--- Date: Mon, 31 Mar 2003 17:55:58 -0500 To: Declan McCullagh <declanat_private> From: Marc Rotenberg <rotenbergat_private> Subject: SIGN-ON LETTER: Require Accuracy for NCIC Declan - Could you please forward to politech? Marc. (Please forward until April 6, 2003) --------------------------------------------------------------------- JOINT LETTER AND ONLINE PETITION Require Accuracy for Nation's Largest Criminal Justice Database [www.epic.org/actions/ncic/] --------------------------------------------------------------------- - Support Needed for Letter Concerning Accuracy Requirements for National Crime Information Center record system (NCIC) - Organizations are asked to sign joint letter to OMB by April 7. Send email to ncic-petitionat_private - Individuals may sign petition online at: http://www.petitiononline.com/ncic/petition.html CONTENTS [1] Summary - Require Accuracy for NCIC [2] Joint Letter for Organizations [3] Online Petition for Individuals [4] References - DOJ Information on NCIC --------------------------------------------------------------------- [1] SUMMARY --------------------------------------------------------------------- Last week the Justice Department administratively discharged the FBI of its statutory duty to ensure the accuracy and completeness of the over 39 million criminal records it maintains in its National Crime Information Center (NCIC) database. This action poses significant risks to privacy and effective law enforcement. The NCIC system provides over 80,000 law enforcement agencies with access to data on wanted persons, missing persons, gang members, as well as information about stolen cars, boats, and other information. The Privacy Act of 1974 requires the FBI to make reasonable efforts to ensure the accuracy and completeness of the records in the NCIC system. Now, the Justice Department has exempted the system from the accuracy requirements of this important law. We believe it is particularly important to ensure that Privacy Act obligations are applied to government record systems as the government considers dramatic expansion of record-keeping systems and the incorporation of private sector databases that are frequently inaccurate and unreliable. ORGANIZATIONS: Please send email to ncic-petitionat_private with - Name - Title - Affiliation - Email and phone numbers The deadline for signing on is Thursday, April 7, 2003 by 6 p.m. INDIVIDUALS: To sign on, go to http://www.petitiononline.com/ncic/petition.html The NCIC is a critical database in the federal government. The Privacy Act data quality obligations should be preserved. Marc Rotenberg, EPIC Executive Director Kerry Smith, EPIC IPIOP Fellow --------------------------------------------------------------------- [2] JOINT LETTER - --------------------------------------------------------------------- Mitchell E. Daniels, Jr. Director, Office of Management and Budget 725 17th Street, NW Washington, D.C. 20503 Dear Mr. Daniels: We are writing to request that the OMB exercise its oversight responsibilities under 5 U.S.C. §552 by reviewing and revising the FBI's recent rule exempting the National Crime Information Center (NCIC) system from the accuracy requirements of the Privacy Act of 1974. [1] The NCIC database provides over 80,000 law enforcement agencies with access to a computerized network of more than 39 million records regarding criminal activity. For the past thirty years, the FBI has operated the NCIC database with the Privacy Act accuracy requirement in place. The relevant provision requires that any agency that maintains a system of records, "maintain all records which are used by the agency in making any determination about any individual with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to assure fairness to the individuals in the determination." [2] Circumventing that statutory obligation poses significant risks not only for citizens whose record files may be part of this data system, but also for communities that rely on law enforcement to employ effective, reliable tools for ensuring public safety. Accordingly, the OMB should request that the FBI continue to follow the obligations of the Privacy Act. The NCIC database was first established by the FBI, under the direction of J. Edgar Hoover, in 1967. The purpose for maintaining the system is to facilitate the quick exchange of information about crimes and criminal activities between various law enforcement agencies. The FBI recently spent $182 million to modernize the data system. It now provides law enforcement agencies with instant access to fingerprinting and mugshot images. It also continues to include information on stolen vehicles and other articles; persons with outstanding felony and misdemeanor warrants; missing persons; suspected gang members; suspected terrorists; and individuals' arrest records. NCIC is used by a broad range of criminal justice agencies, from top federal law enforcement officials to municipal police. During its first year of implementation, approximately 2 million inquiries were processed. Since then, its use has grown significantly. In March 2002, the FBI set a new record for inquiries processed in one day, responding to 3,295,587 requests. On average, there are 2.8 million transaction processed each day, with an average response time of 0.16 second. As a result, any error in the NCIC database can spread across the country in less than a second. [3] Several well publicized incidents demonstrated the consequences of inaccurate and incomplete information in the NCIC. In one case, a Los Angeles man was arrested five times, three at gun point, due to an error in the NCIC. [4] In another, a Phoenix resident, who was pulled over for driving the wrong way down a one-way street, was arrested after an NCIC inquiry erroneously revealed an outstanding misdemeanor arrest warrant that had been quashed weeks earlier. [5] These incidents, and others like it, reveal the potential harms that individual citizens may face if the records in the NCIC database are not accurate. These incidents demonstrate that the FBI should work to improve the accuracy of this system of records, rather than administratively exempt itself of this important duty. Indeed, one of the major purposes behind the enactment of the Privacy Act was to guard against these harms by establishing standards for the quality of data the government collects about individuals. In passing the Act, Congress found that "the opportunities for an individual to secure employment, insurance, and credit, and his rights to due process, and other legal protections are endangered by the misuse of certain information systems," and therefore "it is necessary and proper for the Congress to regulate the collection, maintenance, use and dissemination of information by such agencies." [6] To that end, Congress passed the Act to ensure, among other things, that any information held in government would be "current and accurate for its intended use." [7] Since the passage of the Privacy Act thirty years ago, there has been general agreement that the FBI would go forward with the NCIC database, provided that it comply with the Act’s obligations. Now, the FBI effectively seeks to sever that agreement, suddenly asserting that "it is impossible to determine in advance what information is accurate, relevant, timely and complete." [8] This is a sharp, historical departure. The Privacy Act should continue to operate for this important set of records. The obligations of the Privacy Act are important not only for the individuals who may have records in the NCIC database, but also for the effectiveness of the data system itself as a law enforcement tool. In Arizona v. Evans, the Supreme Court held that the Fourth Amendment's exclusionary rule did not require the suppression of evidence obtained during an arrest that was based upon false information in the NCIC database. Justice O'Connor, writing in concurrence, asserted that it would be unreasonable, however, for a police department to depend upon a record keeping system that has no accuracy safeguards and routinely leads to false arrests. [9] She said that if the police blindly relied on a data system without adequate mechanisms to ensure its accuracy, then courts could prohibit the use of any evidence obtained in an arrest resulting from erroneous information in the database. In the case before the Court, O'Connor believed that the police department's reliance on NCIC was reasonable. Nevertheless, she indicated that if procedures were not in place to help ensure the accuracy of the data, evidence collected during those arrests could be suppressed. Her concurrence underscores how the Privacy Act's data quality requirements serve as an important mechanism for ensuring the legitimate, effective use of the NCIC database for law enforcement activities. The FBI's unilateral decision to exempt this data system from the accuracy obligations of the Privacy Act puts criminal justice agencies at risk of unreasonably relying on inaccurate, incomplete information. Given the risks inaccurate NCIC data poses to both individual citizens and law enforcement agencies, the F.B.I. should continue to comply with the obligations of the Privacy Act. We ask that the OMB evaluate the effect of the FBI's rule on the rights of individuals, pursuant to 5 U.S.C. §552a(r), and request that the FBI rescind its decision to exempt the NCIC database from the obligations of the Privacy Act. Sincerely, cc. The Honorable Susan M. Collins, Chair, Senate Governmental Affairs Committee The Honorable Joseph I. Lieberman, Ranking Member, Senate Governmental Affairs Committee The Honorable Thomas M. Davis, Chair, House Government Reform Committee The Honorable Henry A. Waxman, Ranking Member, House Government Reform Committee [1] This final rule also exempts the Central Records System and National Center for the Analysis of Violent Crime systems from accuracy requirements of the Privacy Act. Privacy Act of 1974; Implementation, 68 Fed. Reg. 14140 (Mar. 24, 2003) (to be codified as 28 C.F.R. pt. 16). [2] 5 U.S.C. §552a(e)(5). [3] See Arizona v. Evans, 514 U.S. 1, 28 (1995) (Ginsburg, J., dissenting). [4] See Rogan v. Los Angeles, 668 F. Supp. 1384 (C.D. Cal. 1987). [5] See Arizona v. Evans, 514 U.S. 1 (1995). [6] Congressional Findings and Statement of Purpose, Pub. L. No. 98-21, §2(a)(3) & (5) (1974) [7] Id. at §2(b)(4). [8] 68 Fed. Reg. at 14140. [9] See Evans, 514 U.S. at 16-17. --------------------------------------------------------------------- [3] ONLINE PETITION - --------------------------------------------------------------------- Mitchell E. Daniels, Jr. Director, Office of Management and Budget 725 17th Street, NW Washington, D.C. 20503 Dear Mr. Daniels: We strongly oppose the Justice Department's recent decision to lift the Privacy Act requirement that the FBI ensure the accuracy and completeness of the over 39 million criminal records it maintains in its National Crime Information Center (NCIC) database. This action poses significant risks to both privacy and effective law enforcement. Over 80,000 law enforcement agencies have access to the NCIC system. The database includes records on wanted persons, missing persons, gang members, citizen arrest records, as well as information about stolen cars, boats, and other information. The Privacy Act of 1974 requires the FBI to make reasonable efforts to ensure the accuracy and completeness of the records in the NCIC system. Now, the Justice Department has exempted the system from the accuracy requirements of this important law. There have been several well publicized cases of innocent persons being subject to false arrest due to inaccurate information in the NCIC system. The Supreme Court has also expressed concern about reliance on inaccurate records in the NCIC. We believe it is particularly important to ensure that Privacy Act obligations are applied to government record systems as the government considers dramatic expansion of record-keeping systems and the incorporation of private sector databases that are frequently inaccurate and unreliable. The FBI should work to improve the accuracy and accuracy of the NCIC, rather than exempt itself from its well established legal obligations. We urge the OMB to exercise its oversight responsibility and require the Justice Department to comply with the Privacy Act obligations for the NCIC. The Privacy Act should continue to govern the maintenance and use of this important law enforcement database. Sincerely, [Individuals] --------------------------------------------------------------------- [4] REFERENCES --------------------------------------------------------------------- DOJ Information on NCIC: The FBI National Crime Information Center (NCIC) 2000 http://www.fbi.gov/hq/cjisd/ncic.htm FBI Announces the Implementation of NCIC 2000, July 15, 1999 http://www.fbi.gov/pressrel/pressrel99/ncic2000.htm NCIC and the Freedom of Information Act http://foia.fbi.gov/ncic552.htm U.S. Department of Justice, NCIC 2000 Newsletters http://permanent.access.gpo.gov/lps3213/pdinfo.htm The Investigator, National Crime Information Center: 30 Years on the Beat, Dec. 1996-1997 Issue, available at the FBI Library http://permanent.access.gpo.gov/lps3213/ncicinv.htm U.S. Department of Justice, Use and Management of Criminal History Record Information: A Comprehensive Report, 1993. http://www.ojp.gov/bjs/pub/pdf/cchuse.pdf Additional Information on NCIC: Federation of American Scientists, NCIC Information http://www.fas.org/irp/agency/doj/fbi/is/ncic.htm The Associated Press, Justice Department Lifts FBI Database Limits http://abcnews.go.com/wire/Politics/ap20030324_2121.html --------------------------------------------------------------------- ------------------------------------------------------------------------- POLITECH evening reception in New York City at 7 pm, April 1, 2003 at CFP: http://www.politechbot.com/events/cfp2003/ ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ Like Politech? Make a donation here: http://www.politechbot.com/donate/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Apr 01 2003 - 09:47:26 PST