April 8, 2003
Joint Letter to Director of OMB on National Crime Information Center (NCIC)
April 8, 2003
Mitchell E. Daniels, Jr.
Director, Office of Management and Budget
725 17th Street, NW
Washington, D.C. 20503
Dear Mr. Daniels:
We are writing to request that the OMB exercise its oversight responsibilities under 5 U.S.C. §552 by reviewing and revising the FBI’s recent rule exempting the National Crime Information Center (NCIC) system from the accuracy requirements of the Privacy Act of 1974. [1]
The NCIC database provides over 80,000 law enforcement agencies with access to a computerized network of more than 39 million records regarding criminal activity. For the past thirty years, the FBI has operated the NCIC database with the Privacy Act accuracy requirement in place. The relevant provision requires that any agency that maintains a system of records, “maintain all records which are used by the agency in making any determination about any individual with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to assure fairness to the individuals in the determination.” [2] Circumventing that statutory obligation poses significant risks not only for individuals whose record files may be part of this data system, but also for communities that rely on law enforcement to employ effective, reliable tools for ensuring public safety. Accordingly, the OMB should request that the FBI continue to follow the obligations of the Privacy Act.
The NCIC database was first established by the FBI, under the direction of J. Edgar Hoover, in 1967. The purpose for maintaining the system is to facilitate the quick exchange of information about crimes and criminal activities between various law enforcement agencies. The FBI recently spent $182 million to modernize the data system. It now provides law enforcement agencies with instant access to fingerprinting and mugshot images. It also continues to include information on stolen vehicles and other articles; persons with outstanding felony and misdemeanor warrants; missing persons; suspected gang members; suspected terrorists; and individuals’ arrest records.
NCIC is used by a broad range of criminal justice agencies, from top federal law enforcement officials to municipal police. During its first year of implementation, approximately 2 million inquiries were processed. Since then, its use has grown significantly. In March 2002, the FBI set a new record for inquiries processed in one day, responding to 3,295,587 requests. On average, there are 2.8 million transactions processed each day, with an average response time of 0.16 second. As a result, any error in the NCIC database can spread across the country in less than a second. [3]
Several well publicized incidents demonstrated the consequences of inaccurate and incomplete information in the NCIC. In one case, a Los Angeles man was arrested five times, three at gun point, due to an error in the NCIC. [4] In another, a Phoenix resident, who was pulled over for driving the wrong way down a one-way street, was arrested after an NCIC inquiry erroneously revealed an outstanding misdemeanor arrest warrant that had been quashed weeks earlier. [5] These incidents, and others like them, reveal the potential harms that individuals may face if the records in the NCIC database are not accurate. These incidents demonstrate that the FBI should work to improve the accuracy of this system of records, rather than administratively exempt itself from this important duty.
Indeed, one of the major purposes behind the enactment of the Privacy Act was to guard against these harms by establishing standards for the quality of data the government collects about individuals. In passing the Act, Congress found that “the opportunities for an individual to secure employment, insurance, and credit, and his rights to due process, and other legal protections are endangered by the misuse of certain information systems,” and therefore “it is necessary and proper for the Congress to regulate the collection, maintenance, use and dissemination of information by such agencies.” [6] To that end, Congress passed the Act to ensure, among other things, that any information held by the government would be “current and accurate for its intended use.” [7]
Since the passage of the Privacy Act thirty years ago, there has been general agreement that the FBI would go forward with the NCIC database, provided that it comply with the Act’s obligations. Now, the FBI effectively seeks to sever that agreement, suddenly asserting that “it is impossible to determine in advance what information is accurate, relevant, timely and complete.” [8] This is a sharp, historical departure. The Privacy Act should continue to operate for this important set of records.
The obligations of the Privacy Act are important not only for the individuals who may have records in the NCIC database, but also for the effectiveness of the data system itself as a law enforcement tool. In Arizona v. Evans, the Supreme Court held that the Fourth Amendment’s exclusionary rule did not require the suppression of evidence obtained during an arrest that was based upon false information in the NCIC database. Justice O’Connor, writing in concurrence, asserted that it would be unreasonable, however, for a police department to depend upon a record keeping system that has no accuracy safeguards and routinely leads to false arrests. [9] She said that if the police blindly relied on a data system without adequate mechanisms to ensure its accuracy, then courts could prohibit the use of any evidence obtained in an arrest resulting from erroneous information in the database. In the case before the Court, O’Connor believed that the police department’s reliance on NCIC was reasonable. Nevertheless, she indicated that if procedures were not in place to help ensure the accuracy of the data, evidence collected during those arrests could be suppressed. Her concurrence underscores how the Privacy Act’s data quality requirements serve as an important mechanism for ensuring the legitimate, effective use of the NCIC database for law enforcement activities. The FBI’s unilateral decision to exempt this data system from the accuracy obligations of the Privacy Act puts criminal justice agencies at risk of unreasonably relying on inaccurate, incomplete information.
Given the risks inaccurate NCIC data poses to both individuals and law enforcement agencies, the F.B.I. should continue to comply with the obligations of the Privacy Act. We ask that the OMB evaluate the effect of the FBI’s rule on the rights of individuals, pursuant to 5 U.S.C. §552a(r), and request that the FBI rescind its decision to exempt the NCIC database from the obligations of the Privacy Act.
Sincerely,
American-Arab Anti-Discrimination Committee
American Association of Law Libraries
American Civil Liberties Union
American Library Association
Annabelle Foundation
Arab American Institute
Arizona Breakfast Club
Asian American Legal Defense and Education Fund
Association of Research Libraries
The Bronx Defenders
Center for Cognitive Liberty & Ethics
Center for Constitutional Rights
Center for Democracy and Technology
Center for National Security Studies
Collective Heritage Institute
Colorado Coalition Against Domestic Violence
Competitive Enterprise Institute
Computer Professionals for Social Responsibility
Connecticut Coalition Against Domestic Violence
Connecticut Sexual Assault Crisis Services
Consumer Action
Consumers Against Privacy Invasion and Numbering
Consumer Task Force for Automotive Issues
Council on American-Islamic Relations
CryptoRights Foundation
Denver Domestic Violence Task Force
Domain Name Rights Coalition
Domestic Violence and Mental Health Policy Initiative
Domestic Violence Center of Santa Clarita Valley
Domestic Violence Coordinating Council of California
Drug Policy Alliance
Electronic Frontier Foundation
Electronic Privacy Information Center
Family Relations Program
Financial Resources for Women and Children
Gang Reduction, Awareness, Prevention and Education
Green Party of Clark County, Washington
Gun Owners of America
Identity Theft Resource Center
The Institute for Publishing Arts
Iowa Coalition Against Domestic Violence
Kansas Coalition Against Sexual and Domestic Violence
League of Women Voters of Collier County, Florida
Maine Educators Against Fingerprinting
Marjaree Mason Center
Maryland Coalition Against Sexual Assault
Mint Green Ribbon for the Awareness of Abuse
The Multiracial Activist
National Alliance to End Sexual Violence
National Coalition Against Domestic Violence
National Consumers League
National H.I.R.E. Network, Helping Individuals with criminal records Reenter through Employment
National Immigration Law Center
National Network to End Domestic Violence
NetAction
Nevada Public Health Foundation
New Mexico Chapter, National Organization for Women
New York Office of the Appellate Defender
New York State Coalition Against Domestic Violence
New York State Coalition Against Sexual Assault
Options
People For the American Way
PrivacyActivism
Privacy Journal
Privacy Rights Clearinghouse
Privacy Rights Now Coalition
Rape Recovery Center of Utah
Sikh Mediawatch and Resource Task Force
Statewide California Coalition for Battered Women
South Carolina Hispanic Outreach
Sure Helpline Rape Crisis Center
Texas Association Against Sexual Assault
Texas Chapter, National Association of Social Workers
Union of American Hebrew Congregations
U.S. Association for Computing Machinery, Public Policy Committee
Utne Magazine
Vermont Network Against Domestic Violence and Sexual Assault
Virginians Aligned Against Sexual Assault
Virginia Citizens Defense League
Wisconsin Coalition Against Sexual Assault
cc. The Honorable Susan M. Collins, Chair, Senate Governmental Affairs Committee
The Honorable Joseph I. Lieberman, Ranking Member, Senate Governmental Affairs Committee
The Honorable Thomas M. Davis, Chair, House Government Reform Committee
The Honorable Henry A. Waxman, Ranking Member, House Government Reform Committee
[1] This final rule also exempts the Central Records System and National Center for the Analysis of Violent Crime systems from accuracy requirements of the Privacy Act. Privacy Act of 1974; Implementation, 68 Fed. Reg. 14140 (Mar. 24, 2003) (to be codified as 28 C.F.R. pt. 16).
[2] 5 U.S.C. §552a(e)(5).
[3] See Arizona v. Evans, 514 U.S. 1, 28 (1995) (Ginsburg, J., dissenting).
[4] See Rogan v. Los Angeles, 668 F. Supp. 1384 (C.D. Cal. 1987).
[5] See Arizona v. Evans, 514 U.S. 1 (1995).
[6] Congressional Findings and Statement of Purpose, Pub. L. No. 93-579, § 2(a)(3) & (5) (1974).
[7] Id. at §2(b)(4).
[8] 68 Fed. Reg. at 14140.
[9] See Evans, 514 U.S. at 16-17.
REFERENCES
DOJ Information on NCIC:
The FBI National Crime Information Center (NCIC) 2000
FBI Announces the Implementation of NCIC 2000, July 15, 1999
NCIC and the Freedom of Information Act
U.S. Department of Justice, NCIC 2000 Newsletters
The Investigator, National Crime Information Center: 30 Years on the Beat, Dec. 1996-1997 Issue, available at the FBI Library
Additional Information on NCIC:
Federation of American Scientists, NCIC Information
The Associated Press, Justice Department Lifts FBI Database Limits