Federal Bureau of Investigation, Department of Justice.
The United States Department of Justice (“DOJ” or “the Department”) is publishing a final rule amending the Start Printed Page 6471DOJ regulation implementing the National Instant Criminal Background Check System (“NICS”) pursuant to the Brady Handgun Violence Prevention Act (“Brady Act”): to establish a reduced retention period of 90 days for information relating to allowed firearm transfers in the system transaction log of background check transactions (“NICS Audit Log”), to clarify that only the FBI has direct access to the NICS Audit Log, and to clarify that, in furtherance of the purpose of auditing the use and performance of the NICS, the FBI may extract and provide information from the NICS Audit Log to the Bureau of Alcohol, Tobacco and Firearms (“ATF”) for use in ATF's inspections of Federal Firearms Licensee (“FFL”) records, provided that ATF destroys the NICS Audit Log information about allowed firearm transfers within the applicable retention period (unless discrepancies are found) and maintains a written record certifying the destruction.
March 5, 2001.Start Further Info
FOR FURTHER INFORMATION CONTACT:
Fanny Haslebacher, Attorney-Advisor, Federal Bureau of Investigation, Module A-3, 1000 Custer Hollow Road, Clarksburg, West Virginia 26306-0147, (304) 625-2000.End Further Info End Preamble Start Supplemental Information
This document finalizes the rule proposed in the Federal Register on March 3, 1999, (64 FR 10262). The FBI accepted comments on the proposed rule from interested parties until June 6, 1999, and slightly over 150 comments were received. With the exception of two technical changes explained below, the proposed rule is adopted as final.
Significant Comments or Changes
The Retention Period
Many of the comments asserted that the FBI was violating the requirements of the Brady Act by keeping information about approved firearm transfers for any period of time in the NICS Audit Log. Commenters stated that, in their view, the Brady Act requires immediate destruction of identifying information about individuals who have been approved for the transfer of a firearm. Commenters also asserted that the retention of information about approved firearm transfers in the NICS Audit Log constituted a firearms registry in violation of section 103(i) of the Brady Act. Some commenters labeled the NICS Audit Log a “back door” registration system or a de facto registry and expressed concern that such a “registry” could lead to future gun confiscations.
The Department of Justice received and considered similar comments when promulgating the final NICS regulation that established the current retention period of six months for information in the NICS Audit Log about approved firearm transfers. The discussion accompanying the final rule provided the following explanation of the Department's construction of the Brady Act as it relates to the record destruction requirement and the question of whether the NICS Audit Log constitutes a firearms registry:
The FBI will not establish a federal firearms registry. The FBI is expressly barred from doing so by section 103(i) of the Brady Act. In order to meet her responsibility to maintain the integrity of Department systems, however, the Attorney General must establish an adequate system of oversight and review. Consequently, the FBI has proposed to retain records of approved transactions in an audit log for a limited period of time solely for the purpose of satisfying the statutory requirement of ensuring the privacy and security of the NICS and the proper operation of the system. Although the Brady Act mandates the destruction of all personally identified information in the NICS associated with approved firearms transactions (other than the identifying number and the date the number was assigned), the statute does not specify a period of time within which records of approvals must be destroyed. The Department attempted to balance various interests involved and comply with both statutory requirements by retaining such records in the NICS Audit Log for a limited, but sufficient, period of time to conduct audits of the NICS.
The United States Court of Appeals for the District of Columbia Circuit recently held that the Attorney General reasonably interpreted the Brady Act to permit the temporary retention of certain information regarding NICS background checks for purposes of auditing the NICS. The court held that the six-month retention period was reasonable. National Rifle Ass'n of America, Inc. v. Reno, 216 F.3d 122 (D.C. Cir. 2000), rehearing denied (Oct. 26, 2000).
The temporarily retained information on approved firearm transfers is used only for purposes related to discovering misuse or avoidance of the system or ensuring the proper operation of the system: e.g. (1) comparing system records of a transaction with FFL records of the same transaction in order to detect cases where discrepancies in personal identifying information or missing records may reveal either (a) unauthorized NICS checks or (b) the submission of inaccurate information to the NICS for the purpose of avoiding a background check on the person to whom the gun is transferred; (2) reviewing system records in response to allegations of system misuse; (3) performing internal employee audits to monitor employee performance and adherence to established procedures; (4) evaluating system performance, identifying and resolving operational problems, and generating statistical reports; and (5) assisting in the resolution of appeals of NICS denials. Many of these system audits would not be possible with just the NICS Transaction Number and the date on which it was issued.
A number of comments incorrectly interpreted the proposed rule as intending to allow the FBI and/or ATF to regularly conduct continued scrutiny or “audits” of persons who have been approved for purchase of a firearm. It is true that, if during the course of any authorized system activity it is determined that a purchaser who should have been denied was given a proceed or a purchaser who should have been given a proceed was denied, the FBI will attempt to remedy the error. In the case of someone who was approved for a transfer who should have been denied, the NICS will notify the FFL of the error. If the NICS is informed that the firearm was transferred, the NICS will notify ATF. However, other than in conjunction with activities which are linked to discovering misuse or avoidance of the system or ensuring the proper operation of the system, proceed transactions are not subjected to continued scrutiny.
Some comments doubted the ability of the audits to prevent abuses or halt illegal or falsified transfers of firearms. The Department believes that examination of FFL records in conjunction with statistical reports (i.e., the number of approved and disapproved transactions for a particular time period) combined with information in the NICS Audit Log about the background checks may reveal misuse of the system or improper record keeping practices when, for instance, (1) the FFL has requested more background checks than indicated by the number of ATF Firearm Transaction Record Form 4473s (“4473s”) on file, (2) the FFL has requested fewer background checks than the number of 4473s on file, or (3) personal information recorded on the 4473s is significantly different from the information provided in the NICS background checks.
One comment suggested that the vast majority of FFLs are honest and would not abuse the system, and that if an FFL were to intentionally submit false information to the system, he or she would not record different information on the 4473 that would allow for the discovery of the discrepancy. While this scenario is possible, it is also possible, for example, that the information Start Printed Page 6472recorded on the 4473 may in fact be different from the information provided to the system, or that there may be fewer 4473s than NICS checks that have been requested by the FFL. The latter scenarios would reveal possible system misuse. The Department believes that it is essential to retain approval information temporarily to allow for the possibility of discovering such abuses. At a minimum, allowing for the possibility of audits should have a deterrent effect on FFLs who might otherwise consider abusing the system. If approval information were destroyed immediately, the NICS would have to rely completely on the “honor system” without any means to determine whether FFLs or FFL employees submit accurate identifying information about prospective purchasers to the NICS. If approval information were destroyed immediately, there would be no safeguards against the submission of false information to the NICS for the purpose of avoiding Brady background checks or doing unauthorized checks. While most FFLs and their employees are honest and conscientious, even one instance of gun violence that results from an unlawful firearm transfer allowed by uncheckable and undeterred system abuse can have a devastating impact on the lives of individual victims and communities. The Brady Act's purpose is to prevent gun violence resulting from unlawful firearm transfers. The temporary retention of information about allowed firearm transfers is meant to advance this statutory purpose, as well as the statutory obligation to protect the privacy and security of the information of the system.
A number of comments asked how the privacy interests of individuals approved for a firearm transfer have been accounted for in the rule. Those interests have been addressed in the rule first by reducing the retention period for information about allowed transfers to the shortest practicable period of time that will allow audits. The numerous comments received expressing concern about the privacy of individuals purchasing guns is the reason the original proposal of an 18-month retention period was first reduced to six months, and now has been reduced to 90 days, even though a longer retention period would increase the FBI's ability to detect and deter misuse of the system. In fact, the 90-day period has been adopted notwithstanding comments from two law enforcement representatives and the FBI's Criminal Justice Information Services (CJIS) Advisory Policy Board (an advisory committee made up of representatives of various government agencies involved in the criminal justice process which provides advice to the Director of the FBI on the management of criminal justice information systems operated by the FBI's CJIS Division) that recommended increasing the temporary retention of approved transactions from six months to one year.
The privacy interests of individuals approved for a firearm transfer have also been accounted for in the rule by the limitation on direct access to information about allowed transfers. As stated in the amended § 25.9(b)(2) of the regulation, the temporarily retained “[i]nformation in the NICS Audit Log pertaining to allowed transfers may be accessed directly only by the FBI for the purpose of conducting audits of the use and performance of the NICS.” Limiting direct access to allowed transfers in the NICS Audit log to the FBI ensures controlled access to the information so that it is used only for the authorized purposes discussed above.
Individual privacy interests are also protected through compliance by the NICS with the Privacy Act of 1974. The Privacy Act regulates the collection, maintenance, use and dissemination of personal information by federal government agencies. A Privacy Act notice has been published for the NICS system (63 FR 65223) (November 25, 1998) which explains the system's purpose, routine uses, and policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system. As stated in the NICS Privacy Act notice, “The NICS regulations are to be read together with the NICS system notice.” (63 FR 65224.) Thus, for example, Routine Use “C” provides for further coordination among law enforcement agencies for the purposes of investigating, prosecuting, and/or enforcing violations of criminal or civil law or regulation that may come to light during NICS operations. This portion of the routine use notice, read together with the NICS regulations, makes it clear that only the FBI has direct access to allowed transactions in the NICS Audit Log for purposes of conducting audits of the use and performance of the NICS, and that, if any record is found during this activity that indicates, either on its face or in conjunction with other information, a violation or potential violation of law, that record may be disclosed to the agency responsible for investigating the matter. By limiting direct access to information concerning allowed transfers to the FBI, and by limiting dissemination of information pursuant to published routine uses, the Department believes that it has struck the appropriate balance between protecting the personal privacy of individuals in the system and ensuring the proper and authorized operation of the system.
Several comments expressed concern that the information about allowed firearm transfers in the NICS Audit Log could fall into the hands of thieves who could target the homes of gun owners. The security measures used by the FBI at its computer facilities exceed industry standards to prevent either unauthorized destruction or theft of information. It is extremely unlikely that FBI firearm transaction records could be accessed or obtained by unauthorized individuals or entities.
Finally, one comment observed that if the NICS used technology that sent an encrypted “digital signature” of the information received by the system about prospective firearm purchasers back to the FFL, the goal of having such information available to audit the system could be achieved without any retention of the identifying information about approved purchasers by the FBI. In such a case, the FBI could destroy the information immediately and then simply provide to ATF the “key” that would unlock the encrypted information retained by the FFLs for use when ATF performed its FFL inspections. The Department believes that this approach is not currently feasible since its implementation would require an electronic interface with the system on the part of all FFLs. Although the FBI is working toward providing electronic access to the NICS by FFLs, such access has not yet been established, and, even when available, only FFLs with the appropriate computer equipment will be able to take advantage of the electronic link to NICS. In addition, the Brady Act requires that the system must, at a minimum, provide FFLs with telephone access to the NICS. It would not be easy or reliable to transmit digital signature information to FFLs over the telephone. Thus, while on its face this approach to the record retention and audit issues may have some appeal, there are technical and legal hurdles that do not make it feasible to pursue such an approach at this time. In addition, while such an approach would make record retention by the FBI unnecessary for FFL audits, it would not eliminate the need for some temporary retention of information about approved transfers to accomplish internal audits and to enable system troubleshooting. Start Printed Page 6473
Providing NICS Audit Log Information to ATF
Many of the comments dealt with the proposed provision allowing the FBI to share data with ATF for the purpose of comparing background check data received by the FBI with information recorded on the corresponding Form 4473 on file with an FFL. The commenters stated that the Brady Act requires immediate destruction of such records, thus making them unavailable for sharing; they also stated that the keeping and sharing of information about allowed firearms transfers constitutes a firearms registry. For the reasons cited above, the Department does not believe that the Brady Act requires immediate destruction of these records or that the temporary retention of NICS transaction information for the limited purpose of auditing use and performance of the system constitutes a firearms registry.
Several comments also stated that section 103(i)(1) of the Brady Act specifically prohibits transferring these records to ATF. Section 103(i)(1) provides that Federal officials may not “require that any record or portion thereof generated by the system established under [the Brady Act] be recorded at or transferred to a facility owned, managed, or controlled by the United States or any State or political subdivision thereof.” The Department believes, however, that section 103(i), which is entitled “Prohibition Relating to Establishment of Registration Systems With Respect to Firearms,” is intended only to prevent the establishment of a firearms registry and to prevent the government from requiring third parties outside the government from recording information about firearm transactions at a government facility. See National Rifle Ass'n v. Reno, 216 F.3d at 131. Therefore, since neither the NICS Audit Log itself nor the proposed provision of information to ATF for use in its inspections of FFLs (together with the proviso that ATF destroy the information about allowed transfers within the 90-day retention period) operates as or otherwise establishes a firearms registry, the sharing of such information with ATF does not violate section 103(i)(1).
Finally, some comments expressed the belief that the transfer of information from the NICS Audit Log to ATF also violates the Firearm Owners' Protection Act (FOPA), as codified in 18 U.S.C. 926(a). Section 926(a) provides, in relevant part, that regulations implementing the Gun Control Act promulgated by the Secretary of the Treasury after enactment of FOPA may not require that records that must be maintained by an FFL be recorded at or transferred to a government facility. Since these regulations are promulgated by the Department of Justice pursuant to the Brady Act, and since the NICS Audit Log information that will be provided to ATF consists of NICS system records, not records of an FFL, section 926(a) does not apply to the regulation adopted here.
Technical and Editorial Changes
When the Retention Period Begins To Run
The Department did not adopt the change we proposed in section 25.9(b)(1) of the NICS regulation to provide that the retention period begins to run on “the day after the NICS check is received,” instead of the day the “transfer is allowed.” The intention of this proposed change was to provide a uniform date from which to begin the retention period. It was noted by NICS Operations Center staff, however, that beginning the retention period on the day after the NICS check was received would complicate the processing of appeals that result in the reversal of a NICS denial in cases where the reversal occurs more than 90 days after the request for the NICS check was received. Under the NICS appeals process, the system gives the successful appellant a form certifying to the FFL that the system has changed the NICS determination from “denied” to “allowed.” When presented with the certificate, the FFL must contact the system to confirm the “allowed” determination. The system would not be able to provide such confirmation unless the record of the “allowed” determination is retained for a reasonable period after the transaction is allowed. For this reason, the provision in § 25.9(b)(1) of the regulation providing that the retention period begins running from the date the transfer is allowed is being left unchanged.
A syntactical change was made to clarify the following sentence in the proposed rule: “Information in the NICS Audit Log pertaining to allowed transfers may only be directly accessed by the FBI for the purpose of conducting audits of the use and performance of the NICS.” In the final rule, the sentence reads as follows: “Information in the NICS Audit Log pertaining to allowed transfers may be accessed directly only by the FBI for the purpose of conducting audits of the use and performance of the NICS.” This change was made to better convey the intended meaning of the proposed language, i.e., that only the FBI has direct access to the NICS Audit Log.
Applicable Administrative Procedures and Executive Orders
Regulatory Flexibility Analysis
The Attorney General, in accordance with the Regulatory Flexibility Act (5 U.S.C. 605(b)), has reviewed this final regulation and by approving it certifies that this regulation will not have a significant economic impact on a substantial number of small entities. While many FFLs are small businesses, they are not subject to any additional burdens by the plan adopted to audit their use of the NICS. In addition, the rule will not have any impact on an FFL's ability to contact the NICS, nor will it result in any delay in receiving responses from the NICS.
Executive Order 12866
The Department of Justice has completed its examination of this final rule in light of Executive Order 12866, section 1(b), Principles of Regulation. The Department of Justice has determined that this rule is a “significant regulatory action” under section 3(f) of Executive Order 12866, and thus it has been reviewed by the Office of Management and Budget (OMB).
This final rule will not have a substantial direct effect on the states, on the relationship between the national government and the states, or on the distribution of power and responsibilities among the various levels of government. Therefore, in accordance with Executive Order 12612, it is determined that this rule does not have sufficient federalism implications to warrant the preparation of a Federalism Assessment.
Unfunded Mandates Reform Act
This final rule will not result in the expenditure by state, local, and tribal governments, in the aggregate, or by the private sector, of $100,000,000 or more in any one year, and it will not significantly or uniquely affect small governments. Therefore, no actions were deemed necessary under the provisions of the Unfunded Mandates Reform Act of 1995.
Small Business Regulatory Enforcement Fairness Act of 1996
This final rule is not a major rule as defined by the Small Business Regulatory Enforcement Fairness Act of 1996. 5 U.S.C. 804. This rule will not Start Printed Page 6474result in an annual effect on the economy of $100,000,000 or more, a major increase in costs or prices, or have significant adverse effects on competition, employment, investment, productivity, innovation, or on the ability of United States-based companies to compete with foreign-based companies in domestic and export markets.
Paperwork Reduction Act of 1995
The collection of information for NICS previously was approved by OMB and issued OMB control numbers 1110-0026, 1512-0129, and 1512-0130.Start List of Subjects
List of Subjects in 28 CFR Part 25
- Administrative practice and procedure
- Business and industry
- Computer technology
- Law enforcement officers
- Reporting and record keeping requirements
- Security measures
Accordingly, part 25 of title 28 of the Code of Federal Regulations is amended as follows:End Amendment Part Start Part
PART 25—DEPARTMENT OF JUSTICE INFORMATION SYSTEMSEnd Part Start Amendment Part
1. The authority citation for Part 25 continues to read as follows:End Amendment Part
Subpart A—The National Instant Criminal Background Check System
2. In § 25.9, paragraph (b) is revised to read as follows:End Amendment Part
(b) The FBI will maintain an automated NICS Audit Log of all incoming and outgoing transactions that pass through the system.
(1) The NICS Audit Log will record the following information: type of transaction (inquiry or response), line number, time, date of inquiry, header, message key, ORI, and inquiry/response data (including the name and other identifying information about the prospective transferee and the NTN). In cases of allowed transfers, all information in the NICS Audit Log related to the person or the transfer, other than the NTN assigned to the transfer and the date the number was assigned, will be destroyed after not more than 90 days after the transfer is allowed. NICS Audit Log records relating to denials will be retained for 10 years, after which time they will be transferred to a Federal Records Center for storage. The NICS will not be used to establish any system for the registration of firearms, firearm owners, or firearm transactions or dispositions, except with respect to persons prohibited from receiving a firearm by 18 U.S.C. 922 (g) or (n) or by state law.
(2) The NICS Audit Log will be used to analyze system performance, assist users in resolving operational problems, support the appeals process, or support audits of the use of the system. Searches may be conducted on the Audit Log by time frame, i.e., by day or month, or by a particular state or agency. Information in the NICS Audit Log pertaining to allowed transfers may be accessed directly only by the FBI for the purpose of conducting audits of the use and performance of the NICS. Permissible uses include extracting and providing information from the NICS Audit Log to ATF in connection with ATF's inspections of FFL records, provided that ATF destroys the information about allowed transfers within the retention period for such information set forth in paragraph (b)(1) of this section and maintains a written record certifying the destruction. Such information, however, may be retained as long as needed to pursue cases of identified misuse of the system. The NICS, including the NICS Audit Log, may not be used by any Department, agency, officer, or employee of the United States to establish any system for the registration of firearms, firearm owners, or firearm transactions or dispositions. The NICS Audit Log will be monitored and reviewed on a regular basis to detect any possible misuse of the NICS data.
Dated: January 12, 2001.
[FR Doc. 01-1616 Filed 1-19-01; 8:45 am]
BILLING CODE 4410-06-U