems of Records Exempt From the Privacy Act

6. The Department of Homeland Security Technical Reconciliation Analysis Classification System (TRACS) consists of a stand alone database and paper files that will be used by DHS and its components. This system of records will be used to perform a range of information management and analytic functions involving collecting, verifying, and resolution tracking of data primarily on individuals who are not United States citizens or legal permanent residents (LPRs). However, it will contain data on: (1) U.S. citizens or LPRs who have a connection to the DHS mission (e.g., individuals who have submitted a visa application to the UK, or have made requests for a license or credential as part of a background check or security screening in connection with their hiring or retention, performance of a job function or the issuance a license or credential for employment at DHS); (2) U.S. citizens and LPRs who have an incidental connection to the DHS mission (e.g., individuals living at the same address as individuals who have remained in this country beyond their authorized stays); and (3) individuals who have, over time, changed their status and became U.S. citizens or LPRs. TRACS is managed and maintained by the United States Visitor and Immigrant Status Indicator Technology (US-VISIT) Program. The data contained in TRACS is primarily derived from the Arrival and Departure Information System (ADIS) (72 FR 47057, Arrival and Departure Information System (ADIS), System of Records Notice, August 22, 2007); the Automated Biometric Identification System (IDENT) (72 FR 31080, Automated Biometric Identification System (IDENT), System of Records Notice, June 5, 2007); and a Customs and Border Protection (CBP) system called the Treasury Enforcement Communications System (TECS) (66 FR 53029, Treasury Enforcement Communication System (TECS), System of Records Notice, October 18, 2001). TRACS also receives data from a Department of State (DOS) system called the Consolidated Consular Database (CCD); the Student and Exchange Visitor Information System (SEVIS) (70 FR 14477, Student and Exchange Visitor Information System (SEVIS), System of Records Notice, March 22, 2005); the Central Index System (CIS) (72 FR 1755, Central Index System (CIS), System of Records Notice, January 16, 2007); the Computer-linked Application Information Management System (CLAIMS 3 and 4) (64 FR 18052, Computer Linked Application Information Management System (CLAIMS 3 and 4), System of Records Notice, April 13, 1999); the Refugees, Asylum & Parole System (RAPS); the Deportable Alien Control System (DACS) (67 FR 64136, Deportable Alien Control System (DACS), System of Records Start Printed Page 33931Notice, October 17, 2002); and the Enforcement Case Tracking System (ENFORCE). TRACS also contains data from web searches for addresses and phone numbers. This data is collected by, on behalf of, in support of, or in cooperation with DHS and its components. The Secretary of Homeland Security has exempted this system from 5 U.S.C. 552a(c)(3) and (4); (d); (e)(1), (e)(2), (e)(3), (e)(4)(G), (e)(4)(H), (e)(4)(I), (e)(5) and (e)(8); (f); and (g) pursuant to 5 U.S.C. 552a(j)(2). In addition, the Secretary of Homeland Security has exempted this system from 5 U.S.C. 552a(c)(3); (d); (e)(1), (e)(4)(G), (e)(4)(H), (e)(4)(I), and (f) pursuant to 5 U.S.C. 552a(k)(1), (k)(2), and (k)(5). These exemptions apply only to the extent that records in the system are subject to exemption pursuant to 5 U.S.C. 552a (j)(2), (k)(1), (k)(2), and (k)(5). Exemptions from these particular subsections are justified, on a case-by-case basis to be determined at the time a request is made, for the following reasons:

(a) From subsection (c)(3) and (4) (Accounting for Disclosures) because release of the accounting of disclosures could alert the subject of an investigation of an actual or potential criminal, civil, or regulatory violation to the existence of the investigation; and reveal investigative interest on the part of DHS as well as the recipient agency. Disclosure of the accounting would therefore present a serious impediment to law enforcement efforts and/or efforts to preserve national security. Disclosure of the accounting would also permit the individual who is the subject of a record to impede the investigation, to tamper with witnesses or evidence, and to avoid detection or apprehension, which would undermine the entire investigative process.

(b) From subsection (d) (Access to Records) because access to the records contained in this system of records could inform the subject of an investigation of an actual or potential criminal, civil, or regulatory violation, to the existence of the investigation, and reveal investigative interest on the part of DHS or another agency. Access to the records could permit the individual who is the subject of a record to impede the investigation, to tamper with witnesses or evidence, and to avoid detection or apprehension. Amendment of the records could interfere with ongoing investigations and law enforcement activities and would impose an impossible administrative burden by requiring investigations to be continuously reinvestigated. In addition, permitting access and amendment to such information could disclose security-sensitive information that could be detrimental to homeland security.

(c) From subsection (e)(1) (Relevancy and Necessity of Information) because in the course of investigations into potential violations of Federal law, the accuracy of information obtained or introduced occasionally may be unclear or the information may not be strictly relevant or necessary to a specific investigation. In the interests of effective law enforcement, it is appropriate to retain all information that may aid in establishing patterns of unlawful activity.

(d) From subsection (e)(2) (Collection of Information from Individuals) because requiring that information be collected from the subject of an investigation would alert the subject to the nature or existence of an investigation, thereby interfering with the related investigation and law enforcement activities.

(e) From subsection (e)(3) (Notice to Subjects) because providing such detailed information would impede law enforcement in that it could compromise the existence of a confidential investigation or reveal the identity of witnesses or confidential informants.

(f) From subsections (e)(4)(G) and (e)(4)(H) (Agency Requirements) because portions of this system are exempt from the individual access provisions of subsection (d) which exempts providing access because it could alert a subject to the nature or existence of an investigation, and thus there could be no procedures for that particular data. Procedures do exist for access for those portions of the system that are not exempted.

(g) From subsection (e)(4)(I) (Agency Requirements) because providing such source information would impede law enforcement or intelligence by compromising the nature or existence of a confidential investigation.

(h) From subsection (e)(5) (Collection of Information) because in the collection of information for law enforcement purposes it is impossible to determine in advance what information is accurate, relevant, timely, and complete. Compliance with (e)(5) would preclude DHS agents from using their investigative training and exercise of good judgment to both conduct and report on investigations.

(i) From subsection (e)(8) (Notice on Individuals) because compliance would interfere with DHS' ability to obtain, serve, and issue subpoenas, warrants, and other law enforcement mechanisms that may be filed under seal, and could result in disclosure of investigative techniques, procedures, and evidence.

(j) From subsection (f) (Agency Rules) because portions of this system are exempt from the access and amendment provisions of subsection (d).

(k) From subsection (g) to the extent that the system is exempt from other specific subsections of the Privacy Act.