AGENCY:

Transportation Security Administration, DHS.

ACTION:

Notice of proposed rulemaking (NPRM).

SUMMARY:

The Transportation Security Administration (TSA) is proposing a regulation to implement provisions of the Implementing Recommendations of the 9/11 Commission Act of 2007 (9/11 Act) that require security vetting of certain public transportation, railroad, and over-the-road-bus (OTRB) employees. In accordance with the 9/11 Act, TSA proposes to require security-sensitive employees of certain public transportation operators and railroads to undergo a Level 2 security threat assessment (STA) that includes an immigration check and terrorism watchlist check to determine whether the applicant may pose a security threat. Further, TSA proposes to require security coordinators of certain public transportation, railroad, and OTRB operators to undergo a Level 3 STA, which includes the Level 2 check plus a criminal history records check. TSA proposes appeal and waiver procedures for individuals who are adversely impacted by the vetting. Finally, TSA proposes to establish user fees to recover TSA's costs for vetting, as required by law.

DATES:

Submit comments on or August 21, 2023.

ADDRESSES:

You may submit comments, identified by the TSA docket number to this rulemaking, to the Federal Docket Management System (FDMS), a government-wide, electronic docket management system. To avoid duplication, please use only one of the following methods:

• Electronic Federal eRulemaking Portal: https://www.regulations.gov. Follow the online instructions for submitting comments.

• Mail: Docket Management Facility (M–30), U.S. Department of Transportation, 1200 New Jersey Avenue SE, West Building Ground Floor, Room W12–140, Washington, DC 20590–0001. The U.S. Department of Transportation (DOT), which maintains and processes TSA's official regulatory dockets, will scan the submission and post it to FDMS.

• Fax: (202) 493–2251.

See SUPPLEMENTARY INFORMATION section for format and other information about comment submissions.

FOR FURTHER INFORMATION CONTACT:

For program questions: Victor Parker, Surface Division, Policy, Plans, and Engagement, TSA–28, Transportation Security Administration, 6595 Springfield Center Drive, Springfield, VA 20598–6002; telephone (571) 227–1039; email VettingPolicy@tsa.dhs.gov.

For legal questions: Christine Beyer, Chief Counsel's office, TSA–2, Transportation Security Administration, 6595 Springfield Center Drive, Springfield, VA 20598–6002; telephone (571) 227–3653; email christine.beyer@tsa.dhs.gov.

SUPPLEMENTARY INFORMATION:

Public Participation

TSA invites interested persons to participate in this rulemaking by submitting written comments, data, or views. We also invite comments relating to the economic, environmental, energy, or federalism impacts that might result from this rulemaking action, as well as on TSA's collections of information under the Paperwork Reduction Act as described further below. You may submit comments, identified by the TSA docket number for this rulemaking, to the ADDRESSES noted above. With each comment, please include this docket number at the beginning of your comments. You may submit comments and material electronically, in person, by mail, or fax as provided under ADDRESSES , but please submit your comments and material by only one means. If you submit comments by mail or in person submit them in an unbound format, no larger than 8.5 by 11 inches, suitable for copying and electronic filing. If you would like TSA to acknowledge receipt of comments submitted by mail, include with your comments a self-addressed, stamped postcard or envelope on which the docket number appears. TSA will stamp the date on the postcard and we will mail it to you.

All comments, except those that include confidential information and sensitive security information (SSI) ^[1] will be posted to https://www.regulations.gov, and will include any personal information you have provided. Should you wish your personally identifiable information redacted prior to filing in the docket, please clearly indicate this request in your submission. TSA will consider all comments that are in the docket on or before the closing date for comments and will consider comments filed late to the extent practicable. The docket is available for public inspection before and after the comment closing date.

Handling of Confidential or Proprietary Information and SSI Submitted in Public Comments

Do not submit comments that include trade secrets, confidential commercial or financial information, or SSI to the public regulatory docket. Comments containing this type of information should be submitted separately from other comments, appropriately marked as containing such information, and submitted by mail to one of the addresses listed in the FOR FURTHER INFORMATION CONTACT section. TSA will take the following actions for all submissions containing SSI:

• TSA will not place comments containing SSI in the public docket and will handle them in accordance with applicable safeguards and restrictions on access.
• TSA will hold documents containing SSI, confidential business information, or trade secrets in a separate file to which the public does not have access, and place a note in the public docket explaining that commenters have submitted such documents.
• TSA may include a redacted version of the comment in the public docket.
• TSA will treat requests to examine or copy information that is not in the public docket as any other request under the Freedom of Information Act (FOIA) (5 U.S.C. 552) and the Department of Homeland Security's (DHS') FOIA regulation found in 6 CFR part 5.

Privacy Act

Please be aware that anyone is able to search the electronic form of all comments in any of our dockets by the name of the individual who submitted (or signed the comment ( e.g., if submitted by an association, business, labor union, etc.) For more about privacy and the docket, review the Privacy and Security Notice for the FDMS at https://www.regulations.gov/​privacyNotice, as well as the System of Records Notice DOT/ALL 14—Federal Docket Management System (73 FR Start Printed Page 33473 3316, January 17, 2008) and the System of Records Notice DHS/ALL 044—eRulemaking (85 FR 14226, March 11, 2020).

Reviewing Docket Comments and Documents

You can review TSA's electronic public docket at https://www.regulations.gov. In addition, DOT's Docket Management Facility provides a physical facility, staff, equipment, and assistance to the public. To obtain assistance or to review items in TSA's public docket, you may visit this facility between 9 a.m. and 5 p.m., Monday through Friday, excluding legal holidays, or call (202) 366–9826. This DOT operations facility is located in the West Building Ground Floor, Room W12–140 at 1200 New Jersey Avenue SE, Washington, DC 20590.

You can find an electronic copy of rulemaking documents through the internet by-searching the electronic FDMS web page at https://www.regulations.gov; or at https://www.federalregister.gov. In addition, copies are available by writing or calling the individual in the FOR FURTHER INFORMATION CONTACT section. Make sure to identify the docket number of this rulemaking.

Abbreviations and Terms Used in This Document

ALJ—Administrative Law Judge

ATSA—Aviation and Transportation Security Act

CBP—U.S. Customs and Border Protection

CFR—Code of Federal Regulations

CHRC—Criminal History Records Check

CJIS—Criminal Justice Information Services

DHS—U.S. Department of Homeland Security

DOE—Determination of Eligibility

ESVP—Enrollment Services and Vetting Programs

FAST—Free and Secure Trade Program

FBI—Federal Bureau of Investigation

FDI—Final Determination of Ineligibility

HME—Hazardous Materials Endorsement

IDENT—Automated Biometrics Identification System

NPRM—Notice of Proposed Rulemaking

OTRB—Over-the-Road Bus

PDI—Preliminary Determination of Ineligibility

PDIIR—Preliminary Determination of Ineligibility with Immediate Revocation

SAVE—Systematic Alien Verification for Entitlements Program

SENTRI—Secure Electronic Network for Travelers Rapid Inspection Program

SSI—Sensitive Security Information

STA—Security Threat Assessment

TSA—Transportation Security Administration

TWIC—Transportation Worker Identification Credential

U.S.C.—United States Code

USCIS—U.S. Citizenship and Immigration Services

Table of Contents

I. Executive Summary

A. Purpose of the Regulation

B. Summary of Major Provisions

II. Background

A. Statutory and Regulatory History

B. Specific Provisions

1. Security-Sensitive Employees

2. Security Coordinators

3. IDENT and Rap Back

4. Identity Verification

5. Use of TSA Enrollment Centers

6. Vetting Structure

7. Effective Dates and Compliance

III. Analysis of Proposed Part 1530

A. Introduction

B. Proposed Subpart A—General

1. Proposed § 1530.1

2. Proposed § 1530.3

3. Proposed § 1530.5

4. Proposed § 1530.7

5. Proposed § 1530.9

6. Proposed § 1530.11

7. Proposed § 1530.13

C. Proposed Subpart B—Individual Enrollment Requirements Continuing Responsibilities

1. Introduction

2. Proposed § 1530.101

3. Proposed § 1530.103

4. Proposed § 1530.105

5. Proposed § 1530.107

6. Proposed § 1530.109

D. Proposed Subpart C—Reserved

E. Proposed Subpart D—Fees

1. Introduction

2. Costs

3. Populations

4. Fees

5. Proposed § 1530.301

6. Proposed § 1530.303

7. Proposed § 1530.305

8. Proposed § 1530.307

9. Proposed § 1530.309

F. Proposed Subpart E—Adjudication Procedures

1. Introduction

2. Proposed § 1530.401

3. Proposed § 1530.403

4. Proposed § 1530.405

5. Sections 1530.407, 1530.409, 1530.411—Reserved

6. Proposed § 1530.413

7. Proposed § 1530.415

8. Proposed § 1530.417

9. Proposed § 1530.419

G. Proposed Subpart F—Standards

1. Introduction

2. Proposed § 1530.501

3. Proposed § 1530.503

4. Proposed § 1530.505

5. Proposed § 1530.507

6. Proposed § 1530.509

H. Proposed Subpart G—Appeal and Waiver Procedures for Security Threat Assessments

1. Introduction

2. Proposed § 1530.601

3. Proposed § 1530.603

4. Exhaustion of Administrative Remedies

5. Proposed § 1530.605

6. Proposed § 1530.607

7. Proposed § 1530.609

8. Proposed § 1530.611

9. Proposed § 1530.613

IV. Analysis of Proposed Changes to Parts 1500, 1570, 1572, 1580, 1582, and 1584

A. Introduction

B. Proposed Changes to Part 1500

C. Proposed Changes to Part 1570

D. Proposed Changes to Part 1572

E. Proposed Changes to Part 1580

1. Proposed § 1580.301

2. Proposed § 1580.303

3. Proposed § 1580.305

4. Proposed § 1580.307

F. Proposed Changes to Part 1582

1. Proposed § 1582.201

2. Proposed § 1582.203

3. Proposed § 1582.205

4. Proposed § 1582.207

G. Proposed Changes to Part 1584

1. Proposed § 1584.201

2. Proposed § 1584.203

3. Proposed § 1584.205

4. Proposed § 1584.207

I. Executive Summary

A. Purpose of the Regulation

This proposed rulemaking would serve three purposes:

(1) Surface transportation security vetting . The NPRM proposes to implement requirements in the 9/11 Act ^[2] to vet certain public transportation, railroad, and OTRB employees:

• Conduct a “name-based security background check against the consolidated terrorist watchlist and an immigration check” for frontline public transportation employees ^[3] and frontline railroad employees.^[4]

• Require security coordinators of railroads ^[5] and OTRBs ^[6] to be U.S. citizens, unless TSA waives this requirement after an appropriate background check of the individual and a satisfactory review of the consolidated terrorist watchlist.

(2) Fees. TSA is proposing an equitable fee schedule to recover the costs of vetting services. TSA must sustain vetting programs, like those proposed in this rulemaking, through user fees in accordance with 6 U.S.C. 469, Fees for Credentialing and Background Investigations in Transportation.

(3) Redress. The 9/11 Act provides that if TSA issues a regulation requiring operators to conduct vetting of public transportation ^[7] and railroad employees,^[8] TSA must require the operators to provide appeal and waiver procedures, like the procedures TSA Start Printed Page 33474 established in the Transportation Worker Identification Credential (TWIC) program in accordance with 46 U.S.C. 70105 and codified at 49 CFR parts 1515, 1572. TSA proposes appeals, waivers, review by Administrative Law Judges (ALJs), and review by the TSA Final Decision Maker for individuals who are adversely affected by the vetting.

B. Summary of Major Provisions

In accordance with the 9/11 Act and risk-based principles, TSA proposes to require frontline or “security-sensitive” employees of public transportation and railroad operators to undergo a Level 2 STA, which includes an immigration check and a terrorism check and other analyses (terrorism/other analyses).^[9] Specifically, sections 1411 and 1520 of the 9/11 Act require TSA to conduct terrorist and immigration status vetting of public transportation and railroad employees, similar to the check TSA conducted in 2006 in the maritime sector. In sections 1143 and 1170 of the Act, Congress defines a security background check as vetting that includes criminal, immigration and terrorist checks, and provides that if TSA issues a rulemaking to require operators to conduct security background checks, TSA must require use of the criminal standards and redress required by 46 U.S.C. 70105, and 49 CFR part 1572.

Further, TSA proposes to require security coordinators of public transportation, railroad, and OTRB operators to complete a Level 3 STA, which includes an immigration check, criminal check, and terrorism/other analyses check. Table 1 below provides a summary of these proposed vetting requirements. Also, TSA proposes a robust redress process for individuals who are deemed ineligible for a position as a result of the vetting, to ensure that they are not disqualified in error. Finally, TSA proposes user fees to cover the costs of TSA's vetting, as required by statute.^[10]

C. Costs and Benefits

Table 2 identifies estimated 10-year costs to certain freight railroad carriers, public transportation and passenger railroad (PTPR) operators, OTRB operators, and TSA; and the overall cost of this proposed rule.

As compared to attacks carried out by passengers, attacks carried out by employees pose a higher likelihood of success and/or a larger impact due to employees' knowledge of the systems, infrastructure, vulnerabilities and operations. Also, employees possess unique access to critical operations and areas, which permits them to move with ease in sensitive areas where similar actions by passengers would be more readily identified as suspicious activity, and increases the opportunity and confidence to commit an attack. Known or suspected terrorists (KSTs) are more likely to be responsible for a disproportionate number of all attacks as compared to their proportion of the population, and thus moving KSTs and other higher-risk individuals out of the `insider' positions employees hold reduces risk, while affecting a very small percentage of all employees. Initial vetting inhibits applicants or existing employees from commencing or continuing their employment, which deters their ability to carry out an act. Recurrent vetting ensures employees who become threats can be removed quickly, reducing the overall net risk to this industry. While is it not possible to quantify the net risk reduction employee vetting creates, TSA's comprehensive vetting of transportation workers has effectively identified insider threats. The effort creates a meaningful reduction of risk of an insider attack, which benefits transportation security.

II. Background

A. Statutory and Regulatory History

Following the terrorist attacks of September 11, 2001, Congress created the National Commission on Terrorist Attacks Upon the United States (9/11 Commission).^[11] The 9/11 Commission investigated the facts and circumstances relating to the attacks, and, on July 22, 2004, issued its Report.^[12]

In the Report, the 9/11 Commission recognized that transportation involves more than just aviation, noting that “[a]bout 6,000 agencies provide transit services through buses, subways, ferries, and light-rail service to about 14 million Americans.” ^[13] The 9/11 Commission also recognized that “[o]pportunities to do harm are as great, or greater, in maritime or surface transportation” as they are in aviation.^[14] The Commission specifically noted the “use of insiders” as a possible terrorist tactic.^[15] The Commission included in its report numerous recommendations for further action by the U.S. Government and other actors.^[16]

In the 9/11 Act, Congress implemented many of the 9/11 Commission's recommendations. Congress requires TSA to issue regulations on security training, vetting, vulnerability assessments, and security plans for surface transportation entities. TSA is complying with the statute by issuing separate, but related rulemakings.^[17] This rulemaking addresses the 9/11 Act requirements to conduct “security background checks” of certain public transportation, railroad carrier, and OTRB employees. For purposes of this rulemaking and consistent with common vetting terminology, TSA uses the term “security threat assessment (STA)” in place of “security background checks” and the terms have the same meaning.

The 9/11 Act requires TSA to evaluate an individual in the STA process to identify “individuals who may pose a threat to transportation security or national security, or of terrorism.” ^[18] Individuals who may pose such threats are not eligible to perform security-sensitive or security coordinator functions. TSA proposes to use this standard set forth in the 9/11 Act for all individuals who apply for an STA under this rulemaking.

Under the 9/11 Act, TSA must conduct an STA of frontline public transportation employees ^[19] and railroad employees ^[20] that includes a terrorism and immigration check. TSA calls this a Level 2 check. The 9/11 Act does not require a Level 2 check of frontline OTRB employees. The 9/11 Act also states that public transportation ^[21] and railroad ^[22] employees who are subject to security vetting should have an adequate redress process available to them to ensure that they are not removed or deemed ineligible in error. Finally, the 9/11 Act requires security coordinators of railroads ^[23] and OTRB ^[24] owner/operators to be U.S. citizens, unless TSA waives this requirement after conducting an appropriate STA.

TSA has extensive responsibility for and experience in vetting individuals who access the nation's transportation system. TSA has broad general authority to “require background checks for airport security screening personnel, individuals with access to secure areas of airports, and other transportation security personnel.” ^[25] In addition, there are statutes that require TSA to conduct STAs of specific individuals, such as: (1) certain airport and airline workers; ^[26] (2) certain merchant mariners and individuals who require unescorted access to secure areas of vessels and maritime facilities; ^[27] (3) individuals seeking hazardous materials endorsements (HMEs) on commercial driver's licenses issued by the States; ^[28] and (4) applicants for trusted traveler status to participate in the TSA PreCheck® Application Program.^[29]

An STA is an inquiry to confirm an individual's identity and determine whether the individual poses or may pose a security threat to transportation or national security, or of terrorism. Individuals who TSA determines do not to pose a threat may be eligible for access to transportation infrastructure or assets, or other privileges and credentials. An STA consists of one or more checks against certain data sources, which may include terrorist or other government or intelligence watchlists, Interpol, immigration records, and criminal history records. As explained below, the specific checks TSA performs vary depending on the governing statutory requirements and the security needs associated with the access, privilege, or credential the individual seeks. In this NPRM, we propose the vetting standards and redress required by the 9/11 Act. In addition, we propose to conduct recurrent vetting and renewal of the STA every 5 years. The recurrent vetting and STA renewal is not required by the 9/11 Act, but is necessary to create a useful and effective inquiry into these transportation workers.

B. Specific Provisions

1. Security-Sensitive Employees. Like the 9/11 Act training requirements that were the subject of a separate Start Printed Page 33476 rulemaking,^[30] the 9/11 Act vetting requirements refer to “frontline” employees (that is, “public transportation frontline employees” in section 1411 and “frontline railroad employees” in section 1520). The 9/11 Act provides definitions for “frontline employee” within each mode of transportation.^[31] For instance, the statute defines the term “railroad frontline employees” to mean security personnel, dispatchers, locomotive engineers, conductors, trainmen, other onboard employees, maintenance and maintenance support personnel, bridge tenders, and any other railroad employees that the Secretary of Homeland Security determines should receive security training. The statute provides similar definitions for OTRB and public transportation operations.

As part of the Security Training rulemaking, TSA adopted the term “security-sensitive employees” instead of “frontline employees” to capture the individuals who are subject to the 9/11 Act requirements.^[32] TSA analyzed the employees listed in the 9/11 Act's definitions of “frontline employees” and considered whether employees are in a position to detect suspicious activity because of where they work, their interaction with the public, or their access to information. TSA also considered which individuals may need to know how to report or respond to these potential threats. As a result of this analysis, TSA determined that employees who perform functions with a direct nexus to, or impact on transportation security, should be called “security-sensitive employees” rather than “frontline employees.”

In this rulemaking, consistent with the 9/11 Act (which, as noted above, uses the “frontline employee” terminology with respect to both training and vetting), and the applicability and terminology of the Security Training rulemaking, TSA proposes to implement the requirement to vet “frontline” rail and public transportation employees by issuing vetting regulations that apply to the same population of “security-sensitive” rail and public transportation employees covered by the Security Training rulemaking.^[33] The following tables, taken from the Security Training rulemaking, describe the security-sensitive functions that, under this rule, would be subject to new vetting requirements.^[34]

The 9/11 Act uses the term `employees' when discussing the individuals who must undergo an STA. However, TSA understands this term to include any individual who performs the security-sensitive functions outlined in the charts above or acts as a security coordinator, regardless of whether they have a strict employer/employee relationship with the operator. If an operator enters into a contract with a company to provide on-board food and beverage service on public transportation, as described in Line G in the chart above, the individuals who perform those security-sensitive services are in positions to create security vulnerabilities regardless of whether they are `employees' or authorized representatives, including contract personnel, of the operator.

TSA defines an authorized representative in 49 CFR 1500.3 as a person who is not a direct employee of the operator, but is authorized to act on the operator's behalf to perform required security measures. The term `authorized representative' includes agents, contractors, and subcontractors. Also, TSA defines contractor in 49 CFR 1570.3 as a person or organization that provides a service for an owner/operator regulated under this subchapter consistent with a specific understanding or arrangement. The understanding can be a written contract or an informal arrangement that reflects an ongoing relationship between the parties.

For purposes of this proposed rulemaking, TSA intends that an employee or authorized representative (including contractor) of an operator who performs security-sensitive functions or acts as a security coordinator would be subject to the vetting requirements set forth in the 9/11 Act. TSA believes Congress intends TSA to apply the same level of scrutiny to employees or authorized representatives (including contractors) who perform these security functions. An alternate view in which an authorized representative performing security functions would not be subject to the STA an employee must undergo for performing the same functions would undermine the purpose of the 9/11 Act provisions and create obvious security risks. In all modes of transportation where TSA requires individuals who perform security functions or have access to secured areas to undergo an STA, an employer/employee relationship is not required to trigger the STA. For purposes of the vetting standards TSA administers, the individual's access or function that can impact the security of operations is the factor that determines whether an STA is required. If TSA adopted standards in which an employer could evade vetting requirements altogether by using Start Printed Page 33478 authorized representatives/contractors, the vetting framework would be a sieve permitting individuals with bad intent to move undetected in the transportation system.

The 9/11 Act provides that TSA must complete a “name-based security background check against the consolidated terrorist watchlist and an immigration status check” ^[35] that is similar to the threat assessment screening program that TSA conducted for maritime employees and longshoremen pursuant to a notice issued by the U.S. Coast Guard (USCG) in 2006.^[36] That Notice required port facility owner/operators to provide biographic information of all longshoremen and other individuals who enter the port regularly on spreadsheets to the USCG. The USCG then delivered the information to TSA, and TSA conducted a name-based terrorism and immigration status check using the biographic information provided. The Notice required facility operators and unions to “provide, on a continuing basis, the above-listed information for all new facility employees or longshoremen in a timely manner.” ^[37] The use of spreadsheets was necessary because TSA had not yet established enrollment centers to collect the necessary information electronically. TSA conducted this vetting while preparing the TWIC rulemaking that established the enrollment and vetting process it now uses for maritime employees. After publication of the Notice, TSA and USCG issued a joint rulemaking in January 2007 that established the TWIC vetting program. The rule established tiers of vetting, disqualification standards, and the requirement to renew the STA every 5 years. Once the TWIC rule became effective, it supplanted any vetting that was being done under the Notice.

While this process achieved the purpose of conducting vetting of the maritime workforce, it was resource-intensive and subject to errors due to the manual data collection and entry process. Since 2006, TSA's enrollment and vetting capabilities have matured substantially, and the new electronic processes are faster, more accurate, and more efficient. Also, various terrorist databases administered by other agencies have matured and grown. TSA is better positioned now to collect the necessary data and conduct recurrent ^[38] (daily) vetting electronically. Therefore, TSA proposes to conduct the STA called for in the 9/11 Act using the improved procedures and capabilities we now possess and use regularly in other vetting programs. Also, TSA proposes to conduct recurrent vetting of the terrorism/other analysis check for this population, as TSA does for all other vetting programs. A one-time vet of names would be viewed as substandard and the cost reduction would not justify the loss of security benefits. All of the vetting databases change daily, and thus a snapshot of a workforce in place for one day in time serves minimal long-term security benefit. An individual who passes a terrorism check Monday, may be newly identified as a threat and appear on a terrorist watchlist Tuesday. TSA's recurrent vetting does not require the vetted individual to perform any additional efforts; TSA's systems simply continue to run the biographic data collected against the watchlists each time they are amended, permitting TSA to conduct an investigation if any new information is discovered during the course of an individual's authorized access to indicate that they may pose a security threat. While the 9/11 Act does not expressly require recurrent vetting or renewal of the STA, TSA is authorized ^[39] to use its discretion and expertise in vetting to propose these procedures. Moreover, we believe Congress fully intends that TSA establish programs that are effective in identifying risks to transportation security.

Consistent with the 9/11 Act, TSA proposes to require security-sensitive employees of covered public transportation and railroad operators to undergo a Level 2 check that includes an immigration check and terrorism/other analyses check. For the terrorism/other analyses check, TSA reviews biographic information, documents, and databases to confirm an individual's identity, and searches government and non-government databases, including terrorist watchlists, criminal wants and warrants, Interpol, and other domestic and international sources, relevant to determining whether an individual may pose or poses a threat to transportation or national security, or of terrorism. If TSA determines that the individual poses or may pose a threat, the individual is not eligible for the security-sensitive position.

TSA conducts the terrorism/other analyses check recurrently for the duration of the STA, which is 5 years in most TSA vetting programs, and we propose the same for surface employees. Thus, if an individual initially “passes” the STA, but is later placed on a watchlist, TSA can quickly take appropriate action to disqualify the worker or otherwise minimize the threat.

The immigration check TSA proposes for security-sensitive employees would verify that the individual is a U.S. citizen or national, or a non-citizen who is a lawful permanent resident, refugee, asylee, lawful nonimmigrant, paroled into the U.S., or is otherwise authorized to work in the U.S. TSA conducts immigration checks by using the U.S. Citizenship and Immigration Services' (USCIS) Systematic Alien Verification for Entitlements (SAVE) Program. The SAVE Program is a government system designed to assist Federal, State, tribal, and local government agencies in determining an individual's immigration category to ensure that authorized individuals lawfully receive benefits or licenses.

As noted above, the 9/11 Act does not require TSA to conduct STAs of OTRB security-sensitive employees, and we are not proposing a Level 2 check of these individuals in this NPRM. However, TSA is considering adding that requirement in the final rule and invites comment from industry stakeholders on such a requirement. TSA is concerned that new terrorism-related tactics have emerged since passage of the 9/11 Act, including the use of vehicles in crowds to injure and kill innocent pedestrians. Beginning with the attack in Nice, France in 2016, vehicle ramming attacks have escalated. In 2017, 17 vehicle ramming attacks throughout the world were verified as terrorist-based, resulting in 173 fatalities and 667 injuries.

Moreover, buses, including those used for OTRB routes, are often provided extraordinary access and proximity to special events, athletic games, concerts or shopping venues, as a convenience to event-goers and as a traffic congestion tool for organizers. An “insider,” such as an OTRB driver, would have greater opportunity to harm event attendees by using a vehicle-borne improvised explosive device or simply conducting a ramming attack at passenger staging areas. The opportunity for harm using an OTRB may be greater than with use of a public transportation vehicle because OTRB operations include interstate business, which requires the vehicles to be capable of travelling much greater distances with much Start Printed Page 33479 heavier loads than transit buses. As a result, the typical OTRB is larger, heavier, and equipped with underfloor luggage storage areas not found in transit buses. Based upon its design, the OTRB is capable of transporting large volumes of dangerous materials that could be used in a terrorist attack.

TSA estimates that the addition of OTRB security-sensitive employee vetting would affect an additional estimated 47,423 OTRB employees, compared with the current public transportation/passenger rail population of approximately 179,337 and freight rail population estimated at 122,236. TSA estimates that the total annualized cost of compliance would increase by $2.2 million.

TSA invites comment on requiring Level 2 vetting for OTRB security-sensitive employees as part of this rulemaking. TSA has broad statutory authority to assess the need for and require vetting of transportation workers.^[40] Under this authority, TSA may require OTRB workers to undergo the same vetting that we are proposing to require for security-sensitive public transportation and railroad workers. We invite stakeholders to comment on the relative security risks that are associated with OTRB operations, including insider threats and public sector vulnerabilities. Also, TSA invites comment and data on the costs to owner/operators and individuals as a result of new vetting requirements, and ways to reduce costs.

2. Security Coordinators. In the Security Training rulemaking, TSA requires covered public transportation, railroad, and OTRB owner/operators to employ security coordinators.^[41] Security coordinators perform important security functions, including coordinating the owner/operator's security procedures internally and with appropriate law enforcement and emergency response agencies. These individuals typically have access to SSI, Personally Identifiable Information and sensitive information from government threat briefings, all of which require responsible handling. For these reasons, TSA proposes to require a more comprehensive Level 3 STA for security coordinators. TSA proposes that security coordinators must successfully complete a fingerprint-based criminal history records check (CHRC) in addition to the immigration and terrorism/other analyses checks. TSA requires security coordinators in other modes of transportation and certain individuals with access to SSI to undergo this more thorough STA as well.

TSA is proposing the same CHRC standards that currently apply in the TWIC and HME programs, codified at 49 CFR part 1572, for the Level 3 STA in this rulemaking. In the 9/11 Act, Congress provided that if TSA chose to require a CHRC for these surface workers, the TWIC/HME standards for CHRCs and redress should apply.^[42] Also, TSA proposes to codify the redress procedures in place for TWIC and HME applicants that are currently codified in 49 CFR part 1515, for security coordinators covered by this NPRM. Depending on the nature of the disqualification, individuals may appeal TSA's eligibility decision by asserting that the records on which TSA made its decision are incorrect; apply for a waiver of the criminal standards by asserting that the individual is rehabilitated; appeal TSA's waiver denial to an Administrative Law Judge; or seek review by the TSA Decision Maker.

The 9/11 Act provides that an individual serving as a security coordinator for a rail carrier or an OTRB owner/operator must be a citizen of the United States, unless TSA conducts an STA in place of the citizenship requirement.^[43] TSA proposes more thorough vetting for security coordinators, and this level of vetting satisfies the 9/11 Act as a substitute for the U.S. citizenship requirement. The security coordinator vetting requirements would apply to all rail carrier and OTRB security coordinators, including individuals who are not U.S. citizens.

3. Rap Back and IDENT. For all STAs that require a CHRC, TSA plans to conduct the CHRC through the Federal Bureau of Investigation (FBI), as is customary. Also, TSA plans to implement the FBI's Criminal Justice Information System (CJIS) “Rap Back” service for these individuals. Rap Back enables TSA to receive new criminal history information after the initial submission of fingerprints. Prior to the implementation of Rap Back, TSA had to submit new fingerprints and fees to obtain any new criminal history on an individual. The Rap Back service provides a “recurrent” criminal vetting capability that will enhance security significantly by providing TSA with timely criminal history information, rather than waiting for long periods, sometimes several years, to obtain the most recent criminal information. With Rap Back, TSA can determine that an individual who initially passed the CHRC and was eligible for access has become ineligible due to a recent disqualifying criminal offense. Rap Back has become an integral part of a CHRC and is now the industry standard for criminal vetting. TSA has implemented Rap Back for other vetting programs such as airport and aircraft operator employees and TWIC holders, and proposes to use it for the CHRCs that would be conducted under this proposed rule. The implementation of Rap Back will not affect the type or amount of information TSA must collect from each individual at enrollment.

TSA also plans to submit the fingerprints to the Automated Biometrics Identification System (IDENT), which is operated by the DHS's Office of Biometric Identity Management. IDENT is the Departmental biometric repository and provides additional, important information for TSA to use as part of the vetting process.

4. Identity (ID) Verification. TSA is proposing to require in-person ID verification at a TSA enrollment center as part of the vetting process. Accurately verifying the identity of each individual whom TSA vets remains one of the most important aspects of combatting insider threats and fraud. In-person ID verification provides a higher level of confidence that individuals are who they claim to be. TSA's enrollment personnel are trained to examine documents for evidence of fraud and may use electronic software that scores the identity documents for fraud. Also, if the documents presented are of concern to the enrollment agents, the agents can flag them for further analysis during the adjudication process, when adjudicators can compare the biographic information presented with other government or public records.

TSA considered proposing an entirely on-line ID verification and enrollment process, particularly where there is no need to collect fingerprints or take a photograph. However, TSA believes on-line ID verification creates opportunities for fraud relative to TSA's capacity to detect fraud at a physical enrollment center. TSA invites comments from stakeholders on potential ways to instill the same or greater level of reliability in on-line ID verification as we have for in-person ID verification. Start Printed Page 33480

5. Use of TSA enrollment centers. TSA proposes in this rulemaking to use its established enrollment process for vetting the individuals covered by this rule. TSA operates a network of more than 300 enrollment centers that are widely dispersed throughout the United States and abroad, and currently service TSA's TWIC, HME, and TSA PreCheck® programs. In addition to the stationary sites, TSA's enrollment contractor offers opportunities for setting up mobile enrollment sites at specific workplaces. Each employer would be able to contact TSA's provider directly to discuss the number of employees who must enroll, potential locations, whether the provider would charge a fee for the service, and other details necessary to finalize an on-site, mobile enrollment center. These mobile sites minimize work disruption and employee travel time to an enrollment center. Also, employers can ensure that the entire workforce enrolls in a finite, relatively short period of time.

TSA's contractor also provides employers the capability to conduct their own enrollments. This enrollment method is called an “authorized non-public enrollment capability.” If an employer is interested in hosting their own enrollment center to service their employees, they work directly with the contractor to reach a mutually acceptable agreement regarding the requirements and any associated costs for this arrangement. Employers would provide the enrollment center space and resources (such as Trusted Agents to act as enrollment personnel) to operate the enrollment center. The space and personnel must meet the contractual requirements, which include internet connectivity, sufficient furniture, and privacy screens to protect an applicant's personal information as it is entered into the enrollment system. The employer's Trusted Agents would have to undergo a Level 3 STA, given their access to personally identifiable information, just as TSA's contractor Trusted Agents do. TSA's contractor would provide the enrollment hardware, software, and other equipment required to conduct enrollments. Additionally, the contractor would provide training and quality assurance oversight for the authorized non-public enrollment center. The agreement to operate an authorized non-public enrollment center is a contract between the interested employer and TSA's contractor, and not an agreement with TSA directly. Under this scenario, the owner/operators are not `regulated' by TSA as an enrollment provider, but work directly with the contractor and ensure that they satisfy the contractual requirements.

TSA considered the alternative of requiring or permitting owner/operators subject to this NPRM to act as enrollment providers, rather than using the TSA enrollment contractor for these services. Under this scenario, the owner/operators would be directly regulated by TSA to meet standards that are similar to the contractual requirements TSA and TSA's enrollment provider have developed. The owner/operators would provide their own trained Trusted Agents to collect information and fees from STA applicants and develop secure connections to TSA's systems that meet all Federal cyber security requirements. The employers would be required to ensure that the Trusted Agents adhere to minimum enrollment standards for verifying identity, protecting personal information, accurately collecting biometric and biographic information, and processing TSA's fees correctly. This alternative would eliminate the need for employees to travel to an enrollment site outside the workplace. However, owner/operators would be subject to compliance inspections and potentially civil penalties if their enrollment procedures were noncompliant. Also, the owner/operators would have to bear the significant costs associated with establishing and maintaining the electronic systems and staff to conduct enrollment. An owner/operator would have to undergo significant system testing, certification, and accreditation to connect to TSA's vetting systems to meet heightened Federal security and privacy requirements, and maintain a high level of security and performance to remain certified. Firewalls would have to be developed and used to ensure that an owner/operator could access only their employee data, and to prevent any damage to TSA's systems if the owner/operator's system malfunctioned. Given the nature of cyber threats and capabilities, TSA's previous experience with shared enrollment roles, and the extremely sensitive information that must be transmitted, TSA is currently unwilling to permit private employers to connect to its vetting systems.

TSA invites public comment on using TSA enrollment services or permitting owner/operators to conduct enrollment for this population.

6. Vetting structure. In this rulemaking, TSA proposes to add a new part 1530 where the vetting standards, fees, and redress procedures would be codified. TSA proposes to organize all facets of the vetting process in one part for the convenience of the parties who must undergo vetting, and to aid in providing consistent standards and fees. TSA currently operates approximately 30 different vetting programs, such as the aviation workers (airport and aircraft owner/operators), TWIC, HME, and TSA PreCheck® programs and proposes to leverage the experience and best practices from them in new part 1530.

As discussed above, TSA proposes three “levels” of STAs, labeled Level 1, Level 2, and Level 3. The “lowest” level STA (Level 1) would provide the minimum vetting TSA would conduct and the “higher” levels (Level 2 and Level 3) would provide increased scrutiny, given statutory requirements and the risks associated with the functions that an individual performs.

This modular, standardized approach would increase the ability for individuals to reuse all or part of an earlier STA to satisfy a later STA requirement. For example, an employee who successfully completes a Level 2 STA for a public transportation agency will be able, in most circumstances, to use that Level 2 STA for a position that requires a Level 2 STA with a railroad operator, as long as the STA has not expired. As described below, all STAs would expire at the end of 5 years. Also, even if the entire STA is not comparable, one or more of the checks that comprise the STA may be re-usable. Consider the example of a security-sensitive employee for a public transportation operator who successfully completes a Level 2 STA, and who subsequently takes a job as a security coordinator, which would require a Level 3 STA under this rulemaking. Even though the Level 2 and Level 3 STAs are different and thus not comparable in their entirety, they nonetheless share certain checks in common. In this example, both levels of STA require an immigration check and terrorism/other analyses check. TSA would be able re-use the earlier terrorism/other analyses and immigration checks (assuming they are still valid) for purposes of the second STA. This means the individual would only have to complete the CHRC required for the Level 3 STA. Note that the Level 3 STA would expire when the Level 2 STA expired.

7. Effective dates and compliance. TSA recognizes that this rulemaking would affect many surface transportation owner/operators and many individuals who have not previously had to comply with security vetting requirements. There may be logistical issues involved with achieving initial compliance, including implementing new management Start Printed Page 33481 policies, employee education, and related administrative tasks. Therefore, TSA proposes to take a risk-based, phased approach to implementation of this rule. TSA anticipates that there are far fewer security coordinators than security-sensitive workers, and understands that security coordinators play a more critical role in the overall security regime contemplated by the 9/11 Act. For these reasons, TSA proposes an implementation period of 6 months for requirements relating to security coordinators, and 12 months for requirements relating to security-sensitive employees. These timeframes represent our initial judgment about how to balance security against the burden on regulated parties. TSA invites comment on how the rule's requirements should be phased in and become effective, including the appropriate timeframes.

III. Analysis of Proposed Part 1530

A. Introduction

Proposed part 1530 would provide a complete framework for conducting vetting, collecting user fees, and administering appeals and waivers. TSA is using 49 CFR part 1515, which currently applies to individuals required to undergo STAs for TWIC, HME, or Indirect Air Carrier credentials, as a model for proposed part 1530. Proposed 1530 includes organizational and language improvements over part 1515 to address issues that TSA has become aware of over time, but it is substantively very similar to part 1515. The proposed procedures and standards for conducting STAs set out in part 1530 would apply to the surface transportation owner/operators and employees covered by this rulemaking. When finalized, part 1530 will address these surface workers and TSA will take the appropriate regulatory action to apply part 1530 to the populations currently covered by 1515.

We propose to organize part 1530 into six subparts. Subpart A would address topics generally applicable to the STA process, such as definitions. Each subsequent subpart would address a particular stage in the STA process. Subpart B would focus on the individual, addressing topics such as the information he or she must provide when applying for the STA, procedures for verifying the individual's identity and immigration category in the United States, procedures for collecting fingerprints, and establishing the individual's continuing responsibilities throughout the process. Subpart C would be reserved, and subpart D would address the fees necessary to recover the costs of conducting STAs, and how TSA must process the fees. Subpart E would set out the procedures that TSA proposes to use to conduct the various checks that comprise an STA, such as how TSA would conduct a CHRC or immigration check. Subpart F would establish the standards or criteria that TSA uses to adjudicate the results of the checks conducted during the STA. For example, a section of subpart F would explain the lists of crimes TSA would use to determine whether the individual has a disqualifying criminal conviction. Subpart G would establish the appeal and waiver procedures for individuals who receive an adverse STA result.

B. Proposed Subpart A—General

1. Proposed § 1530.1. This section would set out the scope of the proposed part. Paragraph (a) would establish that part 1530 applies to individuals required to apply for an STA. In this rulemaking, this includes individuals who perform security-sensitive functions and are required to receive security training under 49 CFR 1580.101 (rail) and 49 CFR 1582.101 (public transportation, passenger rail), or act as security coordinators of owner/operators regulated under parts 1580, 1582, and 1584.

Paragraph (b) would establish that part 1530 applies to operators who must ensure that individuals who perform security-sensitive functions in rail and public transportation, or act as security coordinators for the owner/operators regulated under parts 1580, 1582, and 1584, as established in the Security Training rulemaking.

2. Proposed § 1530.3. In this section, TSA proposes definitions for key terms used in part 1530, and proposes that the definitions from parts 1500, 1503, 1540, 1570, and 1572 apply if those terms appear in part 1530. TSA proposes a definition for “individual” to accurately identify the person who applies for the STA, holds a valid STA, or is seeking redress. TSA also proposes definitions for standard redress terms that are consistent with 49 CFR 1515.3 and are largely self-explanatory.

TSA is proposing to add a definition to part 1530 for the term “incarceration.” Currently, TSA has defined “incarceration” as well as “imprisoned/imprisonment” in 49 CFR 1570.3, but TSA believes two definitions for this concept are confusing and unnecessary. We propose to eliminate “imprisoned/imprisonment” and revise the definition of incarceration for part 1530. The new proposed definition of “incarceration” means under the custody of a bureau of prisons and confined to a prison, jail, or institution for the criminally insane pursuant to a sentence imposed as the result of a criminal conviction or finding of not guilty by reason of insanity. Time spent under the custody of a bureau of prisons or confined or restricted to a half-way house, treatment facility, home incarceration, or similar institution, pursuant to a sentence imposed as the result of a criminal conviction or finding of not guilty by reason of insanity, constitutes incarceration for purposes of this rule. The primary difference between this proposed definition and the current definitions of incarceration and imprisoned in 49 CFR 1570.3 is that the definition of incarceration now explicitly includes a sentence to home confinement as a result of a criminal conviction or finding of not guilty by reason of insanity.

3. Proposed § 1530.5. This section would define the three “levels” of STAs that TSA proposes to conduct. Each STA level would be generically defined in terms of the particular kinds of vetting (called “checks”) that comprise the level.

A “Level 1” STA would consist of a terrorism check and other analyses (referred to as `terrorism/other analyses check' throughout the preamble of this NPRM). TSA is not proposing use of a Level 1 STA in this NPRM, but may propose it for other populations in the future. A “Level 2” STA would consist of the terrorism/other analyses and immigration checks. A “Level 3” STA would consist of the checks required for a Level 2 STA, plus a CHRC. In accordance with the 9/11 Act, TSA proposes that the security-sensitive employees, as described in the Surface Training rulemaking and codified in 49 CFR parts 1580, 1582, and 1584, would be required to undergo a Level 2 STA. TSA proposes to require security coordinators under 49 CFR parts 1580, 1582, and 1584 to undergo a Level 3 STA.

4. Proposed § 1530.7. This section proposes a standard duration of 5 years for the STAs that TSA conducts and the associated determinations of eligibility (DOE) that TSA issues. This 5-year term begins on the date TSA completes the STA, determines the individual is eligible for the security-sensitive or security coordinator position, and issues a DOE. This timeframe aligns with similar governmental programs such as Top Secret and Q security clearances issued by the Office of Personnel Management; other TSA vetting programs such as TWIC and HME; and U.S. Customs and Border Protection's (CBP)'s Trusted Traveler programs, such as Free and Secure Trade (FAST), Start Printed Page 33482 NEXUS, Secure Electronic Network for Travelers Rapid Inspection (SENTRI), and Global Entry.

TSA proposes that the general 5-year term would be subject to two exceptions. The exceptions would apply if: (1) an individual uses a comparable STA completed earlier as the basis of the new STA; or (2) an initially successful individual no longer meets the eligibility standards for the STA. As to the first exception, the duration of the STA would be 5 years from the date on which the initial or comparable check was issued. Therefore, if TSA issues a DOE based on an immigration check conducted 2 years earlier in connection with a previous STA, the duration of the new STA would be 3 years.

The second exception, proposed in paragraph (b), would occur if TSA determines that an approved individual no longer meets the STA eligibility standards. In this case, the STA would expire on the date that TSA serves a Final Determination of Ineligibility (FDI) or a Preliminary Determination of Ineligibility with Immediate Revocation (PDIIR) on the individual. Issuance of an FDI means that the adjudication on any redress processes has run its course and TSA has finalized its determination that the individual does not meet the STA standards. In such cases, the DOE is no longer valid, and is deemed expired. As explained in the discussion of proposed § 1530.417 below, TSA issues a PDIIR when it determines that an imminent security threat may exist and the DOE must be revoked immediately.

Paragraph (b)(3) would apply to individuals who have successfully completed a Level 3 STA, but who subsequently are indicted, convicted, or found not guilty by reason of insanity, of any of the disqualifying crimes under proposed § 1530.503. These individuals would no longer meet the STA standards as of the date of indictment, conviction, or finding of not guilty by reason of insanity. Paragraph (b)(3), therefore, provides notice that the DOE of such an individual expires as of the date of indictment, conviction, or finding, regardless of whether TSA has yet issued an FDI or PDIIR.

Paragraph (b)(4) would apply to individuals who have been issued a DOE, but whose immigration category subsequently changes and no longer meet the standards in section 1530.505. Paragraph (b)(4) provides notice that the DOE of such an individual expires as of the date that individual no longer meets the immigration standard, regardless of whether TSA has yet issued an FDI or PDIIR.

5. Proposed § 1530.9. Paragraph (a)(1) would forbid any person from making, or causing to be made, fraudulent or intentionally false statements in documents required by, or used to show compliance with, proposed part 1530. Paragraph (a)(2) would forbid any person from making or causing to be made, for fraudulent purposes, any reproduction or alteration of any report, record, security program, access medium, identification medium, biometric data (fingerprints or photographs), or credential issued under proposed part 1530. The purpose of paragraph (a) is to provide a regulatory basis for enforcement action against a person who takes these actions, which undermine transportation security.

Paragraph (b) explains that anyone who violates paragraph (a) is ineligible for the access, privileges, or credential associated with the STA.

6. Proposed § 1530.11. This section would forbid the fraudulent use of, or representation concerning, a DOE or STA conducted under part 1530. Paragraph (a) would forbid the use, or attempted use, of an STA issued or conducted for another person. Paragraph (b) would forbid a person from causing or attempting to cause another to violate paragraph (a). Collectively, these provisions are intended to protect the integrity and reliability of STAs. Paragraph (c) would establish that any person who violates this section is ineligible for the access, privileges, or credential associated with the STA.

7. Proposed § 1530.13. Paragraph (a) pertains to compliance, inspection, and enforcement activities associated with the vetting process. Specifically, TSA proposes that each individual who is required to undergo an STA, and each owner/operator whose employees or authorized representatives must undergo an STA, must permit DHS, at any time or place, to make inspections or tests, including the copying of records, to determine compliance with this part and part 1520, which pertains to sensitive security information. Paragraph (b) would provide that TSA may require each person with responsibilities under proposed part 1530 to provide evidence of compliance with parts 1530 and 1520, including copies of records.

C. Proposed Subpart B—Individual's Enrollment Requirements and Continuing Responsibilities

1. Introduction. Proposed subpart B would focus on the information the individual must provide when applying for the STA. Subpart B would also establish the individual's continuing responsibilities throughout the duration of the STA, such as disclosing any new disqualifying information.

TSA must collect and process information, documents, and fees from individuals in order to conduct the checks that make up an STA. TSA refers generally to this part of the STA as “processing.” Subpart B proposes the procedures TSA would use in the enrollment process. TSA uses this enrollment model in existing vetting programs, such as for TWIC and HME applicants under part 1572, and has a high level of confidence in this approach. TSA operates over 300 enrollment sites throughout the United States and abroad ^[44] where individuals who are required to undergo certain STAs go to provide biographic, documentary, and if necessary, biometric information. Many of these individuals also have the option to provide some of this information on-line. The enrollment method set out in proposed subpart B has been designed to provide as much flexibility as possible for individuals and their employers, while maintaining efficient, manageable, and secure interaction with TSA systems.

TSA generally uses a contractor to provide enrollment services and, throughout this document, we refer to “TSA” to include TSA's contractor engaged in enrollment activities. Through the contracting process, TSA can provide cost-effective services to a large number of individuals at all sorts of locations. A TSA contractor under this proposed rulemaking would perform functions similar to the functions performed by a “TSA Agent” under current 49 CFR part 1572, subparts E and F, for the current HME and TWIC programs. TSA conducts a comprehensive Level 3 STA on these agents before they may work at a TSA enrollment center.

The proposed rule offers optional enrollment processes through the TSA contractor separate from the alternative in which enrollment is completely performed by the regulated party. To maximize the benefits of TSA-run enrollment services and minimize employee time away from work to enroll, TSA's enrollment provider may establish “mobile enrollment” sites at particular workplaces where a large volume of individuals need to apply for an STA. Also, the enrollment provider may enter into agreements with a private employer to share some enrollment duties at the workplace, and Start Printed Page 33483 whether the provider would charge a fee for this service.

As discussed in greater detail above in section II.B.5., TSA considered the alternative of requiring or permitting owner/operators subject to this NPRM to act as enrollment providers, providing their own trained and vetted “trusted agents” to collect information and fees from STA applicants, verify their identity, and send all information through secure pathways to TSA. Under this alternative, the employers would be required to ensure that the trusted agents adhere to minimum enrollment standards for verifying identity, protecting privacy information, accurately collecting biometric and biographic information, and processing TSA's fees correctly. This alternative would eliminate the need for employees to travel to an enrollment site outside the workplace. However, owner/operators would also bear the significant costs required to establish and maintain secure systems and the staff to conduct enrollment.

TSA invites public comment on the use of TSA enrollment services, and the alternative to permit owner/operators to conduct enrollment for this population.

2. Proposed § 1530.101. Paragraph (a) would provide a road map to the section. Paragraph (b) would list the biographic information and copies of documents that each STA applicant must provide. Paragraphs (b)(1)–(9) would require standard items of biographic information, such as name, address, gender, date of birth, and country of citizenship, which are necessary to identify the individual conclusively and to accomplish the vetting process.

Paragraph (b)(10) would require the individual's employer information, including address, telephone number, and facsimile number (if available), which are important if TSA needs to take follow-up action regarding the individual. For example, if an individual “passes” initial vetting as a security-sensitive employee, but is subsequently disqualified, TSA would have to contact the relevant owner/operator to communicate that the individual is no longer authorized to work as a security-sensitive employee.

Paragraph (b)(11) is related to the immigration check explained in the discussion of the standards in subpart F of part 1530. The purpose of this proposed requirement is to obtain documentary evidence to improve the reliability of the immigration check. Under paragraph (b)(11), each individual would be required at the time of the STA application, to present documentation in a form and manner specified by TSA, to verify the immigration category they maintain. For individuals claiming to be U.S. citizens or U.S. nationals by birth, examples of such documentation would include a passport book or passport card; a certified copy of a birth certificate from one of the 50 States, the District of Columbia, American Samoa, Swain's Island, Puerto Rico, U.S. Virgin Islands, Northern Mariana Islands, or Guam; an American Indian Tribal Card with photo indicating U.S. citizenship (Form I–872); an unexpired Native American Tribal Card approved by the Secretary to denote identity and U.S. citizenship; a U.S. Coast Guard Merchant Mariner Credential or Document; a U.S. Enhanced Driver's license; and a Trusted Traveler Program Card (FAST, NEXUS, SENTRI, or Global Entry). For individuals claiming U.S. citizenship who were born abroad, in addition to many of the documents listed above, examples would include a Certificate of Citizenship and Consular Report of Birth Abroad, or a naturalization certificate. For individuals not claiming U.S. citizenship, examples would include visas and proof of U.S. lawful permanent residence status. During the enrollment process, TSA proposes to scan the documentation presented by the individual into the electronic enrollment record.

The information requested in proposed paragraphs (c)(1)–(5), including social security number, passport information, Department of State Consular Report of Birth Abroad, information about previous STA applications, and information about the individual's Federal security clearance, is voluntary. Failure to provide this information would not prevent TSA from processing the application. However, providing the information requested in paragraph (c), if available, may speed up the process for the individual.

In addition to the biographic information and documentation specified in proposed paragraphs (b) and (c), TSA proposes to require every individual to sign certain statements as part of the application process. Paragraph (d) would require each individual to sign a statement attesting that the information provided in the application is true, complete, and correct to the best of the individual's knowledge, and that the individual acknowledges that knowing and willful false statements or material omissions may result in criminal prosecution and other consequences.

Paragraph (e) would require all individuals to certify in writing that they understand that if TSA determines an individual does not meet the STA standards, TSA may notify the employer, and, in the case of an imminent threat to an owner/operator, TSA may provide the employer limited information necessary to reduce risk of injury or damage.

Paragraph (f) would require all individuals to certify that there is a continuing obligation to report certain events to TSA. Not every event listed in this proposed section will necessarily apply to every individual. For example, one of the events that must be reported is a conviction, or finding of not guilty by reason of insanity, for a disqualifying criminal offense. This event is relevant only for security coordinator applicants applying for an STA that includes a CHRC.

3. Proposed § 1530.103. This section would require individuals whose STA includes a CHRC to provide fingerprints in a form and manner prescribed by TSA. TSA must collect and transmit fingerprints electronically according to procedures and standards the FBI requires of all agencies that submit fingerprints for a CHRC.

In addition to using the fingerprints to obtain criminal history information from the FBI, TSA will use the fingerprints to conduct biometric vetting through IDENT. IDENT is the DHS repository for all biometrics collected by agencies within DHS, and some external agencies, such as the Department of Defense. Using IDENT biometric vetting capabilities enhances TSA's STA process. TSA would receive the results of these searches and use the information as part of the STA eligibility decision. We invite comment from all interested parties on the use of IDENT for TSA vetting purposes.

4. Proposed § 1530.105. This section proposes that each individual applying for an STA must pay the fee associated with the STA at the time of application. TSA is statutorily required to fund all vetting and credentialing services through user fees,^[45] and consequently, TSA will not process STA applications until the fees are paid. TSA begins incurring costs as soon as it begins processing the application. Also, TSA cannot refund fees, even if the individual decides at a later date to withdraw the application, because TSA has already expended resources that must be covered through fees.

5. Proposed § 1530.107. Each individual who applies for an STA has continuing responsibilities for the life of the STA. Paragraph (a) would establish the requirement to report certain events to TSA within 24 hours of occurrence. Start Printed Page 33484 Each of the events that must be reported relate directly to whether the individual is still eligible to serve as a security-sensitive employee or security coordinator.

Paragraph (a)(1) involves individuals whose STA includes a CHRC (in this rulemaking, security coordinators), both those who have applied for an STA, and those who have already successfully completed an STA that included a CHRC. These individuals would be required to report an occurrence, indictment, conviction, or finding of not guilty by reason of insanity of disqualifying crimes within 24 hours. The list of disqualifying crimes is in proposed § 1530.503, and is explained below. The 24-hour reporting requirement would also apply to individuals who are adjudicated as lacking mental capacity, or committed to a mental health facility.

Paragraph (a)(2) would apply to all individuals whose STA includes an immigration check, which are security coordinators and security-sensitive employees in this rulemaking. These individuals would be required to report any change in immigration category that results in no longer meeting the immigration standards.

Paragraph (b) would require all individuals who have successfully completed an STA to notify TSA if certain contact information changes. Specifically, each individual would be required to notify TSA of any legal name changes (proposed § 1530.101(b)(1)), address changes (proposed § 1530.101(b)(2)), or daytime telephone number changes (proposed § 1530.101(b)(9)). TSA needs reliable contact information in order to administer the STA after the DOE is issued. For example, TSA may have to contact an individual to provide a notice of ineligibility and redress procedures, if TSA discovers potentially adverse information about an individual. This notification requirement would continue until the DOE expires.

6. Proposed § 1530.109. This section proposes the procedures TSA would use to verify the individual's identity. Paragraph (a) would provide that TSA must be able to verify each individual's identity at the time of enrollment. This element is critical to attain a high a degree of certainty that the individual is who he or she claims to be.

Paragraph (b) would require the individual to present two forms of identification, at least one of which must be a government-issued photo identification. Government-issued photo identification is relatively reliable and is not burdensome or costly for individuals to obtain. TSA uses fraud detection software as part of the enrollment process at some locations and continues to explore expanding and improving the use of technology to aid the identification verification process. As of the writing of this NPRM, some biometric technologies other than fingerprints, including facial recognition and iris scans, are being used by governmental entities to produce identity documents. However, this practice is not yet widespread or reliable enough to ensure identity verification in this rulemaking. As a result, TSA believes that requiring government-issued photo identification is the most practical balance between trustworthiness and burden to ensure accurate identify verification at this time. To the extent new technologies become more widespread and trustworthy, TSA will consider alternative means of providing identity verification. Paragraph (c) would require examination of the documents presented by the individual to determine whether they appear to be genuine, unexpired, and relate to the individual presenting them.

D. Subpart C Is Reserved

E. Proposed Subpart D—Fees

1. Introduction. The fee structure proposed in this rulemaking is designed to cover TSA's anticipated costs of conducting and administering STA services over the 5-year duration of each STA. TSA calculated the proposed fees based on estimates for the cost of each respective service and the expected populations that will receive benefit from the services.

2. Costs. TSA incurs costs during all phases of the vetting process. During the initial phase of vetting, resources are required to establish and operate physical locations for individuals to complete certain parts of the application process. As noted previously, TSA uses contractors to find, lease, and operate these enrollment centers. The resources needed to establish, equip, and staff such locations throughout the country have been grouped together and labeled “Processing.”

Similarly, some interactions with TSA to perform a vetting function may be accomplished entirely by using an online platform, and resources are required to establish and operate such a platform for individuals to complete certain aspects of the vetting process. Additionally, TSA assumes that some online interactions would result in customer service expenses that would also be covered by this fee. The resources to design, establish, maintain, and staff such a platform and offer customer service are grouped together and labeled “Reduced Processing.”

Once individual information is captured and records are established, TSA incurs costs to administer the information through the various databases that comprise the STA. As explained in the discussion of proposed § 1530.5, TSA performs different levels of STAs. The three levels of STAs vary depending on the specific checks included in the STA, such as terrorism/other analyses, immigration, or criminal history. Thus, the cost to conduct the STA depends on the resources TSA needs to complete the STA services. TSA proposes to segment the costs according to how individuals interact with TSA and the consumption of services to complete the STA. Thus, the Processing Fee or Reduced Processing Fee would be imposed when an individual uses processing services, the criminal check fee would be imposed for each individual required to complete a CHRC, and so on. Each individual would pay fees only for the services TSA provides for his or her STA.

To complete the terrorism/other analyses check, TSA incurs costs to construct, maintain, and operate the information technology (IT) platform that enables comparing the applicant's biographic information to multiple terrorism and law enforcement databases, and other information sources. TSA incurs additional expenses to evaluate the information received from these sources, make decisions as to whether an individual poses or may pose a threat, engage in redress with the individual when necessary, and communicate with other entities, such as the individual's employer or governmental agencies. TSA must also recover the cost of staffing this service through fees. TSA has labeled this grouping of costs “terrorism/other analyses” fees.

TSA incurs costs similar to those discussed above for completion of immigration checks and CHRCs. Those fees are segmented respectively and labeled accordingly.

With respect to the CHRC fee, TSA must collect the fees the FBI charges to process the initial criminal check and the Rap Back recurrent criminal history service, in addition to TSA's costs to adjudicate the results of the initial criminal check and any subsequent Rap Back notifications, and provide redress.

TSA's cost-estimating methodology includes both an analysis of actual costs TSA has incurred for existing STAs and an analysis of future investments that are necessary to develop, operate, and maintain a robust STA platform. In Start Printed Page 33485 some instances, TSA has been able to develop a unit cost for a particular STA-related service. In other instances, TSA developed a resource investment estimate that is equitably shared by all individuals who benefit from the investment. TSA has consulted with programmatic and industry experts, and acquired data from internal sources, other governmental agencies, and publicly available sources. Table 5 below is a summary of costs that TSA estimates it will incur over the first 5-year period of this effort.^[46] Additional details regarding the cost estimates used to determine the service fees can be found in the Fee Report in the rulemaking docket.

3. Populations. TSA has consulted with programmatic and industry experts, and acquired data from internal sources, other governmental agencies, and public sources to analyze the number of transportation workers who would be covered under this rulemaking. Table 6 below is a summary of populations that TSA estimates it would impact over the first 5-year period of this effort. Additional details regarding the population estimates used to determine fees can be found in the Fee Report and the Preliminary Regulatory Impact Analysis in the rulemaking docket.

4. Fees. To comply with 6 U.S.C. 469, which requires TSA to fund vetting and credentialing programs through user fees, TSA proposes to establish user fees for individuals who receive STA services under this proposed rule. TSA determined the proposed fees in accordance with Office of Management and Budget (OMB) Circular No. A–25. The proposed fees are set to recover a share of the service costs from all individuals that use a particular service, and a description of the processes that went into estimating the proposed fees is available in the Fee Report in the rulemaking docket. TSA may increase or decrease the fees described in this regulation for changes in cost due to, for instance, new efficiencies, inflation, changes in contractual services, changes in populations, or other factors following publication of the final rule. TSA will publish a notice in the Federal Register notifying the public of any fee changes. Start Printed Page 33486

The following table presents combinations of services that coincide with STA levels in the proposed rule.

5. Proposed § 1530.301. Paragraph (a) would explain that TSA calculates the fees using widely accepted accounting principles and practices, in accordance with the provisions of 31 U.S.C. 9701, which direct agencies to make their services self-sustaining to the extent possible, and in accordance with other applicable laws. Generally, TSA totals all costs associated with the vetting program over the life of the STAs (5 years), divides the total by the number of individuals vetted, and sets aside a small portion of the funds collected to cover emergencies, such as necessary system changes, natural disasters such as pandemics, or other unforeseen events. At least every 2 years, TSA would review the costs of conducting the STAs and the associated fees collected, using the same method of analysis, to ensure that fees recover, but do not exceed, the full cost of services. TSA prepared a Fee Report for this proposed rule, which discusses the methodology and factors TSA used to arrive at the proposed fees, and placed the Report in the rulemaking docket. TSA would revise the fees, if necessary, following this evaluation, by publishing a notice in the Federal Register .

Paragraph (b) explains the procedures that TSA would use to make inflation adjustments to the fees, as necessary.

6. Proposed § 1530.303. This proposed section describes each STA service for which TSA charges a fee, service-by-service, computed as explained above. TSA provides an estimate of the fees based on information concerning population numbers and the costs of the services. TSA will be able to finalize these fees after receiving information concerning the number of employees subject to proposed vetting requirements from affected entities as part of this rulemaking process, and an accounting of internal costs at the time the proposed rule would become final. TSA will publish the final fee amounts through a notice in the Federal Register .

Paragraph (b) proposes the fees that would cover TSA's processing costs. Paragraph (b)(1) proposes that the Processing Fee would cover the costs associated with an applicant's interaction with TSA, such as enrollment center operations, collecting applicant information, verifying applicant identity, processing the vetting information, and program management. TSA estimates the processing fee to be $43 to $65, and proposes to codify that range in the rule. Paragraph (b)(2) proposes the Reduced Processing Fee that would apply when an individual's interaction with TSA can be completed entirely online and does not involve services at an enrollment center. TSA estimates the Reduced Processing Fee to be $24 to $36.

Paragraph (c) describes the fee to cover TSA's costs of conducting the terrorism/other analyses check, the substance of which is explained in the discussion of proposed § 1530.507. This service includes the costs of querying the relevant data sources, adjudicating the information TSA receives from the queries, and processing appeal requests. TSA estimates the Terrorism/other analyses Check Fee to be $6.00 to Start Printed Page 33487 $10.00, and proposes to codify that range in the rulemaking.

Paragraph (d) describes the fee to cover TSA's costs of conducting the Immigration check in the United States. This service includes the costs of querying the relevant data sources, adjudicating the information TSA receives from the queries, and processing appeal requests. TSA estimates the Immigration Check Fee to be $2.00 to $4.00, and proposes to codify that range in the rulemaking.

Paragraph (e) proposes the fee to cover the costs of conducting the CHRC. This service includes the cost of collecting fingerprints electronically; transmitting them to the FBI; adjudicating any rap sheets associated with the fingerprints to determine whether the individual has a disqualifying conviction, arrest, or indictment in accordance with section 1530.503; adjudicating new criminal information that the FBI's Rap Back service provides; and conducting an appeal or waiver, where applicable. TSA estimates the CHRC fee for the initial CHRC, which occurs in-person at a TSA enrollment center to be $17.00 to $25.00, which is proposed in paragraph (e)(1) of this section. Given the benefits of the Rap Back system, applicants would not be required to provide new fingerprints for a new CHRC when renewing the STA. The individual's fingerprints would be enrolled in Rap Back and thus, any criminal history associated with those prints would be transmitted to TSA. Therefore, the renewal of an STA would not require in-person enrollment at an enrollment center to provide fingerprints, and consequently, the fees for a renewal CHRC are lower than for the initial CHRC. In paragraph (e)(2), TSA proposes the renewal CHRC fee of $8.00 to $12.00. TSA proposes to codify these ranges in the rulemaking.

TSA will continue to work to minimize all costs and would finalize fee amounts in conjunction with publication of the final rule. Following publication of the final rule, TSA may, by notice in the Federal Register , increase or decrease the fees to reflect changes in costs. The total TSA fee for any given STA would be the sum of the fees for each service that comprises that level of STA. These total fees, broken out by level of STA, are explained in proposed § 1530.305 discussed below.

7. Proposed § 1530.305. This section would set out the fees TSA must charge for each STA proposed in this rulemaking, organized by level of STA, with paragraphs (a)–(c) corresponding to STA Levels 1–3, respectively. Each paragraph lists the fees associated with the relevant STA.

8. Proposed § 1530.307. This section on fee comparability explains how TSA computes fees when TSA is able to rely on an earlier STA to complete a new STA. This concept of comparability is explained more completely in the discussion of proposed § 1530.509, below. If TSA can rely on an earlier check, rather than conducting a new check, paragraph (b) provides that we would only charge the fee for the services that we must provide for the current STA. This results in a lower fee for the applicant and lower costs for TSA. Table 10 below provides examples of how using a comparable STA affects fees.

9. Proposed § 1530.309. This section proposes that fees must be paid through a method approved by TSA. Currently, TSA accepts STA fees through a third-party vendor or through the www.pay.gov website during processing, and we may continue to use that process. TSA is exploring other methods of payment that may be equally cost-effective and resistant to fraud. Paragraph (b) would make it clear that TSA cannot act on an STA until the required fees have been recognized by TSA. Paragraph (c) provides that TSA would not issue refunds. TSA will not begin processing an STA until the individual pays the fee. Once TSA begins the STA, TSA incurs costs that must be recovered through fees.

F. Proposed Subpart E—Adjudication Procedures

1. Introduction. Once TSA collects biographic information, biometrics (where needed for a CHRC), and fees from an individual, TSA transmits the information to the various databases associated with the checks. TSA then evaluates the information that is returned from the databases to determine if it contains data that is disqualifying according to the standards that apply. TSA then makes an initial determination on eligibility and notifies the individual. This process is called adjudication.

2. Proposed § 1530.401. This proposed section sets out procedures for conducting CHRCs, which in this rulemaking apply to security coordinators. Paragraphs (a) and (b) explain that TSA would transmit the fingerprints collected during enrollment to the FBI, and receive and adjudicate the results of the check.

3. Proposed § 1530.403. This section explains the procedures for conducting the terrorism/other analyses check, which in this rulemaking would apply to security coordinators and security-sensitive employees. TSA would check certain domestic and international databases that include information on terrorists, individuals with ties to terrorism or international criminal networks, fugitives from justice, and databases that assist in confirming an individual's identity. In paragraph (a) TSA proposes the procedures that TSA would use to conduct a terrorism/other analyses check.

Paragraph (b) provides notice that TSA may send the individual's information to the appropriate law enforcement or immigration agency if the terrorism/other analyses check Start Printed Page 33488 reveals that the individual has an outstanding want or warrant, or is subject to a removal order. Under these circumstances, TSA would share the individual's information with the agency that posted the want, warrant, or removal order to ensure that the issue can be resolved lawfully.

4. Proposed § 1530.405. This section proposes the procedure TSA would use to conduct the immigration check. This check would verify that the individual is in one of the following categories: a U.S. citizen, U.S. National, lawful permanent resident, refugee, asylee, lawful nonimmigrant, granted parole, or is otherwise authorized to work in the U.S. TSA proposes to use relevant Federal databases, primarily the SAVE program administered by USCIS to verify that an individual's alien registration number, I–94 Arrival-Departure Form number, or other pertinent document number is valid and associated with the individual.

5. Sections 1530.407, 1530.409, and 1530.411. These sections would be reserved.

6. Proposed § 1530.413. This section applies to all individuals who must undergo an STA and proposes that TSA issue a DOE if TSA determines that an individual meets the STA standards. TSA would notify the individual of the DOE and would make that information available to the owner/operator. TSA may notify the individual via letter in the U.S. postal service, an email, or another method yet to be determined. TSA intends to create a web portal that owner/operators would access to determine whether a particular worker has passed the appropriate STA for the position in which he or she works. TSA invites comment on this proposal from all interested parties, as to preferences for notifications. In current vetting programs, TSA asks individuals how they wish to be notified of the final STA determination, and then uses that method, if possible. Workers who are relatively stationary often prefer a letter, and those who are mobile may prefer email or other electronic notification.

7. Proposed § 1530.415. This section describes the procedures that would apply when an individual may not meet, or may no longer meet, the STA standards set out in proposed § 1530.501. When this occurs, TSA would notify the individual or holder of the STA of the factors that may be disqualifying by issuing a Preliminary Determination of Ineligibility (PDI) to the individual.^[47]

As set forth in paragraph (b), TSA would also state the basis for the determination in the PDI.

Under paragraphs (c)(1) and (2), the PDI would include information about how the individual may appeal or, if applicable, request a waiver of ineligibility, including the time deadlines associated with these requests. TSA proposes that the individual must appeal the PDI, request a waiver of the PDI, or request an extension of time, generally within 60 days of service of the PDI. TSA may consider requests for extensions of time beyond 60 days for good cause. If the individual does not appeal, the PDI would automatically convert to a FDI. TSA uses these timelines in other vetting programs, and believes they provide sufficient time for an individual to seek redress.

Paragraph (d), “Determination of Arrest Status,” would apply when the results of the CHRC show an arrest for a potentially disqualifying crime, but no indication of whether the arrest resulted in a conviction, dismissal, or acquittal. In such cases, TSA would notify the individual of the arrest without disposition, and provide instructions on how to clear the disposition under paragraph (d)(2). Under this paragraph, the burden would be on the individual to provide written proof to TSA that the arrest did not result in a conviction for a disqualifying criminal offense. Such written proof may include a record of conviction for a misdemeanor that is not disqualifying, or a dismissal of the charges from the prosecution. Individuals who do not provide the evidence that the arrest did not result in a conviction within 60 days of service of the PDI, or request an extension of time, would be disqualified.

In paragraph (e), TSA proposes to permit an individual to take certain corrective action if the CHRC discloses an arrest for a disqualifying crime. Specifically, the individual may contact the local jurisdiction responsible for the criminal information and the FBI to complete or correct the information. Paragraph (d) would also establish a 60-day timeframe in which TSA must receive a certified true copy of the revised record.

8. Proposed § 1530.417. This section would apply if TSA determines that an individual who initially passed the STA may no longer meet the STA standards, may pose an imminent threat, and immediate revocation of the associated credential, access, or authorization is warranted. In these cases, TSA would issue a PDIIR. This scenario would arise where new information creates significant security concerns about the individual's continued eligibility and suggests the access should be revoked until a final determination is possible. If TSA determines that the information is not disqualifying, TSA would reinstate the DOE.

Under paragraph (a), TSA proposes to issue the PDIIR to the individual and, as applicable, the owner/operator, facility, or employer. Paragraph (b) would provide that a PDIIR would otherwise be processed in accordance with proposed § 1530.415, which addresses PDIs.

Paragraph (c) would apply when TSA does not issue a FDI (see proposed § 1530.419 below) after having issued a PDIIR. In such cases, the individual's access, privileges, and/or credentials would be reinstated, at no cost to the individual. TSA would also notify the individual, and if applicable, the employer, of the reinstatement.

9. Proposed § 1530.419. In paragraph (a) TSA proposes that if an individual does not appeal or a request a waiver of a PDI or PDIIR, the preliminary finding automatically converts to an FDI and the individual's eligibility is revoked.

Paragraph (b) would apply when an individual appeals or requests a waiver of a PDI or PDIIR, and TSA denies the appeal or waiver request. In these cases, TSA would serve the FDI on the individual, and the employer where applicable.

G. Proposed Subpart F—Standards

1. Introduction. Subpart F proposes the standards that TSA would use to make decisions about eligibility based on the information obtained from the checks that comprise an STA.

2. Proposed § 1530.501. This section would set out the standards that an individual must meet to successfully complete an STA and receive a DOE. Each of the standards in paragraph (a)(1)-(4) is related to the checks that may be included in an STA. Not every standard will apply in every adjudication because not every check is included in every STA. For example, in adjudicating the results of a Level 2 STA for a security-sensitive employee, which does not include a CHRC, the standard in paragraph (a)(4), which applies to the results of CHRCs, would not apply.

Under paragraph (a)(1), TSA would not issue a DOE unless the individual's identity could be verified. See the discussion of proposed § 1530.109 Start Printed Page 33489 regarding identity verification procedures.

Paragraph (a)(2) pertains to the terrorism/other analyses check. TSA would review the information returned from the data sources queried as part of this check, which are described in proposed § 1530.507, to determine whether the individual is eligible. If TSA determines that information indicates the individual poses or may pose a threat to transportation or national security, or of terrorism, TSA would deem the individual ineligible to serve in a security-sensitive position.

Paragraph (a)(3) would apply to individuals whose STAs include a check for immigration in the United States. If the individual is not in a permissible immigration category, TSA would not issue a DOE. The substantive requirements of the immigration check are explained in the discussion of proposed § 1530.505, below.

Paragraph (a)(4) would apply to the individuals whose STA includes a CHRC (Level 3 STA). Under this paragraph, an individual would be disqualified if he or she has a disqualifying criminal offense or lacks mental capacity, as described in proposed § 1530.503.

Based on TSA's vetting experience, the issue of mental incapacity comes to light in the course of the criminal check, such as when an individual is found not guilty by reason of insanity. TSA does not have access to health records of STA applicants, and therefore, the primary way TSA becomes aware of an individual's mental capacity is through the criminal check. For this reason, we propose to place the mental capacity standard in the same paragraph as the criminal standards.

Paragraph (b) explains that individuals may reapply for an STA if the condition that originally made them ineligible no longer exists.

3. Proposed § 1530.503. Paragraph (a) proposes the criminal look-back periods, crimes, and other factors that would be disqualifying for an individual required to complete a Level 3 STA. An individual who has a conviction, or finding of not guilty by reason of insanity, for one or more of these crimes would not be eligible if a Level 3 STA is required. TSA proposes to use the disqualifying crimes and lookback period that currently apply to the HME and TWIC programs ^[48] for the surface employees subject to this NPRM for two reasons. First, this population is part of surface transportation, like the HME drivers, and the security threats are similar for all surface modes, and differ from aviation. Second, the list of crimes and lookback period that apply to HME and TWIC workers constitute Congress' most recent expression as to the appropriate disqualifying criteria for transportation programs. Congress adopted these criminal standards in 2007,^[49] whereas the standards for aviation were adopted prior to 9/11 when the security climate was quite different.

Paragraph (a)(1) lists serious crimes that would be deemed permanently disqualifying. Paragraph (a)(2) lists proposed look-back periods that would apply to interim disqualifying offenses. The proposed interim crimes would be disqualifying if the conviction, or finding of not guilty by reason of insanity, is within 7 years of the date of the application; or if the individual was incarcerated for that crime and released from incarceration within 5 years of the date of the application.

Paragraph (a)(3) lists the interim disqualifying criminal offenses we propose to use for security coordinators in this rulemaking. This list of crimes is identical to the list of interim offenses codified in section 1572.103 for the TWIC and HME programs, except that it also lists manslaughter as an interim disqualifying offense. TSA has treated manslaughter as a disqualifying offense in the TWIC and HME programs as a lesser included offense of murder, but it has not been listed in section 1572.103.

Paragraph (b) would be reserved.

Paragraph (c) would be based on 49 CFR 1572.103(c), which provides that an individual who is under want, warrant, or indictment in any civilian or military jurisdiction for a disqualifying crime, is disqualified until the want or warrant is released, or the indictment is dismissed. TSA proposes to revise this provision by adding the issuance of a criminal complaint to the grounds for disqualification pending release or dismissal. The sole purpose of the proposed revision is to account for cases in which the jurisdiction begins a criminal proceeding with a complaint rather than an indictment. Under the Federal Rules of Criminal Procedure, a complaint is a written statement of the essential facts constituting the offense that is charged, and is under oath before a magistrate judge or, if none is reasonably available, before a state or local judicial officer.^[50] In other vetting programs, TSA has found cases in which the jurisdiction initiates a criminal action through a complaint, rather than a want or indictment, and proposes to make it clear that this would also be disqualifying under this proposed rule.

Paragraph (d) of this section proposes that an individual who has been declared mentally incompetent or involuntarily committed to mental health facility would be disqualified. This is the same standard that currently applies to TWIC and HME applicants, but TSA proposes to move it into the criminal standards in this NPRM, because TSA becomes aware of mental incapacity through the criminal check.

4. Proposed § 1530.505. As explained above, applicants for a Level 2 or Level 3 STA must be a U.S. citizen, U.S. national, or non-citizen who is a lawful permanent resident, a refugee, an asylee, a lawful nonimmigrant, is paroled into the U.S., or is otherwise authorized to work in the U.S. Note that individuals with Deferred Action for Childhood Arrivals are authorized to work in the U.S. and thus are eligible to apply for a security sensitive or security coordinator position under this rulemaking. The standard proposed in this section would require applicants to be in one of these listed, permissible categories at the time of application. TSA is not proposing that individuals must belong to a particular category of noncitizen to successfully complete the STA, because TSA does not assess a particular level of security risk associated with one immigration category as compared to another.

Paragraph (b) explains that TSA determines whether an individual is in a listed, permissible category by checking relevant Federal databases, primarily the SAVE program administered by the USCIS. Also, TSA may verify an applicant's social security number, alien registration number, or I–94 number as part of the vetting process, to identify any instance of identity fraud.

5. Proposed § 1530.507. In this section, TSA proposes the standards for the terrorism check and other analyses. TSA would conduct this portion of the STA recurrently, which means each time a watchlist or database receives new or updated information, TSA compares the individual's name to the revised list. TSA would continue to recurrently vet the individual for the life of the STA, which TSA proposes to be 5 years in this NPRM. The recurrent vetting process allows TSA to receive notification if a vetted individual is subsequently added to a terrorist watchlist. If TSA determines, based on the information generated during this vetting, that an individual poses or may Start Printed Page 33490 pose a threat to transportation or national security, or of terrorism, TSA would deem the individual to be ineligible to work as a security coordinator or security-sensitive employee.

TSA searches several databases in this portion of the STA, including the consolidated terrorist database (TSDB), the U.S. Marshals Service federal wants and warrants, Interpol, the Department of State lost and stolen passport file, and the U.S. Treasury Office of Foreign Asset Control database of individuals who are sanctioned due to terrorism or national security issues.^[51] If TSA matches an applicant's identity to an identity included in one of these lists, TSA conducts an investigation to determine whether, under the totality of the circumstances, an applicant is ineligible.

Paragraph (b) proposes that TSA may determine an individual is ineligible if the check reveals extensive foreign or domestic criminal convictions, a conviction for a serious crime not otherwise covered by the regulation, or a period of foreign or domestic imprisonment that exceeds 365 consecutive days. TSA sometimes receives foreign criminal history records when conducting this check, such as through Interpol, which are not identified in the CHRC we conduct through the FBI's database. This paragraph would expressly provide TSA the discretion to disqualify an individual based on an overall view of the individual's record, even where some of the criminal history does not involve disqualifying offenses, but is indicative of an individual who may pose or poses a threat to national or transportation security, or of terrorism.

6. Proposed § 1530.509. This section proposes to permit the use of existing, valid STA results for satisfying requirements for a new STA. TSA's goal is to be able to rely, in whole or in part, on an STA that was already conducted on an individual when that individual subsequently applies for another STA. Relying on comparable STAs conserves time and resources for TSA and individuals by eliminating redundant checks.

Paragraph (a) proposes that TSA may deem an earlier check comparable to a currently needed check based on certain factors listed in proposed paragraph (d), below, and if three conditions are met. First, as proposed in paragraph (a)(1), the original check cannot be expired. Second, as proposed in paragraph (a)(2), the original check must be part of a DOE that is not expired, revoked, or suspended. Third, as proposed in paragraph (a)(3), the earlier check must be adjudicated under standards that are comparable to the standards for the new STA.

For example, individuals applying for a security coordinator STA under this NPRM who hold a current TWIC would be able to use the CHRC conducted for TWIC as a comparable check because both the TWIC CHRC and the security coordinator CHRC are adjudicated against the same look-back period and list of disqualifying crimes.

Paragraph (b) proposes that TSA may accept a valid, unexpired STA, background check, or investigation conducted by TSA or another Federal governmental agency to satisfy the STA requirement. Unlike proposed paragraph (a), which addresses the comparability of a given check (terrorism/other analyses, immigration, or CHRC) from one STA to another, proposed paragraph (b) addresses whether an entire STA, background check, or investigation may satisfy a subsequent STA requirement without the need for further checks. For example, as explained below, TSA may determine that a Level 3 STA is comparable to a Level 2 STA (because the former includes all of checks included in the latter). Thus, TSA may rely on the fact that an individual has already successfully completed a Level 3 STA to satisfy a subsequent requirement for a Level 2 STA under a different regulatory program for the same individual. Proposed paragraph (b) would refer to the factors in proposed paragraph (d) as the basis for the determination.

Paragraph (c) would impose an important constraint on comparability based on timing. If TSA relies on a comparable check from an earlier STA, the duration of the new STA will be backdated to the date of the earliest check in the STA. This would ensure that no part of the STA is older than 5 years.

Paragraph (d) sets out the criteria that TSA would use to decide whether STAs, background checks, or other investigations are comparable in whole or in part. Paragraph (d)(5) would allow TSA to consider other factors it deems appropriate when making a comparability determination. For instance, an agency may ask TSA to consider the use of different databases that TSA does not use as comparable sources of information. TSA needs this latitude because of the widely variable factual and policy circumstances that can surround how a given governmental agency may conduct the background check or investigation on which TSA may rely.

Paragraph (e) is reserved.

Paragraph (f) proposes the responsibilities of an individual who asserts completion of a comparable STA to satisfy a new STA requirement. Paragraph (f)(3) would require an individual asserting completion of a comparable STA to complete enrollment and pay the associated STA fees. A new enrollment is necessary because TSA needs complete, up-to-date enrollment information to accurately identify the individual and notify him or her of the outcome of the STA.

Paragraphs (g)–(i) would list certain comparability determinations that TSA would set forth in the regulatory text. Each more thorough STA is comparable to the less thorough STAs. For instance, a Level 2 STA is comparable to a Level 1 STA, and a Level 3 STA is comparable to both a Level 2 and a Level 1 STA.

TSA has already determined that an STA for the FAST program, administered by CBP, is comparable to the TWIC and HME STA.^[52] Since the requirements for the Level 3 STA proposed in this rulemaking are comparable to the TWIC and HME programs, the STA for a FAST card is comparable in whole to a Level 3 STA.

In addition to the FAST program, CBP administers the NEXUS,^[53] SENTRI,^[54] and Global Entry ^[55] programs. These programs include thorough criminal history, terrorism, and immigration checks conducted by CBP, and in the case of Global Entry, also include an interview conducted by a CBP law enforcement officer. CBP's criminal checks view all of the disqualifying offenses we propose in this NPRM as disqualifying in their programs. Similarly, the CBP terrorism and immigration checks include comparable data sources and standards. For these reasons, TSA has determined that the STAs for these programs are comparable to the proposed Level 3 STA. Finally, the TSA PreCheck® STA would be comparable to the Level 3 STA in this proposed rule. For TSA PreCheck®, TSA uses TWIC and HME criminal offenses and look-back period, and terrorism standards. Also, the immigration standard for TSA PreCheck® is more stringent than the standards for TWIC Start Printed Page 33491 and HME. Consequently, individuals who have successfully passed the TSA PreCheck® STA have completed a comparable Level 3 STA.

This proposed section on comparability and proposed § 1530.307 on fee comparability are closely related. As explained in the discussion of proposed § 1530.307, the fee structure proposed in this rulemaking is portioned into segments based on the services TSA provides when conducting STAs. When processing an STA application, if TSA can rely on a comparable check from an earlier STA, it does not have to perform that service again, and it will not have to charge the individual the full fee for that service. This reduces the financial burden on individuals requiring more than one STA.

H. Proposed Subpart G—Appeal and Waiver Procedures for Security Threat Assessments

1. Introduction. In subpart G, TSA proposes redress provisions for individuals adversely affected by the STA requirements in 49 CFR part 1530. These proposed standards are consistent with the redress provisions codified in 49 CFR part 1515, Appeal and Waiver Procedures for Security Threat Assessments for Individuals, for individuals who are required to undergo STAs for the TWIC, HME, and certain air cargo programs.^[56] Part 1515 will continue to apply according to its terms (although TSA may revise the part heading in the final rule for this rulemaking to clarify the scope of part 1515), and subpart G of part 1530 would apply to individuals who work for public transportation, railroads, and OTRB operators and undergo an STA set forth in this rulemaking. The standards in part 1515 were previously subject to notice and comment and have been in place for over 10 years. TSA believes the redress procedures we propose in subpart G are effective, efficient, and relatively easy to follow for individuals, including those who do not wish to hire an attorney for this process. However, TSA welcomes comments from covered entities that may be impacted by the proposed rule and the public on ways to improve the vetting process while still reducing security risk in the respective transportation modes.

Proposed subpart G describes the procedures for: (1) requesting waivers of the criminal standards; (2) appealing disqualifications based on the criminal history, immigration, or terrorism/other analyses checks; (3) ALJ review of TSA's waiver and appeal determinations; and (4) review of ALJ decisions by the TSA Final Decision Maker.

2. Proposed § 1530.601. TSA proposes the scope and general requirements for subpart G in this section. Paragraphs (a) and (b) would establish that individuals who apply for an STA under part 1530 and who are eligible to request an appeal or waiver, fall within the scope of this part. Paragraph (c) explains that TSA does not disclose classified information or other information that is protected by law, or for which disclosure is not warranted. Paragraph (d) explains that an individual may, but is not required to, hire an attorney to represent them in an appeal or waiver proceeding, at the individual's expense. Paragraph (e) explains that the individual may request an extension of time for submitting appeal or waiver paperwork to TSA. These requests must be in writing, explain the reason for the extension, and be served on TSA prior to the deadline that needs to be extended. TSA generally grants extensions of time in the redress process when individuals meet these proposed standards.

3. Proposed § 1530.603. Reserved.

4. Exhaustion of Administrative Remedies. Before explaining the redress procedures an individual would use to appeal a TSA final decision (which are set forth below), it is important to discuss the principle of exhausting the administrative remedies TSA provides in subpart G before seeking review by the courts. The doctrine of exhaustion of remedies is based on the need to conserve judicial resources and ensure that factual issues are resolved by the agency with the expertise and responsibility for administering the program at issue. The doctrine allows agencies to develop a full factual record, correct errors, minimize costs, and create a uniform approach to the issues within its jurisdiction. This process benefits individuals by resolving disputes more quickly and at lower cost through TSA rather than the Federal courts. If the individual ultimately seeks review in the Court of Appeals following TSA's final agency order, the court will have a full record on which to base its review and the issues will be narrowed to those that truly require judicial review. In a case where TSA issued a preliminary denial of a TWIC application and the individual sought review by a U.S. District Court rather than first appealing the decision to TSA, the court dismissed his claim stating that he must first exhaust the administrative remedies in TSA's redress regulations.^[57] The court stated that it needed a more developed factual record to effectively evaluate the case. Also, the court held that TSA should have the opportunity to correct any errors and narrow the issues, which can be achieved through exhausting administrative remedies, before initiating judicial review.

For all of the foregoing reasons, TSA is proposing to require individuals to exhaust the administrative remedies set forth in subpart G before seeking judicial review.

Under this proposal, an individual would not seek judicial review until TSA has issued its “final agency order.” Throughout proposed subpart G, we clearly identify the point at which a TSA decision is a “final agency order,” and thus, when an individual may pursue judicial review. Note that for purposes of the rulemaking, “final agency order” and “final agency action” have the same meaning.

5. Proposed § 1530.605. In this section, TSA proposes the procedures that would apply to appeals to TSA concerning the criminal, immigration, and mental capacity standards in part 1530.

Paragraph (a)(3) pertains to appeals based on determinations that an individual lacks mental capacity under proposed §§ 1530.501 and 1530.503. It is important to note that TSA does not have access to health-related databases and information concerning mental health issues. However, TSA may become aware of mental health issues through the CHRC, when an individual is found not guilty by reason of insanity of a disqualifying criminal conviction.

Paragraph (b) of this section proposes the grounds for appeal that may be raised. Individuals may assert that they do meet the eligibility standards and (1) TSA's decision was based on factually incorrect information; or (2) TSA failed to apply the eligibility standards in accordance with the regulations. For instance, if a criminal rap sheet reveals a conviction for a disqualifying offense, but fails to include the fact that the conviction was later overturned, an individual may use this as the basis for an appeal. Also, if TSA fails to correctly apply the list of criminal disqualifiers that appear in part 1530, this failure to adhere to the standards would constitute grounds for an appeal.

Paragraphs (c)–(h) of this section propose the procedures and timeframes for initiating an appeal, responding to a PDI or a PDIIR, correcting inaccurate records, and TSA's issuance of a final Start Printed Page 33492 determination. Under these procedures, an individual must request an appeal in writing to TSA, and it may be in the form of a request for the records on which TSA's PDI or PDIIR are based, or as a reply to the PDI or PDIIR. The individual must initiate the appeal within 60 days of service of the PDI or PDIIR, or request an extension of time. TSA may request documents from appellants that are necessary to make a final determination. If the data on which TSA made its preliminary decision of ineligibility is incomplete or inaccurate, proposed § 1530.605(f) describes how an individual can correct the information.

Paragraph (g) of this section proposes the procedures TSA would follow in making a final determination on eligibility and the individual's appeal. If TSA determines that the PDI/PDIIR is incorrect, TSA would withdraw the PDI/PDIIR and notify the individual, and the employer or operator, where applicable. If TSA determines that the preliminary determination was correct, TSA would serve a FDI on the individual, and where applicable, the employer or operator.

Paragraph (h) explains that TSA's FDI based on criminal, immigration, and mental capacity standards would constitute a final agency order or action under 49 U.S.C. 46110.^[58] This means that upon receiving the FDI, there are no additional redress procedures within TSA for an individual to use. At this point, the individual may seek review in the Court of Appeals or accept TSA's final determination. These appeals based on criminal, mental capacity, and immigration involve objective facts and documents, and thus, it would be highly unlikely for TSA's final decision to be in error and need further review by an ALJ or the TSA Final Decision Maker.

6. Proposed § 1530.607. In this section, TSA sets forth proposed standards for requesting a waiver due to criminal offense or mental capacity. Under this proposed rule, TSA would not consider waiver requests for failure to meet immigration standards or for the terrorism/other analysis checks. It would be inconsistent with the 9/11 Act, the principles of security vetting, and similar waiver programs to entertain waiver requests for these issues. There is no reasonable basis on which TSA would determine that a waiver should be granted to an individual who does not meet the immigration standards or is deemed to pose a threat to national or transportation security, or of terrorism under 1530.507(a). As proposed in paragraph (b), however, TSA would consider a waiver when an individual (1) who committed a disqualifying offense, now asserts that he or she is rehabilitated and no longer poses a security risk; (2) who suffered from mental capacity issues, asserts that those health issues no longer exist; or (3) was disqualified for a criminal history under § 1530.507(b).

In paragraph (c), TSA proposes that individuals must complete the enrollment process, including paying all applicable fees, before he or she may apply for a waiver. For instance, an individual who knows he was convicted of a disqualifying offense within the previous 7 years and wishes to apply for a waiver of that offense, must complete the enrollment process so that TSA receives the pertinent criminal records from the FBI that verify the disqualifying issue. The applicant may submit a request for a waiver, which must be received no earlier than the date that the individual submitted the application and fee, and no later than 60 days after final disposition of an appeal undertaken consistent with § 1530.605 of this subpart. An individual preserves the right submit a waiver request if he or she requests an extension of time in accordance with § 1530.601(e) of this part and the request is granted.

Paragraph (c)(2) describes the factors that TSA would consider when evaluating a waiver request, including the circumstances of the crime, restitution the individual has paid, court or other official records indicating that the individual no longer lacks mental capacity, the length of the prison term, the time that has elapsed since release from prison, criminal activity that has occurred following release from prison, and other factors relevant to the individual's waiver request. TSA would consider letters of reference from employers, clergy, probation officers, family members, and others with knowledge of the individual's character and rehabilitation since the crime occurred.

TSA adjudicators and analysts would evaluate the paperwork submitted, and communicate with the individual, if necessary, to gain additional information to ensure that the waiver request package is complete. TSA has established a Waiver Review Board, which includes security analysts and senior managers, to meet regularly to consider each waiver request. Because waiver decisions are somewhat subjective, TSA established this process to ensure consistency and avoid individual bias in reviewing waiver requests. The Waiver Review Board makes a recommendation to grant or deny a waiver to the Assistant Administrator. The Assistant Administrator reviews the recommendation and waiver paperwork and makes a final decision to grant or deny the waiver request.

Paragraph (d) explains that, within 60 days of TSA receiving the waiver request, TSA would serve a written decision granting or denying the waiver request on the individual. If TSA denies the waiver, the individual may appeal the decision to an ALJ. TSA's waiver denial is not a final agency action under 49 U.S.C. 46110. The individual may not, therefore, appeal this decision to the court system at this time, but must first seek review by an ALJ (as described in § 1530.611) and then if necessary, a TSA Final Decision Maker (as described in § 1530.613).

7. Proposed § 1530.609. In this section, TSA proposes the procedures an individual would use to appeal TSA's preliminary determination that the individual failed the terrorism/other analyses portion of the STA. Paragraph (b) explains that the only grounds for an appeal of the terrorism/other analyses PDI is an assertion that the individual meets the standards for the STA for which he or she is applying. For instance, an individual could argue that he or she has been misidentified as another person who poses a security threat. Also, the individual may assert that even if he or she has been correctly identified, nonetheless, the person does not pose a security threat. Paragraph (c) states that the procedures proposed for § 1530.605(c)-(h), described above, also apply to this section.

In paragraph (d)(1) of this section, TSA proposes that 60 days after service of the individual's appeal, TSA would serve a final determination on the individual, and where applicable, the individual's employer. For instance, in this rulemaking, public transportation operators may not employ an individual in a security-sensitive position unless the individual successfully completed a Level 2 STA, which includes the terrorism/other analyses check. If TSA determines that an individual does not pass the Level 2 STA, TSA would have to notify the operator of this determination so that the operator does not assign the individual a security-sensitive position.

As proposed in paragraph (d)(2), if TSA determines that the PDI or PDIIR was issued in error, TSA would withdraw it by serving notification on the individual, and where appropriate, the employer. Start Printed Page 33493

Paragraph (e) addresses further review of a case in which TSA denies the individual's appeal. TSA's denial of the appeal under this section is not a final agency action under 49 U.S.C. 46110, and, therefore, the individual may not seek review in the courts at this juncture. If the individual wishes to seek additional review of TSA's final determination, he or she would seek review by an ALJ, and those procedures are set forth in proposed § 1530.611, described below. If the individual does not seek review by an ALJ within 30 days of TSA's decision, the decision then becomes final.

8. Proposed § 1530.611. In this section, TSA proposes the procedures for an individual who wishes to seek review of a TSA decision by an ALJ. Paragraph (a) describes the two types of appeals that are eligible for ALJ review. An ALJ may review (1) an appeal of TSA's decision to deny a waiver as set forth in § 1530.607, and (2) an appeal of TSA's decision to deny an appeal based on the terrorism/other analyses check as set forth in § 1530.609.

Paragraph (b) explains how the individual must request ALJ review. The request must be in writing and served within 30 days of the date that TSA served the decision that the individual seeks to appeal to the ALJ. The individual must include the issues that the individual wants the ALJ to consider, copies of the individual's request for a waiver or initial appeal with all supporting documents, and copies of TSA's denial of the waiver request or appeal. Paragraph (b)(5) provides the address to use for ALJ review requests.

Paragraph (b)(2) explains that a request for ALJ review may not include material, evidence, or information that was not also presented to TSA in the original waiver request or appeal. As stated in paragraph (b)(3), if the individual has new material, evidence, or information that was not available to TSA, the individual should file a new waiver request or appeal with TSA, and the ALJ review request would be dismissed. To preserve ALJ resources and ensure that TSA makes decisions that fall within its expertise, in keeping with principles of the exhaustion of administrative remedies, any new information should be used to begin a new review by TSA, not the ALJ.

Paragraph (b)(4) explains that the individual may request an in-person hearing before the ALJ. Paragraph (c) addresses extensions of time during the ALJ review process. Both parties may request extensions of time in writing, and they should be received by the ALJ within a reasonable time before the date that must be extended. Paragraph (d) describes the duties of the ALJ, which are the same procedures that currently apply to cases that ALJs review in TWIC and HME waiver denials, and are fairly standard for administrative process. TSA proposes that the ALJ must have the appropriate level of security clearance necessary to review any information, including classified information, that is relevant to reviewing the case. As proposed, the ALJ should consider a request for an in-person hearing, by evaluating whether there are genuine issues of fact about the evidence or information the individual submits as part of his or her waiver request or appeal to TSA, or whether TSA's determination on the waiver or appeal was completed in accordance with the regulations. If an in-person hearing takes place, a verbatim transcript would be made, at no cost to the individual. If the individual fails to appear, the ALJ may issue a default judgment against the individual. The standard of proof for the hearing would be substantial evidence on the record.

Under the ALJ procedures, we propose that TSA will not disclose classified information or other information protected under the law. TSA, however, may prepare an unclassified summary of the information for the appealing party, if an unclassified summary can be provided consistent with national security concerns. The ALJ would review the record of decision, including any classified information upon which the decision relies, on an ex parte, in camera basis, and may consider this information in making a final decision if the information appears to be material and relevant.

Paragraph (f) describes the procedures that apply for the ALJ's final decision. As proposed, the ALJ would issue a final decision within 60 days from the close of the record, and serve the decision on the parties. Either party may appeal the ALJ decision to the TSA Final Decision Maker. If the ALJ overturns TSA's waiver or appeal decision and TSA does not appeal that to the Final Decision Maker, TSA would issue an order granting the waiver or withdraw the final determination on the appeal, as applicable. If the ALJ upholds TSA's decision and the individual does not seek review by the TSA Final Decision Maker, TSA would issue a final agency order denying a waiver to the individual or issue a Final Order of Ineligibility, as applicable.

9. Proposed § 1530.613. TSA proposes the procedures for appealing an ALJ decision to the TSA Final Decision Maker in this section. The non-prevailing party in the ALJ proceeding may request a review of the ALJ's decision by the TSA Final Decision Maker within 30 days from the date of service of the ALJ's decision. Requests for review must be in writing, served on the opposing party, and relate only to whether the ALJ's decision was based on substantial evidence on the record. Within 60 days of receiving the request for review (or within 30 days of receiving a response from the other party), the TSA Final Decision Maker would issue the final decision. The decision of the TSA Final Decision Maker constitutes a final agency order in accordance with 49 U.S.C. 46110. If the individual wishes to appeal the TSA Decision Maker's final order, that appeal must be filed in the U.S. Court of Appeals for the District of Columbia Circuit or in the court of appeals of the United States for the circuit in which the person resides or has its principal place of business within 60 days of the TSA Decision Maker's final order.

IV. Analysis of Proposed Changes to Parts 1500, 1570, 1572, 1580, 1582, and 1584

A. Introduction

TSA proposes to make changes to 49 CFR parts 1500, 1570, 1572, 1580, 1582, and 1584 in this rulemaking. Each of these proposed changes are described below.

B. Proposed Changes to Part 1500

“Security threat assessment” would mean a procedure conducted by TSA consisting of one or more checks of relevant databases and other sources of information to verify an individual's identity, and to determine whether the individual is eligible for certain access to the nation's transportation systems, or for certain privileges or credentials. The proposed definition would provide a concrete understanding of the term that encapsulates the entire process of vetting the individual. It would also promote consistent use of terminology throughout TSA's regulations, most importantly that a security threat assessment is the overall process, which is comprised of one or more checks, such as a CHRC, or a check of databases. TSA considers the terms “security threat assessment,” as proposed here, and “security background check,” as established in the Security Training rulemaking to be functionally synonymous. TSA intends generally to reserve the use of “security background check” to the specific context of proposed § 1570.305. Start Printed Page 33494

C. Proposed Changes to Part 1570

As explained previously, this proposed rule is one of three rulemakings TSA is presently conducting to implement the 9/11 Act. The Security Training NPRM proposed extensive changes to part 1570, including reserving subpart D for proposals related to vetting. In this rulemaking, we propose changes to part 1570, subpart D, that build on the proposals in the Security Training NPRM.

TSA proposes to add § 1570.307 to subpart D to explain that specific vetting requirements for maritime and land transportation would be set in the parts that relate to each industry. For instance, the proposals for the owner/operators and individuals in freight rail would be in part 1580, public transportation and passenger rail would be in part 1582, and OTRB would be in part 1584.

As a matter of organization and clarity, we think it would be easier for each type of owner/operator and its employees to first look at the part of TSA regulations that applies to it, in order to determine who must be vetted and the level of vetting required. The requirements may vary, and we believe placing them in the specific part of title 49 that corresponds to that type of operator would be best.

D. Proposed Change to Part 1572

TSA proposes to revise the title of part 1572 from “Credentialing and Security Threat Assessments” to “Credentialing and Security Threat Assessments for the Hazardous Materials Endorsement and Transportation Worker Identification Credential Programs.” This is an administrative change TSA proposes to make to clarify that part 1572 applies only to the HME and TWIC programs. As our vetting authorities expand and there are new vetting standards in various parts of the CFR, we believe it is necessary to change the title of part 1572 so that individuals and owner/operators understand that it applies only to two programs.

E. Proposed Changes to Part 1580

TSA proposes to add “Subpart D—Security Threat Assessment Requirements for Owner/Operators and Individuals” to part 1580, as promulgated in the Security Training rulemaking, to implement the 9/11 Act vetting requirements in freight rail.^[59]

1. Proposed § 1580.3. This section would make clear that the terms defined in §§ 1500.3, 1500.5, and 1503.103, of subchapter A, § 1530.3 of subchapter B, and § 1570.3 of subchapter D of this chapter, also apply when used in this part.

2. Proposed § 1580.301. Paragraph (a) would set out the obligations of freight rail owner/operators with regard to STA requirements for the security coordinators who would be designated according to the requirements of the Security Training rulemaking. Section 1570.201(a), as set forth in the Security Training final rule, requires freight rail owner/operators to designate and use a primary and at least one alternate security coordinator. These requirements apply to the operators listed in 49 CFR 1580.101, which are:

• Class 1 freight railroad carriers;
• Rail hazardous materials shippers that transport one or more of the categories and quantities of rail security-sensitive materials (RSSM) in a high threat urban area (HTUA);
• Rail carrier that serves as a host railroad to a Class 1 carrier, rail hazardous materials shipper that transports RSSM in an HTUA, or a passenger operation described in 49 CFR 1582.101.

Proposed paragraph (a)(1) would set out the primary requirement that a covered freight rail owner/operator must not authorize or permit an individual to serve as a primary or alternate security coordinator unless he or she has successfully completed a Level 3 STA and holds a current DOE from TSA.

As explained above in section II.B.2. of the preamble, security coordinators should undergo a Level 3 STA because of their access to sensitive-security and personally-identifiable information, as well as the critical security functions they perform. These responsibilities and functions require a high level of confidence that the individual is trustworthy. As explained above, a Level 3 STA consists of a criminal history, terrorism/other analyses, and immigration check. Successful completion of this Level 3 STA would increase confidence that the individual is sufficiently trustworthy to assume the position.

To comply with proposed paragraph (a)(1), owner/operators would need a definitive source of information from TSA regarding an individual's STA. TSA expects to create a web-based portal for owner/operators to access, which would include the results of the STAs of that owner/operator's workers. TSA has considered other methods of employer notification, such as mailing letters, but believes this method would be more cost-effective and minimizes the risk of fraud or missing records associated with paper documents and mail service. TSA invites comment from the industry as to other potential methods of notification, as well as the relative advantages and disadvantages of the options.

Paragraph (a)(2) would require the owner/operator to retain records documenting compliance with paragraph (a)(1). TSA does not propose a specific format of documentation. TSA prefers to retain flexibility to permit various formats depending on owner/operator needs and capabilities. TSA will work with each owner/operator to assure that the recordkeeping process complies with TSA's inspection needs. As part of inspecting compliance with the STA requirements, TSA must be able to review these records to ensure that the STA requirements have been met at the appropriate time. TSA invites comment from owner/operators as to how most will satisfy this requirement and other ideas for meeting it.

Paragraph (b)(1) would set out the primary requirement that a covered freight rail owner/operator must not authorize or permit an individual to serve as a security-sensitive employee, unless he or she has successfully completed a Level 2 STA and holds a current DOE from TSA. TSA proposes to require a Level 2 STA, consisting of terrorism/other analyses and immigration check in the United States, for security-sensitive employees, which satisfies the requirements of section 1520 of the 9/11 Act.

As explained above in the discussion of security coordinator STA requirements, TSA expects to create a web-based portal for owner/operators to access, which would include the results of the STAs of that owner/operator's security-sensitive employees.

Proposed paragraph (b)(2), with regard to recordkeeping, is similar to proposed paragraph (a)(2) explained above.

Paragraph (c) proposes continuing responsibilities for owner/operators after the initial vetting of security coordinators and security-sensitive employees. Paragraph (c)(1) would require an owner/operator to remove an individual from a position as a security coordinator or a security-sensitive employee if notified by TSA that the individual is no longer eligible for the position. TSA would issue such a notification if, for example, the recurrent terrorism/other analyses check subsequently reveals information indicating that the individual poses or may pose a threat to transportation security or national security, or of terrorism. Start Printed Page 33495

Paragraph (c)(2) would require an owner/operator that becomes aware of information that an individual is or may not be eligible to serve as a security coordinator or security-sensitive employee to notify TSA immediately. This responsibility would arise, for example, if the owner/operator becomes aware that a security coordinator has been arrested for or convicted of a potentially disqualifying crime.

Paragraph (c)(3) would provide that an owner/operator may reassign an individual as a security coordinator or security-sensitive employee if notified by TSA that he or she regained eligibility. For example, if TSA notified an owner/operator under proposed paragraph (c)(1) that an individual is ineligible, but subsequently determines that the factor causing the ineligibility had been resolved, TSA would notify the owner/operator under paragraph (c)(3).

2. Proposed § 1580.303. This section would set out the obligations of individuals employed by covered freight rail owner/operators who must undergo an STA, either as a security coordinator (proposed paragraph (a)) or a security-sensitive employee (proposed paragraph (b)).

Paragraph (a) would provide that an individual must not work as a security coordinator for a freight rail owner/operator, unless he or she successfully completes a Level 3 STA and holds a current Determination of Eligibility. Paragraph (a) would also specify that the criminal history records check conducted as part of the Level 3 STA would be adjudicated against the list of disqualifying crimes in proposed § 1530.503, which, as described above, would be the list of disqualifying crimes that currently apply to certain surface and maritime workers under § 1572.103.

Paragraph (b) would provide that an individual must not work as a security-sensitive employee unless he or she successfully completes a Level 2 STA and holds a current Determination of Eligibility. The rationale for requiring this level of vetting is explained above in section II.B.1. of the preamble.

3. Proposed § 1580.305. This section would require the use of TSA enrollment centers by individuals, as well as the owner/operators of those individuals, required to apply for an STA under these proposed regulations. The reasons for this proposed requirement is explained above in section II.B.5. of the preamble.

4. Proposed § 1580.307. As explained above in section II.B.7. of the preamble, TSA proposes a phased implementation of the vetting requirements proposed in this rule. Under paragraph (a), the vetting requirements for primary and alternate security coordinators would become effective 6 months from the publication date of the final rule. Under paragraph (b), the vetting requirements for security-sensitive employees would become effective 12 months from the publication date of the final rule. It is important to note that the time it takes to process Level 2 STA processing is typically less than 10 days, and less than 30 days for Level 3 STA processing. We invite comment from employers and workers on these proposed effective dates. Specifically, TSA is interested in the time employers anticipate it will take to prepare for the effective dates, how many employees fall into each category, and whether the number of employees can be vetted within the allotted time.

F. Changes to Part 1582

TSA proposes to add “Subpart C—Security Threat Assessment Requirements for Owner/Operators and Individuals” to part 1582, as set forth in the Security Training final rule, to implement the vetting requirements of the 9/11 Act for public transportation and passenger rail.

1. Proposed § 1582.3. This section would make clear that the terms defined in §§ 1500.3, 1500.5, and 1503.103, of subchapter A, § 1530.3 of subchapter B, and § 1570.3 of subchapter D of this chapter, also apply when used in this part.

2. Proposed § 1582.201. This section would set out the obligations of covered public transportation and passenger rail owner/operators with regard to STA requirements for the security coordinators who would be designated according to the requirements of the Security Training rulemaking. Under the Training final rule, section 1570.201(a) requires public transportation and passenger rail owner/operators described in § 1582.1(a) to designate and use a primary and at least one alternate security coordinator. These owner/operators include: passenger railroad carriers, public transportation agencies, and operators of rail transit systems that are not operating on tracks that are part of the general railroad system, including heavy rail transit, light rail transit, automated guideway, cable car, inclined plane, funicular, and monorail systems.

Proposed paragraph (a)(1) would set out the primary requirement that a covered public transportation and passenger railroad operator must not authorize or permit an individual to serve as a primary or alternate security coordinator, unless he or she has successfully completed a Level 3 STA and holds a current DOE from TSA. As set forth in the Security Training final rule, this requirement would apply to all owner/operators described in § 1582.1(a)(1)–(3), and to an owner/operator described in § 1582.1(a)(4), if it is notified by TSA that a threat exists pursuant to 49 CFR 1570.201(b)). As explained above in section II.B.2. of the preamble, TSA believes that security coordinators should be required to undergo a Level 3 STA based on the access to sensitive-security and personally-identifiable information they have. As explained previously, a Level 3 STA consists of a criminal history, terrorism/other analyses, and immigration check. Successful completion of this Level 3 STA will increase confidence that the individual is sufficiently trustworthy to assume the position, and the proposed requirement that he or she continues to hold a current DOE would require his or her removal if he or she becomes ineligible in the future.

To comply with proposed paragraph (a)(1), owner/operators would receive a notification from TSA regarding an individual's STA. TSA expects to create a web-based portal for owner/operators to access, which would include the results of the STAs of that owner/operator's workers. TSA has considered other methods of employer notification, such as mailing letters, but believes this method would be more cost-effective and minimizes the risk of fraud or missing records associated with paper documents and mail service. TSA invites comment from the industry as to other potential methods of notification, and the relative advantages and disadvantages of the options.

Paragraph (a)(2) would require the owner/operator to retain records documenting compliance with proposed paragraph (a)(1). TSA proposes to allow owner/operators flexibility as to the format, paper or digital, of storage, as long as the form and manner is authorized by TSA. As part of inspecting compliance with the STA requirements, TSA must be able to review these records to ensure that the STA requirements have been met at the appropriate time. TSA invites comment from owner/operators as to how most will satisfy this requirement and other ideas for meeting it.

In proposed § 1580.203 (b) and as discussed above, TSA proposes to require that such security-sensitive employees successfully complete a Level 2 STA. Paragraph (b)(1) of this section tracks the same requirements as in paragraph (a)(1), but for security-sensitive employees instead of security coordinators. TSA proposes that a Start Printed Page 33496 covered owner/operator must not authorize or permit a person to serve a security-sensitive employee, unless he or she has successfully completed a Level 2 STA and holds a current DOE. This level of vetting satisfies section 1411 of the 9/11 Act.

Proposed paragraph (b)(2) with regard to recordkeeping is similar to proposed paragraph (a)(2) explained above.

Paragraph (c) proposes continuing responsibilities for owner/operators after the initial vetting of security coordinators and security-sensitive employees. Paragraph (c)(1) would require an owner/operator to remove an individual from a position as a security coordinator, or a security-sensitive employee, if notified by TSA that the individual is no longer eligible for the position. TSA would issue such a notification if, for example, the recurrent terrorism check subsequently reveals information indicating that the individual poses or may pose a threat to transportation security or national security, or of terrorism.

Paragraph (c)(2) would require an owner/operator that becomes aware of information that an individual may not be eligible to serve as a security coordinator or security-sensitive employee to notify TSA immediately. This responsibility would arise, for example, if the owner/operator becomes aware that a security coordinator has been convicted for a potentially disqualifying crime.

Paragraph (c)(3) would provide that an owner/operator may reassign an individual as a security coordinator or security-sensitive employee if notified by TSA that he or she regained eligibility. For example, if TSA notified an owner/operator under proposed paragraph (c)(1) that an individual is ineligible, but subsequently determines that the factor causing the ineligibility had been resolved, TSA would notify the owner/operator under paragraph (c)(3).

3. Proposed § 1582.203. This section would set out the obligations of individuals employed by covered public transportation and passenger rail owner/operators who must undergo an STA, either to serve as a security coordinator (proposed paragraph (a)) or as a security-sensitive employee (proposed paragraph (b)).

Proposed paragraph (a) would provide that an individual must not work as a security coordinator for a public transportation or passenger rail owner/operator unless he or she successfully completes a Level 3 STA and holds a current DOE. The reasons for requiring a Level 3 STA, and the checks that would compose this level of vetting are explained above in section II.B.2. of the preamble. Paragraph (a) would also specify that the CHRC conducted as part of the Level 3 STA would be adjudicated against the list of disqualifying crimes in proposed § 1530.503(a), which is the list of disqualifying crimes applicable to surface and maritime vetting conducted by TSA.

Paragraph (b) would provide that an individual must not work as a security-sensitive employee unless he or she successfully completes a Level 2 STA, and holds a current DOE. The rationale for requiring this level of vetting is explained above in section II.B.1. of the preamble.

4. Proposed § 1582.205. This section would require the use of TSA enrollment centers by individuals, and their owner/operators, required to apply for an STA under these proposed regulations. The reasons for this proposed requirement is explained above in section II.B.5. of the preamble.

5. Proposed § 1582.207. As explained above in section II.B.7. of the preamble, TSA proposes a phased implementation of the vetting requirements proposed in this rule. Under paragraph (a), the vetting requirements for primary and alternate security coordinators would become effective 6 months from the publication date of the final rule. Under paragraph (b), the vetting requirements for security-sensitive employees would become effective 12 months from the publication date of the final rule.

We invite comment from employers and workers on these proposed effective dates. Specifically, TSA is interested in the time employers anticipate it will take to prepare for the effective dates, how many employees fall into each category, and whether the number of employees can be vetted within the allotted time.

F. Proposed Changes to Part 1584

In this rulemaking, TSA proposes to add “Subpart C—Security Threat Assessment Requirements for Owner/Operators and Individuals” to part 1584, in keeping with provisions established in the Security Training rule for the 9/11 Act vetting requirements for OTRB.

1. Proposed § 1584.3. This section would make clear that the terms defined in §§ 1500.3, 1500.5, and 1503.103, of subchapter A, § 1530.3 of subchapter B, and § 1570.3 of subchapter D of this chapter, also apply when used in this part.

2. Proposed § 1584.201. This section would set out the obligations of OTRB owner/operators with regard to STA requirements for the security coordinators designated in accordance with the Security Training final rule. Section 1570.201(a) requires OTRB owner/operators described in § 1584.101 to designate and use a primary and at least one alternate security coordinator. Under § 1584.101 these OTRB owner/operators are limited to those that originate, travel through, or in, a geographic location identified in appendix A to 49 CFR part 1584.

Proposed paragraph (a)(1) would set out the primary requirement that a covered OTRB owner/operator must not authorize or permit an individual to serve as a primary or alternate security coordinator, unless he or she has successfully completed a Level 3 STA and holds a current DOE. As explained above in section II.B.2. of the preamble, TSA believes that security coordinators should undergo a Level 3 STA based on their access to sensitive security and personally identifiable information. As explained above, a Level 3 STA consists of criminal history, terrorism/other analyses, and immigration checks. Successful completion of this Level 3 STA will increase confidence that the individual is sufficiently trustworthy to assume the position, and the proposed requirement that he or she continues to hold a current DOE would require his or her removal if he or she becomes ineligible in the future.

To comply with proposed paragraph (a)(1), owner/operators must receive a definitive notification from TSA regarding an individual's STA. TSA expects to create a web-based portal for owner/operators to access, which will include the results of the STAs of that owner/operator's workers. TSA has considered other methods of employer notification, such as mailing letters, but believes this method would be more cost-effective and minimizes the risk of fraud or missing records associated with paper documents and mail service. TSA invites comment from the industry as to other potential methods of notification, as well as the relative advantages and disadvantages of the options.

Paragraph (a)(2) would require the owner/operator to retain records documenting compliance with proposed paragraph (a)(1). TSA proposes to allow owner/operators flexibility as to the format, paper or digital, of storage, as long as the form and manner is authorized by TSA. As part of inspecting compliance with the STA requirements, TSA must be able to review these records to ensure that the STA requirements have been met at the appropriate time. TSA invites comment from owner/operators as to how most will satisfy this requirement and other ideas for meeting it. Start Printed Page 33497

Paragraph (b) proposes continuing responsibilities for owner/operators after the initial vetting of security coordinators. Paragraph (b)(1) would require an owner/operator to remove an individual from a position as a security coordinator, if notified by TSA that the individual is no longer eligible for the position. TSA would issue such a notification if, for example, the recurrent terrorism check subsequently reveals information indicating that the individual poses or may pose a threat to transportation security or national security, or of terrorism.

Paragraph (b)(2) would require an owner/operator that becomes aware of information that an individual may not be eligible to serve as a security coordinator to notify TSA immediately. This responsibility would arise, for example, if the owner/operator becomes aware that a security coordinator has been arrested or convicted for a potentially disqualifying crime.

Paragraph (b)(3) would provide that an owner/operator may reassign an individual as a security coordinator if notified by TSA that he or she regained eligibility. For example, if TSA notified an owner/operator under proposed paragraph (b)(1) that an individual is ineligible, but subsequently determines that the factor causing the ineligibility had been resolved, TSA would notify the owner/operator under paragraph (b)(3).

3. Proposed § 1584.203. This section would set out the obligations of individuals employed by covered public OTRB owner/operators who must undergo an STA to serve as a security coordinator.

Paragraph (a) would provide that an individual must not work as a security coordinator for a covered OTRB owner/operator, unless he or she successfully completes a Level 3 STA and holds a current DOE. The reasons for requiring a Level 3 STA, and the checks that would compose this level of vetting are explained above in section II.B.2. of the preamble. Paragraph (a) would also specify that the CHRC conducted as part of the Level 3 STA would be adjudicated against the list of disqualifying crimes in proposed § 1530.503.

4. Proposed § 1584.205. This section would require the use of TSA enrollment centers by individuals required to apply for an STA under these proposed regulations. The reasons for this proposed requirement is explained above in section II.B.5. of the preamble.

5. Proposed § 1584.207. As explained above in section II.B.7. of the preamble, TSA proposes a phased implementation of the vetting requirements proposed in this rule. Under paragraph (a), the vetting requirements for primary and alternate security coordinators would become effective 6 months from the publication date of the final rule. We invite comment from employers and workers on these proposed effective dates. Specifically, TSA is interested in the time employers anticipate it will take to prepare for the effective dates, how many employees fall into each category, and whether the number of employees can be vetted within the allotted time.

V. Regulatory Analyses

A. Paperwork Reduction Act

The Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3501. et seq.) requires that TSA consider the impact of paperwork and other information collection burdens imposed on the public and, under the provisions of 44 U.S.C. 3507(d), obtain approval from the OMB for each collection of information it conducts, sponsors, or requires through regulations.

Under existing OMB Control No. 1652–0051, OMB has approved a related information collection request for contact information of freight railroad carriers, passenger railroad carriers, and rail transit systems primary security coordinators and alternate security coordinators, as well as reporting significant security concerns by freight railroad carriers, passenger railroad carriers, and rail transit systems. Under the provisions of the proposed rule, the affected freight rail and PTPR entities would be required to modify or amend how they would perform their collection of the additional information required to complete STAs. The additional information collection requirement from the proposed rule relates to information that affected freight rail and PTPR employees would submit during STA enrollments, PDI appeals, and PDI waivers. These requirements would be added to the existing collection with OMB control number 1652–0051.

Revisions to OMB Control Number 1652–0051

This proposed rule contains new information collection activities subject to the PRA. The proposed rule would require OTRB security coordinators submit personal information during STA enrollments, PDI appeals, and PDI waivers. Accordingly, DHS and TSA invite the general public to comment on the impact to the proposed collection of information. In accordance with the PRA, the information collection notice is published in the Federal Register to obtain comments regarding the proposed edits to the information collection instrument. Comments are encouraged and will be accepted for 90 days from the publication date of the proposed rule. All submissions should include the OMB Control Number 1652–0051 in the body of the letter and the agency name. To avoid duplicate submissions, please use only one of the methods under the ADDRESSES andI. Public Participation section of this rule to submit comments. Therefore, in preparation for OMB review and approval of the following information collection, TSA is soliciting comments to:

(1) Evaluate whether the collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility;

(2) Evaluate the accuracy of the agency's estimate of the burden of the collection of information, including the validity of the methodology and assumptions used;

(3) Enhance the quality, utility, and clarity of the information to be collected; and

(4) Minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of IT ( e.g., permitting electronic submission of responses).

Title: TSA Security Vetting of Certain Surface Transportation Workers.

Summary: This proposed rule would require the following information collections:

First, owner/operators identified in 49 CFR 1580.303, 1582.203, and 1584.203 would be required to vet certain workers using security threat assessments (STAs) and for TSA to conduct the STAs. The proposed rule would establish the following three risk-based levels of STAs for different employee populations:

• Level 1 STA: Terrorism check and other analyses (including a check against the Terrorist Screening Database among other databases);

• Level 2 STA: Terrorism check and other analyses and immigration check; and

• Level 3 STA: Terrorism check and other analyses, immigration check, and criminal history record check (CHRC).

For certain freight rail and public transportation and passenger railroad (PTPR) owner/operators, the proposed rule would require security-sensitive employees and security coordinators to undergo a Level 2 STA and Level 3 Start Printed Page 33498 STA, respectively. For certain over-the-road-bus (OTRB) owner/operators, the proposed rule would require only security coordinators to undergo a Level 3 STA. OTRB security-sensitive employees would not be required to undergo an STA under the proposed rule. The proposed rule would establish fees to be collected from security-sensitive employees and security coordinators undergoing an STA to recover TSA's vetting costs as required by law.^[60]

The proposed rule also sets out the standards for the adjudication of STAs and redress procedures for STA applicants. The proposed rule describes the standards TSA would use to make decisions about the eligibility of an STA applicant based on the information obtained from the STA check and the procedures TSA would follow when an STA applicant does not appear to meet, or may no longer meet, the proposed STA standards. When the latter occurs, TSA would notify the owner and/or operator that the individual is no longer eligible for the position, and notify the STA applicant or STA holder about the potentially disqualifying factors in a Preliminary Determination of Ineligibility (PDI) or Preliminary Determination of Ineligibility with Immediate Revocation (PDIIR). TSA would also issue a Final Determination of Ineligibility (FDI) if the applicant fails to request an appeal or waiver of the PDI or PDIIR within the required time frame, or TSA denies the appeal or waiver. For STA applicants who receive either a PDI, PDIIR, or FDI, the proposed rule sets out redress procedures. These proposed redress procedures are substantively the same as the current redress provisions codified in part 1515 that apply to individuals who are required to undergo an STA for the Transportation Worker Identification Credential (TWIC), Hazardous Material Endorsement (HME), and certain air cargo programs.^[61]

This proposed rule would also require that owner/operators not authorize or permit an individual to serve as a security-sensitive employee, in the case of freight rail and PTPR, or a security coordinator for all three modes, unless the owner/operator verifies with TSA that the individual has successfully completed a Level 2 STA or Level 3 STA, respectively, and holds a current determination of eligibility (DOE) as described in the proposed rule. The owner/operators would also be required to retain records, in a form and manner authorized by TSA and for the period specified in the proposed rule, and make the records available to TSA when requested during inspection.

Use of: This information would be used to support implementation of the proposed rule, which requires completing a name-based security background check against the consolidated terrorist watchlist and an immigration check in the United States for all freight rail and PTPR security-sensitive employees; and those same two checks in addition to a CHRC for all security coordinators of freight rail, PTPR, and OTRB owner/operators. A redress process is required by the 9/11 Act to address due process. The proposed rule requires owner/operators to file and maintain records of STAs for all affected employees.

Respondents: The likely respondents to this information collection are affected employees of the owners and/or operators of covered surface modes, who are estimated to be approximately 355,730 over the next 3 years. TSA estimates the average annual number of respondents to be 118,457 over the same period, and the average annual number of responses to be 308,198.^[62]

Frequency: Once the rule has been implemented, TSA estimates that STA enrollments and the corresponding recordkeeping would occur whenever vetting of an employee or security coordinator is required due to the hiring of new personnel, promotions into affected positions, and staff turnover. The initial implementation of the proposed rule would require all security-sensitive employees and security coordinators to obtain a DOE in order to continue performing in their roles, which—along with the 5-year renewal requirement—would establish a pattern of enrollment/renewal spikes every 5 years. The redress process frequency will follow the pattern of STA enrollments with a lag of a few weeks due to processing times. Each stage in the redress process would occur whenever an appeal is filed after a negative determination has been issued. STA enrollment satisfaction surveys would occur annually and individuals' contact information would occur on a periodic basis.

Annual Burden Estimate: The average annual time burden for STA Enrollments, PDI Appeals, PDI Waivers, STA Recordkeeping, and STA Satisfaction Survey is expected to reach an annual average of 181,345 hours over the first 3 years. Table 12 displays the number of respondents for STA Enrollments, PDI Appeals, PDI Waivers, Recordkeeping, Contact Information Updates, and STA Customer Satisfaction Survey for Freight Rail, PTPR, and OTRB entities.

B. Economic Impact Analyses

1. Regulatory Impact Analysis Summary

Changes to Federal regulations must undergo several economic analyses. First, Executive Order (E.O.) 12866, Regulatory Planning and Review,^[63] as supplemented by E.O. 13563, Improving Regulation and Regulatory Review,^[64] directs each Federal agency to propose or adopt a regulation only upon a reasoned determination that the benefits of the intended regulation justify its costs. Second, the Regulatory Flexibility Act of 1980 (RFA) ^[65] requires agencies to consider the economic impact of regulatory changes on small entities. Third, the Trade Agreement Act of 1979 ^[66] prohibits agencies from setting standards that create unnecessary obstacles to the foreign commerce of the United States. Fourth, the Unfunded Mandates Reform Act of 1995 ^[67] (UMRA) requires agencies to prepare a written assessment of the costs, benefits, and other effects of proposed or final rulemakings that include a Federal mandate likely to result in the expenditure by State, local, or tribal governments, in the aggregate, or by the private sector, of $100 million or more annually (adjusted for inflation).

2. Executive Orders 12866 and 13563 Assessments

Under the requirements of E.O.s 12866 and 13563, agencies must assess the costs and benefits of available regulatory alternatives and, if regulation is necessary, select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts, and equity). These requirements were supplemented by E.O. 13563, which emphasizes the importance of quantifying both costs and benefits, of reducing costs, of harmonizing rules, and of promoting flexibility.

In accordance with E.O. 12866, TSA has submitted the proposal to the Office of Management and Budget (OMB), which has determined that this Start Printed Page 33500 proposed rule is a significant regulatory action within the meaning of E.O. 12866, although not economically significant as the rule will not result in an effect on the economy of $100 million or more in any year of the analysis.

In conducting these analyses:

1. TSA prepared an Initial Regulatory Flexibility Analysis (IRFA), which estimates that this rulemaking would likely have a regulatory cost that exceeds one percent of revenue for one small entity—one freight rail owner/operator—of the 372 small entities that TSA found would be impacted by the NPRM.

2. This rulemaking would not constitute a barrier to international trade.

3. This rulemaking is not likely to result in the expenditure by State, local, or tribal governments, in the aggregate, or by the private sector, of $100 million or more annually (adjusted for inflation).

TSA has prepared an analysis of its estimated costs and benefits, summarized in the following paragraphs, and in the OMB Circular A–4 Accounting Statement. When estimating the cost of a rulemaking, agencies typically estimate future expected costs imposed by a regulation over a period of analysis. For this rulemaking's period of analysis, TSA uses a 10-year period of analysis to estimate the initial and recurring costs to the regulated surface mode owner/operators and new owner/operators that are expected due to industry growth. As discussed above, the 9/11 Act requires TSA to conduct the vetting we propose in this NPRM for security-sensitive workers of rail and public transportation workers. For security coordinators, the 9/11 Act requires TSA to ensure U.S. citizenship or conduct an appropriate STA in place of the citizenship requirement. For these workers, TSA is proposing a Level 3 STA rather than U.S. citizenship. The 9/11 Act does not require a Level 3 STA for these workers, but gives TSA the discretion to determine which STA is appropriate. TSA is using that discretion to propose a Level 3 STA for security coordinators due to the access to security and personally identifiable information security coordinators have.

TSA summarizes the costs of the proposed rule to be borne by four types of parties: freight rail owner/operators, PTPR owner/operators, OTRB owner/operators, and TSA. As displayed in Table 13, TSA estimates the 10-year total cost of this proposed rule to be $108.99 million undiscounted, $98.08 million discounted at 3 percent, and $86.58 million discounted at 7 percent. The costs to industry (all three surface modes) comprise approximately 98.3 percent of the total costs of the rule; and the remaining costs are incurred by TSA. See Table 13 below.

TSA estimates the 10-year costs to the freight railroad (including freight rail shippers and receivers) industry to be $38.14 million undiscounted, $34.90 million discounted at 3 percent, and $31.43 million discounted at 7 percent, as displayed by cost categories in Table 14.^[68]

TSA estimates the 10-year costs to the PTPR industry to be $67.87 million undiscounted, $60.58 million discounted at 3 percent, and $52.96 million discounted at 7 percent, as displayed by cost categories in Table 15.

TSA estimates the 10-year costs to the OTRB industry to be $1.17 million undiscounted, $1.05 million discounted at 3 percent, and $0.92 million discounted at 7 percent, as displayed by cost categories in Table 16.

TSA estimates the 10-year costs to TSA to be $1.81 million undiscounted, $1.54 million discounted at 3 percent, and $1.27 million discounted at 7 percent, as displayed by cost categories in Table 17.

The proposed rule would enhance surface transportation security by reducing vulnerability to attacks perpetrated by insiders. Specifically, the proposed rule would subject individuals that currently work, or that in the future will work (applicants), at covered entities to pass an STA, administered by TSA. The introduction of an STA requirement allows TSA to confirm the individual's identity and determine from background information whether he or she poses or may pose a threat to transportation security or national security, or of terrorism. Absent the STA requirement, individuals who may pose a threat would continue to work in their respective positions. This is particularly relevant for individuals that perform the functions of a security coordinator or security-sensitive employee. Once an individual has completed the STA process and receives a favorable STA, they are then required to maintain a DOE during the entire span of their tenure as a security-sensitive employee or a security coordinator. This will help ensure that only individuals that do not pose a threat will be eligible to continue their employment at covered entities while limiting those with an unfavorable STA from using their employment to carry out a nefarious act. Covered entities would also be required to maintain records on employee STAs and make them available to TSA upon request. This requirement increases the robustness of the program by encouraging covered entities to be in compliance with the requirements and providing a mechanism for TSA to assess that compliance. Higher levels of compliance increase the benefits associated with STAs by virtue of their increased use. While security vetting is not an absolute deterrent for terrorists intent on carrying out attacks on surface modes of transportation, TSA expects the probability of success for such attacks to decrease if security coordinators and security-sensitive employees within these transportation modes are vetted under the proposed rule.

TSA uses a break-even analysis to frame the relationship between the potential benefits of the proposed rule and the costs of implementing the rule. When it is not possible to quantify or monetize a majority of the incremental benefits of a regulation, OMB recommends conducting a threshold, or “break-even” analysis. According to OMB Circular No. A–4, “Regulatory Analysis,” such an analysis answers the question “How small could the value of the non-qualified benefits be (or how large would the value of the non-quantified costs need to be) before the rule would yield zero net benefits?” ^[69] To conduct the break-even analysis, Start Printed Page 33503 TSA evaluates composite scenarios for each of the three modes covered by the proposed rule. For each mode, the composite scenario represents the potential monetized losses associated with the deaths, injuries, as well as property damage and remediation caused by a terrorist attack on the corresponding transportation mode. TSA estimates a total monetary consequence from an estimated statistical value of the human casualties and capital replacement resulting from the attack.^[70]

Table 18 presents the composite or weighted average of direct consequences from an attack executed on each mode.

TSA compared the estimated direct monetary costs from an attack to the annualized cost (discounted at 7 percent) to industry and TSA from the proposed rule for each mode to estimate how often an attack of that nature would need to be averted for the expected benefits to equal estimated costs. Table 19 presents the results of the break-even analysis for each mode.^[73] For example, Table 19 shows that if the freight rail vetting requirements in this rule prevents one freight rail terrorist attack every 129 years,^[74] the freight rail provisions of this rule “break-even” (the benefits equal the costs). These breakeven frequencies are once every 129 years for freight rail, once every 78 years for PTPR, and once every 238 years for OTRB.

In the break-even analysis, TSA only considers the estimated direct costs: direct economic losses of the attack scenarios that would be averted as a result of the proposed rule. The break-even analysis does not include the difficult-to-quantify indirect costs of an attack or the macroeconomic impacts that could occur due to a major attack. In addition to the direct impacts of a terrorist attack in terms of lost life and property, there are other more indirect impacts that are difficult to measure. As noted by Cass Sunstein in Laws of Fear, “. . . fear is a real social cost, and it is likely to lead to other social costs.” In addition, Ackerman and Heinzerling state “. . . terrorism `works' through the fear and demoralization caused by uncontrollable uncertainty.” As devastating as the direct impacts of a successful terrorist attack can be in terms of the immediate loss of life and property, avoiding the impacts of the Start Printed Page 33504 more difficult to measure indirect effects are also substantial benefits of preventing a terrorist attack. Because the analysis only accounts for a portion of the full impacts of the terrorist attack scenarios, it is likely that the costs associated with the attack scenarios, and therefore the cost savings or benefits from vetting security-sensitive employees, are underestimated in this analysis.

3. OMB A–4 Statement

The OMB A–4 Accounting Statement presents annualized costs and qualitative benefits of the proposed rule.

4. Alternatives Considered

In addition to the proposed rule, TSA also considered three alternative regulatory options. The first alternative (Alternative 1) requires OTRB security-sensitive employees to undergo a Level-2 STA. Compared to the proposed rule, Alternative 1 would increase the total number of STAs performed, but align the OTRB industry with the requirements placed upon freight rail and PTPR. Unlike freight rail and PTPR, there is no statutory requirement in the 9/11 Act to perform STAs on OTRB security-sensitive employees.^[75] TSA carefully considered making Alternative 1 the preferred alternative for this NPRM to ensure security-sensitive employees across all three modes undergo an STA, but ultimately decided to first seek public comment on the applicability used in Alternative 1 that would require OTRB security-sensitive employees to undergo a Level-2 STA, and whether that applicability should be the preferred alternative in the final rule.

The second alternative (Alternative 2) represents a lower-cost alternative that adjusts certain regulatory requirements while complying with the text and purpose of the 9/11 Act. Specifically, Alternative 2 would remove the proposed rule's vetting requirement for freight rail and OTRB owner/operator security coordinators with U.S. citizenship, as well as the vetting requirements for freight rail shippers and receivers (FRSR) and PTPR security coordinators. The 9/11 Act mainly Start Printed Page 33505 requires a “name-based security background check against the consolidated terrorist watchlist and an immigration check” for frontline public transportation employees ^[76] and frontline railroad employees.^[77 78] The 9/11 Act also requires an “individual serving as the security coordinator” for freight rail and OTRBs to be “a citizen of the United States,” except if TSA waives this requirement after an appropriate background check of the individual.^[79 80] Therefore, under Alternative 2 security coordinators with U.S. citizenship would not need to undergo an STA.^[81] A Level 3 STA would be required only of a freight rail and OTRB security coordinator who is not a citizen of the United States. For those who are vetted under this Alternative, TSA retains the proposed rule requirements necessary to sustain the benefits of TSA's vetting program including: (1) the 5-year renewal cycle; (2) recurrent vetting; (3) STA recordkeeping; (4) contact information updates; and (5) compliance inspections. Compared to the proposed rule, the total number of affected entities would decrease under Alternative 2, as FRSR entities and non-high-risk PTPR agencies would not be impacted by this alternative. The number of OTRB owner/operators affected by Alternative 2 would not change relative to the proposed rule; however, the number of security coordinators affected would decrease as only non-US citizens would be required to be vetted. By restricting the population of affected employees, Alternative 2 would reduce the number of STAs performed and would likely limit TSA's ability to identify higher-risk individuals seeking access to the transportation infrastructure.

Under Alternative 3, TSA would offer the option for entities affected by the proposed rule to provide STA enrollment services by allowing them to train security coordinators who have successfully completed a Level 3 STA to serve as “trusted agents” and perform the enrollment process for security-sensitive employees. Under this alternative, owner/operators would train trusted agents to ensure that they adhere to minimum enrollment standards for protecting the privacy of information, accurately collecting biometric and biographic information, performing identity verification, collecting and processing TSA's fees correctly, and sending the enrollment data to TSA. While this alternative would have the advantage of potentially increasing the availability of enrollment locations for STA applicants, it would have the disadvantage of increasing costs for affected owner/operators as they would have to establish and maintain appropriate on-site enrollment capabilities and costly electronic infrastructure to securely connect with TSA's systems. This alternative would increase costs for TSA to ensure each entity met information technology and legal standards and requirements to conduct their own enrollments. Moreover, under this alternative, TSA would have less control over the vetting process and enforcement compliance, which may adversely affect the vetting process and leave the surface transportation infrastructure more vulnerable to an insider threat.

Table 21 presents a comparison of the costs between the proposed rule and the alternatives considered.

Although not the least costly option, TSA presents the proposed rule as its preferred option. TSA did not select Alternative 1, which includes STA requirements for OTRB security-sensitive employees, because it first wants to solicit public comment on requiring more than is explicitly required in the 9/11 Act for the OTRB security-sensitive population. The regulatory impact analysis for this proposed rule provides details on the cost estimates for OTRB employees impacted by this alternative.

It is TSA's belief that the proposed rule would mitigate potential insider threats more effectively than Alternative 2 because it proposes a more stringent level of vetting for security coordinators, given their unique roles and critical responsibilities. By removing the STA requirements for security coordinators, Alternative 2 would leave a critical population that has particularly sensitive and important security functions without any STA, which would lead to surface transportation modes that are more vulnerable to insider threat. As a result, despite the lower cost of Alternative 2, TSA believes the additional security in the proposed rule outweighs its additional costs.

Even though Alternative 3 may provide more flexibility, it includes additional entity and TSA costs to establish and maintain appropriate enrollment capabilities. Based on experience with another vetting program that allowed for non-TSA enrollment STAs, TSA estimated the potential costs to establish and maintain appropriate enrollment capabilities. The RIA includes a description of the costs of this alternative, including costs to the regulated entities and TSA. As described in the RIA, Alternative 3 would cost approximately $31.68 million over the proposed rule costs for the 10-year analysis period. TSA also strongly prefers to maintain in-house, high-quality, and consistent identity verification and application processing, which would not be available if Alternative 3 was selected. In contrast, the proposed rule would enable the use of TSA enrollment centers where TSA personnel would be directly involved in the STA process from the time the applicant is accurately identified through the closing of the applicant's case.

TSA did not consider as an alternative to the requirements in the proposed rule the adoption of any regulatory regimes that would not meaningfully realize the security benefits that Congress intended in the 9/11 Act and that in TSA's view are warranted. For instance, TSA is aware that one might arguably interpret the 9/11 Act so narrowly as to require only (1) a one-time, name-based security background check against the consolidated terrorist watchlist and an immigration check for freight railroad ^[84] and public transportation frontline employees ^[85] similar to the threat assessment screening program required for maritime facility employees and longshoreman; ^[86] (2) an adequate redress process for covered individuals subjected to an adverse employment decision and have the authority to order an appropriate remedy; and (3) that individuals serving as a security coordinators for freight railroads ^[87] and OTRB operator ^[88] be citizens of the United States or undergo a background check.

Such a proposal would create a security gap, not reflect current vetting standards and capabilities, and not provide sufficient means to accurately and efficiently administer the program. Therefore, TSA did not include this approach as a reasonable alternative. Nonetheless, TSA estimates the costs associated with it to freight rail, PTPR, and OTRB industries and TSA, over 10 years, as $86.96 million undiscounted, $79.62 million discounted at 3 percent, and $71.80 million discounted at 7 percent.^[89] The cost estimate includes: a one-time vet, accounting for growth and turnover, of high-risk freight rail and PTPR frontline employees; a one-time vet, accounting for growth and turnover, of freight rail and OTRB security coordinators without U.S. citizenship; redress process cost; disqualification, replacement, and lost productivity costs to owner/operators for individuals with unfavorable STAs; familiarization costs to familiarize owner/operators with the requirements of the rulemaking; and new management policies and other related administrative task costs associated with adopting the rule.

5. Regulatory Flexibility Assessment

The Regulatory Flexibility Act (RFA) of 1980 requires agencies to consider the impacts of their rules on small entities. TSA performed an Initial Regulatory Flexibility Analysis (IRFA) to analyze the impact to small entities affected by the proposed rule. See the RIA in the docket for the full IRFA. A summary of the RFA is below.

Under the RFA, the term “small entities” comprises small businesses, not-for-profit organizations that are independently owned, operated, and not dominant in their fields,^[90] as well as Start Printed Page 33507 small governmental jurisdictions with populations of less than 50,000.^[91] TSA performed an IRFA of the impacts on small entities from this proposed rule in the first year of the analysis and found that it may affect an estimated 968 U.S. entities (457 corporate-level Class I, II, and III freight railroads, 174 corporate-level freight shippers and receivers, 115 PTPR agencies, and 222 OTRB owner/operators). Using a random sample, TSA found that 59 percent of them would be considered small.

The proposed rule would require small entities to vet their affected security-sensitive employees (except for OTRB owner/operators) and security coordinators using STAs, maintain vetting records, update employee contact information when applicable, and familiarize themselves with the proposed rule, in addition to allowing TSA personnel onsite for inspections. A small number of owner/operators may incur a cost to dismiss an employee as a result of negative DOE.

To perform the freight rail IRFA assessment, TSA randomly sampled 242 Class I, II, and III freight railroads and 156 freight shippers and receivers, that would be affected by this proposed rule. TSA uses the SBA size standards to identify that 167 freight rail owner/operators (of the 242) and 90 freight shippers and receivers (of the 156) affected by the final rule are considered a small business. TSA estimates that the proposed rule's requirements would cost small freight railroads an average of $168 per security-sensitive employee (for railroads requirements only) and $2,942 per entity for non-high-risk freight entities and $3,888 per entity for high-risk freight entities.^[92] TSA estimates that the first-year cost of the proposed rule would have an impact of less than 1 percent of revenue for 143 of all 147 small freight rail entities, or 97 percent. This result is based on the assumption that there would be no disqualified employees from security vetting. Table 22 presents the likely distribution of impact for small freight rail owner/operators.

If a freight rail entity had a disqualified security-sensitive employee or security coordinator, TSA estimates the entity would incur a replacement and lost productivity cost of $35,667 or $67,021, respectively.^[93] TSA also performed the a stress test to see if there would be a significant impact to small freight rail entities if TSA assumes one security coordinator would be disqualified at a cost of $67,021, which was added to each entity's first year cost. TSA found that under this scenario, 90 small entities, or 62 percent of all 147 small freight rail entities in the sample, would have an impact greater than 1 percent of revenue.^[94]

For small freight rail shippers and receivers, TSA estimated a first year cost of $2,472 per entity.^[95] TSA estimates that the first-year cost of the proposed rule would have an impact of less than 1 percent of revenue for 77 of the 80 entities in the sample. Table 23 presents the likely distribution of impact for small freight rail shipper and receiver entities.

If a freight rail shipper and receiver entity had a disqualified security coordinator, TSA estimates the entity would incur a replacement and lost productivity cost of $55,416.^[96] TSA also performed a stress test to see if there would be a significant impact to freight rail shippers and receivers small entities if TSA assumes one security coordinator would be disqualified at a cost of $55,416, which was added to each entity's first year cost. TSA found based on a stress test of one security coordinator disqualification, 27 small entities, or 34 percent of all 80 small freight shipper and receivers in the sample would have an impact greater than 1 percent of revenue.^[97]

For the PTPR industry, TSA randomly sampled 100 agencies. Using SBA size standards, TSA identifies four of the 100 PTPR agencies regulated under the proposed rule as small entities.^[98] TSA estimates that the proposed rule's requirements would cost small PTPR agencies $154 per security-sensitive employee, and $2,827 per entity for non-high-risk-PTPR agencies and $3,733 per entity for high-risk-PTPR agencies.^[99] TSA estimated that the first-year cost of the proposed rule would have an impact of less than 1 percent of revenue for three small PTPR owner/operators or 100 percent of the sample of entities with information available. This result is based on the assumption that there would be no disqualified employees from security vetting. Table 24 presents the likely distribution of impact for small PTPR agencies.

If a PTPR entity had a disqualified security-sensitive employee or security coordinator, TSA estimates the entity would incur a replacement cost of $26,628 or $60,395, respectively. TSA performed a stress test to see if there would be any significant impact to small PTPR entities if TSA assumes one security coordinator would be disqualified at a cost of $60,395, which was added to each entity's first year cost. TSA found that under this stress-test scenario, two small entities of all three small PTPR agencies in the sample, would have an impact greater than 1 percent of revenue.^[100]

For the OTRB industry, TSA randomly sampled 130 owners/operators. Likewise, TSA estimates–using SBA size standards–111 OTRB owner/operators affected by the proposed rule to be small entities or 85 percent. TSA estimates that the proposed rule's requirements would cost small OTRB entities $2,275 per entity.^[101] TSA estimated that the first-year cost of the proposed rule would have an impact of less than 1 percent of revenue for 98 percent of the 93 small OTRB sample entities. This result is based on the assumption that there would be no disqualified employees from security vetting. Table 25 presents the likely distribution of impact for small OTRB owner/operators.

If an OTRB entity had a security coordinator disqualified as a result of the STA, TSA estimates the entity would incur a replacement cost of $21,880. TSA performed a stress test to see if there would be a significant impact on small OTRB entities if TSA assumed a replacement cost of $21,880, which was added to each entity's first year cost. TSA found that under this stress-test scenario 77 small entities, or 83 percent of all 93 small OTRB owner/operators, would have an impact greater than 1 percent of revenue.^[102]

A Description of the Projected Reporting, Record Keeping, and Other Compliance Requirements of the Proposed Rule, Including an Estimate of the Classes of Small Entities That Would be Subject to the Requirements and the Type of Professional Skills Necessary for Preparation of the Report or Record

Under the provisions of the proposed rule, the regulated populations would incur costs associated with maintaining a system of recordkeeping that verifies completion of STAs. TSA assumes the recordkeeping requirements of the proposed rule would be performed by employees with administrative and clinical skills, and bases its cost estimate on administrative compensation rates.

An Identification, to the Extent Practicable, of All Relevant Federal Rules Which May Duplicate, Overlap, or Conflict with the Proposed Rule

TSA is aware that other federal agencies conduct regulatory vetting programs that may affect individuals who are covered by the vetting programs in this proposed rule. The design of this proposed rule is to achieve comparability amongst TSA vetting programs and similar vetting done by other federal agencies when possible, thereby avoiding duplication and overlap.^[103] In addition, to the extent there are duplicative vetting requirements of which TSA is currently unaware, the proposed rule indicates a procedure for requesting comparability determination from TSA.^[104]

A Description of Any Significant Alternatives to the Proposed Rule That Accomplish the Stated Objectives of Applicable Statues and May Minimize Any Significant Economic Impact of the Proposed Rule on Small Entities, Including Alternatives Considered

TSA considered Alternative 1 of great interest as a regulatory alternative, as it would add the requirement for the vetting of OTRB security-sensitive employees and, hence, create a more standard set of vetting requirements across the proposed rule's three surface modes, which is consistent with the agency's risk-based security policies. Therefore, TSA asks for public comments on the IRFA for this alternative, given this is a preferred option, which not only increases the number of security-sensitive employees who would undergo a Level 2 STA, but also increases the cost to OTRB owner/operators.

TSA increased the cost of the proposed rule to each of the 93 sampled small OTRB entities with complete information to include the Level 2 STAs on OTRB security-sensitive employees, with a cost of $186 per security-sensitive employee. TSA estimated that the first-year cost of this regulatory option would have an impact of less than 1 percent of revenue for 56 of the 93 small OTRB entities, or 63 percent. TSA also performed a stress test to see if there would be any additional significant impact to small OTRB entities if TSA assumed one security coordinator would be disqualified per entity, at a cost of $50,540, which was added to each entity's first year cost. TSA found that subjecting Alternative 1 to this stress-test scenario results in 80 small entities, or 90 percent of owner/operators, with revenue impacts that exceed 1 percent of revenue.^[105]

6. International Trade Impact Assessment

The Trade Agreement Act of 1979 prohibits Federal agencies from establishing any standards or engaging in related activities that create unnecessary obstacles to the foreign commerce of the United States. The Trade Agreement Act does not consider legitimate domestic objectives, such as essential security, as unnecessary obstacles. The statute also requires that international standards be considered and, where appropriate, that they be the basis for U.S. standards. TSA has assessed the potential effect of this proposed rule and has determined this rulemaking would not have an adverse impact on international trade.

7. Unfunded Mandates Assessment

Title II of the Unfunded Mandates Reform Act of 1995 (UMRA), Public Law 104–4, establishes requirements for Federal agencies to assess the effects of their regulatory actions on State, local, and tribal governments and the private sector. Under sec. 202 of the UMRA, TSA generally must prepare a written statement, including a cost-benefit analysis, for proposed and final rules with “Federal mandates” that may result in expenditures by State, local, and tribal governments in the aggregate or by the private sector of $100 million (adjusted for inflation) or more in any one year. Before TSA promulgates a rule for which a written statement is required, sec. 205 of the UMRA generally requires TSA to identify and consider a reasonable number of regulatory alternatives and adopt the least costly, most cost-effective, or least burdensome alternative that achieves Start Printed Page 33510 the objectives of the rule. The provisions of sec. 205 do not apply when they are inconsistent with applicable law. Moreover, sec. 205 allows TSA to adopt an alternative other than the least costly, most cost-effective, or least burdensome alternative if the Administrator publishes with the final rule an explanation why that alternative was not adopted. Before TSA establishes any regulatory requirements that may significantly or uniquely affect small governments, including tribal governments, it must develop under sec. 203 of the UMRA a small government agency plan. The plan must provide for notifying potentially affected small governments, enabling officials of affected small governments to have meaningful and timely input in the development of TSA regulatory proposals with significant Federal intergovernmental mandates, and informing, educating, and advising small governments on compliance with the regulatory requirements.

When adjusted for inflation, the threshold for expenditures becomes $158.1 million in 2020 dollars. TSA has determined that this proposed rule does not contain a Federal mandate that may result in expenditures that exceed that amount either for State, local, and tribal governments in the aggregate in any one year. TSA will publish a final analysis, including its response to public comments, when it publishes a final rule.

C. Executive Order 13132, Federalism

A rule has implications for federalism under Executive Order 13132 “Federalism” (64 FR 43255, Aug. 10, 1999), if it has a substantial direct effect on the States, on the relationship between the national government and the States, or on the distribution of power and responsibilities among the various levels of government. TSA has analyzed this proposed rule under Executive Order 13132 and determined that it does not have implications for federalism. TSA welcomes public comments on Executive Order 13132 federalism implications.

D. Environmental Analysis

TSA has reviewed this rulemaking for purposes of the National Environmental Policy Act of 1969 (NEPA) (42 U.S.C. 4321–4347) and has determined that this action will not have a significant effect on the human environment. This action is covered by categorical exclusion number A3(b) in DHS Management Directive 023–01 (formerly Management Directive 5100.1), Environmental Planning Program, which guides TSA compliance with NEPA.

E. Energy Impact Analysis

The energy impact of this rulemaking has been assessed in accordance with the Energy Policy and Conservation Act (EPCA), Public Law 94–163, as amended (42 U.S.C. 6362). TSA has determined that this rulemaking would not be a major regulatory action under the provisions of the EPCA.

List of Subjects

49 CFR Part 1500

• Air carriers
• Air transportation
• Aircraft
• Airports
• Bus transit systems
• Commuter bus systems
• Law enforcement officer
• Maritime carriers
• Over-the-Road buses
• Public transportation
• Rail hazardous materials receivers
• Rail hazardous materials shippers
• Rail transit systems
• Railroad carriers
• Railroad safety
• Railroads
• Reporting and recordkeeping requirements
• Security measures
• Transportation facility
• Vessels

49 CFR Part 1530

• Administrative law judge
• Appeal
• Background check
• Criminal history records check
• Fees
• Immigration check
• Terrorism check
• Redress
• Security measures
• Security threat assessment
• Waiver

49 CFR Part 1570

• Commuter bus systems
• Crime
• Fraud
• Hazardous materials transportation
• Motor carriers
• Over-the-Road bus safety
• Over-the-Road buses
• Public transportation
• Public transportation safety
• Rail hazardous materials receivers
• Rail hazardous materials shippers
• Rail transit systems
• Railroad carriers
• Railroad safety
• Railroads
• Reporting and recordkeeping requirements
• Security measures
• Transportation facility
• Transportation Security-Sensitive Materials

49 CFR Part 1572

• Crime
• Explosives
• Hazardous materials transportation
• Motor carriers
• Railroads
• Reporting and recordkeeping requirements
• Security measures

49 CFR Part 1580

• Hazardous materials transportation
• Rail hazardous materials receivers
• Rail hazardous materials shippers
• Railroad carriers
• Railroad safety
• Railroads
• Reporting and recordkeeping requirements
• Security measures

49 CFR Part 1582

• Public transportation
• Public transportation safety
• Railroad carriers
• Railroad safety
• Railroads
• Rail transit systems
• Reporting and recordkeeping requirements
• Security measures

49 CFR Part 1584

• Over-the-Road bus safety
• Over-the-Road buses
• Reporting and recordkeeping requirements
• Security measures

The Proposed Amendments

For the reasons set forth in the preamble, the Transportation Security Administration proposes to amend chapter XII of title 49, Code of Federal Regulations, as follows:

SUBCHAPTER A—ADMINISTRATIVE AND PROCEDURAL RULES

PART 1500—APPLICABILITY, TERMS, AND ABBREVIATIONS

1. The authority citation for part 1500 continues to read as follows:

Authority: 49 U.S.C. 114, 5103, 40113, 44901–44907, 44913–44914, 44916–44918, 44935–44936, 44942, 46105; Pub. L. 110–53 (121 Stat. 266, Aug. 3, 2007) secs. 1408 (6 U.S.C. 1137), 1501 (6 U.S.C. 1151), 1517 (6 U.S.C. 1167), and 1534 (6 U.S.C. 1184).

2. In § 1500.3, add the following definition for “Security threat assessment” in alphabetical order:

Security threat assessment (STA) means a procedure conducted by TSA consisting of one or more checks of relevant databases and other sources of information to verify an individual's identity and determine whether the individual is eligible for certain access to the nation's transportation systems, or for certain privileges or credentials. An STA constitutes a security background check for purposes of § 1570.305(b) of this chapter.

SUBCHAPTER B—SECURITY RULES FOR ALL MODES OF TRANSPORTATION

3. Add part 1530 to subchapter B to read as follows:

PART 1530—SECURITY THREAT ASSESSMENT STANDARDS

Authority: 6 U.S.C. 469, 1140, 1143, 1170, and 1181; 46 U.S.C. 70105; 49 U.S.C. 114, 5103a, 40113–40114, 41718 note, 44901–44907, 44913–44914, 44916–44918, 44932, 44935–44936, 44939, 44942, 46105, and 46111.

PART 1530—SECURITY THREAT ASSESSMENT STANDARDS

Subpart A—General

Subpart B—Individual's Enrollment Requirements and Continuing Responsibilities

Subpart C [Reserved]

Subpart D—Fees

Subpart E—Adjudication Procedures

Subpart F—Standards

Subpart G—Appeal and Waiver Procedures for Security Threat Assessments

SUBCHAPTER D—MARITIME AND LAND TRANSPORTATION SECURITY

PART 1570—GENERAL RULES

4. The authority citation for part 1570 is revised to read as follows:

Authority: 46 U.S.C. 70105; 49 U.S.C. 114, 5103a, 40113, and 46105; Pub. L. 108–90 (117 Stat. 1156; Oct. 1, 2003), sec. 520 (6 U.S.C. 469), as amended by Pub. L. 110–329 (122 Stat. 3689; Sept. 30, 2008) sec. 543 (6 U.S.C. 469); Pub. L. 110–53 (121 Stat. 266; Aug. 3, 2007) secs. 1402 (6 U.S.C. 1131), 1405 (6 U.S.C. 1134), 1408 (6 U.S.C. 1137), 1411 (6 U.S.C. 1140); 1413 (6 U.S.C. 1142), 1414 (6 U.S.C. 1143), 1501 (6 U.S.C. 1151), 1512 (6 U.S.C. 1162), 1517 (6 U.S.C. 1167), 1520, 1522 (6 U.S.C. 1170), 1531 (6 U.S.C. 1181), and 1534 (6 U.S.C. 1184).

5. Add § 1570.307 to part 1570 to read as follows:

6. Revise the heading of part 1572 to read as follows:

PART 1572—CREDENTIALING AND SECURITY THREAT ASSESSMENTS FOR THE HAZARDOUS MATERIALS ENDORSEMENT AND TRANSPORTATION WORKER IDENTIFICATION CREDENTIAL PROGRAMS

PART 1580—RAIL TRANSPORTATION SECURITY

7. The authority citation for part 1580 is revised to read as follows:

Authority: 49 U.S.C. 114; Pub. L. 110–53 (121 Stat. 266, Aug. 3, 2007) secs. 1501 (6 U.S.C. 1151), 1512 (6 U.S.C. 1162), 1517 (6 U.S.C. 1167), 1520, and 1522 (6 U.S.C. 1170).

8. Revise § 1580.3 introductory text to read as follows:

9. Add subpart D to part 1580 to read as follows:

Subpart D—Security Threat Assessment Requirements for Owner/Operators and Individuals

PART 1582—PUBLIC TRANSPORTATION AND PASSENGER RAILROAD SECURITY

10. The authority citation for part 1582 continues to read as follows:

Authority: 49 U.S.C. 114; Pub. L. 110–53 (121 Stat. 266, Aug. 3, 2007) secs. 1402 (6 U.S.C. 1131), 1405 (6 U.S.C. 1134), and 1408 (6 U.S.C. 1137).

Subpart A—General

11. Revise § 1582.3 introductory text to read as follows:

12. Add subpart C to part 1582 to read as follows:

Subpart C—Security Threat Assessment Requirements for Owner/Operators and Individuals

PART 1584—HIGHWAY AND MOTOR CARRIERS

13. The authority citation for part 1584 is revised to read as follows:

Authority: 49 U.S.C. 114; Pub. L. 110–53 (121 Stat. 266, Aug. 3, 2007) secs. 1501 (6 U.S.C. 1151), 1531 (6 U.S.C. 1181), and 1534 (6 U.S.C. 1184).

Subpart A—General

14. Revise § 1584.3 introductory text to read as follows:

15. Add subpart C to part 1584 to read as follows:

Subpart C—Security Threat Assessment Requirements for Owner/Operators and Individuals

Footnotes