Book Read Free

Advanced Criminal Investigations and Intelligence Operations

Page 64

by Unknown


  system, the project is responsible for establishing the existence of rea-

  sonable suspicion of criminal activity either through examination of

  supporting information submitted by a participating agency or by

  delegation of this responsibility to a properly trained participating

  agency, which is subject to routine inspection and audit procedures

  established by the project.

  (d) A project shall not include in any criminal intelligence system information that has been obtained in violation of any applicable federal,

  state, or local law or ordinance. In an interjurisdictional intelligence

  system, the project is responsible for establishing that no information

  is entered in violation of federal, state, or local laws, either through

  examination of supporting information submitted by a participating

  agency or by delegation of this responsibility to a properly trained

  participating agency, which is subject to routine inspection and audit

  procedures established by the project.

  Appendix D: Consumer and Credit Data Privacy Laws

  463

  (e) A project or authorized recipient shall disseminate criminal intel-

  ligence information only where there is a need to know and a right

  to know the information in the performance of a law enforcement

  activity.

  (f) (1) Except as noted in paragraph (f) (2) of this section, a project shall disseminate criminal intelligence information only to law

  enforcement authorities who shall agree to follow procedures

  regarding information receipt, maintenance, security, and dis-

  semination, which are consistent with these principles.

  (2) Paragraph (f) (1) of this section shall not limit the dissemina-

  tion of an assessment of criminal intelligence information to a

  government official or to any other individual, when necessary,

  to avoid imminent danger to life or property.

  (g) A project maintaining criminal intelligence information shall ensure that administrative, technical, and physical safeguards (including

  audit trails) are adopted to ensure against unauthorized access and

  against intentional or unintentional damage. A record indicating who

  has been given information, the reason for release of the information,

  and the date of each dissemination outside the project shall be kept.

  Information shall be labeled to indicate levels of sensitivity, levels of confidence, and the identity of submitting agencies and control officials. Each project must establish written definitions for the need to

  know and right to know standards for dissemination to other agencies

  as provided in paragraph (e) of this section. The project is responsible

  for establishing the existence of an inquirer’s need to know and right

  to know the information being requested either through inquiry or

  by delegation of this responsibility to a properly trained participating

  agency, which is subject to routine inspection and audit procedures

  established by the project. Each intelligence project shall assure that

  the following security requirements are implemented:

  (1) Where appropriate, projects must adopt effective and techno-

  logically advanced computer software and hardware designs to

  prevent unauthorized access to the information contained in

  the system.

  (2) The project must restrict access to its facilities, operating envi-

  ronment, and documentation to organizations and personnel

  authorized by the project.

  (3) The project must store information in the system in a manner

  such that it cannot be modified, destroyed, accessed, or purged

  without authorization.

  (4) The project must institute procedures to protect criminal intel i-

  gence information from unauthorized access, theft, sabotage, fire,

  flood, or other natural or manmade disaster.

  464

  Appendix D: Consumer and Credit Data Privacy Laws

  (5) The project must promulgate rules and regulations based on

  good cause for implementing its authority to screen, reject for

  employment, transfer, or remove personnel authorized to have

  direct access to the system.

  (6) A project may authorize and utilize remote (off-premises) sys-

  tem databases to the extent that they comply with these security

  requirements.

  (h) All projects shall adopt procedures to assure that all information,

  which is retained by a project, has relevancy and importance. Such

  procedures shall provide for the periodic review of information and

  the destruction of any information that is misleading, obsolete, or

  otherwise unreliable and shall require that any recipient agencies

  be advised of such changes, which involve errors or corrections. Al

  information retained as a result of this review must reflect the name

  of the reviewer, date of review, and explanation of decision to retain.

  Information retained in the system must be reviewed and validated

  for continuing compliance with system submission criteria before the

  expiration of its retention period, which in no event shall be longer

  than 5 years.

  (i) If funds awarded under the act are used to support the operation of

  an intelligence system, then

  (1) No project shall make direct remote terminal access to intel igence

  information available to system participants, except as specifical y

  approved by the Office of Justice Programs (OJP) based on a deter-

  mination that the system has adequate policies and procedures in

  place to ensure that it is accessible only to authorized system users

  (2) A project shall undertake no major modifications to system

  design without prior grantor agency approval

  (j) A project shall notify the grantor agency prior to initiation of formal information exchange procedures with any federal, state, regional,

  or other information systems not indicated in the grant documents

  as initially approved at time of award.

  (k) A project shall make assurances that there will be no purchase or use in the course of the project of any electronic, mechanical, or other

  device for surveil ance purposes that is in violation of the provisions

  of the Electronic Communications Privacy Act of 1986; Public Law

  99-508; 18 U.S.C. 2510-2520, 2701-2709, and 3121-3125; or any appli-

  cable state statute related to wiretapping and surveil ance.

  (l) A project shall make assurances that there will be no harassment or

  interference with any lawful political activities as part of the intel-

  ligence operation.

  (m) A project shall adopt sanctions for unauthorized access, utilization, or disclosure of information contained in the system.

  Appendix D: Consumer and Credit Data Privacy Laws

  465

  (n) A participating agency of an interjurisdictional intel igence system must maintain in its agency files information that documents each

  submission to the system and supports compliance with project entry

  criteria. Participating agency files supporting system submissions

  must be made available for reasonable audit and inspection by proj-

  ect representatives. Project representatives wil conduct participating

  agency inspection and audit in such a manner so as to protect the con-

  fidentiality and sensitivity of participating agency intel igence records.
r />   (o) The attorney general or designee may waive, in whole or in part, the applicability of a particular requirement or requirements contained in

  this part with respect to a criminal intelligence system, or for a class

  of submitters or users of such system, upon a clear and convincing

  showing that such waiver would enhance the collection, maintenance,

  or dissemination of information in the criminal intelligence system

  while ensuring that such system would not be utilized in violation of

  the privacy and constitutional rights of individuals or any applicable

  state or federal law.

  § 23.30 Funding Guidelines The following funding guidelines shall apply to all Crime Control Act–funded discretionary assistance awards

  and Bureau of Justice Assistance (BJA) formula grant program subgrants,

  the purpose of which is to support the operation of an intelligence system.

  Intelligence systems shall only be funded where a grantee/subgrantee agrees to adhere to the principles set forth previously and the project meets the following criteria:

  (a) The proposed collection and exchange of criminal intelligence infor-

  mation have been coordinated with and will support ongoing or

  proposed investigatory or prosecutorial activities relating to specific

  areas of criminal activity.

  (b) The areas of criminal activity for which intelligence information is to be utilized represent a significant and recognized threat to the population and

  (1) Are either undertaken for the purpose of seeking illegal power or

  profits or pose a threat to the life and property of citizens

  (2) Involve a significant degree of permanent criminal organization

  (3) Are not limited to one jurisdiction

  (c) The head of a government agency or an individual with general policymaking authority who has been expressly delegated such control and

  supervision by the head of the agency will retain control and super-

  vision of information collection and dissemination for the criminal

  intelligence system. This official shall certify in writing that he or

  she takes full responsibility and will be accountable for the informa-

  tion maintained by and disseminated from the system and that the

  466

  Appendix D: Consumer and Credit Data Privacy Laws

  operation of the system will be in compliance with the principles set

  forth in § 23.20.

  (d) Where the system is an interjurisdictional criminal intelligence system, the governmental agency, which exercises control and supervi-

  sion over the operation of the system, shall require that the head of

  that agency or an individual with general policy-making authority

  who has been expressly delegated such control and supervision by

  the head of the agency

  (1) Assume official responsibility and accountability for actions

  taken in the name of the joint entity

  (2) Certify in writing that the official takes full responsibility and

  will be accountable for ensuring that the information transmit-

  ted to the interjurisdictional system or to participating agencies

  will be in compliance with the principles set forth in § 23.20

  The principles set forth in § 23.20 shall be made part of the by-laws or

  operating procedures for that system. Each participating agency, as a

  condition of participation, must accept in writing those principles that

  govern the submission, maintenance, and dissemination of informa-

  tion included as part of the interjurisdictional system.

  (e) Intelligence information will be collected, maintained, and dissemi-

  nated primarily for state and local law enforcement efforts, including

  efforts involving federal participation.

  § 23.40 Monitoring and Auditing of Grants for the Funding of Intel igence Systems

  (a) Awards for the funding of intel igence systems will receive specialized monitoring and audit in accordance with a plan designed to ensure

  compliance with operating principles as set forth in § 23.20. The plan

  shall be approved prior to award of funds.

  (b) All such awards shall be subject to a special condition requiring

  compliance with the principles set forth in § 23.20.

  (c) An annual notice will be published by OJP that will indicate the existence and the objective of all systems for the continuing interjuris-

  dictional exchange of criminal intel igence information, which are

  subject to the 28 C.F.R. Part 23 Criminal Intel igence Systems Policies.

  Laurie Robinson, Acting Assistant Attorney General, Office of Justice

  Programs (FR Doc. 93-22614 Filed 9-15-93; 8:45 a.m.) Criminal Intelligence Sharing Systems; Policy Clarification [Federal Register: December 30, 1998

  (Volume 63, Number 250)] [Pages 71752–71753] from the Federal Register

  online via GPO access [wais.access.gpo.gov], Department of Justice, 28

  C.F.R. Part 23 [OJP(BJA)-1177B] RIN 1121-ZB40.

  Appendix D: Consumer and Credit Data Privacy Laws

  467

  1993 Revision and Commentary

  28 C.F.R. Part 23 Final Revision to the Office of Justice Programs,

  Criminal Intelligence Systems Operating Policies

  --------------------------------------

  Agency: OJP, Justice

  Action: Final rule

  Summary: The regulation governing criminal intelligence systems operating through support under Title I of the Omnibus Crime Control and Safe

  Streets Act of 1968, as amended, is being revised to update basic authority citations and nomenclature, to clarify the applicability of the regulation, to define terms, and to modify a number of the regulation’s operating policies and funding guidelines.

  Effective date: September 16, 1993

  For further information, contact: Paul Kendall, Esquire, General Counsel, Office of Justice Programs, 633 Indiana Ave., NW, Suite 1245-E, Washington, DC, 20531, Telephone (202) 307-6235.

  Supplementary information: The rule, which this rule supersedes, had been in effect and unchanged since September 17, 1980. A notice of

  proposed rulemaking for 28 C.F.R. Part 23 was published in the Federal Register on February 27, 1992 (57 FR 6691). The statutory authorities for this regulation are Section 801(a) and Section 812(c) of Title I of the Omnibus Crime Control and Safe Streets Act of 1968, as amended, the

  Act, 42 U.S.C. 3782(a) and 3789g(c). 42 U.S.C. 3789g (c) and (d) provide

  as follows:

  Confidentiality of Information

  Section 812

  (c) All criminal intel igence systems operating through support under

  this title shall col ect, maintain, and disseminate criminal intel igence information in conformance with policy standards, which are prescribed by the OJP and which are written to assure that the funding

  and operation of these systems further the purpose of this title and to

  assure that such systems are not utilized in violation of the privacy and constitutional rights of individuals.

  (d) Any person violating the provisions of this section, or of any rule, regulation, or order issued thereunder, shall be fined not to exceed

  $10,000, in addition to any other penalty imposed by law.

  468

  Appendix D: Consumer and Credit Data Privacy Laws

  This statutory provision and its implementing regulation apply to intel-

  ligence systems funded under Title I of the act, whether the system is

  operated by a single law enforcement agency, is an interjurisdictional intelligence system, is funded with discretionary grant funds, or is funded by a state with formula grant funds awarded under the act’s Drug Contro
l and

  System Improvement Grant Program pursuant to part E, subpart 1 of the

  act, 42 U.S.C. 3751-3759. The need for change to 28 C.F.R. Part 23 grew

  out of the program experience of the OJP and its component agency, the

  BJA, with the regulation and the changing and expanding law enforcement

  agency need to respond to criminal mobility, the national drug program,

  the increased complexity of criminal networks and conspiracies, and the

  limited funding available to state and local law enforcement agencies. In addition, law enforcement’s capability to perform intelligence database and analytical functions has been enhanced by technological advancements and

  sophisticated analytical techniques.

  28 C.F.R. Part 23 governs the basic requirements of the intelligence system process. The process includes

  1. Information submission or collection

  2. Secure storage

  3. Inquiry and search capability

  4. Controlled dissemination

  5. Purge and review process

  Information systems that receive, store, and disseminate information on individuals or organizations based on reasonable suspicion of their involvement in criminal activity are criminal intelligence systems under the regulation.

  The definition includes both systems that store detailed intelligence or investigative information on the suspected criminal activities of subjects and those that store only information designed to identify individuals or organizations that are the subject of an inquiry or analysis (a so-called pointer system). It does not include criminal history record information (CHRI) or identification (fingerprint) systems. There are nine significant areas of change to the regulation:

  (1) Nomenclature changes (authority citations, organizational names)

  are included to bring the regulation up to date.

  (2) Definitions of terms (28 C.F.R. 23.3(b)) are modified or added as

  appropriate. The term intel igence system is redefined to clarify the fact that historical telephone toll files, analytical information, and

  work products that are not either retained, stored, or exchanged

  and CHRI or identification (fingerprint) systems are excluded from

  the definition and hence are not covered by the regulation; the terms

 

‹ Prev