82 FR 31553 - Submission for OMB Review; Comment Request; Correction
DEPARTMENT OF COMMERCE
Census Bureau Federal Register Volume 82, Issue 129 (July 7, 2017)
Census Bureau
Federal Register Volume 82, Issue 129 (July 7, 2017)
| Page Range | 31553-31554 | |
| FR Document | 2017-14110 |
[Federal Register Volume 82, Number 129 (Friday, July 7, 2017)] [Notices] [Pages 31553-31554] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2017-14110] ======================================================================= ----------------------------------------------------------------------- DEPARTMENT OF COMMERCE Census Bureau Submission for OMB Review; Comment Request; Correction This is a correction to FR 2017-13778, which should have listed Census as the submitting agency instead of the Department of Commerce. The remainder of the document as published on June 30, 2017 (82 FR 29843) is republished in its entirety below. Under 44 U.S.C. 3506(e) and 13 U.S.C. Section 9, the U.S. Census Bureau is seeking comments on revisions to the confidentiality pledge it provides to its respondents under Title 13, United States Code, Section 9. These revisions are required by the passage and implementation of provisions of the Federal Cybersecurity Enhancement Act of 2015 (6 U.S.C. 1501 note), which require the Secretary of Homeland Security to provide Federal civilian agencies' information technology systems with cybersecurity protection for their Internet traffic. More details on this announcement are presented in the SUPPLEMENTARY INFORMATION section below. The previous notice for public comment, titled ``Agency Information Collection Activities; Request for Comments; Revision of the Confidentiality Pledge under Title 13 United States Code, Section 9'' was published in the Federal Register on December 23, 2016 (Vol. 81, No. 247, pp. 94321-94324), allowing for a 60 day comment period. The Census Bureau received two comments, which are addressed within this notice. SUPPLEMENTARY INFORMATION: I. Background On December 18, 2015, Congress passed the Federal Cybersecurity Enhancement Act of 2015 (the Act) (6 U.S.C. 1501 note). The Act requires the Department of Homeland Security to deploy for use by other agencies a program with the ``capability to detect cybersecurity risks in network traffic transiting or traveling to or from an agency information system.'' \1\ The Act requires each agency to ``apply and continue to utilize the capabilities to all information traveling between an agency information system and any information system other than an agency information system.'' \2\ The DHS program is known as EINSTEIN, and DHS currently operates version 3A (E3A). --------------------------------------------------------------------------- \1\ Sec. 230(b)(1)(A) of the Homeland Security Act of 2002 (6 U.S.C. 151(b)(1)(A)), as added by section 223((a)(6) of the Federal Cybersecurity Enhancement Act of 2015. \2\ Section 223(b)(1)(A) (6 U.S.C. 151 note) of the Federal Cybersecurity Enhancement Act of 2015. --------------------------------------------------------------------------- Importantly, the Act provides that DHS may use the information collected through EINSTEIN ``only to protect information and information systems from cybersecurity risks.'' \3\ The Act does not authorize DHS to use information collected through EINSTEIN for any other purposes, including law enforcement purposes. --------------------------------------------------------------------------- \3\ Section 230(c)(3) of the Homeland Security Act of 2002 (6 U.S.C. 151(c)(3)), as added by section 223(a)(6) of the Federal Cybersecurity Enhancement Act of 2015. --------------------------------------------------------------------------- In response to the passage of the Act, the Census Bureau considered whether it should revise its confidentially pledge. The Census Bureau's Center for Survey Measurement (CSM) joined the interagency Statistical Community of Practice and Engagement (SCOPE) Confidentiality Pledge Revision Subcommittee, which developed and evaluated the revision to the confidentiality pledge language. SCOPE and CSM conducted remote and in-person cognitive testing of the potential revised confidentiality pledge. The Census Bureau based its revised confidentiality pledge on the results of these tests. The revised confidentiality pledge utilizes the language the Census Bureau determined would best communicate the essential information to respondents while not negatively affecting response rates. The following is the revised statistical confidentiality pledge for the Census Bureau's data collections: The U.S. Census Bureau is required by law to protect your information. The Census Bureau is not permitted to publicly release your responses in a way that could identify you. Per the Federal Cybersecurity Enhancement Act of 2015, your data are protected from cybersecurity risks through screening of the systems that transmit your data. On December 23, 2016, the Census Bureau requested comments on the revised confidentiality pledge. During the public comment period, the Census Bureau received two comments from the Asian Americans Advancing Justice (AAJC) and American-Arab Anti-Discrimination Committee (ADC). II. Comments and Responses In response to the Census Bureau's revised confidentiality pledge, AAJC and the ADC provided comments and suggestions to the Census Bureau. These comments and suggestions, along with the Census Bureau's responses are below. 1. The AAJC and the ADC both expressed concerns about the effect of the revised confidentiality pledge on the accuracy of the results of the Census Bureau's survey. Response: The Census Bureau is committed to collecting the most complete and accurate data. The Census Bureau takes the collection and protection of respondent information very seriously and has since the first Decennial Census in 1790. As a statistical agency committed to ensuring the collection and publication of accurate data, the Census Bureau continually conducts extensive research and testing to inform census and survey design. This research and testing confirms key technologies, outreach and promotional strategies, data collection methods, and management and response processes to allow the Census Bureau to maximize response rates and ensure the accuracy of the data collected. We also uphold a strong data stewardship culture to ensure that any decisions we make will fulfill our legal and ethical obligations to respect your privacy and protect the confidentiality of your information. The revised confidentiality pledge utilizes language that the Census Bureau determined, after cognitive testing, would not negatively affect response rates, and hence the accuracy of the survey results. 2. The ``ADC has serious concerns on the ability of [DHS] to . . . access . . . people's personal information on the server.'' [[Page 31554]] Response: E3A does not provide DHS with access to a respondent's personal information. E3A does not currently decrypt respondent information or scan data at rest on Census Bureau information systems. Moreover, the Act limits the use of any information collected, stating that the DHS may use information obtained through activities authorized under this section ``only to protect information and information systems from cybersecurity risks.'' (6 U.S.C. 151(c)(3)). EINSTEIN also provides greater protection for the Census Bureau's information and information systems than would otherwise exist. EINSTEIN enables DHS to detect cyber threat indicators traveling or transiting to or from one agency's information system, and to share those indicators with other agencies, thereby making all agencies' information systems more secure. The necessity of providing DHS limited access to such information--information which DHS can only use for cybersecurity purposes--is not only required by the Federal Cybersecurity Enhancement Act, but has a net positive impact of the security of information respondents provide to the Census Bureau. 3. The ADC is concerned that ``there is a lack of safeguards in place on who has access to information through EINSTEIN.'' Response: In addition to the safeguards contained in the Act, the Census Bureau works with DHS to protect information DHS may access through EINSTEIN. These additional safeguards cover the collection, retention, use, and disclosure of information. The safeguards also include notification and reporting requirements in the unlikely event that any unauthorized access, use, or dissemination of any Census Bureau information would occur. To reiterate, the information at issue is not a respondent's personal information, rather, it is cyber threat information. E3A does not provide DHS with access to a respondent's personal information. E3A does not currently decrypt respondent information or scan data at rest on Census Bureau information systems. 4. The ADC is concerned that the revised confidentiality pledge ``raises flags on improper use of such information.'' Response: The Act limits DHS's use of information collected pursuant to the Act to the protection of ``information and information systems from cybersecurity risks.'' To be clear, DHS's use of the information for any other purpose would be unlawful. 5. The AAJC suggests that the protections contained in Title 13 and the Confidential Information Protection and Statistical Efficiency Act (CIPSEA), both of which limit the use and disclosure of information collected, should control the information at issue. Response: Pursuant to the Act, each agency must ``apply and continue to utilize the capabilities to all information traveling between an agency information system and any information system other than an agency information system.'' Congress authorized that, notwithstanding the protections previously afforded to information by other laws, such as Title 13, for the purpose of protecting agency information systems from cyber attacks, DHS may access information transiting and traveling to or from an agency information system. Census Bureau employees remain subject to the penalties contained in Title 13, including a federal prison sentence of up to five years and a fine of up to $250,000, or both. 6. The AAJC suggests that either the Census Bureau employees ``perform Einstein 3A functions for Census Bureau internet traffic'' or that ``DHS employees monitoring Census Bureau internet traffic under Einstein 3A take the current Title 13 confidentiality pledge.'' Response: The Act provides DHS access to network traffic transiting or traveling to or from the Census Bureau's information systems, notwithstanding the protections previously afforded to information by other laws, such as Title 13. The Act also requires each agency to ``apply and continue to utilize the capabilities to all information traveling between an agency information system and any information system other than an agency information system.'' In addition to the safeguards contained in the Act, the Census Bureau works with DHS to safeguard respondent information. These additional safeguards cover the collection, retention, use, and disclosure of information. The safeguards also include notification and reporting requirements that would apply in the unlikely event that any unauthorized access, use, or dissemination of any Census Bureau information would occur. III. Data Agency: U.S. Census Bureau, Department of Commerce. Title: Revision of the Confidentiality Pledge under Title 13 United States Code, Section 9. OMB Control Number: 0607-0993. Form Number(s): None. Affected Public: All survey respondents to Census Bureau data collections. Legal Authority: 44 U.S.C. 3506(e) and 13 U.S.C. Section 9. This information collection request may be viewed at www.reginfo.gov. Follow the instructions to view Department of Commerce collections currently under review by OMB. IV. Request for Comments Comments are invited on the necessity and efficacy of the Census Bureau's revised confidentiality pledge above. Comments submitted in response to this notice will become a matter of public record. Comments should be sent within 30 days of publication of this notice to [email protected] or fax to (202) 395-5806. Sheleen Dumas, Departmental PRA Lead, Office of the Chief Information Officer. [FR Doc. 2017-14110 Filed 7-6-17; 8:45 am] BILLING CODE 3510-07-P
![Federal Register / Vol. 82, No. 129 / Friday, July 7, 2017 / Notices 31553
Meeting Agenda published in the Federal Register on is the revised statistical confidentiality
I. Approval of Agenda December 23, 2016 (Vol. 81, No. 247, pledge for the Census Bureau’s data
II. Business Meeting pp. 94321–94324), allowing for a 60 day collections:
A. Discussion and Vote on 2018 comment period. The Census Bureau The U.S. Census Bureau is required by
Business Meeting Dates received two comments, which are law to protect your information. The
B. State Advisory Committees addressed within this notice. Census Bureau is not permitted to
• Presentation by Ms. Diane Citrino, SUPPLEMENTARY INFORMATION: publicly release your responses in a way
Chair of the Ohio Advisory that could identify you. Per the Federal
I. Background Cybersecurity Enhancement Act of 2015,
Committee, on its report on Human
Trafficking in Ohio On December 18, 2015, Congress your data are protected from
• Presentation by Mr. Wendell passed the Federal Cybersecurity cybersecurity risks through screening of
Blaylock, Chair of the Nevada Enhancement Act of 2015 (the Act) (6 the systems that transmit your data.
Advisory Committee, on its U.S.C. 1501 note). The Act requires the On December 23, 2016, the Census
Advisory Memorandum on Department of Homeland Security to Bureau requested comments on the
Municipal Fines and Fees in deploy for use by other agencies a revised confidentiality pledge. During
Nevada program with the ‘‘capability to detect the public comment period, the Census
C. Management and Operations cybersecurity risks in network traffic Bureau received two comments from the
• Staff Director’s Report transiting or traveling to or from an Asian Americans Advancing Justice
D. Presentation on the Americans agency information system.’’ 1 The Act (AAJC) and American-Arab Anti-
with Disabilities Act by Rebecca requires each agency to ‘‘apply and Discrimination Committee (ADC).
Cokley, Executive Director, the continue to utilize the capabilities to all
information traveling between an II. Comments and Responses
National Council on Disability
III. Adjourn Meeting agency information system and any In response to the Census Bureau’s
information system other than an revised confidentiality pledge, AAJC
Dated: July 5, 2017. agency information system.’’ 2 The DHS and the ADC provided comments and
Brian Walch, program is known as EINSTEIN, and suggestions to the Census Bureau. These
Director, Communications and Public DHS currently operates version 3A comments and suggestions, along with
Engagement. (E3A). the Census Bureau’s responses are
[FR Doc. 2017–14386 Filed 7–5–17; 4:15 pm] Importantly, the Act provides that below.
BILLING CODE 6335–01–P DHS may use the information collected 1. The AAJC and the ADC both
through EINSTEIN ‘‘only to protect expressed concerns about the effect of
information and information systems the revised confidentiality pledge on the
DEPARTMENT OF COMMERCE from cybersecurity risks.’’ 3 The Act accuracy of the results of the Census
does not authorize DHS to use Bureau’s survey.
Census Bureau information collected through Response: The Census Bureau is
EINSTEIN for any other purposes, committed to collecting the most
Submission for OMB Review; including law enforcement purposes. complete and accurate data. The Census
Comment Request; Correction In response to the passage of the Act, Bureau takes the collection and
This is a correction to FR 2017–13778, the Census Bureau considered whether protection of respondent information
which should have listed Census as the it should revise its confidentially very seriously and has since the first
submitting agency instead of the pledge. The Census Bureau’s Center for Decennial Census in 1790. As a
Department of Commerce. The Survey Measurement (CSM) joined the statistical agency committed to ensuring
remainder of the document as published interagency Statistical Community of the collection and publication of
on June 30, 2017 (82 FR 29843) is Practice and Engagement (SCOPE) accurate data, the Census Bureau
republished in its entirety below. Confidentiality Pledge Revision continually conducts extensive research
Under 44 U.S.C. 3506(e) and 13 U.S.C. Subcommittee, which developed and and testing to inform census and survey
Section 9, the U.S. Census Bureau is evaluated the revision to the design. This research and testing
seeking comments on revisions to the confidentiality pledge language. SCOPE confirms key technologies, outreach and
confidentiality pledge it provides to its and CSM conducted remote and in- promotional strategies, data collection
respondents under Title 13, United person cognitive testing of the potential methods, and management and response
States Code, Section 9. These revisions revised confidentiality pledge. The processes to allow the Census Bureau to
are required by the passage and Census Bureau based its revised maximize response rates and ensure the
implementation of provisions of the confidentiality pledge on the results of accuracy of the data collected. We also
Federal Cybersecurity Enhancement Act these tests. The revised confidentiality uphold a strong data stewardship
of 2015 (6 U.S.C. 1501 note), which pledge utilizes the language the Census culture to ensure that any decisions we
require the Secretary of Homeland Bureau determined would best make will fulfill our legal and ethical
Security to provide Federal civilian communicate the essential information obligations to respect your privacy and
agencies’ information technology to respondents while not negatively protect the confidentiality of your
systems with cybersecurity protection affecting response rates. The following information. The revised confidentiality
pledge utilizes language that the Census
asabaliauskas on DSKBBXCHB2PROD with NOTICES
for their Internet traffic. More details on 1 Sec. 230(b)(1)(A) of the Homeland Security Act
this announcement are presented in the of 2002 (6 U.S.C. 151(b)(1)(A)), as added by section
Bureau determined, after cognitive
SUPPLEMENTARY INFORMATION section 223((a)(6) of the Federal Cybersecurity testing, would not negatively affect
below. The previous notice for public Enhancement Act of 2015. response rates, and hence the accuracy
comment, titled ‘‘Agency Information 2 Section 223(b)(1)(A) (6 U.S.C. 151 note) of the
of the survey results.
Collection Activities; Request for Federal Cybersecurity Enhancement Act of 2015. 2. The ‘‘ADC has serious concerns on
3 Section 230(c)(3) of the Homeland Security Act
Comments; Revision of the of 2002 (6 U.S.C. 151(c)(3)), as added by section
the ability of [DHS] to . . . access . . .
Confidentiality Pledge under Title 13 223(a)(6) of the Federal Cybersecurity Enhancement people’s personal information on the
United States Code, Section 9’’ was Act of 2015. server.’’
VerDate Sep<11>2014 20:56 Jul 06, 2017 Jkt 241001 PO 00000 Frm 00006 Fmt 4703 Sfmt 4703 E:\FR\FM\07JYN1.SGM 07JYN1](https://thefederalregister.org/doc/82_FR_31682/page/1.svg)
![31554 Federal Register / Vol. 82, No. 129 / Friday, July 7, 2017 / Notices
Response: E3A does not provide DHS 5. The AAJC suggests that the Affected Public: All survey
with access to a respondent’s personal protections contained in Title 13 and respondents to Census Bureau data
information. E3A does not currently the Confidential Information Protection collections.
decrypt respondent information or scan and Statistical Efficiency Act (CIPSEA), Legal Authority: 44 U.S.C. 3506(e) and
data at rest on Census Bureau both of which limit the use and 13 U.S.C. Section 9.
information systems. Moreover, the Act disclosure of information collected, This information collection request
limits the use of any information should control the information at issue. may be viewed at www.reginfo.gov.
collected, stating that the DHS may use Response: Pursuant to the Act, each Follow the instructions to view
information obtained through activities agency must ‘‘apply and continue to Department of Commerce collections
authorized under this section ‘‘only to utilize the capabilities to all information currently under review by OMB.
protect information and information traveling between an agency
systems from cybersecurity risks.’’ (6 IV. Request for Comments
information system and any information
U.S.C. 151(c)(3)). system other than an agency Comments are invited on the
EINSTEIN also provides greater information system.’’ Congress necessity and efficacy of the Census
protection for the Census Bureau’s authorized that, notwithstanding the Bureau’s revised confidentiality pledge
information and information systems protections previously afforded to above. Comments submitted in response
than would otherwise exist. EINSTEIN information by other laws, such as Title to this notice will become a matter of
enables DHS to detect cyber threat 13, for the purpose of protecting agency public record. Comments should be sent
indicators traveling or transiting to or information systems from cyber attacks, within 30 days of publication of this
from one agency’s information system, DHS may access information transiting notice to OIRA_Submission@
and to share those indicators with other and traveling to or from an agency omb.eop.gov or fax to (202) 395–5806.
agencies, thereby making all agencies’ information system. Census Bureau
information systems more secure. The Sheleen Dumas,
employees remain subject to the
necessity of providing DHS limited Departmental PRA Lead, Office of the Chief
penalties contained in Title 13, Information Officer.
access to such information—information including a federal prison sentence of
which DHS can only use for [FR Doc. 2017–14110 Filed 7–6–17; 8:45 am]
up to five years and a fine of up to
cybersecurity purposes—is not only $250,000, or both. BILLING CODE 3510–07–P
required by the Federal Cybersecurity 6. The AAJC suggests that either the
Enhancement Act, but has a net positive Census Bureau employees ‘‘perform
impact of the security of information DEPARTMENT OF COMMERCE
Einstein 3A functions for Census Bureau
respondents provide to the Census internet traffic’’ or that ‘‘DHS employees
Bureau. Foreign-Trade Zones Board
monitoring Census Bureau internet
3. The ADC is concerned that ‘‘there [B–46–2017]
traffic under Einstein 3A take the
is a lack of safeguards in place on who
has access to information through current Title 13 confidentiality pledge.’’
Foreign-Trade Zone (FTZ) 106—
EINSTEIN.’’ Response: The Act provides DHS
Oklahoma City, Oklahoma, Notification
Response: In addition to the access to network traffic transiting or
of Proposed Production Activity,
safeguards contained in the Act, the traveling to or from the Census Bureau’s
Eastman Kodak Company, (Printing
Census Bureau works with DHS to information systems, notwithstanding
Flexographic Plates), Weatherford,
protect information DHS may access the protections previously afforded to
Oklahoma
through EINSTEIN. These additional information by other laws, such as Title
safeguards cover the collection, 13. The Act also requires each agency to Eastman Kodak Company (Eastman
retention, use, and disclosure of ‘‘apply and continue to utilize the Kodak) submitted a notification of
information. The safeguards also capabilities to all information traveling proposed production activity to the FTZ
include notification and reporting between an agency information system Board for its facility in Weatherford,
requirements in the unlikely event that and any information system other than Oklahoma. The notification conforming
any unauthorized access, use, or an agency information system.’’ to the requirements of the regulations of
dissemination of any Census Bureau In addition to the safeguards the FTZ Board (15 CFR 400.22) was
information would occur. contained in the Act, the Census Bureau received on June 21, 2017.
To reiterate, the information at issue works with DHS to safeguard The request indicates that a separate
is not a respondent’s personal respondent information. These application for subzone designation for
information, rather, it is cyber threat additional safeguards cover the the Eastman Kodak facility under FTZ
information. E3A does not provide DHS collection, retention, use, and disclosure 106 will be submitted. The facilities will
with access to a respondent’s personal of information. The safeguards also be used to produce printing
information. E3A does not currently include notification and reporting flexographic plates. Pursuant to 15 CFR
decrypt respondent information or scan requirements that would apply in the 400.14(b), FTZ activity would be limited
data at rest on Census Bureau unlikely event that any unauthorized to the specific foreign-status materials/
information systems. access, use, or dissemination of any components and specific finished
4. The ADC is concerned that the Census Bureau information would products described in the submitted
revised confidentiality pledge ‘‘raises occur. notification (as described below) and
asabaliauskas on DSKBBXCHB2PROD with NOTICES
flags on improper use of such subsequently authorized by the FTZ
III. Data
information.’’ Board.
Response: The Act limits DHS’s use of Agency: U.S. Census Bureau, Production under FTZ procedures
information collected pursuant to the Department of Commerce. could exempt Eastman Kodak from
Act to the protection of ‘‘information Title: Revision of the Confidentiality customs duty payments on the foreign-
and information systems from Pledge under Title 13 United States status materials/components used in
cybersecurity risks.’’ To be clear, DHS’s Code, Section 9. export production. On its domestic
use of the information for any other OMB Control Number: 0607–0993. sales, for the foreign-status materials/
purpose would be unlawful. Form Number(s): None. components noted below, Eastman
VerDate Sep<11>2014 20:56 Jul 06, 2017 Jkt 241001 PO 00000 Frm 00007 Fmt 4703 Sfmt 4703 E:\FR\FM\07JYN1.SGM 07JYN1](https://thefederalregister.org/doc/82_FR_31682/page/2.svg)
Document Created: 2017-07-07 02:19:39
Document Modified: 2017-07-07 02:19:39
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| FR Citation | 82 FR 31553 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR