1110-0NEW Supporting Statement A - Lawful Access (072023)

1110-0NEW Supporting Statement A - Lawful Access (072023).docx

Lawful Access Data Collection

OMB: 1110-0088

Document [docx]
Download: docx | pdf

Supporting Statement for Paperwork Reduction Act Submissions

Request for a new data collection with an OMB control number for the Lawful Access Data Collection

OMB Control #: 1105-0NEW (New Data Collection)


Part A. Justification


1. Explain the circumstances that make the collection of information necessary. Identify any legal or administrative requirements that necessitate the collection. Attach a copy of the appropriate section of each statute and regulation mandating or authorizing the collection of information.


Over the past two decades, advancements in communication and digital storage technologies have progressed at a rapid pace. As technology becomes more complex, it produces additional challenges to law enforcement efforts to conduct investigations into criminal acts. One of the most concerning challenges now facing law enforcement is the phenomenon of “warrant-proof” encryption. Service providers, device manufacturers, and application developers are deploying products and services to the public with encryption that can only be decrypted by the end user or customer. When this happens, evidence or data vital to an ongoing investigation cannot be accessed by criminal investigators, even when granted a lawful court order or warrant. When this occurs, law enforcement agencies and criminal investigators are denied “lawful access” to the devices or software that houses information crucial to an investigation. Such restrictions can delay an investigation for days or weeks, or as is more common, years, or even indefinitely. This inability to access important information provides a “lawless space” that criminals, terrorists, and other bad actors can exploit for their nefarious ends.

The FBI’s Uniform Crime Reporting (UCR) Program, in conjunction with the FBI’s National Domestic Communications Assistance Center (NDCAC) and the Lawful Access Task Force, which is comprised of members representing a broad range of policy makers and practitioners, has developed a preliminary list of data elements needed to evaluate the true scope of this lawful access phenomenon and its impact on law enforcement investigations and overall public safety. The Lawful Access Data Collection (LADC) will act as the collection tool for tracking the volume of investigations that are impacted by device and software encryption and provide valuable data to decision makers to help mitigate these lawful access impacts.


2. Indicate how, by whom, and for what purpose the information is to be used. Except for a new collection, indicate the actual use the agency has made of the information received from the current collection.


The LADC is designed to provide information on instances where law enforcement investigations are negatively impacted by device encryption and/or encrypted applications and software. Both cases involve the restriction of encrypted data from access by law enforcement agencies after lawful authorization has been granted to the agency to view or access the before mentioned data.

A primary factor for the LADC is distinguishing between the types of data encryption being encountered during an investigation. In most cases, data can be classified as one of two types: data in motion or data at rest. Understanding these data classifications is paramount to the issues surrounding lawful access disruptions. Below are the definitions for the different types of encrypted data:


  • Data in Motion–Real-time information such as phone calls, email, text messages, and chat sessions in transit.

  • Data at Rest–Data stored on devices, such as email, text messages, application data, photos, and videos.

These types of encrypted data are the focus of the LADC. The collection of data elements will depend greatly on the type of encrypted data encountered during the reported incident.


The LADC contains two separate portions, the first specific to the collection of agency/case information, and the other specific to the collection of encrypted device/encrypted application(s)/software information. This layout is designed to allow agencies to provide the most granular information possible in regard to gathered devices, which form the basis of lawful access information, while also streamlining the collection instrument as much as possible. Major data points to be collected are:


  • Agency information, such as originating agency identifier

  • Associated criminal act with encryption report

  • Type of device or application/software

  • Date of device seizure or application/software reporting

  • Version of device operating system

  • Association of device or application/software with offender, victim, or both

  • Outcome of access attempt

For a more detailed look at the collection instrument and the question forms, please review the collection instrument attached to this clearance request package.


This information, when collected, will serve as the basis for an evaluation of the volume of law enforcement cases affected by device and application encryption, and will provide a range of potential customers the ability to analyze statistical metrics and data points associated with these types of instances. This information will also help to inform policy makers on important aspects of lawful access issues with the hope of crafting responsible policies to ensure both safety and privacy for the public.


3. Describe whether, and to what extent, the collection of information involves the use of automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses, and the basis for the decision for adopting this means of collection. Also, describe any consideration of using information technology to reduce burden.


The LADC provides a centralized repository for the responsible law enforcement agency representatives to submit data pertaining to the impacted case to the FBI’s UCR Program. The Collection of Law Enforcement and Crime Tool (COLECT) is a robust application that will enable the nation’s law enforcement agencies to submit LADC information to the FBI’s UCR Program. The COLECT has been created to allow agencies the use of an FBI-developed interface to submit and manage their agency’s submissions to the FBI’s UCR program, including participation in the LADC. Detailed information about these and other features are included within this document.

All users access the COLECT through the FBI’s Law Enforcement Enterprise Portal (LEEP). COLECT uses the LEEP for authentication and the related user account to provide access to information and functionality within the software.


4. Describe efforts to identify duplication. Show specifically why any similar information already available cannot be used or modified for use for the purposes described in Item A.2 above.

The FBI’s UCR Program worked with members of the LADC task force to identify potential areas of duplication for this collection. While the topic of lawful access and the issue of data encryption has become more salient in recent years, the actual collection and analysis of encrypted data and its effect on law enforcement activities has not been attempted on a large scale. The LADC would be the first such collection program focused on gathering this type of information.


During the evaluation process, the FBI’s UCR Program worked extensively with the National Domestic Communications Assistance Center (NDCAC) to evaluate lawful access collection efforts that their agency had attempted in the past. As of 2023, NDCAC is not performing any lawful access collection efforts that would duplicate or replicate the efforts of the LADC.


5. If the collection of information impacts small businesses or other small entities, describe any methods used to minimize burden.


To mitigate potential burden on all participating entities, the FBI has built the COLECT as a web portal which will serve as a platform to access the LADC application. Also, based on research conducted with the LADC task force and other federal agencies, many small agencies do not have the funds necessary to create or maintain their own digital forensics departments. This leads many small agencies to either distribute data decryption to a third party agency, such as a state crime lab, or an outside contractor with decryption capabilities. In these cases, these small agencies would not be the primary access point for lawful access information. The FBI’s UCR Program plans to continually evaluate the collection universe and primary access points to maximize accurate responses without undue burden to smaller agencies.


6. If the collection of information impacts small businesses or other small entities, describe any methods used to minimize burden.


The LADC will provide vital information on the volume of impacted law enforcement investigation along with key metrics related to data encryption and its effect on law enforcement investigations activities. The FBI’s UCR Program is requesting agencies submit reports on negatively impacted cases once a delay in investigative activities that can be attributed to data encryption is determined. Not collecting this information will result in a loss of potential knowledge and decision-making abilities around the topic of lawful access and law enforcement activities.


The FBI’s UCR Program is requesting law enforcement agencies submit information on an incident-by-incident basis. This means agencies will submit data on an impacted investigation after the incident has occurred. Participation in the LADC is voluntary and law enforcement agencies are under no existing requirement to submit information at any defined cadence concerning this topic.


7. Explain any special circumstances that would cause an information collection to be conducted in a manner:


  • requiring respondents to report information to the agency more often than quarterly;


  • requiring respondents to prepare a written response to a collection of information in fewer than 30 days after receipt of it;


  • requiring respondents to submit more than an original and two copies of any document;


  • requiring respondents to retain records, other than health, medical, government contract, grant-in-aid, or tax records for more than three years;


  • in connection with a statistical survey, that is not designed to produce valid and reliable results that can be generalized to the universe of study;


  • requiring the use of statistical data classification that has not been reviewed and approved by OMB;


  • that includes a pledge of confidentially that is not supported by authority established in statute or regulation, that is not supported by disclosure and data security policies that are consistent with the pledge, or which unnecessarily impedes sharing of data with other agencies for compatible confidential use; or


  • requiring respondents to submit proprietary trade secret, or other confidential information unless the agency can demonstrate that it has instituted procedures to protect the information's confidentially to the extent permitted by law.


The FBI’s UCR Program is requesting law enforcement agencies submit information on an incident-by-incident basis. This means agencies will submit data on an impacted investigation after the incident has occurred. Participation in the LADC is voluntary and law enforcement agencies are under no existing requirement to submit information at any defined cadence. The LADC does not contain data elements or any additional questions that meet the special circumstances specifications found in the Paperwork Reduction Act Guide. Additionally, respondents are expected to respond to this collection 50 times annually.


8. If applicable, provide a copy and identify the date and page number of publication in the Federal Register of the agency's notice, required by 5 CFR 1320.8(d), soliciting comments on the information collection prior to submission to OMB. Summarize public comments received in response to that notice and describe actions taken by the agency in response to these comments. Specifically address comments received on cost and hour burden.


Describe efforts to consult with persons outside the agency to obtain their views on the availability of data, frequency of collection, the clarity of instructions and recordkeeping, disclosure, or reporting format (if any), and on the data elements to be recorded, disclosed, or reported.


Consultation with representatives of those from whom information is to be obtained or those who must compile records should occur at least once every 3 years -- even if the collection-of-information activity is the same as in prior periods. There may be circumstances that may preclude consultation in a specific situation. These circumstances should be explained.


The 60-Day Notice was published in the Federal Register on April 24, 2023 (88 FR 24836). The comment period ended on June 24, 2023. No comments were received.


9. Explain any decision to provide any payments or gifts to respondents, other than remuneration of contractors or grantees.


Not applicable.


10. Describe any assurance of confidentiality provided to respondents and the basis for the assurance in statute, regulation, or agency policy.


The FBI’s UCR Program does not assure confidentiality. However, LADC data do not contain directly identifiable information which would reveal the identity of an individual. In addition, LADC data are not expected to be released directly to the public as part of a regular release or publication by the FBI’s UCR Program.


The agency case identification or number is collected in the LADC, but no other identifying information about the reporting agency or individuals involved is gathered, and the collected criminal offenses element is a list of unique offenses categories created specifically for the LADC. There is no connection between this information and any personal or sensitive information.


The FBI has completed a Privacy Threshold Analysis (PTA) to identify privacy risks and mitigations pertinent to this collection. The PTA determined that this information collection presents no significant privacy risks.


11. Provide additional justification for any questions of a sensitive nature, such as sexual behavior and attitudes, religious beliefs, and other matters that are commonly considered private. This justification should include the reasons why the agency considers the questions necessary, the specific uses to be made of the information, the explanation to be given to persons from whom the information is requested, and any steps to be taken to obtain their consent.


Not Applicable


12. Provide estimates of the hour burden of the collection of information. The statement should:


  • Indicate the number of respondents, frequency of response, annual hour burden, and an explanation of how the burden was estimated. Unless directed to do so, agencies should not conduct special surveys to obtain information on which to base hour burden estimates. Consultation with a sample (fewer than 10) of potential respondents is desirable. If the hour burden on respondents is expected to vary widely because of differences in activity, size, or complexity, show the range of estimated hour burden, and explain the reasons for the variance. General, estimates should not include burden hours for customary and usual business practices.


  • If this request for approval covers more than one form, provide separate hour burden estimates for each form.


  • Provide estimates of annualized cost to respondents for the hour burdens for collections of information, identifying and using appropriate wage rate categories. The cost of contracting out or paying outside parties for information collection activities should not be included here. Instead, this cost should be included in Item 14.


Due to the inability to accurately measure the total universe of potential respondents to the LADC, providing a calculated burden estimate based on total volume of expected responses is not possible at this time. Additionally, the potential volume of lawful access impacts to criminal investigations is largely unknown. As this is the primary research question that began the LADC initiative, it would be inappropriate to claim a total respondent count or expected reporting volume. As the PRA directs not to perform any special survey projects to determine base burden estimates, the FBI’s UCR Program relied on discussions with the LADC Task Force and pre-approved pilot testing to determine parameters for burden estimates


Based on useability assessment and testing, the FBI’s UCR Program anticipates an average of three minutes and twelve seconds of burden per response submitted for the LADC. This is based on responses received during the pilot and internal testing procedures. As the total number of agencies eligible to submit data to the LADC is unknown and the national volume of impacted cases is part of the research goals for the LADC, the total annual responses cannot be estimated using tangible metrics. Until a more complete picture of cases impacted by encryption is established, an estimated annual response volume will be used to produce an annual burden estimate. This estimate will be based on an estimated total 19,000 eligible law enforcement agencies and an estimated average response rate of 50 reported cases per agency. As the volume of cases impacted by encryption will vary based on agency size and population coverage, this average rate of response will serve as a starting point for burden estimation. As agencies begin to report information to the FBI, the FBI’s UCR Program will evaluate the number of reports received to calculate more accurate metrics for annual burden. Below is a calculation of the estimated burden using a response time of 3 minutes, 12 seconds.

Total annual responses: 950,000 (19,000 X 50)



Time per response: 3 minutes 12 seconds



Annual burden: 50,667 hours ([(950,000 X 192 seconds)/60]/60)






Total requested annual burden hours: 50,667 hours


13. Provide an estimate of the total annual cost burden to respondents or recordkeepers resulting from the collection of information. (Do not include the cost of any hour burden shown in Items 12 and 14).


  • The cost estimate should be split into two components: (a) a total capital

and start up cost component (annualized over its expected useful life); and (b) a

total operation and maintenance and purchase of service component.

The estimates should take into account costs associated with generating,

maintaining, and disclosing or providing the information. Include descriptions of

methods used to estimate major cost factors including system and technology acquisition, expected useful life of capital equipment, the discount rate(s), and the time period over which costs will be incurred. Capital and start-up costs include, among other items, preparations for collecting information such as purchasing computers and software; monitoring, sampling, drilling and testing equipment; and record storage facilities.


  • If cost estimates are expected to vary widely, agencies should present ranges of cost burdens and explain the reasons for the variance. The cost of purchasing or contracting out information collection services should be a part of this cost burden estimate. In developing cost burden estimates, agencies may consult with a sample of respondents (fewer than 10), utilize the 60-day pre-OMB submission public comment process and use existing economic or regulatory impact analysis associated with the rulemaking containing the information collection, as appropriate.


  • Generally, estimates should not include purchases of equipment or services, or portions thereof, made: (1) prior to October 1, 1995, (2) to achieve regulatory compliance with requirements not associated with the information collection, (3) for reasons other than to provide information or keep records for the government, or (4) as part of customary and usual business or private practices.



There are no direct costs to law enforcement to participate in the FBI’s UCR Program other than the time to respond to the data collection questions, and for any additional follow-up between the agency and the FBI’s UCR Program.  Respondents may incur capital or start-up costs associated with this information collection, although it is difficult to obtain the costs from agency-to-agency.


  1. Provide estimates of the annualized cost to the Federal Government. Also, provide a description of the method used to estimate cost, which should include quantification of hours, operational expenses (such as equipment, overhead, printing, and support staff), any other expense that would not have been incurred without this collection of information. Agencies also may aggregate cost estimates from Items 12, 13, and 14 into a single table.

According to the cost model provided by the FBI’s Criminal Justice Information Services (CJIS) Division, Resources Management Section, Fee Programs Unit, the following are projections based upon prior collection activity. The cost module does not separate the costs between methods of collecting UCR data, and as the LADC is a new collection, no collection costs estimates can be provided specifically for the LADC. The RMS cannot provide a breakdown of separate UCR collections; therefore, the total cost of the FBI’s UCR Program and its collection activities are provided.

Data Collection and Processing Costs

FY 2021

Complete Training and Maintain Certifications

$ 27,117.87

Conduct and Receive Information Technology (IT) Training

$ 41,729.29

Conduct Assessment/Perform Analysis

$ 21,485.66

Conduct Campus Space Management Functions

$ 15,664.99

Conduct Design and Engineering

$ 42,582.97

Conduct IT Security Audits

$ 37,695.70

Conduct Liaison, Education, and Promotion

$ 558,101.96

Conduct Other Educational Activities-CJIS Workforce

$ 13,690.60

Conduct Partner Engagement

$ 44,717.77

Conduct Training and Maintain Certifications

$ 70,149.41

Conduct Tribal Engagement Activities

$ 9,305.80

Conduct UCR Audits

$ 375,863.73

Conduct UCR Training

$ 481,550.56

Conduct Workforce Planning

$ 32,850.56

Contract and Resource Management

$ 43,888.12

Define and Oversee Compliance within IT Infrastructure

$ 136,315.95

Define and Oversee the IT Security Environment

$ 23,006.23

Deliver Curriculum-CJIS Workforce

$ 34,414.30

Deliver Curriculum-External Customers

$ 8,341.30

Develop and Maintain Standards

$ 19,203.87

Develop and Manage Policy

$ 224,802.34

Develop Communications (Website, Presentations, Conferences)

$ 32,766.74

Develop Cost Estimates

$ 17,721.19

Develop Curriculum-CJIS Services

$ 7,226.12

Develop Curriculum-CJIS Workforce

$ 36,662.62

Develop Curriculum-External Customers

$ 4,384.72

Develop/Award/Oversee Construction Contracts

$ 60,697.83

Develop/Award/Oversee Service and Operations/Maintenance Contracts

$ 28,354.74

Ensure Diversity Inclusion

$ 1,256.93

Manage Budget Execution

$ 125,474.15

Manage Budget Formulation

$ 94,325.03

Manage Congressional Correspondence

$ 8,955.40

Manage Innovation and Technology Center

$ 13,933.30

Manage Personnel Issues

$ 122,866.21

Manage Projects

$ 120,145.87

Operate the IT Operations Center

$ 82,030.08

Oversee Employee Benefits

$ 3,753.79

Oversee Performance Management and Recognition

$ 10,721.84

Partner Engagement

$ 9,268.59

Perform Acquisition, Warehousing, Inventory, Supply Management

$ 59,812.50

Perform Administrative and Human Resource Tasks

$ 604,090.31

Perform Administrative Tasks

$ 245,602.71

Perform Administrative Tasks

$ 90,402.28

Perform Advisory Policy Board (APB) tasks

$ 325,499.79

Perform and Oversee IT Service Management Activities

$ 94,458.56

Perform Budget Tasks

$ 2,665.41

Perform Budget, Strategic Planning, and Program Control

$ 331,762.10

Perform Disaster Recovery Tasks

$ 2,969.09

Perform Contracting Officer’s Representative Duties

$ 43,306.67

Perform Duties as the Agile Product Owner

$ 9,841.90

Perform Facility Maintenance

$ 171,314.99

Perform Industrial Security Tasks

$ 6,528.94

Perform IT Finance Functions

$ 16,423.17

Perform Organization IT Management and Strategic Planning

$ 47,570.65

Perform Other Agile Duties

$ 16,398.18

Perform Personnel Security Tasks

$ 45,793.69

Perform Physical Security Tasks

$ 7,365.78

Perform Professional Responsibility Tasks

$ 4,500.49

Perform Program Management

$ 39,716.71

Perform Records Management

$ 61,076.02

Perform Research and Analysis

$ 287,649.48

Perform Research and Development

$ 21,150.72

Perform Safety & Health Activities

$ 23,485.57

Perform Scaled Agile Framework (SAFe) Agile Duties

$ 71,852.80

Perform Strategic Planning

$ 106,758.08

Perform Technical Security Tasks

$ 1,284.38

Perform the Client Management Function

$ 4,812.26

Perform Unit Budget Activities

$ 36,220.87

Perform Work Orders; Service Tickets

$ 289,817.39

Plan and Participate in Source Selection

$ 73,889.11

Planning and Implementing New Data Collections

$ 169,389.05

Process Media, Freedom of Information Act, and Congressional Requests

$ 159,225.60

Produce Publications

$ 51,030.65

Program, Product & Project Management Services

$ 142,572.76

Project Management-User Agreement

$ 5,492.29

Provide Administrative Support

$ 930,474.55

Provide Analytical Support-APB Support

$ 5,861.14

Provide and Administer Databases and Database services

$ 2,145.60

Provide and Administer Middleware Services

$ 4.11

Provide and Maintain LAN/WAN Equipment and Services

$ 56,000.42

Provide and Maintain Servers

$ 19,267.54

Provide and Maintain UNIX Operating Systems

$ 3,607.47

Provide and Maintain Voice and Data Transport Services

$ 3,861.06

Provide and Maintain Voice Resources

$ 13,882.72

Provide and Maintain Windows

$ 633.08

Provide and Oversee IT Help Desk Services

$ 31,253.22

Provide and Support End User Software Services

$ 23,591.23

Provide and Support Mobile Device Resources

$ 3,427.23

Provide and Support Network Printer Services

$ 10,726.48

Provide and Support Offline Storage Services

$ 4,104.42

Provide and Support Online Storage Services

$ 1,680.17

Provide and Support Workspace Resources

$ 13,520.48

Provide APB Support

$ 8,523.70

Provide Application Support and Operations Services

$ 140,150.83

Provide Central Print Services

$ 1,544.93

Provide Communications

$ 3,085.34

Provide Conferencing and Audio/Video Equipment and Facilities

$ 10,545.31

Provide Converged Infrastructure Appliances and Services

$ 305.65

Provide Deskside Support Services

$ 7,135.07

Provide Disaster Recovery Services

$ 2,498.52

Provide Editing Services/Support

$ 134,722.79

Provide Employee Assistance Program Services

$ 33,375.67

Provide Mail Services

$ 86,058.86

Provide Management & Administration

$ 962.91

Provide Materials Handling Services

$ 50,309.61

Provide Multimedia Production Services

$ 188,964.98

Provide Occupational Health Services

$ 40,862.33

Provide Printing Services

$ 17,898.41

Provide Procurement Services

$ 33,316.68

Provide Supervision/Personnel Management

$ 63,048.50

Provide Supervisory Review/Oversight

$ 37,177.85

Provide Support to Other Sections

$ 16,212.86

Provide Transportation Services

$ 51,615.61

Provide Vehicle Management Maintenance and Repair

$ 42,949.60

Provide Writing Services/Support

$ 126,178.62

Receive Record Track Inventory and Dispose of Property

$ 79,661.08

Respond to Media Requests

$ 1,343.64

Review Account Holder Purchases

$ 6,319.71

Select and Oversee Vendors via the IT Vendor Management Process

$ 4,894.74

Supervise Workload Management

$ 23,668.43

Support and Manage IT Programs, Product Initiatives

$ 30,234.10

Support and Manage the CJIS Security Network

$ 11,211.66

Support CJIS APB

$ 19,575.60

Support Off-the-Shelf Business Software Applications

$ 2,801.17

Support the Crime in the United States Publication

$ 708,461.59

Support the FBI’s Crime Data Explorer (CDE)

$ 383,862.62

Support the Hate Crimes Statistics Publication

$ 174,760.71

Support the Law Enforcement Officers Killed and Assaulted (LEOKA) Publication

$ 369,223.27

Support the National Use-of-Force Data Collection

$ 400,125.74

Support the Quarterly Uniform Crime Report

$ 281,824.10

Total Cost to Federal Government

$ 11,434,208.79


15. Explain the reasons for any program changes or adjustments.


Not applicable. This is a new program.


16. For collections of information whose results will be published, outline plans for tabulations, and publication. Address any complex analytical techniques that will be used. Provide the time schedule for the entire project, including beginning and ending dates of the collection of information, completion of report, publication dates, and other actions.


Due to the existing unknowns around the total universe of participating agencies and the primary purpose of the LADC, the FBI plans to implement a research-based publication strategy rather than a cadence-based release strategy. Instead of releasing metrics on a quarterly or annual basis, the FBI will conduct an analysis of the reported cases every three – five years, producing a detailed analysis product that will be released to the public via the CDE. The FBI will provide detailed methodology and analysis documents to support proper understanding of the metrics seen in these analysis reports and the methods used to arrive at data collection findings. As the FBI begins to receive data submissions from agencies, the FBI will continue to evaluate the proper cadence for releasing reports and other forms of LADC data.


In the time between analysis products, the FBI will develop the ability to run reports on demand to provide to internal partners and policy makers for the purpose of research and analysis that can help educate and inform internal partners with a national view of lawful access data. These reports will cover all reported data submitted to the FBI based on a determined timeframe, but no analysis will be provided. Information in these on-demand reports will carry an embargo policy to restrict public release of the information until formal release by the FBI.


Evaluation of participation and population coverage will be an area of research and analysis for the future of the LADC. The need for a study focused on the total population coverage and potential nonresponse will be evaluated after sufficient data have been collected to provide a clearer picture of the available data that exists within the LADC scope.

17. If seeking approval to not display the expiration date for OMB approval of the information collection, explain the reasons that display would be inappropriate.


The FBI does not wish to display the expiration date for OMB approval of the information collection due to the mode of data collection. The LADC will be collected via web form available on COLECT through the restricted-access LEEP. To keep an expiration date current would require constant programming changes of the web form by the FBI.


18. Explain each exception to the certification statement.

Not applicable

14


File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File Modified0000-00-00
File Created2023-08-18

© 2024 OMB.report | Privacy Policy