[Federal Register: May 15, 2008 (Volume 73, Number 95)]
[Notices]
[Page 28128-28135]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr15my08-66]
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
Office of the Secretary
[Docket No. DHS-2007-0017]
Privacy Act; Office of Intelligence and Analysis Enterprise
Records System
AGENCY: Privacy Office, DHS.
ACTION: Notice of Privacy Act system of records notice.
-----------------------------------------------------------------------
SUMMARY: In accordance with the Privacy Act of 1974, the Department of
Homeland Security gives notice that it proposes to add a new system of
records to its inventory of record systems, namely the Office of
Intelligence & Analysis Enterprise Records System (ERS). Some of the
records that were previously maintained in the Homeland Security
Operations Center Database (DHS/IAIP-001), the system of records notice
for which was last published in full text on April 18, 2005 (70 FR
20156), will now be part of the ERS. This notice does not rescind,
revoke, or supersede the HSOC system of records notice insofar as other
components of DHS maintain records within that system of records, under
their respective authorities.
DATES: The new system of records will be effective June 16, 2008.
ADDRESSES: You may submit comments, identified by docket number, by one
of the following methods:
Federal eRulemaking Portal: http://www.regulations.gov.
Follow the instructions for submitting comments via docket number DHS-
2007-0017.
Fax: 1-866-466-5370.
Mail: Comments by mail may also be submitted to Hugo
Teufel III, Chief Privacy Officer, Department of Homeland Security,
Washington, DC 20528.
Instructions: All submissions received must include the
agency name and docket number for this rulemaking. All comments
received will be posted without change to http://www.regulations.gov,
including any personal information provided.
Docket: For access to the docket to read background
documents or comments received go to http://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: For general questions, please contact
the Information Sharing and Knowledge Management Division, Office of
Intelligence and Analysis, Department of Homeland Security, Washington,
DC 20528. For privacy issues, please contact: Hugo Teufel III, Chief
Privacy Officer, Department of Homeland Security, Washington, DC 20528.
SUPPLEMENTARY INFORMATION:
I. Background
The mission of DHS under the Homeland Security Act of 2002 is to
prevent terrorist attacks; reduce the vulnerability of the United
States to terrorism; minimize the damage and assist in the recovery
from terrorist attacks that may occur within the United States; carry
out the functions of the legacy agencies and entities transferred to
the Department, including by acting as a focal point regarding natural
and manmade crises and emergency planning; ensure that the functions of
the agencies and subdivisions within DHS not directly related to
securing the homeland are not diminished or neglected; ensure that the
civil rights and civil liberties of persons within, and the overall
economic security of, the United States are not diminished by efforts,
activities, and programs aimed at securing the homeland; and monitor
the connections between illegal drug trafficking and terrorism,
coordinate efforts to sever such connections, and contribute to the
effort to interdict illegal drug trafficking.
Recognizing the need for intelligence support in all of the
critical mission areas identified in the President's National Strategy
for Homeland Security and in direct support both of the DHS mission and
all elements of the Department responsible for executing the
Secretary's authorities in fulfilling it, the Under Secretary for
Intelligence & Analysis, as head of the DHS Office of Intelligence and
Analysis (I&A), is responsible for carrying out the responsibilities of
the Secretary relating to intelligence and information analysis across
the Department and, as Chief Intelligence Officer of the Department,
oversees the functional integration of the Department's intelligence
activities, including those occurring outside of I&A. Through
successive and specific delegations issued in 2006, the Under Secretary
for I&A was assigned the authority and responsibility: (1) To perform
the functions specified in Title II of the Homeland Security Act that
relate to the Office of Information Analysis (since renamed I&A); (2)
to exercise oversight and responsibility for the functions and duties
necessary to lead and manage the integration of Departmental
intelligence activities; and (3) to exercise the authority under
section 202 of the Homeland Security Act to ensure the timely and
efficient access to all information necessary to discharge the
responsibilities under section 201 of the Homeland Security Act. Taken
together, the Under Secretary for I&A exercises, through I&A, lead or,
in some cases, shared leadership responsibility under the Homeland
Security Act for the following:
A. To access, receive, and analyze law enforcement, intelligence,
and other information from federal, state, and local government
agencies (including law enforcement agencies), and private sector
entities, and to integrate such information, in support of the mission
responsibilities of the Department and the functions of the National
Counterterrorism Center established under section 119 of the National
Security Act of 1947 (50 U.S.C. 404o), in order to: (A) Identify and
assess the nature and scope of terrorist threats to the homeland; (B)
detect and identify threats of terrorism against the United States; and
(C) understand such threats in light of actual and potential
vulnerabilities;
B. To request additional information from other agencies of the
federal government, state and local government agencies, and the
private sector relating to threats of terrorism in the United States,
or relating to other areas of responsibility assigned by the Secretary;
C. To establish Department-wide procedures for the review and
analysis of information provided by State, local, and tribal
governments and the private sector, integrate such information into the
information gathered by the Department and other departments and
agencies of the Federal Government, as appropriate, and make available
such information, as appropriate, within the Department and to other
departments and agencies of the Federal Government;
D. To ensure the timely and efficient access by the Secretary of
Homeland Security and the Department to all information from other
agencies of the federal government, including reports, assessments,
analyses, and unevaluated intelligence related to threats of
[[Page 28129]]
terrorism against the United States and other areas under the
responsibility of the Secretary, and to all information concerning
infrastructure or other vulnerabilities of the United States to
terrorism, necessary for assessing, analyzing, and integrating
information for terrorism, homeland security, and related law
enforcement and intelligence purposes under the Homeland Security Act;
E. To disseminate information analyzed by the Department within the
Department, to other federal, state, and local government agencies, and
to private sector entities with responsibilities relating to homeland
security in order to assist in the deterrence, prevention, preemption
of, or response to (including mitigation of) terrorist attacks against
the United States;
F. To provide intelligence and information analysis and support to
other elements of the Department;
G. To coordinate and enhance integration among the intelligence
components of the Department, including through strategic oversight of
the intelligence activities of such components;
H. To establish the intelligence collection, processing, analysis,
and dissemination priorities, policies, processes, standards,
guidelines, and procedures for the intelligence components of the
Department, consistent with any directions from the President and, as
applicable, the Director of National Intelligence;
I. To establish a structure and process to support the missions and
goals of the intelligence components of the Department;
J. To integrate the information and standardize the format of the
products of the intelligence components of the Department containing
homeland security information, terrorism information, weapons of mass
destruction information, or national intelligence (as defined in
section 3(5) of the National Security Act of 1947 (50 U.S.C. 401a(5)));
K. To ensure that, whenever possible, the Department produces and
disseminates unclassified reports and analytic products based on open-
source information, and produces and disseminates such reports and
analytic products contemporaneously with reports or analytic products
concerning the same or similar information that the Department produced
and disseminated in a classified format;
L. To ensure that intelligence information is shared, retained, and
disseminated consistent with the authority of the Director of National
Intelligence to protect intelligence sources and methods, and similar
authorities of the Attorney General concerning sensitive law
enforcement information;
M. To consult with the Director of National Intelligence and other
appropriate intelligence, law enforcement, or other elements of the
federal government to establish collection priorities and strategies
for information, including law enforcement-related information, related
to threats of terrorism against the United States through such means as
the representation of the Department in discussions regarding
requirements and priorities in the collection of such information;
N. To coordinate with elements of the intelligence community and
with federal, state, and local law enforcement agencies and the private
sector, as appropriate;
O. To assist in carrying out comprehensive assessments of the
vulnerabilities of the key resources and critical infrastructure of the
United States, including the performance of risk assessments to
determine the risks posed by particular types of terrorist attacks
within the United States (including an assessment of the probability of
success of such attacks and the feasibility and potential efficacy of
various countermeasures to such attacks);
P. To integrate relevant information, analyses, and vulnerability
assessments in order to identify priorities for protective and support
measures by the Department, other federal, state, and local government
agencies and authorities, the private sector, and other entities;
Q. In coordination with other agencies of the federal government,
to provide specific warning information and advice about appropriate
protective measures and counter-measures, to state and local government
agencies and authorities, the private sector, other entities, and the
public;
R. To consult with state and local governments and private sector
entities to ensure appropriate exchanges of information, including law
enforcement-related information, related to threats of terrorism
against the United States (e.g., through information sharing networks
set up under state and local fusion centers, the National
Infrastructure Protection Program framework, or through the release of
information to the general public through the Homeland Security Alert
System);
S. To review, analyze, and make recommendations for improvements to
the policies and procedures governing the sharing of information within
the scope of the information sharing environment established under
section 1016 of the Intelligence Reform and Terrorism Prevention Act of
2004 (6 U.S.C. 485), including homeland security information, terrorism
information, and weapons of mass destruction information, and any
policies, guidelines, procedures, instructions, or standards
established under that section;
T. To ensure that any material received through authorized DHS
intelligence activities is protected from unauthorized disclosure and
handled and used only for the performance of official duties;
U. To establish and utilize a secure communications and information
technology infrastructure, including data-mining and other advanced
analytic tools, to access, receive, and analyze data and information
and to disseminate information acquired and analyzed by the Department,
as appropriate;
V. To establish, consistent with the policies and procedures
developed under section 1016 of the Intelligence Reform and Terrorism
Prevention Act of 2004 (6 U.S.C. 485), and consistent with the
enterprise architecture of the Department, a comprehensive information
technology network architecture for the Office of Intelligence and
Analysis that connects the various databases and related information
technology assets of the Office of Intelligence and Analysis and the
intelligence components of the Department in order to promote internal
information sharing among the intelligence and other personnel of the
Department;
W. To ensure that any information databases and analytical tools
developed or utilized by the Department (A) are compatible with one
another and with relevant information databases of other agencies of
the federal government, and (B) treat information in such databases in
a manner that complies with applicable federal law on privacy;
X. To oversee the Department's Information Sharing and Knowledge
Management Officer, and those designated for each of the intelligence
components of the Department, regarding coordinating the different
systems used in the Department to gather and disseminate homeland
security information or national intelligence (as defined in section
3(5) of the National Security Act of 1947 (50 U.S.C. 401a(5)));
[[Page 28130]]
Y. To coordinate training and other support to the elements and
personnel of the Department, other agencies of the federal government,
and state and local governments that provide information to the
Department or are consumers of information provided by the Department,
in order to facilitate the identification and sharing of information
revealed in their ordinary duties and the optimal utilization of
information received from the Department;
Z. To provide to employees of the Department opportunities for
training and education to develop an understanding of the definitions
of homeland security information and national intelligence (as defined
in section 3(5) of the National Security Act of 1947 (50 U.S.C.
401a(5))), and how information available to such employees as part of
their duties might qualify as homeland security information or national
intelligence, and be relevant to the Office of Intelligence and
Analysis and the intelligence components of the Department;
AA. To evaluate, on an ongoing basis, how employees of the Office
of Intelligence and Analysis and the intelligence components of the
Department are utilizing homeland security information or national
intelligence, sharing information within the Department, and
participating in the information sharing environment established under
section 1016 of the Intelligence Reform and Terrorism Prevention Act of
2004 (6 U.S.C. 485); and
BB. To perform other duties relating to such responsibilities as
the Secretary may provide.
In addition to assigning I&A the statutory responsibilities noted
above, relevant provisions of the Homeland Security Act of 2002, which
amended the National Security Act of 1947 in part, and subsequent
amendments to Executive Order 12333, effectively designated I&A as an
element of the National Intelligence Community (IC) and the position
now occupied by the Under Secretary for I&A as a ``Senior Official of
the Intelligence Community'' (SOIC). That, together with the
Secretary's subsequent designation of the head of I&A as Chief
Intelligence Officer of the Department--a dual-designation recently
codified in statute through recent amendments to Title II of the
Homeland Security Act of 2002--the Under Secretary for I&A now leads
the integrated DHS intelligence enterprise in providing valuable,
actionable intelligence and intelligence-related information for and
among the National leadership, all components of DHS, the IC, and our
other Federal, State, local, territorial, tribal, foreign and private
sector partners.
In his December 16, 2005, memorandum concerning information sharing
activities at DHS, the Secretary also assigned to what is now the
position of Under Secretary for I&A the responsibility to ``develop[ ]
and execut[e] the information sharing enterprise within the Department
to ensure that the information and analysis provided by the Department
is appropriate for providing security for the homeland * * * [and to]
ensure that the sharing of intelligence and analysis between DHS and
its Federal, State, local, tribal, and private sector partners is
sufficient to meet their homeland security needs.''
On February 1, 2007, the Secretary formally issued the DHS Policy
for Internal Information Exchange and Sharing, and in doing so,
recognized that all elements of DHS are ``one agency'' for purposes of
the Privacy Act and information sharing activities generally. Moreover,
the Secretary specifically reaffirmed that, within the context of this
``one agency'' approach to information sharing, the acting incumbent to
the position of Under Secretary for I&A is ``the official responsible
for assessing and analyzing all terrorism, homeland security, and
related law enforcement and intelligence information received by the
Department.''
Thus, in accordance with the Privacy Act of 1974, and to facilitate
the department-wide activities of I&A as described herein, the DHS
gives notice that it proposes to add a new system of records to its
inventory of record systems, namely the DHS I&A ERS to maintain those
records associated with I&A operations, some of which existed
previously in the Homeland Security Operations Center Database (HSOC)
system of records. This notice does not rescind, revoke, or supersede
the HSOC system of record or notice insofar as other components of DHS
maintain records within this system of records, under their respective
authorities.
The ERS will hold all records and information utilized by I&A to
provide intelligence and analysis support to DHS, and from which I&A
can cull, analyze, and fuse intelligence and related information
properly received from other DHS components, and United States
Government (USG) departments and agencies (including law enforcement
agencies), elements of the IC, and our foreign, State, local,
territorial, tribal, and private sector partners. A centrally managed
records system, will allow I&A to access and communicate relevant
information quickly and effectively to DHS leadership, and, as
appropriate, the other entities listed above. Indeed, as defined in
this notice, ERS which is a multi-domain (classified and sensitive-
unclassified) national security system will enable I&A personnel to:
(1) Manage intelligence requirements and leverage intelligence
capabilities; (2) provide timely, actionable, and relevant intelligence
information; (3) produce action-oriented indications and warnings,
evaluations, and assessments of evolving terrorist capabilities and
intent; (4) identify and disrupt terrorist activities against, and
other threats to, our homeland and within our borders; (5) develop and
employ techniques for alternative analysis; (6) facilitate the
production of accurate, timely, and thorough finished intelligence
products to the end-user; and (7) maintain an effective information
sharing process, operations, and systems environment within and without
DHS.
Given the nature of I&A's mission to ensure appropriate access to
analytical information and source records while promoting a common and
unified standard for data integrity, safeguarding, data exchange, and
administrative oversight of the information maintained, by I&A, I&A has
developed ERS as the single system of records to support all I&A
operations.
The information in the ERS system of records includes intelligence
information and other properly acquired information received from
agencies and components of the federal government, foreign governments,
organizations or entities, international organizations, state and local
government agencies (including law enforcement agencies), and private
sector entities, as well as information provided by individuals,
regardless of the medium used to submit the information or the agency
to which it was submitted. This system also contains: information
regarding persons on watch lists with known or suspected links to
terrorism; the results of intelligence analysis and reporting; ongoing
law enforcement investigative information, information systems security
analysis and reporting; active immigration, customs, border and
transportation, security related records; historical law enforcement,
operational, immigration, customs, border and transportation security,
and other administrative records; relevant and appropriately acquired
financial information; and public-source data such as that contained in
media reports and commercially available databases, as appropriate.
Data about the providers of information, including the means of
[[Page 28131]]
transmission of the data, is also retained.
I&A will use the information in the ERS system of records,
consistent with its statutory responsibilities and functions listed
above in sub-paragraphs A-BB of this section.
II. Legal Requirements
The Privacy Act embodies fair information principles in a statutory
framework governing the means by which the USG collects, maintains,
uses and disseminates personally identifiable information.
The Privacy Act applies to information that is maintained in a
system of records. A system of records is defined as a group of any
records under the control of an agency from which information is
retrieved by the name of the individual or by some identifying number,
symbol, or other identifier particular to the individual.
Individuals may request their records that are maintained in a
system of records in the possession or under the control of DHS by
complying with DHS Privacy Act regulations, 6 CFR part 5.
The Privacy Act requires that each agency publish in the Federal
Register a description denoting the type and character of each system
of records to provide transparency to and notify individuals about how
the USG is using personally identifiable information, to assist
individuals to more easily find files within the agency, and to inform
the public if any applicable Privacy Act exemptions will be claimed for
the system, which would affect access to certain information contained
in the system.
DHS proposes to exempt the ERS system of records from certain
portions of the Privacy Act to protect classified or otherwise
sensitive information that is contained in the system and to protect
the integrity of ongoing counterterrorism, intelligence, law
enforcement and other homeland security activities. These exemptions
are necessary because ERS contains information concerning certain
individuals, including but not limited to known or suspected
terrorists, and activities that could impact the security of people
within the United States. These exemptions are necessary, moreover,
because some of the information contained in the system may be derived
from sensitive intelligence, law enforcement, or other operational
sources and/or acquired using sensitive intelligence or law enforcement
methods.
Specifically, DHS is claiming exemptions from those provisions of
the Privacy Act contained at 5 U.S.C. 552a(c)(3), (d), (e)(1),
(e)(4)(G), (H), and (I), and (f) pursuant to 5 U.S.C. 552a(k)(1), (2),
(3) and (5).
Elsewhere in today's Federal Register is the Notice of Proposed
Rulemaking for these exemptions.
Moreover, and notwithstanding those provisions of the Privacy Act
from which DHS is seeking exemption today, I&A, as a member of the
National Intelligence Community, also conducts its mission in
conformance with the requirements of Executive Order 12333, as amended,
``United States Intelligence Activities,'' dated December 4, 1981.
Section 2.3 of Executive Order 12333 requires that each agency head
within the IC establish procedures to govern the collection, retention,
and dissemination of information concerning U.S. Persons in a manner
which protects the privacy and constitutional rights of U.S. Persons.
Specifically within I&A, intelligence personnel may acquire
information which identifies a particular U.S. Person, retain it within
or disseminate it from ERS, as appropriate, only when it is determined
that the personally identifying information is necessary for the
conduct of I&A's functions and otherwise falls into one of a limited
number of authorized categories.
The routine uses covered by this system of records notice include
the sharing of covered information by I&A with its homeland security
partners, including, where and when appropriate, Federal, State, local,
tribal, territorial, foreign, or multinational governments and
agencies, and certain private sector individuals and organizations, for
purposes of countering, deterring, preventing, preparing for,
responding to, or recovering from natural or manmade threats, including
acts of terrorism; for assisting in or facilitating the coordination of
homeland security threat awareness, assessment, analysis, deterrence,
prevention, preemption, and response; for assisting in authorized
investigations, prosecutions or enforcement of the law, when acquired
information indicates a violation or potential violation of law; where
disclosure is in furtherance of I&A's information sharing
responsibilities under statute or policy, including disclosure in
support of those entities lawfully engaged in the collection of
intelligence, counterterrorism, homeland security, and related law
enforcement information; for making notifications and issuing warnings
of serious threats to the homeland or to those specific individuals
whose person or property may become the targets of a particular threat;
and, as otherwise necessary, to properly manage and oversee the
administration of this system of records and other organizational
activities of I&A, including administrative responsibilities related to
interagency support, litigation support, congressional affairs and
oversight, records management, intelligence and information oversight,
human capital, and internal security.
In accordance with 5 U.S.C. 552a(r), DHS has provided a report of
this new system of records to the Office of Management and Budget (OMB)
and to the Congress.
DHS/IA-001
SYSTEM NAME:
Office of Intelligence & Analysis (I&A) Enterprise Records System.
SECURITY CLASSIFICATION:
The classification of records in this system can range from
UNCLASSIFIED to TOP SECRET.
SYSTEM LOCATION:
Records are maintained by the Office of Intelligence & Analysis
(I&A), Department of Homeland Security, Washington, DC 20528, and at
remote locations where I&A maintains secure facilities and/or conducts
its mission.
CATEGORY OF INDIVIDUALS COVERED BY THE SYSTEM:
A. Individuals who are known, reasonably believed to be, or are
suspected of being, involved in or linked to:
1. The existence, organization, capabilities, plans,
communications, intentions, and vulnerabilities of, means of finance or
material support for, and activities against or threats to the United
States or United States persons and interests by, domestic, foreign or
international terrorist groups and/or individuals involved in
terrorism;
2. Groups or individuals believed to be assisting or associated
with domestic, foreign, or international terrorist groups and/or
individuals involved in terrorism;
3. Activities constituting a threat to homeland security, and/or
activities that are preparatory to, or facilitate or support such
activities, including:
a. Activities related to the violation or suspected violation of
immigration or customs laws and regulations of the United States,
b. Activities, which could reasonably be expected to assist in the
development or use of a weapon of mass effect;
c. Activities to identify, create, exploit, or undermine the
vulnerabilities of the ``key resources'' (as defined in section 2(9) of
the
[[Page 28132]]
Homeland Security Act of 2002) and ``critical infrastructure'' (as
defined in 42 U.S.C. 5195c(c)) of the United States;
d. Activities to identify, create, exploit, or undermine the
vulnerabilities of the cyber and national telecommunications
infrastructure, including activities which may impact the availability
of a viable national security and emergency preparedness communications
infrastructure.
e. Activities detrimental to the security of transportation and
transportation systems;
f. Activities which violate or are suspected of violating the laws
relating to counterfeiting of obligations and securities of the United
States and other financial crimes, including access device fraud,
financial institution fraud, identity theft, computer fraud; and
computer-based attacks on our nation's financial, banking, and
telecommunications infrastructure;
g. Activities, not wholly conducted within the United States, which
violate or are suspected of violating the laws which prohibit the
production, transfer, or sale of narcotics or substances controlled in
accordance with Title 21 of the United States Code, or those associated
activities otherwise prohibited by Titles 21 and 46 of the United
States Code;
h. Activities which impact or concern the security, safety, and
integrity of our international borders, including any illegal
activities that cross our borders such as violations of the immigration
or customs laws of the United States;
i. Activities which impact, concern, or otherwise threaten the
safety and security of the President and Vice President, their
families, heads of state, and other designated individuals; the White
House, Vice President's residence, foreign missions, and other
designated buildings within the United States;
j. Activities which impact, concern, or otherwise threaten maritime
safety and security, maritime mobility and navigation, or the integrity
of the maritime environment;
k. Activities which impact, concern, or otherwise threaten the
national operational capability of the Department to respond to natural
and man-made major disasters and emergencies, including acts of
terrorism, in support of impacted communities; to coordinate all
Federal emergency management response operations, response planning and
logistics programs; and to integrate Federal, State, tribal and local
response programs to ensure the efficient and effective delivery of
immediate emergency assistance to individuals and communities impacted
by major disasters, emergencies or acts of terrorism.
l. Activities involving the detection of and response to
unauthorized attempts to import, possess, store, develop, or transport
nuclear or radiological material for use against the United States
4. The capabilities, intentions, or activities of foreign
governments or elements thereof, foreign organizations, or foreign
persons, where the individuals may be officers or employees of, or
otherwise acting for or on behalf of, a foreign power or organization
that may be owned or controlled, directly or indirectly, by a foreign
power;
5. Intelligence activities, or other individuals known or suspected
of engaging in intelligence activities, on behalf of a foreign power or
terrorist group;
6. Activities or circumstances where the health or safety of that
individual may be threatened, including information concerning these
individuals that may be necessary for identifying and implementing
protective security measures or other emergency preparedness
activities;
B. Individuals who voluntarily request assistance or information,
through any means, from I&A, or individuals who voluntarily provide
information concerning any of the activities above, which may threaten
or otherwise affect homeland security.
C. Individuals who are or have been associated with DHS or I&A
activities or with the administration of the Department, including
information about individuals that is otherwise required to be
maintained by law or that is necessary for the provision of
intelligence support to the Department.
CATEGORIES OF RECORDS IN THE SYSTEM:
I&A utilizes a single records system for maintaining I&A's
operational and administrative records, including:
A. Classified and unclassified intelligence (includes national
intelligence, foreign intelligence, and counterintelligence),
counterterrorism, homeland security, and related law enforcement
information, including source records and the reporting and results of
any analysis of this information, obtained from all agencies,
components and organizations of the Federal government, including the
IC; foreign governments, organizations or entities, and international
organizations; State, local, tribal and territorial government agencies
(including law enforcement agencies); and private sector entities;
B. Information provided by record subjects and individual members
of the public;
C. Information obtained from the Terrorist Screening Center, the
National Counterterrorism Center, or from other organizations about
individuals known or reasonably suspected of being engaged in conduct
constituting, preparing for, aiding, or relating to terrorism;
D. Active and historical law enforcement investigative information;
E. Information related to lawful DHS Security investigations,
including authorized physical, personnel, and communications security
investigations, and information systems security analysis and
reporting;
F. Operational and administrative records, including correspondence
records;
G. Lawfully acquired financial information, when relevant to an
authorized intelligence, counterterrorism, homeland security, or
related law enforcement activity;
H. Public source data such as that contained in media, including
periodicals, newspapers, broadcast transcripts, and other public
reports and commercial databases; and
I. Data about the providers of any information otherwise contained
within this system, including the means of transmission of the data.
Examples of information related to the ``Categories of
Individuals'' listed above may include:
Full name, date of birth, gender, country of citizenship, country
of birth, alien number, social security number, driver's license
numbers, passport numbers, fingerprint identification number, or other
unique identifying numbers, current and past home and work addresses,
phone numbers, terrorist associations, biometric information including
fingerprints and photographs, physical description, results from
intelligence analysis related to terrorism, financial information,
family members or associates, flight information, border crossing
information, immigration information, or other personally identifiable
information that is relevant and necessary.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 301; Title II and section 892 of the Homeland Security Act
of 2002, Pub. L. 107-296, 116 Stat. 2145 (Nov. 25, 2002), as amended (6
U.S.C. 121, et seq.); 44 U.S.C. 3101; E.O. 9397; E.O. 12333; E.O.
12958; E.O. 13356; and E.O. 13388.
[[Page 28133]]
PURPOSE(S):
ERS replaces the applicable portions of the DHS, Homeland Security
Operations Center Database (DHS/IAIP-001) system of records notice
(SORN), last published in full text on April 18, 2005 [70 F.R. 20156].
The DHS/IAIP-001 SORN previously covered the functional and
organizational aspects of I&A within DHS prior to realignment by the
Secretary and Congress, respectively, in 2005 and 2006.
The mission-specific purposes of ERS are as follows:
A. To manage, access, analyze, integrate, and store intelligence
(including national intelligence, foreign intelligence, and
counterintelligence), counterterrorism, homeland security, related law
enforcement, and other information to carry out the responsibilities of
the Secretary of Homeland Security and the Under Secretary for I&A, as
the official responsible for assessing and analyzing all terrorism,
homeland security, and related law enforcement and intelligence
information received by the Department, under Title II of the Homeland
Security Act (6 U.S.C. 121, et seq.), in support of the overall DHS
mission.
B. To fulfill the need for coordinated intelligence support in all
of the critical mission areas specifically identified in the
President's National Strategy for Homeland Security or other related
activities as defined by separate Executive Order, Homeland and/or
National Security Presidential Directive, or other issuance concerning
the internal management and policy of Executive Branch activities.
C. To enable the provision of intelligence and analysis support to
all DHS activities, components, and organizational elements, and to
maintain a record system from which I&A can cull, analyze, and fuse
intelligence and related information properly received from other DHS
components, other United States Government (USG) departments and
agencies (including law enforcement agencies), elements of the National
Intelligence Community (IC), as well as our foreign, State, local,
territorial, tribal, and private sector partners.
D. To permit the Under Secretary for I&A, as Chief Intelligence
Officer of the Department, to foster the development and execution of
an information sharing environment within DHS; to integrate the
intelligence and information sharing functions and activities of the
DHS intelligence enterprise to provide the most valuable, actionable
intelligence and intelligence-related information for the Nation's
leadership, all components of DHS, the IC, and our other partners; and
to ensure both that the information and analysis provided by the
Department is appropriate for providing security for the homeland and
that the sharing of intelligence and analysis between DHS and its
Federal, State, local, territorial, tribal, foreign, and private sector
partners is sufficient to meet their respective homeland security
needs.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside DHS as a
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To any Federal, State, local, tribal, territorial, foreign, or
multinational government or agency, or appropriate private sector
individuals and organizations, with responsibilities relating to
homeland security, including responsibilities to counter, deter,
prevent, prepare for, respond to, or recover from a natural or manmade
threat, including an act of terrorism, or to assist in or facilitate
the coordination of homeland security threat awareness, assessment,
analysis, deterrence, prevention, preemption, and response;
B. To a Federal, State, local, tribal, territorial, foreign, or
multinational government or agency with the responsibility and
authority for investigating, prosecuting and/or enforcing a law (civil
or criminal), regulation, rule, order or contract, where the record, on
its face or in conjunction with other information, indicates a
violation or potential violation of any such law, regulation, rule,
order, or contract enforced by that government or agency;
C. To a Federal, State, local, tribal, territorial, foreign, or
multinational government or agency, or other entity, including, as
appropriate, certain private sector individuals and organizations,
where disclosure is in furtherance of I&A's information sharing
responsibilities under the Homeland Security Act of 2002, as amended,
the Intelligence Reform and Terrorism Prevention Act of 2004, the
National Security Act of 1947, as amended, Executive Order 12333, as
amended, or any successor order, national security directive,
intelligence community directive, other directive applicable to I&A,
and any classified or unclassified implementing procedures promulgated
pursuant to such orders and directives, or any other statute, Executive
Order or directive of general applicability, and where such disclosure
is otherwise compatible with the purpose for which the record was
originally acquired or created by I&A;
D. To a Federal, State, local, tribal, or territorial government or
agency lawfully engaged in the collection of intelligence (including
national intelligence, foreign intelligence, and counterintelligence),
counterterrorism, homeland security, law enforcement or law enforcement
intelligence, and other information, where disclosure is undertaken for
intelligence, counterterrorism, homeland security, or related law
enforcement purposes, as authorized by U.S. Law or Executive Order, and
in accordance with applicable disclosure policies;
E. To any other agency within the IC, as defined in section 3.4(f)
of Executive Order 12333 of December 4, 1981, as amended, for the
purpose of allowing that agency to determine whether the information is
relevant and necessary to its mission-related responsibilities and in
accordance with that agency's classified or unclassified implementing
procedures promulgated pursuant to such orders promulgated pursuant to
such orders and directives, or any other statute, Executive Order or
directive of general applicability;
F. To foreign persons or foreign government agencies, international
organizations, and multinational agencies or entities, under
circumstances or for purposes mandated by, imposed by, or conferred in,
Federal statute, treaty, or other international agreement or
arrangement, and in accordance with applicable foreign disclosure
policies, such as the National Security Decision Memorandum 119,
``Disclosure of Classified United States Military Information to
Foreign Governments and International Organizations,'' which is the
Presidential directive that allows for the disclosure classified
information to foreign entities, and other applicable directives;
G. To any individual, organization, or entity, as appropriate, to
notify them of a serious threat to homeland security for the purpose of
guarding them against or responding to such a threat, or where there is
a reason to believe that the recipient is or could become the target of
a particular threat, to the extent the information is relevant to the
protection of life, health, or property;
H. To any Federal government agency when documents or other
information obtained from that agency are used in compiling the
particular record, the record is also relevant to the official
responsibilities of that agency, and there
[[Page 28134]]
otherwise exists a need for that agency to know the information in the
performance of its official functions;
I. To representatives of the Department of Justice and other U.S.
Government entities, to the extent necessary to obtain their advice on
any matter that is within their official responsibilities to provide;
J. To the Department of Justice or other Federal agency conducting
litigation or in proceedings before any court, adjudicative or
administrative body, when: (a) DHS, or (b) any employee of DHS in his/
her official capacity, or (c) any employee of DHS in his/her individual
capacity where DOJ or DHS has agreed to represent the employee, or (d)
the United States or any agency thereof, is a party to the litigation
or has an interest in such litigation;
K. To a congressional office with information from the record of a
particular individual, and in response to an inquiry from that
congressional office made at the request of the individual to whom the
record pertains;
L. To individual members or staff of the Senate Select Committee on
Intelligence and the House Permanent Select Committee on Intelligence,
and the House Homeland Security Subcommittee on Intelligence,
Information Sharing, and Terrorism Risk Assessment, in connection with
the exercise of the Committees' intelligence oversight and legislative
functions, when such disclosures are necessary to a lawful activity of
the United States, and the DHS Office of the General Counsel determines
that such disclosures are otherwise lawful;
M. To the National Archives and Records Administration or other
federal government agencies for the purpose of records management
inspections being conducted under the authority of 44 U.S.C. sections
2904 and 2906;
N. To contractors, grantees, experts, consultants, volunteers, and
others performing or working on a contract, service, grant, cooperative
agreement, or other assignment for the Federal government, when
necessary to accomplish an agency function related to this system of
records, in compliance with the Privacy Act of 1974, as amended;
O. To any agency, organization, or individual for the purposes of
performing audit or oversight operations of DHS and/or I&A authorized
by law, but only such information as is necessary and relevant to such
audit or oversight function;
P. To the President's Foreign Intelligence Advisory Board, the
Intelligence Oversight Board, any successor organizations, and any
intelligence oversight entities established by the President, when the
head of I&A determines that disclosure will assist these entities in
the performance of their oversight functions; and
Q. To an appropriate Federal, State, local, tribal, territorial,
foreign, or international agency, if the information is relevant and
necessary to a requesting agency's decision concerning the hiring or
retention of an individual, or issuance of a security clearance,
license, contract, grant, or other benefit, or if the information is
relevant and necessary to a DHS decision concerning the hiring or
retention of an employee, the issuance of a security clearance, the
reporting of an investigation of an employee, the letting of a
contract, or the issuance of a license, grant or other benefit and when
disclosure is appropriate to the proper performance of the official
duties of the person making the request.
DISCLOSURE TO CONSUMER REPORTING AGENCIES:
None.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Records in this system are stored in paper and/or electronic format
in secure facilities. Electronic storage is on servers, CD-ROMs, DVD-
ROMs, magnetic disc, tape, and digital media.
RETRIEVABILITY:
Data may be retrieved by an individual's name or other identifier,
including unique identifying numbers assigned by I&A or other
government agencies.
SAFEGUARDS:
Hard copy (paper) records and information in this system are
maintained in a secure facility with access limited to only authorized
personnel or an authorized and escorted visitor. Physical security
includes security guards and locked facilities requiring badges and
passwords for access.
Hard copy records are stored in vaults, safes or locked cabinets
and are accessible only to authorized government personnel and
contractors who are properly screened, cleared and trained in
information security and the protection of privacy information.
Electronic records are maintained on and only accessible from
secured systems through hardware and software devices protected by
appropriate physical and technological safeguards to prevent
unauthorized access, including password protection.
Electronic or digital records or information in this system are
also safeguarded in accordance with applicable laws, rules, and
policies, including the DHS information technology security policies
and the Federal Information Security Management Act (FISMA). The
protective strategies are physical, technical, administrative and
environmental in nature, which provide access control to sensitive
data, physical access control to DHS facilities, confidentiality of
communications, authentication of sending parties, and personnel
screening to ensure that all personnel with access to data are screened
through background investigations commensurate with the level of access
required to perform their duties.
Strict controls have been imposed to minimize the risks of
compromising the information that is being stored.
Access to the computer system containing the records in this system
is limited to those individuals specifically authorized and granted
access under DHS regulations, who hold appropriate security clearances,
and who have a need to know the information in the performance of their
official duties.
Systems are also developed with an incorporated auditing function
of individual use and access.
Classified information is appropriately stored in a secured
certified and accredited facility, in secured databases and containers,
and in accordance with other applicable requirements, including those
pertaining to classified information.
Access is strictly limited to authorized personnel only.
RETENTION AND DISPOSAL:
Records in this system will be retained and disposed of in
accordance with a records retention and disposal schedule to be
submitted to and approved by the National Archives and Records
Administration.
SYSTEM MANAGER(S) AND ADDRESS:
Director, Information Sharing and Knowledge Management, Office of
Intelligence and Analysis, Department of Homeland Security, Washington,
DC 20528.
NOTIFICATION PROCEDURES:
Because this system contains classified and sensitive unclassified
information related to intelligence, counterterrorism, homeland
security, and law enforcement programs, records in this system have
been exempted from
[[Page 28135]]
notification, access, and amendment to the extent permitted by
subsection (k) of the Privacy Act. A request for notification of any
non-exempt records in this system may be made by writing to the
Disclosure Officer, Office of Intelligence and Analysis, Department of
Homeland Security, Washington, DC 20528, in conformance with 6 CFR Part
5, Subpart B, which provides the rules for requesting access to Privacy
Act records maintained by DHS.
RECORDS ACCESS PROCEDURES:
Because this system contains classified and sensitive unclassified
information related to intelligence, counterterrorism, homeland
security, and law enforcement programs, records in this system have
been exempted from notification, access, and amendment to the extent
permitted by subsection (k) of the Privacy Act. A request for access to
non-exempt records in this system may be made by writing to the
Disclosure Officer, Office of Intelligence and Analysis, Department of
Homeland Security, Washington, DC 20528, in conformance with 6 CFR Part
5, Subpart B, which provides the rules for requesting access to Privacy
Act records maintained by DHS.
CONTESTING RECORD PROCEDURES:
Because this system contains classified and sensitive unclassified
information related to intelligence, counterterrorism, homeland
security, and law enforcement programs, records in this system have
been exempted from notification, access, and amendment to the extent
permitted by subsection (k) of the Privacy Act. A request to amend non-
exempt records in this system may be made by writing to the System
Manager, identified above, in conformance with 6 CFR Part 5, Subpart B,
which provides the rules for requesting access to Privacy Act records
maintained by DHS.
RECORD SOURCE CATEGORIES:
Information contained in this system is obtained from individuals;
other government, non-government, commercial, public, and private
agencies and organizations, both domestic and foreign; media, including
periodicals, newspapers, and broadcast transcripts; intelligence source
documents; investigative reports, and correspondence.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
DHS has exempted this system from subsections (c)(3), (d), (e)(1),
(e)(4)(G), (H), and (I), and (f) of the Privacy Act, pursuant to 5
U.S.C. 552a(k)(1), (2), (3), and (5), as applicable. A Notice of
Proposed Rulemaking for exempting this record system has been
promulgated in accordance with the requirements of 5 U.S.C. 553(b)(1),
(2), and (3), (c), and (e) and is being published [in 6 CFR Part 5]
concurrently with publication of this Notice Establishing a New System
of Records in the Federal Register.
Hugo Teufel III,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. E8-10888 Filed 5-14-08; 8:45 am]
BILLING CODE 4410-10-P