28 CFR Part 23

[OJP (BJA)-1177]
RIN 1121-ZB14

Criminal Intelligence Sharing Systems; Policy Clarification

AGENCY: Bureau of Justice Assistance (BJA), Office of Justice Programs 
(OJP), Justice.

ACTION: Proposed clarification of policy.


SUMMARY: The current policy governing the entry of identifying 
information into criminal intelligence sharing systems requires 
clarification. This policy clarification is to make clear that the 
entry of individuals, entities and organizations, and locations that do 
not otherwise meet the requirements of reasonable suspicion is 
appropriate when it is done solely for the purposes of criminal 
identification or is germane to the criminal subject's criminal 
activity. Further, the definition of ``criminal intelligence system'' 
is clarified. While this clarification is not a rulemaking for the 
purposes of the Administrative Procedure Act, 5 U.S.C. 553, BJA is of 
the opinion that this clarification is significant enough to warrant 
public comment.

DATES: Public comment is due by September 18, 1998. Comments may be 
faxed to (202) 307-1419, e-mailed to ``fisheral@ojp.usdoj.gov,'' or 
mailed to the Office of the General Counsel, 810 7th Street NW, 
Washington, DC, 20531.

FOR FURTHER INFORMATION CONTACT: Paul Kendall, General Counsel, Office 
of Justice Programs, 810 7th Street NW, Washington, DC 20531, (202) 

SUPPLEMENTARY INFORMATION: The operation of criminal intelligence 
information systems is governed by 28 CFR Part 23. This regulation was 
written to both protect the privacy rights of individuals and to 
encourage and expedite the exchange of criminal intelligence 
information between and among law enforcement agencies of different 
jurisdictions. Frequent interpretations of the regulation, in the form 
of policy guidance and correspondence, have been the primary method of 
ensuring that advances in technology did not hamper its effectiveness.

Use of Identifying Information

    28 CFR 23.3(b)(3) states that criminal intelligence information 
that can be put into a criminal intelligence sharing system is 
``information relevant to the identification of and the criminal 
activity engaged in by an individual who or organization which is 
reasonably suspected of involvement in criminal activity, and * * * 
[m]eets criminal intelligence system submission criteria.'' Further, 28 
CFR 23.20(a) states that a system shall only collect information on an 
individual if ``there is reasonable suspicion that the individual is 
involved in criminal conduct or activity and the information is 
relevant to that criminal conduct or activity.'' 28 CFR 23.20(b) 
extends that limitation to collecting information on groups and 
corporate entities.

    In an effort to protect individuals and organizations from the 
possible taint of having their names in intelligence systems (as 
defined at 28 CFR § 23.3(b)(1)), the Office of Justice Programs has 
previously interpreted this section to allow information to be placed 
in a system only if that information independently meets the 
requirements of the regulation. Information that might be vital to 
identifying potential criminals, such as favored locations and 
companions, or names of family members, has been excluded from the 
systems. This policy has hampered the effectiveness of many criminal 
intelligence sharing systems.

    Given the swiftly changing nature of modern technology and the 
expansion of the size and complexity of criminal organizations, the 
Bureau of Justice Assistance (BJA) has determined that it is necessary 
to clarify this element of 28 CFR Part 23. Many criminal intelligence 
databases are now employing ``Comment'' or ``Modus Operandi'' fields 
whose value would be greatly enhanced by the ability to store more 
detailed and wide-ranging identifying information. This may include 
names and limited data about people and organizations that are not 
suspected of any criminal activity or involvement, but merely aid in 
the identification and investigation of a criminal suspect who 
independently satisfies the reasonable suspicion standard.

    Therefore, BJA issues the following clarification to the rules 
applying to the use of identifying information. Information that is 
relevant to the identification of a criminal suspect or to the criminal 
activity in which the suspect is engaged may be placed in a criminal 
intelligence database, provided that (1) appropriate disclaimers 
accompany the information noting that is strictly identifying 
information, carrying no criminal connotations; (2) the identifying 
information may not be used as an independent basis to target a subject 
for investigation or to establish reasonable suspicion of involvement 
in criminal activity; and (3) the individual who is the criminal 
suspect identified by this information otherwise meets all requirements 
of 28 CFR Part 23. This information may be a searchable field in the 
intelligence system.

    For example: A person reasonably suspected of being a drug dealer 
is known to conduct his criminal activities at the fictional 
``Northwest Market.'' An agency may wish to note this information in a 
criminal intelligence database, as it may be important to future 
identification of the suspect. Under the previous interpretation of the 
regulation, the entry of ``Northwest Market'' would not be permitted, 
because there was no reasonable suspicion that the ``Northwest Market'' 
was a criminal organization. Given the current clarification of the 
regulation, this will be permissible, provided that the information 
regarding the ``Northwest Market'' was clearly noted to be non-criminal 
in nature. For example, the data field that ``Northwest Market'' was 
entered in could be marked ``Non-Criminal Identifying Information,'' or 
the words ``Northwest Market'' could be followed by a parenthetical 
comment such as ``This organization has been entered into the system 
for identification purposes only--it is not suspected of any criminal 
activity or involvement.'' ``Northwest Market'' could not become the 
target of an investigation solely on the basis of the information 
provided in the comment field on the suspected drug dealer. Independent 
information would have to be obtained as a basis for the opening of an 
investigative file or the submission of intelligence information, based 
on reasonable suspicion, on ``Northwest Market.'' Further, the fact 
that other individuals frequent ``Northwest Market'' would not provide 
a reasonable suspicion determination for those other individuals.

The Definition of a ``Criminal Intelligence System''

    The definition of a ``criminal intelligence system'' is given in 28 
CFR 23.3(b)(1) as the ``arrangements, equipment, facilities, and 
procedures used for the receipt, storage, interagency exchange or 
dissemination, and analysis of criminal intelligence information . . . 
.'' Given the fact that cross-database searching techniques are now 
common-place, and given the fact that multiple databases may be 
contained on the same computer system, BJA has determined that this 
definition needs clarification, specifically to differentiate between 
criminal intelligence systems and non-intelligence systems.

    The comments to the 1993 revision of 28 CFR Part 23 noted that 
``[t]he term `intelligence system' is redefined to clarify the fact 
that historical telephone toll files, analytical information, and work 
products that are not either retained, stored, or exchanged and 
criminal history record information or identification (fingerprint) 
systems are excluded from the definition, and hence are not covered by 
the regulation * * *.'' 58 FR 48448-48449 (Sept. 16, 1993.) The 
comments further noted that materials that ``may assist an agency to 
produce investigative or other information for an intelligence system * 
* *'' do not necessarily fall under the regulation. Id.

    The above rationale for the exclusion of non-intelligence 
information sources from the definition of ``criminal intelligence 
system,'' suggests now that, given the availability of more modern non-
intelligence information sources such as the Internet, newspapers, 
motor vehicle administration records, and other public record 
information on-line, such sources shall not be considered part of 
criminal intelligence systems, and shall not be covered by this 
regulation, even if criminal intelligence systems access such sources 
during searches on criminal suspects. Therefore, criminal intelligence 
systems may conduct searches across the spectrum of non-intelligence 
systems without those systems being brought under 28 CFR Part 23. There 
is also no limitation on such non-intelligence information being stored 
on the same computer system as criminal intelligence information, 
provided that sufficient precautions are in place to separate the two 
types of information and to make it clear to operators and users of the 
information that two different types of information are being accessed. 
Such precautions should be consistent with the above clarification of 
the rule governing the use of identifying information. This could be 
accomplished, for example, through the use of multiple windows, 
differing colors of data or clear labeling of the nature of information 

    Additional guidelines will be issued to provide details of the 
above clarifications as needed.

Richard H. Ward, III,

Director, Bureau of Justice Assistance.

[FR Doc. 98-19092 Filed 7-17-98; 8:45 am]