Effective Date: December 30, 1998

[Federal Register: December 30, 1998 (Volume 63, Number 250)] [Page 71752-71753] From the Federal Register Online via GPO Access [wais.access.gpo.gov]

28 CFR Part 23[OJP(BJA)-1177B] RIN 1121-ZB40

Criminal Intelligence Sharing Systems; Policy Clarification

AGENCY: Bureau of Justice Assistance
, Office of Justice Programs
, Justice.

ACTION: Clarification of policy.

SUMMARY: The current policy governing the entry of identifying information into
criminal intelligence sharing systems requires clarification. This policy clarification is
to make clear that the entry of individuals, entities and organizations, and locations
that do not otherwise meet the requirements of reasonable suspicion is appropriate when it
is done solely for the purposes of criminal identification or is germane to the criminal
subject’s criminal activity. Further, the definition of “criminal intelligence
system” is clarified.

EFFECTIVE DATE: This clarification is effective December 30, 1998.

FOR FURTHER INFORMATION CONTACT: Paul Kendall, General Counsel, Office of Justice
Programs, 810 7th Street N.W., Washington, DC 20531, (202) 307-6235.

SUPPLEMENTARY INFORMATION: The operation of criminal intelligence information systems
is governed by 28 CFR Part 23. This regulation was written to both protect the privacy
rights of individuals and to encourage and expedite the exchange of criminal intelligence
information between and among law enforcement agencies of different jurisdictions.
Frequent interpretations of the regulation, in the form of policy guidance and
correspondence, have been the primary method of ensuring that advances in technology did
not hamper its effectiveness. 


The clarification was opened to public comment. Comments expressing unreserved support
for the clarification were received from two Regional Intelligence Sharing Systems

and five states. A comment from the Chairperson of a RISS, relating to the use of
identifying information to begin new investigations, has been incorporated. A single
negative comment was received, but was not addressed to the subject of this clarification.

Use of Identifying Information

28 CFR 23.3(b)(3) states that criminal intelligence information that can be put into a
criminal intelligence sharing system is “information relevant to the identification
of and the criminal activity engaged in by an individual who or organization which is
reasonably suspected of involvement in criminal activity, and *** [m]eets criminal
intelligence system submission criteria.” Further, 28 CFR 23.20(a) states that a
system shall only collect information on an individual if “there is reasonable
suspicion that the individual is involved in criminal conduct or activity and the
information is relevant to that criminal conduct or activity.” 28 CFR 23.20(b)
extends that limitation to

[[Page 71753]]

collecting information on groups and corporate entities.

In an effort to protect individuals and organizations from the possible taint of having
their names in intelligence systems (as defined at 28 C.F.R. Sec. 23.3(b)(1)), the Office
of Justice Programs has previously interpreted this section to allow information to be
placed in a system only if that information independently meets the requirements of the
regulation. Information that might be vital to identifying potential criminals, such as
favored locations and companions, or names of family members, has been excluded from the
systems. This policy has hampered the effectiveness of many criminal intelligence sharing

Given the swiftly changing nature of modern technology and the expansion of the size
and complexity of criminal organizations, the Bureau of Justice Assistance (BJA) has
determined that it is necessary to clarify this element of 28 CFR Part 23. Many criminal
intelligence databases are now employing “Comment” or “Modus Operandi”
fields whose value would be greatly enhanced by the ability to store more detailed and
wide-ranging identifying information. This may include names and limited data about people
and organizations that are not suspected of any criminal activity or involvement, but
merely aid in the identification and investigation of a criminal suspect who independently
satisfies the reasonable suspicion standard.

Therefore, BJA issues the following clarification to the rules applying to the use of
identifying information. Information that is relevant to the identification of a criminal
suspect or to the criminal activity in which the suspect is engaged may be placed in a
criminal intelligence database, provided that (1) appropriate disclaimers accompany the
information noting that is strictly identifying information, carrying no criminal
connotations; (2) identifying information may not be used as an independent basis to meet
the requirement of reasonable suspicion of involvement in criminal activity necessary to
create a record or file in a criminal intelligence system; and (3) the individual who is
the criminal suspect identified by this information otherwise meets all requirements of 28
CFR Part 23. This information may be a searchable field in the intelligence system.

For example: A person reasonably suspected of being a drug dealer is known to conduct
his criminal activities at the fictional “Northwest Market.” An agency may wish
to note this information in a criminal intelligence database, as it may be important to
future identification of the suspect. Under the previous interpretation of the regulation,
the entry of “Northwest Market” would not be permitted, because there was no
reasonable suspicion that the “Northwest Market” was a criminal organization.
Given the current clarification of the regulation, this will be permissible, provided that
the information regarding the “Northwest Market” was clearly noted to be
non-criminal in nature. For example, the data field in which “Northwest Market”
was entered could be marked “Non-Criminal Identifying Information,” or the words
“Northwest Market” could be followed by a parenthetical comment such as
“This organization has been entered into the system for identification purposes
only—it is not suspected of any criminal activity or involvement.” A criminal
intelligence system record or file could not be created for “Northwest Market”
solely on the basis of information provided, for example, in a comment field on the
suspected drug dealer. Independent information would have to be obtained as a basis for
the opening of a new criminal intelligence file or record based on reasonable suspicion on
“Northwest Market.” Further, the fact that other individuals frequent
“Northwest Market” would not necessarily establish reasonable suspicion for
those other individuals, as it relates to criminal intelligence systems.

The Definition of a “Criminal Intelligence System”

The definition of a “criminal intelligence system” is given in 28 CFR
23.3(b)(1) as the “arrangements, equipment, facilities, and procedures used for the
receipt, storage, interagency exchange or dissemination, and analysis of criminal
intelligence information ***.” Given the fact that cross-database searching
techniques are now common-place, and given the fact that multiple databases may be
contained on the same computer system, BJA has determined that this definition needs
clarification, specifically to differentiate between criminal intelligence systems and
non-intelligence systems.

The comments to the 1993 revision of 28 CFR Part 23 noted that “[t]he term
‘intelligence system’ is redefined to clarify the fact that historical telephone
toll files, analytical information, and work products that are not either retained,
stored, or exchanged and criminal history record information or identification
(fingerprint) systems are excluded from the definition, and hence are not covered by the
regulation ***.” 58 FR 48448-48449 (Sept. 16, 1993.) The comments further noted that
materials that “may assist an agency to produce investigative or other information
for an intelligence system ***” do not necessarily fall under the regulation. Id.

The above rationale for the exclusion of non-intelligence information sources from the
definition of “criminal intelligence system,” suggests now that, given the
availability of more modern non-intelligence information sources such as the Internet,
newspapers, motor vehicle administration records, and other public record information
on-line, such sources shall not be considered part of criminal intelligence systems, and
shall not be covered by this regulation, even if criminal intelligence systems access such
sources during searches on criminal suspects. Therefore, criminal intelligence systems may
conduct searches across the spectrum of non-intelligence systems without those systems
being brought under 28 CFR Part 23. There is also no limitation on such non-intelligence
information being stored on the same computer system as criminal intelligence information,
provided that sufficient precautions are in place to separate the two types of information
and to make it clear to operators and users of the information that two different types of
information are being accessed.

Such precautions should be consistent with the above clarification of the rule
governing the use of identifying information. This could be accomplished, for example,
through the use of multiple windows, differing colors of data or clear labeling of the
nature of information displayed

Additional guidelines will be issued to provide details of the above clarifications as

Dated: December 22, 1998.

Nancy Gist
Director, Bureau of Justice Assistance
[FR Doc. 98-34547 Filed 12-29-98; 8:45 am] BILLING CODE 4410-18-P