Comment Submitted by David Nachtshein

Comment response to DHS-2007-0050, notice of proposed rulemaking relating to the DHS Arrival and Departure Information System (ADIS). The most egregious error in this notice is the attempt by DHS to create an exemption to evade the jurisdiction of United States courts in order to prevent judicial review of complaints under section (g) of the Privacy Act by subjects of ADIS records that allege that DHS has violated the Privacy Act, and further, the attempt by DHS to evade sanctions that may be imposed under section (g) of the Privacy Act by a US court for such violations. Such an exemption can only be authorized by legislation enacted by Congress, and cannot be invoked in administrative regulations. The notice also misconstrues some provisions of the Privacy Act, especially sections (e)(5) and (e)(8). By itself, this calls into question the knowledge and capabilities of the DHS Privacy Office managers and staff and the other DHS personnel who participated in preparing or reviewing this notice. The notice is deficient, unnecessary, and based on specious reasoning. The reasons provided for claiming exemptions from the Privacy Act are invariably hypothetical, unrealistic and logically invalid. The publication of this notice has put the public on notice that DHS is apparently violating the accounting disclosure requirements of the Privacy Act, and is attempting to excuse itself rather that invest minimal resources to create necessary accounting disclosure capabilities in ADIS. Such capabilities should have been built into ADIS or a separate accounting disclosure system that would track all disclosures from all DHS systems. This raises the question whether DHS is able to account for disclosures from any DHS systems. The background section of the notice claims that it will add a routine use to allow sharing of information with the intelligence community for various purposes. However, the notice does not include any language adding this new routine use statement. In any case, there is no need to add a routine use statement for this purpose, since section (b)(7) of the Privacy Act already permits this routine use: ?(7) to another agency or to an instrumentality of any governmental jurisdiction within or under the control of the United States for a civil or criminal law enforcement activity if the activity is authorized by law, and if the head of the agency or instrumentality has made a written request to the agency which maintains the record specifying the particular portion desired and the law enforcement activity for which the record is sought;? The ADIS system notice published in 68 FR 69412 also includes a routine use statement that could be interpreted to provide ADIS information to intelligence community agencies. Intelligence community agencies are charged with implementing civil laws, rules, regulations and orders and therefore fall within the ambit of the ADIS system notice routine use statement: ? A. To appropriate government agencies or organizations (regardless of whether they are Federal, State, local, foreign, or tribal), lawfully engaged in collecting law enforcement intelligence information (whether civil or criminal) and/or charged with investigating, prosecuting, enforcing or implementing civil and/or criminal laws, related rules, regulations or orders, to enable these entities to carry out their law enforcement responsibilities.? The background section of the notice claims that it will add a routine use relating to identity theft. However, the notice does not include any language adding this new routine use statement. The background section of the notice claims that it will clarify the sources of data in ADIS, potentially including foreign governments. However, the notice does not include any language defining or clarifying how the information in ADIS is obtained from a foreign government. The background section of the notice claims that it will reduce the retention period for ADIS data. However, the notice does not include any language relating to the retention period for ADIS data. The background section of the notice mischaracterizes the nature and source of the information in the ADIS system. It states that the information relates to DHS national security, law enforcement, immigration, and intelligence activities. In fact, ADIS information only relates to DHS immigration control activities. The ADIS system notice published in 68 FR 69412 correctly describes information in the system: ?Categories of Records in the System: The ADIS database is a centralized application designed to create, update and report immigrants' and nonimmigrants' arrivals and departures to and from the United States. The system also contains biographic, biometric indicator and address information.? ADIS does not contain classified national security information, and is not certified and accredited to store such information. Release of ADIS information to the subject of an ADIS record pursuant to a Privacy Act request would merely provide information to the person that the person already knows. Admission information in ADIS is derived from the US-VISIT system admission record that is created when Department of Homeland Security Customs and Border Protection (CBP) admits a person to the United States at a port of entry in routine immigration control operations. The subject of an ADIS admission record is aware of the information in an admission record, since the record relates to an activity in which the person was the principal participant. Departure information in the system is created when CBP obtains a record from a departing person. A departure record may be received from an airline or other carrier that a person was transported out of the US, of from Canadian immigration authorities who received an arrival-departure form I-94 when a person departs the US into Canada. An ADIS departure record may be created when a CBP officer witnesses the departure, or when CBP or other DHS agency receives a record that a person is present in a foreign country after departing the US. A departure record may also be received from DHS Citizenship and Immigration Services (USCIS) relating to a person?s adjustment of status to permanent resident. The subject of an ADIS departure record is aware of the information in a departure record, since the record relates to an activity in which the person was the principal participant. The background section of the notice incorrectly states that ADIS information relates to DHS investigatory and enforcement activities. In fact, no information in the system is obtained from investigative or enforcement activities except removal activities and investigations to verify departure. 68 FR 69412, delineates an ADIS record to comprise: ?In addition to arrival and departure information, each record also provides complete name, date of birth, nationality, gender, passport number and country of issuance, country of residence, U.S. visa number including date and place of issuance if applicable, alien registration number if applicable, immigration status, complete address while in the United States, and Fingerprint Identification Number System (FINS) number. ? All of this information, except for information relating to the person?s date, place and manner of departure, is collected and recorded in ADIS at the time a person is admitted to the US. Only ADIS departure information is likely to be updated or created as the result of a DHS investigation, and other information in an ADIS record is not added or changed by investigative activities. Even in the small number of cases when the departure information in the system is derived from investigative activities, it is not possible to determine in an ADIS record that the departure information was derived from such an activity. When an ADIS departure record is derived from a DHS removal activity, the subject of the ADIS departure record is aware of the information in the departure record, since the record relates to an activity in which the person was the principal participant. The background section of the notice repeatedly mischaracterizes the potential consequences of the release of ADIS information to the subject of an ADIS record. ADIS information only relates to a person?s arrival in and departure from the US. Release of ADIS information to the subject of the record would not reveal the existence of a DHS investigatory, intelligence, or enforcement activity. Release of ADIS information to the subject of the record would have no effect on an ongoing investigation, intelligence or other enforcement activity relating to the person. Release of ADIS information to the subject of an ADIS record would not disclose the identity of a DHS confidential informant or jeopardize their safety. As delineated in 68 FR 69412, an ADIS record does not include this information. Release of ADIS information to the subject of an ADIS record would not reveal that DHS had used a confidential informant in an investigation relating to the person. Release of ADIS information to the subject of an ADIS record would not reveal that information in the system was obtained from a confidential informant. Release of ADIS information to the subject of an ADIS record would not reveal the identity or jeopardize the safety of a DHS employee. As delineated in 68 FR 69412, an ADIS record does not include this information. Release of ADIS information to the subject of an ADIS record would have no effect on the ability of DHS to obtain information from third parties or other sources. As delineated in 68 FR 69412, an ADIS record does not include this information. Release of ADIS information to the subject of an ADIS record would have no effect on the ability of DHS to conduct undercover investigations or use other investigative techniques. As delineated in 68 FR 69412, an ADIS record does not include this information. Release of ADIS information to the subject of an ADIS record would have no effect on the ability of DHS to protect the privacy of third parties. As delineated in 68 FR 69412, an ADIS record does not include this information. Release of ADIS information to the subject of an ADIS record would have no effect on the ability of DHS to safeguard classified information. As delineated in 68 FR 69412, an ADIS record does not include this information. Release of ADIS information to the subject of an ADIS record would not provide any information that would assist the person to avoid detection or apprehension. In fact, the return address information included in a Privacy Act request would provide information that would assist DHS to apprehend the person, if that was an aim of DHS. For the reasons stated above, the release of ADIS information would not, even in rare circumstances, interfere with or adversely affect the law enforcement purposes of the system. For this reason, a subject of an ADIS record could request and reasonably expect that the claimed exemptions in this notice would be waived. Section 5 of the proposed list of exemptions claims that ADIS information is collected by state, local, tribal, foreign or international government agencies. In fact, state, local, tribal, or international government agencies do not collect information relating to the arrival or departure of persons from the US and are not able to provide such information. While such agencies do collect personally identifiable information about people, these agencies are not the sources for personally identifiable information in ADIS. However, foreign immigration and customs authorities do collect information relating to the arrival of persons in their country who departed from the US. In fact, Canada immigration and customs officials retain form I-94 arrival departure records of some nonimmigrants when they enter Canada and return the forms to the closest CBP port of entry. CBP creates ADIS departure records based on the receipt of these forms. CBP or other DHS agencies may create or validate an ADIS departure record based on receipt of an admission record from a foreign government. Section 5(a) of the proposed list of exemptions claims a generalized exemption is required because accounting of disclosures of ADIS information would disclose an investigation or reveal investigative interest of DHS or another agency, and enable the person to impede the investigation, tamper with witnesses or evidence, and avoid detection or apprehension. While revealing the disclosure of an ADIS record to another agency could notify the subject of the ADIS record of the investigation, the ADIS record does not contain information about the predication of the investigation or witnesses or evidence in the custody of the other agency. The generalized exemption is unnecessary, since a specific exemption would be authorized in such rare cases. Section 5(b) of the proposed list of exemptions claims a generalized exemption is required because access to ADIS information would disclose an investigation or reveal investigative interest of DHS or another agency, and enable the person to impede the investigation, tamper with witnesses or evidence, and avoid detection or apprehension. ADIS does not contain information relating to DHS investigations. Therefore, this exemption cannot be logically justified or invoked. Section 5(b) of the proposed list of exemptions claims a generalized exemption is required because amendment of ADIS information at the request of the subject of the record would interfere with an investigation or require investigations to be continually reinvestigated. Since an ADIS record would only be amended when the subject of the record could prove a material error in the record, the amendment of the record would assist DHS investigations by providing more accurate relevant information. Therefore, this exemption cannot be logically justified or invoked. Section 5(c) of the proposed list of exemptions claims a generalized exemption is required because the accuracy of ADIS information derived from investigations may be unclear or inaccurate. However, the release of potentially inaccurate information to the subject of an ADIS record provides an opportunity for the person to amend and correct unclear or inaccurate information, and would not reveal that the information was obtained by an investigation. Therefore, this exemption cannot be logically justified or invoked. Section 5(d) of the proposed list of exemptions claims a generalized exemption is required because the collection of ADIS information would involve collection of information from the subject of an investigation. The ADIS system does not contain information about or from DHS investigations. Instead, ADIS information is obtained from a person when the person applies for admission to or departs from the US. The DHS admission and departure reporting activities are not investigative activities and do not provide information to a person relating to the existence of an investigation. The person participates in the admission and departure activities so that it is not feasible to conceal the existence of the admission or departure activity from the person. Therefore, this exemption cannot be logically justified or invoked. Section 5(e) of the proposed list of exemptions claims a generalized exemption from the requirement to provide notice to a person about the reason that information is collected and retained in ADIS. Each person seeking admission to the US fills in an arrival-departure form that states on its face that the information must be provided, or provides information in response to questions of a CBP official at a port of entry. Therefore, the person knows that information is required to be provided, whether or not they see or read a Privacy Act notice of the reason for collecting the information. For this reason, this exemption cannot be logically justified or invoked. Section 5(g) of the proposed list of exemptions claims a generalized exemption because collection of ADIS information would preclude DHS agents from using their investigative training and good judgment to conduct and report on investigations. This misconstrues section (e)(5) of the Privacy Act, which requires agencies to maintain accurate information that is used in its decision about a person to assure fairness to the person. ADIS records are generally obtained during DHS admission and departure reporting activities and the fairness of the admission and departure activities can be immediately assessed by the person involved. The accuracy of ADIS records does not rely on investigative techniques or reporting. In addition, the exemption claim asserts that it is not possible to determine in advance that ADIS information is accurate, relevant, timely and complete. However, ADIS records are created at the time of a DHS admission or departure reporting activity so it is both timely and relevant, and it is possible at that time to determine whether the information is sufficiently accurate and complete. For these reasons, this exemption cannot be logically justified or invoked. Section 5(h) of the proposed list of exemptions claims a generalized exemption is required because the act of providing notice to the subject of an ADIS record under section (e)(8) of the Privacy Act would interfere with DHS use of warrants and subpoenas. This misconstrues section (e)(8), which requires DHS to provide notice to the subject of a record, in ADIS or any other DHS system, when legal process is served on DHS that compels DHS to reveal a record relating to the record subject to a third party. This is not comparable to or relevant to investigations in which DHS seeks to serve a subpoena or warrant on a third party for information about a subject of an ADIS record. Therefore, this exemption cannot be logically justified or invoked. Section 5(i) of the proposed list of exemptions claims a generalized exemption from the civil remedies of section (g) of the Privacy Act. DHS does not have statutory authority to exempt itself from civil review of complaints relating to its implementation of the Privacy Act, or to waive civil remedies that may be imposed by a court of competent jurisdiction relating to a complaint pursuant to the Privacy Act. Therefore, this exemption cannot be legally or logically justified or invoked.