From: <Saved by Windows Internet Explorer 7>
Subject: Federal Register, Volume 77 Issue 99 (Tuesday, May 22, 2012)
Date: Mon, 22 Jul 2013 13:47:52 -0400
MIME-Version: 1.0
Content-Type: text/html;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Location: http://www.gpo.gov/fdsys/pkg/FR-2012-05-22/html/2012-12396.htm
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157

=EF=BB=BF<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Federal Register, Volume 77 Issue 99 (Tuesday, May =
22, 2012)</TITLE>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8">
<META content=3D"MSHTML 6.00.6000.21342" name=3DGENERATOR></HEAD>
<BODY><PRE>[Federal Register Volume 77, Number 99 (Tuesday, May 22, =
2012)]
[Notices]
[Pages 30297-30304]
From the Federal Register Online via the Government Printing Office [<A =
href=3D"http://www.gpo.gov/">http://www.gpo.gov/</A>]
[FR Doc No: 2012-12396]


=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

[Docket No. DHS-2012-0019]


Privacy Act of 1974; U.S. Customs and Border Protection, DHS/CBP-
006--Automated Targeting System, System of Records

AGENCY: Privacy Office, DHS.

ACTION: Notice of Privacy Act system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of=20
Homeland Security proposes to update and expand an existing Department=20
of Homeland Security system of records notice titled, U.S. Customs and=20
Border Protection, DHS/CBP-006--Automated Targeting System (ATS) 72 FR=20
43650, August 6, 2007. The Department of Homeland Security (DHS) and=20
U.S. Customs and Border Protection (CBP) have designed ATS to=20
efficiently perform risk assessments on information pertaining to=20
international travelers and import and export shipments attempting to=20
enter or leave the United States. ATS uses a rule-managed technology=20
that facilitates the targeting of high-risk travelers and cargo.
    DHS/CBP is publishing this System of Records Notice (SORN) to=20
update ATS and to update and expand the categories of individuals,=20
categories of records, routine uses, access provisions, and sources of=20
data stored in ATS. Elsewhere in the Federal Register, the Department=20
of Homeland Security is concurrently issuing a Notice of Proposed=20
Rulemaking exempting this system of records from certain provisions of=20
the Privacy Act. This updated and expanded system will be included in=20
the Department of Homeland Security's inventory of record systems.

DATES: Submit comments on or before June 21, 2012. This system will be=20
effective June 21, 2012.

ADDRESSES: You may submit comments, identified by docket number DHS-
2012-0019 by one of the following methods:
    <BULLET> Federal e-Rulemaking Portal: <A =
href=3D"http://www.regulations.gov/">http://www.regulations.gov/</A>.=20
Follow the instructions for submitting comments.
    <BULLET> Fax: 703-483-2999.
    <BULLET> Mail: Mary Ellen Callahan, Chief Privacy Officer, Privacy=20
Office, Department of Homeland Security, Washington, DC 20528.
    Instructions: All submissions received must include the agency name=20
and docket number for this rulemaking. All comments received will be=20
posted without change to <A =
href=3D"http://www.regulations.gov/">http://www.regulations.gov/</A>, =
including any=20
personal information provided.
    Docket: For access to the docket to read background documents or=20
comments received go to <A =
href=3D"http://www.regulations.gov/">http://www.regulations.gov/</A>.

FOR FURTHER INFORMATION CONTACT: For general questions please contact:=20
Laurence E. Castelli (202-325-0280), CBP Privacy Officer, Office of

[[Page 30298]]

International Trade, U.S. Customs and Border Protection, Mint Annex,=20
799 Ninth Street NW., Washington, DC 20229. For privacy issues please=20
contact: Mary Ellen Callahan (703-235-0780), Chief Privacy Officer,=20
Privacy Office, U.S. Department of Homeland Security, Washington, DC=20
20528.

SUPPLEMENTARY INFORMATION:

I. Background

    In accordance with the Privacy Act of 1974, the Department of=20
Homeland Security proposes to update and expand an existing Department=20
of Homeland Security SORN titled, U.S. Customs and Border Protection,=20
DHS/CBP-006--Automated Targeting System (ATS) 72 FR 43650, August 6,=20
2007.
    This SORN is being updated and expanded to inform the public about=20
changes to the Automated Targeting System (ATS) categories of=20
individuals, categories of records, routine uses, access provisions,=20
and sources of data. DHS/CBP is updating and expanding the categories=20
of individuals, categories of records, and sources of records stored in=20
ATS because it has certain data that it must ingest for performance=20
purposes. The Privacy Impact Assessment (PIA), which DHS will publish=20
on its Web site (<A =
href=3D"http://www.dhs.gov/privacy">http://www.dhs.gov/privacy</A>) =
concurrently with the=20
publication of this SORN in the Federal Register, provides a full=20
discussion of the functional capabilities of ATS and its modules. DHS=20
and CBP have previously exempted portions of ATS from the notification,=20
access, amendment, and public accounting provisions of the Privacy Act=20
because it is a law enforcement system. DHS and CBP, however, will=20
consider each request for access to records maintained in ATS to=20
determine whether or not information may be released. DHS and CBP=20
further note that despite the exemption taken on this system of records=20
they are providing access and amendment to passenger name records (PNR)=20
collected by CBP pursuant to its statutory authority, 49 U.S.C. 44909,=20
as implemented by 19 CFR 122.49d, Importer Security Filing (10+2=20
documentation) information, and any records that were ingested by ATS=20
where the source system of records already provides access and/or=20
amendment under the Privacy Act.
    ATS provides the following basic functionalities to support CBP in=20
identifying individuals and cargo that need additional review across=20
the different means or modes of travel to and from the United States:
    <BULLET> Comparison: ATS compares information on travelers and=20
cargo coming into and going out of the country against law enforcement=20
and intelligence databases to identify individuals and cargo requiring=20
additional scrutiny. For example, ATS compares information on=20
individuals (identified as passengers, travelers, crewmembers, or=20
persons appearing on documents supporting the movement of cargo) trying=20
to enter the country or trying to enter merchandise into the country=20
against the Terrorist Screening Database (TSDB), which ATS ingests from=20
the DHS Watchlist Service (WLS), and outstanding wants and warrants.
    <BULLET> Rules: ATS compares existing information on individuals=20
and cargo entering and exiting the country with patterns identified as=20
requiring additional scrutiny. The patterns are based on CBP officer=20
experience, analysis of trends of suspicious activity, and raw=20
intelligence corroborating those trends. For example, ATS might compare=20
information on cargo entering the country against a set of scenario-
based targeting rules that indicate a particular type of fish rarely is=20
imported from a given country.
    <BULLET> Federated Query: ATS allows users to search data across=20
many different databases and correlate it across the various systems to=20
provide a person centric view of all data responsive to a query about=20
the person's identity from the selected databases.
    In order to do the above, ATS pulls data from many different source=20
systems. In some instances ATS is the official record for the=20
information, while in other instances ATS ingests and maintains the=20
information as a copy or provides a pointer to the information in the=20
underlying system. Below is a summary:
    <BULLET> Official Record: ATS maintains the official record for=20
Passenger Name Records (PNR) collected by CBP pursuant to its statutory=20
authority, 49 U.S.C. 44909, as implemented by 19 CFR 122.49d; for=20
Importer Security Filing (10+2 documentation) information, which=20
provides advanced information about cargo and related persons and=20
entities for risk assessment and targeting purposes; for results of=20
Cargo Enforcement Exams; for the combination of license plate,=20
Department of Motor Vehicle (DMV) registration data and biographical=20
data associated with a border crossing; for law enforcement and/or=20
intelligence data, reports, and projects developed by CBP analysts that=20
may include public source and/or classified information; and=20
information obtained through memoranda of understanding or other=20
arrangements because the information is relevant to the border security=20
mission of the Department.
    <BULLET> Ingestion of Data: ATS maintains copies of key elements of=20
certain CBP databases in order to minimize the processing time for=20
searches on the operational systems and to act as a backup for certain=20
operational systems, including, but not limited to: Automated=20
Commercial Environment (ACE), Automated Commercial System (ACS),=20
Automated Export System (AES), Advance Passenger Information System=20
(APIS), Border Crossing Information (BCI), Consular Electronic=20
Application Center (CEAC), Enforcement Integrated Database (EID)[which=20
includes the Enforcement Case Tracking System (ENFORCE)], Electronic=20
System for Travel Authorization (ESTA), Global Enrollment System (GES),=20
Non-Immigrant Information System (NIIS), historical National Security=20
Entry-Exit Registration System (NSEERS), Seized Asset and Case Tracking=20
System (SEACATS), U.S. Immigration and Customs Enforcement (ICE)=20
Student Exchange and Visitor Information System (SEVIS), Social=20
Security Administration (SSA) Death Master File, TECS, Terrorist=20
Screening Database (TSDB) through the DHS Watchlist Service (WLS), and=20
WebIDENT. If additional data is ingested and that additional data does=20
not require amendment of the categories of individuals or categories of=20
records in this SORN, the PIA for ATS will be updated to reflect that=20
information. The updated PIA can be found at <A =
href=3D"http://www.dhs.gov/privacy">www.dhs.gov/privacy</A>.
    <BULLET> Pointer System: ATS accesses and uses additional databases=20
without ingesting the data, including, but not limited to: CBP Border=20
Patrol Enforcement Tracking System (BPETS), Department of State=20
Consular Consolidated Database (CCD), commercial data aggregators,=20
CBP's Enterprise Geospatial Information Services (eGIS), DHS/USVISIT=20
IDENT, National Law Enforcement Telecommunications System (Nlets),=20
DOJ's National Crime Information Center (NCIC), the results of queries=20
in the FBI's Interstate Identification Index (III), and the National=20
Insurance Crime Bureau's (NICB's) private database of stolen vehicles.=20
If additional data is ingested and that additional data does not=20
require amendment of the categories of individuals or categories of=20
records in this SORN, the PIA for ATS will be updated to reflect that=20
information. The updated PIA can be found at <A =
href=3D"http://www.dhs.gov/privacy">www.dhs.gov/privacy</A>.
    DHS/CBP has reorganized the ATS routine uses to provide greater=20
uniformity across DHS systems. Consistent with DHS's information=20
sharing mission, information stored in

[[Page 30299]]

ATS may be shared with other DHS components, as well as appropriate=20
federal, state, local, tribal, foreign, or international government=20
agencies. This sharing will only take place after DHS determines that=20
the recipient has a need to know the information to carry out functions=20
consistent with the routine uses set forth in this SORN.
    DHS has exempted the system from the notification, access,=20
amendment, and certain accounting provisions of the Privacy Act of 1974=20
because of the law enforcement nature of ATS. Despite the exemptions=20
taken on this system of records, CBP and DHS are not exempting the=20
following records from the access and amendment provisions of the=20
Privacy Act: passenger name records (PNR) collected by CBP pursuant to=20
its statutory authority, 49 U.S.C. 44909, as implemented by 19 CFR=20
122.49d, Importer Security Filing (10+2 documentation) information, and=20
any records that were ingested by ATS where the source system of=20
records already provides access and/or amendment under the Privacy Act.=20
A traveler may obtain access to his or her PNR and request amendment as=20
appropriate, but records concerning the targeting rules, the responses=20
to rules, case events, law enforcement and/or intelligence data,=20
reports, projects developed by CBP that may include public source and/
or classified information, information obtained through memoranda of=20
understanding or other arrangements because the information is relevant=20
to the border security mission of the Department, or records exempted=20
from access by the system from which ATS ingested or accessed the=20
information, will not be accessible to the individual.

II. Privacy Act

    The Privacy Act embodies fair information principles in a statutory=20
framework governing the means by which the United States Government=20
collects, maintains, uses, and disseminates individuals' records. The=20
Privacy Act applies to information that is maintained in a ``system of=20
records.'' A ``system of records'' is a group of any records under the=20
control of an agency for which information is retrieved by the name of=20
an individual or by some identifying number, symbol, or other=20
identifying particular assigned to the individual. In the Privacy Act,=20
an individual is defined to encompass United States citizens and lawful=20
permanent residents. As a matter of policy (Privacy Policy Guidance=20
Memorandum 2007-1, most recently updated January 7, 2009), DHS extends=20
administrative Privacy Act protections to all persons, regardless of=20
citizenship, where a system of records maintains information on U.S.=20
citizens, lawful permanent residents, and visitors. Individuals may=20
request access to their own records that are maintained in a system of=20
records in the possession or under the control of DHS by complying with=20
DHS Privacy Act regulations, 6 CFR Part 5.
    The Privacy Act requires each agency to publish in the Federal=20
Register a description denoting the type and character of each system=20
of records that the agency maintains, and the routine uses that are=20
contained in each system in order to make agency record keeping=20
practices transparent, to notify individuals regarding the uses to=20
which their records are put, and to assist individuals with more easily=20
finding such files within the agency. Below is the description of the=20
U.S. Customs and Border Protection DHS/CBP-006 Automated Targeting=20
System system of records.
    In accordance with 5 U.S.C.552a(r), DHS has provided a report of=20
this system of records to the Office of Management and Budget and to=20
Congress.
System of Records
    DHS/CBP-006.

System name:
    U.S. Customs and Border Protection Automated Targeting System.

Security classification:
    Unclassified, sensitive, classified.

System location:
    Records are maintained at the CBP Headquarters in Washington, DC,=20
and can be accessed from field offices and from locations abroad where=20
ATS users are stationed.

Categories of individuals covered by the system:
    ATS handles information relating to the following individuals:
    A. Persons, including operators, crew, and passengers, who seek to,=20
or do in fact, enter, exit, or transit through the United States or=20
through other locations where CBP maintains an enforcement or=20
operational presence by land, air, or sea.
    B. Crew members traveling on commercial aircraft that fly over the=20
United States.
    C. Persons who engage in any form of trade or other commercial=20
transaction related to the importation or exportation of merchandise,=20
including those required to submit an Importer Security Filing.
    D. Persons who are employed in any capacity related to the transit=20
of merchandise intended to cross the United States border.
    E. Persons who serve as booking agents, brokers, or other persons=20
who provide information on behalf of persons seeking to enter, exit, or=20
transit through the United States, or on behalf of persons seeking to=20
import, export or ship merchandise through the United States.
    F. Owners of vehicles that cross the border.
    G. Persons whose data was received by the Department as the result=20
of memoranda of understanding or other information sharing agreement or=20
arrangement because the information is relevant to the border security=20
mission of the Department.
    H. Persons who were identified in a narrative report, prepared by=20
an officer or agent, as being related to or associated with other=20
persons who are alleged to be involved in, who are suspected of, or who=20
have been arrested for violations of the laws enforced or administered=20
by DHS.
    I. Persons who may pose a threat to the United States.

Categories of records in the system:
    ATS contains various types of data to support its targeting=20
missions, incorporating information germane to the identification of=20
individuals, including, but not limited to:

<BULLET> Name
<BULLET> Addresses (home, work, and/or destination, as appropriate)
<BULLET> Telephone and fax numbers
<BULLET> Tax ID number (e.g., Employer Identification Number (EIN) or=20
Social Security Number (SSN), where available)
<BULLET> Date and place of birth
<BULLET> Gender
<BULLET> Nationality
<BULLET> Country of Residence
<BULLET> Citizenship
<BULLET> Alias
<BULLET> Physical characteristics, including biometrics where available=20
(e.g., height, weight, race, eye and hair color, scars, tattoos, marks,=20
fingerprints)
<BULLET> Familial relationships and other contact information
<BULLET> Property information
<BULLET> Occupation and employment information
<BULLET> Biographical and biometric information from or associated with=20
online immigrant and non-immigrant visa applications, including (as=20
available):
    [cir] U.S. sponsor's name, address, and phone number
    [cir] U.S. contact name, address, and phone number

[[Page 30300]]

    [cir] Employer name, address, and phone number
    [cir] Email address, IP Address, applicant ID
    [cir] Marital Status
    [cir] Alien number
    [cir] Social Security Number
    [cir] Tax Identification Number
    [cir] Organization Name
    [cir] U.S. Status
    [cir] Income information for Joint Sponsors
    [cir] Education, military experience, relationship information
    [cir] Responses to vetting questions pertaining to admissibility or=20
eligibility
<BULLET> Information from documents used to verify the identity of=20
individuals (e.g., driver's license, passport, visa, alien=20
registration, citizenship card, border crossing card, birth=20
certificate, certificate of naturalization, re-entry permit, military=20
card) including the:
    <BULLET> type
    <BULLET> number
    <BULLET> date of issuance
    <BULLET> place of issuance

    The system contains travel information pertaining to individuals,=20
including:

<BULLET> The combination of license plate, Department of Motor Vehicle=20
(DMV) registration data and biographical data associated with a border=20
crossing
<BULLET> Information derived from an ESTA application including=20
responses to vetting questions pertaining to admissibility (where=20
applicable)
<BULLET> Travel itinerary
<BULLET> Date of arrival or departure, and means of conveyance with=20
associated identification (e.g., Vehicle Identification Number, year,=20
make, model, registration)
<BULLET> Passenger Name Record (PNR):
    1. PNR record locator code
    2. Date of reservation/issue of ticket
    3. Date(s) of intended travel
    4. Name(s)
    5. Available frequent flier and benefit information (i.e., free=20
tickets, upgrades)
    6. Other names on PNR, including number of travelers on PNR
    7. All available contact information (including originator of=20
reservation)
    8. All available payment/billing information (e.g., credit card=20
number)
    9. Travel itinerary for specific PNR
    10. Travel agency/travel agent
    11. Code share information (e.g., when one air carrier sells seats=20
on another air carrier's flight)
    12. Split/divided information (e.g., when one PNR contains a=20
reference to another PNR)
    13. Travel status of passenger (including confirmations and check-
in status)
    14. Ticketing information, including ticket number, one way tickets=20
and Automated Ticket Fare Quote (ATFQ) fields
    15. Baggage information
    16. Seat information, including seat number
    17. General remarks including Other Service Indicated (OSI),=20
Special Service Indicated (SSI) and Supplemental Service Request (SSR)=20
information
    18. Any collected APIS information (e.g., Advance Passenger=20
Information (API)) that is initially captured by an air carrier within=20
its PNR, such as passport number, date of birth and gender)
    19. All historical changes to the PNR listed in numbers 1 to 18

    Note:  Not all air carriers maintain the same sets of=20
information for PNR, and a particular individual's PNR likely will=20
not include information for all possible categories. In addition,=20
PNR does not routinely include information that could directly=20
indicate the racial or ethnic origin, political opinions, religious=20
or philosophical beliefs, trade union membership, health, or sex=20
life of the individual. To the extent PNR does include terms that=20
reveal such personal matters, DHS employs an automated system that=20
filters certain of these terms and only uses this information in=20
exceptional circumstances where the life of an individual could be=20
imperiled or seriously impaired.

    The system contains information collected for the importation or=20
exportation of cargo and/or property, including:
<BULLET> Bill of lading
<BULLET> Commodity type
<BULLET> License number and license country for Office of Defense Trade=20
Controls registrants
<BULLET> Inspection and examination results

    The system contains Importer Security Filing (ISF) information,=20
which must contain the following items, in addition to the Vessel Stow=20
Plan (VSP) and the Container Status Message (CSM):

<BULLET> Manufacturer (or supplier)
<BULLET> Seller (i.e., full name and address or widely accepted=20
business number such as a Data Universal Numbering System (DUNS)=20
number)
<BULLET> Buyer (i.e., full name and address)
<BULLET> Ship to party (full name and/or business name and address)
<BULLET> Container stuffing location
<BULLET> Consolidator (stuffer)
<BULLET> Importer of record number/Foreign Trade Zone applicant=20
identification number
<BULLET> Consignee number(s)
<BULLET> Country of origin
<BULLET> Commodity: Harmonized Tariff Schedule of the United States=20
(HTSUS) number
    Alternatively, for shipments consisting entirely of Freight=20
Remaining on Board (FROB) or shipments consisting of goods intended to=20
move through the United States, ISF Importers, or their agents, must=20
submit the following five elements, unless an element is specifically=20
exempted:

<BULLET> Booking party (i.e., name and address)
<BULLET> Foreign port of unlading
<BULLET> Place of delivery
<BULLET> Ship to party
<BULLET> Commodity HTSUS number

    The system contains assessments and other information obtained in=20
accordance with the terms of memoranda of understanding or other=20
arrangement because the information is relevant to the border security=20
mission of the Department.

    The system also contains information created by CBP, including:

<BULLET> Admissibility determinations
<BULLET> Results of Cargo Enforcement Exams
<BULLET> Law enforcement or intelligence information regarding an=20
individual
<BULLET> Risk-based rules developed by analysts to assess and identify=20
high-risk cargo, conveyances, or travelers that should be subject to=20
further scrutiny or examination
<BULLET> Assessments resulting from the rules, with a record of which=20
rules were used to develop the assessment
<BULLET> Operational and analytical reports and/or projects developed=20
that may include public source information and/or classified=20
information obtained by users/analysts for reference or incorporation=20
into the report or project.

Authority for maintenance of the system:
    ATS derives its authority from 19 U.S.C. 482, 1461, 1496, 1581,=20
1582; 8 U.S.C. 1357; 49 U.S.C. 44909; the Enhanced Border Security and=20
Visa Reform Act of 2002 (EBSVRA) (Pub. L. 107-173); the Trade Act of=20
2002 (Pub. L. 107-210); the Intelligence Reform and Terrorism=20
Prevention Act of 2004 (IRTPA) (Pub.L. 108-458); and the Security and=20
Accountability for Every Port Act of 2006 (SAFE Port Act) (Pub. L. 109-
347).

Purpose(s):
    PURPOSES FOR PNR IN ATS: PNR may be used,
    (1). To prevent, detect, investigate, and prosecute:
    a. Terrorist offenses and related crimes, including

[[Page 30301]]

    i. Conduct that--
    1. involves a violent act or an act dangerous to human life,=20
property, or infrastructure; and
    2. appears to be intended to--
    a. intimidate or coerce a civilian population;
    b. influence the policy of a government by intimidation or=20
coercion; or
    c. affect the conduct of a government by mass destruction,=20
assassination, kidnapping, or hostage-taking.
    ii. Activities constituting an offense within the scope of and as=20
defined in applicable international conventions and protocols relating=20
to terrorism;
    iii. Providing or collecting funds, by any means, directly or=20
indirectly, with the intention that they should be used or in the=20
knowledge that they are to be used, in full or in part, in order to=20
carry out any of the acts described in subparagraphs (i) or (ii);
    iv. Attempting to commit any of the acts described in subparagraphs=20
(i), (ii), or (iii);
    v. Participating as an accomplice in the commission of any of the=20
acts described in subparagraphs (i), (ii), or (iii);
    vi. Organizing or directing others to commit any of the acts=20
described in subparagraphs (i), (ii), or (iii);
    vii. Contributing in any other way to the commission of any of the=20
acts described in subparagraphs (i), (ii), or (iii);
    viii. Threatening to commit an act described in subparagraph (i)=20
under circumstances which indicate that the threat is credible;
    b. Other crimes that are punishable by a sentence of imprisonment=20
of three years or more and that are transnational in nature;
    A crime is considered as transnational in nature in particular if:
    i. It is committed in more than one country;
    ii. It is committed in one country but a substantial part of its=20
preparation, planning, direction or control takes place in another=20
country;
    iii. It is committed in one country but involves an organized=20
criminal group that engages in criminal activities in more than one=20
country;
    iv. It is committed in one country but has substantial effects in=20
another country; or
    v. It is committed in one country and the offender is in or intends=20
to travel to another country;
    (2) on a case-by-case basis where necessary in view of a serious=20
threat and for the protection of vital interests of any individual or=20
if ordered by a court;
    (3) to identify persons who would be subject to closer questioning=20
or examination upon arrival to or departure from the United States or=20
who may require further examination.
    (4) for domestic law enforcement, judicial powers, or proceedings,=20
where violations of law or indications thereof are detected in the=20
course of the use and processing of PNR.
    PURPOSES OF ATS (EXCEPT for PNR):
    ATS uses all other data for purposes listed above as well as below:
    (a) To perform targeting of individuals who may pose a risk to=20
border security or public safety, may be a terrorist or suspected=20
terrorist, or may otherwise be engaged in activity in violation of U.S.=20
law;
    (b) To perform a risk-based assessment of conveyances and cargo to=20
focus CBP's resources for inspection and examination and enhance CBP's=20
ability to identify potential violations of U.S. law, possible=20
terrorist threats, and other threats to border security; and
    (c) To otherwise assist in the enforcement of the laws enforced or=20
administered by DHS, including those related to counterterrorism.

Routine uses of records maintained in the system, including categories=20
of users and the purposes of such uses:
    Information ingested into this system from another source system is=20
to be handled consistent with the published system of records notice=20
for the source system and will continue to be governed by the routine=20
uses for that source system. The routine uses below apply only to=20
records that are maintained as official records in ATS (i.e., records=20
which are maintained in ATS that are not covered by other originating=20
systems of record, including: PNR; Importer Security Filings; Cargo=20
Enforcement Exams; the combination of license plate, Department of=20
Motor Vehicle (DMV) registration data and biographical data associated=20
with a border crossing; law enforcement and/or intelligence data,=20
reports, and projects developed by CBP analysts that may include public=20
source information and/or classified information; and information=20
obtained through memoranda of understanding or other arrangements=20
because the information is relevant to the border security mission of=20
the Department). With respect to PNR, DHS only discloses information to=20
those authorities who intend to use the information consistent with the=20
purposes identified above, and have sufficient capability to protect=20
and safeguard the information. In addition to those disclosures=20
generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a=20
portion of the records or information contained in this system may be=20
disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3)=20
as follows:
    A. To the Department of Justice (including United States Attorney=20
Offices) or other federal agency conducting litigation or in=20
proceedings before any court, adjudicative or administrative body, when=20
it is necessary or relevant to the litigation and one of the following=20
is a party to the litigation or has an interest in such litigation:
    1. DHS or any component thereof;
    2. any employee of DHS in his/her official capacity;
    3. any employee of DHS in his/her individual capacity where DOJ or=20
DHS has agreed to represent the employee; or
    4. the United States or any agency thereof.
    B. To a congressional office from the record of an individual in=20
response to an inquiry from that congressional office made pursuant to=20
a written Privacy Act waiver at the request of the individual to whom=20
the record pertains.
    C. To the National Archives and Records Administration or General=20
Services Administration pursuant to records management inspections=20
being conducted under the authority of 44 U.S.C. 2904 and 2906.
    D. To an agency or organization for the purpose of performing audit=20
or oversight operations as authorized by law, but only such information=20
as is necessary and relevant to such audit or oversight function.
    E. To appropriate agencies, entities, and persons when:
    1. DHS suspects or has confirmed that the security or=20
confidentiality of information in the system of records has been=20
compromised;
    2. DHS has determined that as a result of the suspected or=20
confirmed compromise there is a risk of harm to economic or property=20
interests, of identity theft or fraud, or of harm to the security or=20
integrity of this system or of harm to other systems or programs=20
(whether maintained by DHS or another agency or entity) or harm to the=20
individuals that rely upon the compromised information; and
    3. The disclosure made to such agencies, entities, and persons is=20
reasonably necessary to assist in connection with DHS's efforts to=20
respond to the suspected or confirmed compromise and prevent, minimize,=20
or remedy such harm.
    F. To contractors and their agents, grantees, experts, consultants,=20
and others performing or working on a contract, service, grant,=20
cooperative agreement, or other assignment for the

[[Page 30302]]

federal government when necessary to accomplish an agency function=20
related to this system of records. Individuals provided information=20
under this routine use are subject to the same Privacy Act requirements=20
and limitations on disclosure as are applicable to DHS officers and=20
employees.
    G. To appropriate federal, state, tribal, local, or foreign=20
governmental agencies or multilateral governmental organizations=20
responsible for investigating or prosecuting the violations of, or for=20
enforcing or implementing, a statute, rule, regulation, order, or=20
license, where CBP believes the information would assist enforcement of=20
applicable civil or criminal laws;
    H. To federal and foreign government intelligence or=20
counterterrorism agencies or components where DHS becomes aware of an=20
indication of a threat or potential threat to national or international=20
security, or to assist in anti-terrorism efforts;
    I. To an organization or person in either the public or private=20
sector, either foreign or domestic, where there is a reason to believe=20
that the recipient is or could become the target of a particular=20
terrorist activity or conspiracy, or where the information is relevant=20
to the protection of life, property, or other vital interests of a=20
person;
    J. To appropriate federal, state, local, tribal, or foreign=20
governmental agencies or multilateral governmental organizations for=20
the purpose of protecting the vital interests of a data subject or=20
other persons, including to assist such agencies or organizations in=20
preventing exposure to or transmission of a communicable or=20
quarantinable disease or to combat other significant public health=20
threats; appropriate notice will be provided of any identified health=20
threat or risk;
    K. To a court, magistrate, or administrative tribunal in the course=20
of presenting evidence, including disclosures to opposing counsel or=20
witnesses in the course of civil discovery, litigation, or settlement=20
negotiations, or in response to a subpoena, or in connection with=20
criminal law proceedings;
    L. To third parties during the course of a law enforcement=20
investigation to the extent necessary to obtain information pertinent=20
to the investigation, provided disclosure is appropriate in the proper=20
performance of the official duties of the officer making the=20
disclosure;
    M. To appropriate federal, state, local, tribal, or foreign=20
governmental agencies or multilateral governmental organizations where=20
CBP is aware of a need to utilize relevant data for purposes of testing=20
new technology and systems designed to enhance ATS;
    N. To the news media and the public, with the approval of the Chief=20
Privacy Officer in consultation with counsel, when there exists a=20
legitimate public interest in the disclosure of the information or when=20
disclosure is necessary to preserve confidence in the integrity of DHS=20
or is necessary to demonstrate the accountability of DHS's officers,=20
employees, or individuals covered by the system, except to the extent=20
it is determined that release of the specific information in the=20
context of a particular case would constitute an unwarranted invasion=20
of personal privacy.

Disclosure to consumer reporting agencies:
    None.

Policies and practices for storing, retrieving, accessing, retaining,=20
and disposing of records in the system:
Storage:
    Records in this system are stored electronically or on paper in=20
secure facilities in a locked drawer behind a locked door. The records=20
are stored on magnetic disc, tape, digital media, and CD-ROM.

Retrievability:
    Records may be retrieved by any of the data elements described in=20
``Categories of Records,'' including by name or personal identifier=20
from an electronic database.

Safeguards:
    Records in this system are safeguarded in accordance with=20
applicable rules and policies, including all applicable DHS automated=20
systems security and access policies. Strict controls have been imposed=20
to minimize the risk of compromising the information that is being=20
stored. Access to the computer system containing the records in this=20
system is limited to those individuals who have a need to know the=20
information for the performance of their official duties and who have=20
appropriate clearances or permissions.

Retention and disposal:
    Official Records in this system (Passenger Name Records (PNR);=20
Importer Security Filings (10+2 documentation); results of Cargo=20
Enforcement Exams; the combination of license plate, Department of=20
Motor Vehicle registration data, and biographical data associated with=20
a border crossing; law enforcement and/or intelligence data, reports,=20
and projects developed by CBP analysts that may include public source=20
information and/or classified information; and information obtained=20
through memoranda of understanding or other arrangements because the=20
information is relevant to the border security mission of the=20
Department will be retained and disposed of in accordance with a=20
records schedule approved by the National Archives and Records=20
Administration on April 12, 2008. ATS collects information directly,=20
ingests information from various systems, and accesses other systems=20
without ingesting the data. To the extent information is ingested from=20
other systems, data is retained in ATS in accordance with the record=20
retention requirements of those systems, or the retention period for=20
ATS, whichever is shortest.
    The retention period for the official records maintained in ATS=20
will not exceed fifteen years, after which time the records will be=20
deleted, except as noted below. The retention period for PNR will be=20
subject to the following further access restrictions: ATS users with=20
PNR access will have access to PNR in an active database for up to five=20
years, during which time the PNR will be depersonalized following the=20
first six months retention. After this initial five-year retention, the=20
PNR data will be transferred to a dormant database for a period of up=20
to ten years. PNR data in dormant status will be subject to additional=20
controls including the requirement of obtaining access approval from a=20
senior DHS official designated by the Secretary of Homeland Security.=20
Furthermore, PNR in the dormant database may only be repersonalized in=20
connection with a law enforcement operation and only in response to an=20
identifiable case, threat, or risk. Such limited access and use for=20
older PNR strikes a reasonable balance between protecting this=20
information and allowing CBP to continue to identify potential high-
risk travelers. Notwithstanding the foregoing, information maintained=20
only in ATS that is linked to active law enforcement lookout records,=20
CBP matches to enforcement activities, and/or investigations or cases=20
(i.e., specific and credible threats; flights, individuals, and routes=20
of concern; or other defined sets of circumstances) will remain=20
accessible for the life of the law enforcement matter to support that=20
activity and other enforcement activities that may become related.
    The justification for a fifteen-year retention period for the=20
official records is based on CBP's law enforcement and security=20
functions at the border. This retention period is based on CBP's

[[Page 30303]]

historical encounters with suspected terrorists and other criminals, as=20
well as the broader expertise of the law enforcement and intelligence=20
communities. It is well known, for example, that potential terrorists=20
may make multiple visits to the United States in advance of performing=20
an attack. It is over the course of time and multiple visits that a=20
potential risk becomes clear. Travel records, including historical=20
records, are essential in assisting CBP Officers with their risk-based=20
assessment of travel indicators and identifying potential links between=20
known and previously unidentified terrorist facilitators. Analyzing=20
these records for these purposes allows CBP to continue to effectively=20
identify suspect travel patterns and irregularities.

System Manager and address:
    Executive Director, Automation and Targeting Division, Office of=20
Intelligence and Investigative Liaison, U.S. Customs and Border=20
Protection, and Director, Targeting and Analysis, Systems Program=20
Office, Office of Information and Technology, U.S. Customs and Border=20
Protection, both of whom are located at 1300 Pennsylvania Avenue NW.,=20
Washington, DC 20229.

Notification procedure:
    The Secretary of Homeland Security has exempted this system from=20
the notification, access, amendment, and certain accounting procedures=20
of the Privacy Act because it is a law enforcement system. These=20
exemptions also apply to the extent that information in this system of=20
records is recompiled or is created from information contained in other=20
systems of records with appropriate exemptions in place. To the extent=20
that a record is exempted in a source system, the exemption will=20
continue to apply. Despite the exemptions taken on this system of=20
records, CBP and DHS are not exempting the following records from the=20
access and amendment provisions of the Privacy Act: passenger name=20
records (PNR) collected by CBP pursuant to its statutory authority, 49=20
U.S.C. 44909, as implemented by 19 CFR 122.49d; Importer Security=20
Filing (10+2 documentation) information; and any records that were=20
ingested by ATS where the source system of records already provides=20
access and/or amendment under the Privacy Act. Individuals seeking=20
notification of and access to records contained in this system of=20
records, or seeking to contest its content, may submit a request in=20
writing to the Headquarters or CBP FOIA Officer, whose contact=20
information can be found at <A =
href=3D"http://www.dhs.gov/foi">http://www.dhs.gov/foi</A>a under =
``contacts.''=20
If an individual believes more than one component maintains Privacy Act=20
records concerning him or her the individual may submit the request to=20
the Chief Privacy Officer, Department of Homeland Security, 245 Murray=20
Drive SW., Building 410, STOP-0655, Washington, DC 20528.
    When seeking records about yourself from this system of records or=20
any other Departmental system of records your request must conform with=20
the Privacy Act regulations set forth in 6 CFR Part 5. You must first=20
verify your identity, meaning that you must provide your full name,=20
current address and date and place of birth. You must sign your=20
request, and your signature must either be notarized or submitted under=20
28 U.S.C. 1746, a law that permits statements to be made under penalty=20
of perjury as a substitute for notarization. While no specific form is=20
required, you may obtain forms for this purpose from the Director,=20
Disclosure and FOIA, <A =
href=3D"http://www.dhs.gov/">http://www.dhs.gov/</A> or 1-866-431-0486. =
In addition=20
you should provide the following:
    <BULLET> An explanation of why you believe the Department would=20
have information on you,
    <BULLET> Identify which component(s) of the Department you believe=20
may have the information about you,
    <BULLET> Specify when you believe the records would have been=20
created,
    <BULLET> Provide any other information that will help the FOIA=20
staff determine which DHS component agency may have responsive records,=20
and
    <BULLET> If your request is seeking records pertaining to another=20
living individual, you must include a statement from that individual=20
certifying his/her agreement for you to access his/her records.
    Without this bulleted information the component(s) may not be able=20
to conduct an effective search, and your request may be denied due to=20
lack of specificity or lack of compliance with applicable regulations.

Record access procedures:
    See ``Notification procedure'' above.

Contesting record procedures:
    See ``Notification procedure'' above.

Record source categories:
    Records are ingested from other DHS and federal systems, and from=20
foreign governments (in accordance with the terms of international=20
agreements and arrangements), including but not limited to ACE, ACS,=20
AES, APIS, BCI, CEAC (including Forms DS-160 and DS-260), ENFORCE,=20
ESTA, GES, NIIS, NSEERS, SEACATS, SEVIS, TECS, TSDB-WLS, Social=20
Security Administration's Death Master File, and WebIDENT,=20
Additionally, PNR is obtained from travel reservation systems of=20
commercial carriers. Information from Importer Security Filings is=20
received from importers and ocean carriers. Records are accessed from=20
BPETS, CCD, eGIS, NCIC, and Nlets. Also, the results of queries in the=20
FBI's Interstate Identification Index (III), the National Insurance=20
Crime Bureau's (NICB's) private database of stolen vehicles, and=20
commercial data aggregators are stored in ATS. Lastly, records are also=20
developed from analysis created by users as a result of their use of=20
the system.

Exemptions claimed for the system:
    Pursuant to 6 CFR Part 5, Appendix C, certain records and=20
information in this system are exempt from 5 U.S.C. 552a(c)(3) and (4);=20
(d)(1), (2), (3), and (4); (e)(1), (2), (3), (4)(G) through (I),=20
(e)(5), and (8); (f), and (g) of the Privacy Act pursuant to 5 U.S.C.=20
552a(j)(2). Additionally, the Secretary of Homeland Security has=20
exempted this system from the following provisions of the Privacy Act,=20
pursuant to 5 U.S.C. 552a (k)(1) and (k)(2): 5 U.S.C. 552a(c)(3);=20
(d)(1), (d)(2), (d)(3), and (d)(4); (e)(1), (e)(4)(G), (e)(4)(H),=20
(e)(4)(I); and (f).
    Despite the exemptions taken on this system of records, CBP and DHS=20
are not exempting the following records from the access and amendment=20
provisions of the Privacy Act: passenger name records (PNR) collected=20
by CBP pursuant to its statutory authority, 49 U.S.C. 44909, as=20
implemented by 19 CFR 122.49d; Importer Security Filing (10+2=20
documentation) information; and any records that were ingested by ATS=20
where the source system of records already provides access and/or=20
amendment under the Privacy Act. A traveler may obtain access to his or=20
her PNR, but records concerning the targeting rules, the responses to=20
rules, case events, law enforcement and/or intelligence data, reports,=20
and projects developed by CBP analysts that may include public source=20
information and/or classified information, information obtained through=20
memoranda of understanding or other arrangements because the=20
information is relevant to the border security mission of the=20
Department, or records exempted from access by the system from which=20
ATS

[[Page 30304]]

ingested or accessed the information will not be accessible to the=20
individual.

Mary Ellen Callahan,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2012-12396 Filed 5-21-12; 8:45 am]
BILLING CODE 9110-06-P


</PRE></BODY></HTML>
