AGENCY:

Federal Aviation Administration (FAA), DOT.

ACTION:

Notice of modification to the FAA/Subscriber Memorandum of Agreement (MOA).

SUMMARY:

The FAA has decided that it is in the best interests of the United States Government and the general public to modify Section 9 of the June 1, 2006 MOA for Industry Access to Aircraft Situation Display (ASDI) and National Airspace System Status Information (NASSI) data, between the FAA and Direct Subscribers to ASDI and NASSI data-feeds. In recognition of the fact that the Privacy Act does not protect general aviation operators and on-demand air charter aircraft operating under 14 CFR part 135 (“on-demand aircraft”) from public knowledge of their flight information, the FAA will require Direct Subscribers (as a condition of signing the MOA) and Indirect Subscribers (as a condition of signing agreements with Direct Subscribers) to block from ASDI and NASSI data-feeds available to the public any general aviation aircraft or on-demand aircraft the registration number for which a Certified Security Concern has been provided to the FAA by electronic mail at CertifiedSecurityConcern@faa.gov or by regular mail at FAA Certified Security Concern, ATO System Operations Services; Room 1002, 800 Independence Avenue, SW., Washington, DC 20591. The FAA will no longer accommodate any ASDI- or NASSI-related security or privacy requests, except such Certified Security Concern.

DATES:

A Certified Security Concern will be due within July 5, 2011. The MOA amendment will be effective August 2, 2011.

FOR FURTHER INFORMATION CONTACT:

Mr. Barry Davis by telephone at (540) 422-4650 or by electronic mail at barry.davis@faa.gov.

SUPPLEMENTARY INFORMATION:

The navigational facilities and services in the national airspace system (NAS)—including the air traffic controllers, radar- and satellite-based systems, air traffic control towers and centers, and the like—are funded through the Airport and Airway Trust Fund and the taxpayer-supported general fund, Start Printed Page 32259administered by the FAA. The aviation industry, when operating under instrument flight rules (IFR), must provide flight-tracking data to the FAA, which the FAA uses for traffic flow management purposes.

In 1997, the FAA began to make air traffic flow management data available to the aviation and other industries through its Enhanced Traffic Management System (ETMS) Hubsite. The data consists of near real time position and other relevant flight data for every civil IFR aircraft receiving radar services within the NAS. The data is called aircraft situation display to industry (ASDI) and is filtered to exclude military and sensitive operations such as Presidential flights, drug interdiction flights, and other law enforcement and military efforts. The ASDI data-feed includes position (latitude and longitude) of aircraft, the aircraft's call sign, airspeed, altitude, heading, and flight plan information including origination and destination airports. 14 CFR 91.169. The information allows tracking of individual flights through the conclusion of each flight.

In 1998, the FAA released selective data elements of the national airspace system status information (NASSI) to industry to enhance the benefits to the ASDI data; which increases the dispatching flexibility for airlines enabling them to more efficiently manage their aircraft and crew and other operational resources. The NASSI data includes information on the status of airport runway visual range and special use airspace data as well as the status of other NAS components. At this time, the FAA granted access to the ASDI and NASSI data to Subscribers through a memorandum of agreement (MOA), which set forth the rights and responsibilities of the FAA and Direct Subscribers of the ASDI/NASSI data.

The publicly available ASDI hubsite, however, does not display complete information, due primarily to concerns of the National Business Aviation Association (NBAA) to limit public knowledge of flight paths of general aviation aircraft. In 1997, the NBAA began working with the FAA and ASDI Subscribers to develop a system to protect the personal privacy, as well as the security, of the NBAA members. This effort has culminated in a system under which general aviation aircraft owners or operators and on-demand aircraft have the ability to “block” aircraft identification information from the ASDI data feed at two levels, one at the FAA source (the FAA ETMS Hubsite) and a second via the FAA's agreement regarding the data displayed by ASDI Direct Subscribers. In these two ways, the publicly available Web sites either do not receive or filter from display certain general aviation corporate and other aircraft.

Under the “block” system between the NBAA and the FAA, the NBAA submits monthly to the FAA an updated list of aircraft to be blocked at the FAA source of the ASDI data feed. The FAA Block List consists of the aircraft registration numbers of those owners who want their aircraft to be blocked completely from distribution to Subscribers. This FAA Block List will filter all flight data information, which the FAA will not distribute to any Subscriber.

In contrast, under the “block” system between the aircraft owners and Direct Subscribers, the aircraft owners have filled out a Block Aircraft Registration Request (BARR) form, which the NBAA circulates monthly to all known Direct Subscribers. The BARR List contains aircraft call signs that owners wish to have blocked from public distribution. The FAA does not use or manage the list but section nine of the MOA has required Direct Subscribers to honor such requests.

In 2000, Congress directed the FAA to require that ASDI Direct Subscribers demonstrate the capability to selectively block the display of any data related to any identified aircraft registration number and agree to selective blocking upon the Administrator's request. 49 U.S.C. 44103, note (Pub. L. 106-181, Apr. 5, 2000, § 729, Aircraft Situational Display Data (ASDD)). The Aircraft Situational Display Data provision reads:

(a) In general.—A memorandum of agreement between the Administrator and any person that directly obtains aircraft situational display data from the Federal Aviation Administration shall require that—

(1) The person demonstrate to the satisfaction of the Administrator that the person is capable of selectively blocking the display of any aircraft-situation-display-to-industry derived data related to any identified aircraft registration number; and

(2) The person agree to block selectively the aircraft registration numbers of any aircraft owner or operator upon the Administration's request.

(b) Existing memoranda to be conformed.—Not later than 30 days after the date of the enactment of this Act, the Administrator shall conform any memoranda of agreement, in effect on such date of enactment, between the Federal Aviation Administration and a person under which that person obtains aircraft situational display data to incorporate the requirements of subsection (a).

Section nine of a 2006 MOA between the FAA and Direct Subscribers addresses the 2000 legislative directive.^[1] Under this section, the FAA states that it accommodates industry initiatives that collect requests from general aviation aircraft owners to exclude their aircraft from ASDI data feeds available to the public, either in near real-time or in recorded (historical) format. The FAA further requires Direct Subscribers and Indirect Subscribers to respect the privacy and security interests of the general aviation aircraft owners or operators when developing or marketing ASDI or NASSI-based products. Due to these arrangements between the FAA, the general aviation aircraft operators, and the Direct and Indirect Subscribers, the public currently does not have access to concrete information about a large number of users of the NAS.

Today's change to FAA policy and the MOA will disclose the aircraft on the ASDI (time-delayed) Web site unless the general aviation owner or operator, or on-demand aircraft, submits to the FAA a Certified Security Concern. A Certified Security Concern would be based on either (a) the facts and circumstances establishing a Valid Security Concern (i.e., a verifiable threat to person, property or company, including a threat of death, kidnapping or serious bodily Start Printed Page 32260harm against an individual, a recent history of violent terrorist activity in the geographic area in which the transportation is provided, or a threat against a company); or (b) the general aviation aircraft owner or operator satisfying the requirement for a bona fide business-oriented security concern under Treasury Regulation 1.132-5(m), “Employer-provided transportation for security concerns,” 26 CFR 1.132-5(m). A generalized security concern or privacy interest no longer will suffice to block the aircraft from the ASDI data feed. Absent appropriate certification, the ASDI data feed will disclose aircraft and flight specific information. It is important to note that this information does not disclose the identity of the occupants of the aircraft or the business or other purpose of the flight.

Under section 7.1.8 of the MOA, the FAA is authorized, and has the sole right, with timely notification, to modify the MOA if it is in the best interests of the United States Government or the general public. As explained more fully below, the FAA finds that the modification of the MOA conforms to the Federal Open Government Act, complies with Executive Branch policies and directives, makes Federal Government information more open, transparent and accessible to the public, and carries out the DOT Open Government Directive promoting proactive release of DOT data. The aircraft registration numbers of blocked aircraft and the associated flight plans are already releasable under the Freedom of Information Act (FOIA) and are not protected personal information under the Privacy Act. An agency may change its policies when in the public interest and is not compelled to retain outdated policies. Accordingly, the MOA modification is in the best interests of the Government and the public.

Consistency With Aircraft Situational Display Data (ASDD) Law

The NBAA and the National Air Transportation Association (NATA) state that the change to the MOA is not consistent with the ASDD provision, 49 U.S.C. 44103 note. Congress's intent behind the “selectivity” portion of this provision, according to NBAA and NATA, was to authorize privacy on behalf of a general aviation aircraft owner and to give the FAA merely a secondary role of facilitating the blocking at an aircraft owner's request. The NATA states that the requirement for an ASDI Subscriber to demonstrate a capability to “selectively block” data was intended to authorize the aircraft owner—not the FAA—to select the data to be blocked. The NBAA believes the ASDD provision was both intended to reinforce the existing BARR program and to ensure that the FAA continued its practice of honoring all blocking requests. They both contend that the FAA lacks discretion to determine which aircraft owners/operators are eligible for blocking and which requests it will forward to ASDI Subscribers.

The FAA disagrees with the respective associations' contentions that today's proposal is inconsistent with the ASDD provision. The text of the ASDD provision (see above) contains two features—(1) that the Subscriber is capable of “selectively blocking” aircraft tail numbers from the ASDI and (2) that the Subscriber will selectively block such data “upon the [FAA] Administration's request.” The provision affords the FAA discretion in determining the circumstances under which it may “request” the selective blocking of the data. There is nothing in the ASDD provision that impairs the FAA's ability to deny requests to block data and to display ASDI-data.

Indeed, the ASDD provision does not direct the FAA to honor any or all requests of an aircraft owner. Rather, the FAA is authorized to make the request in circumstances it determines to be in the public interest. Therefore, the FAA may convey the request to the Subscriber on its own initiative or in response to a request made by an aircraft owner. In the latter circumstance, the FAA may look behind the reason for the aircraft owner's request to selectively block aircraft data. As explained further below, for reasons of transparency and in support of the Administration's Open Government efforts, the FAA has determined that requests for selective blocking should be honored only upon receipt of a Certified Security Concern.

Justification for Change in Policy

Several commentators, including the NBAA, NATA, General Aviation Manufacturers Association (GAMA), Sprint United Management Company, Global Business Travel Association (GBTA), McAfee & Taft P.C. (a law firm), and Patton Boggs LLP (a law firm), state that the FAA did not articulate a justification for the proposed change to the MOA and did not explain the findings underlying its conclusion that the change is in the best interest of the Government and the public. As explained below, today's change is justified by disclosure and openness requirements set forth in Federal law, executive branch directives and policies, and court decisions.

The Openness Promotes Effectiveness in our National Government Act of 2007 (the Open Government Act or the Act), Public Law 110-174 (Dec. 31, 2007), promotes openness in Government and enhances the Freedom of Information Act (FOIA) statute (5 U.S.C. 552) by requiring Federal agencies to be more transparent in their responses to FOIA requests. In particular, the Act strengthens FOIA “to promote accessibility, accountability, and openness in Government,” finding:

• The American people firmly believe that our system of government must itself be governed by a presumption of openness;
• FOIA establishes a “strong presumption in favor of disclosure;”
• “Disclosure, not secrecy, is the dominant objective” of FOIA; and
• Congress should ensure that the Government “remains open and accessible to the American people and is always based not upon the `need to know' but upon the fundamental `right to know.'” 5 U.S.C. 552 note.

The Open Government Act underlines Congress' heightened interest in a Federal agency's responsiveness to, and compliance with, FOIA requests and disclosures, respectively. This Congressional support of openness and disclosure of agency records and information informs the FAA's decision to change its policy to one of presumed disclosure of the ASDI data-feed to the public.

Similarly, the Presidential Memorandum on Transparency and Open Government (January 21, 2009), the Presidential Memorandum on the Freedom of Information Act (January 21, 2009), an Office of Management and Budget (OMB) Open Government Directive (December 8, 2009), a U.S. Dept. of Justice Attorney General FOIA Memorandum (March 19, 2009), and a DOT Open Government Plan (2010-2015) require transparency in, and disclosure of, Government information. http://www.dot.gov/​open/​plan.

In particular, the Presidential Open Government Memorandum announced the Obama Administration's commitment to “creating an unprecedented level of openness in Government” and “establish[ing] a system of transparency, public participation, and collaboration.” It directed departments and agencies to put information about their operations [and decisions] online and make it “readily available to the public.” The OMB Open Government Directive, which implemented the Presidential Memorandum, states that, with respect to information “the presumption shall be in favor of openness” in order “to Start Printed Page 32261increase accountability, promote informed participation by the public, and create economic opportunity.” The Presidential FOIA Memorandum instructs Federal agencies, including the FAA, that FOIA should be administered with a “clear presumption: in the face of doubt, openness prevails.” It further provides:

The Government should not keep information confidential merely because public officials might be embarrassed by disclosure, because errors and failures might be revealed, or because of speculative or abstract fears. (italics supplied)

The Attorney General FOIA Memorandum reinforces the principle that openness is the Government's default position for FOIA issues, directs an agency not to withhold information simply because it may do so legally, and encourages agencies to post information online in advance of FOIA requests. The DOT Open Government Plan requires the Department to be “even more transparent, participatory, and collaborative” and to release data “proactively” making it available online.

Under these Executive Branch policies and directives, the FAA cannot retain the default position of concealing information about general aviation aircraft flights on public ASDI data-feeds simply because of generalized privacy or security concerns. Rather, the FAA's default position must be one of openness. Accordingly, the FAA has determined that only a Certified Security Concern would justify nondisclosure of general aviation aircraft, or on-demand aircraft, flights.

The change in the MOA, to display general aviation aircraft, and on-demand aircraft, on the ASDI and NASSI data-feed websites in the absence of a Certified Security Concern, is in the best interests of the Government and the public. The NBAA says this change is not necessary because the FAA has disclosed no complaints from the public about the lack of ASDI or NAASI information or abuse of the BARR program by private aircraft. But complaints by the public are not pre-conditions to providing information to the public. Rather, Government disclosure of information it collects is an integral part of a constitutional democracy and informed public. By proactively disclosing information, the FAA is forestalling complaints about lack of access to Government-provided information and about potential abuse by private aircraft owners or operators of any aircraft blocking programs. As Congress recognized in its findings to the Open Government Act of 2007 (Pub. L. 110-175, Dec. 31, 2007; 5 U.S.C. 552 note), “our constitutional democracy, our system of self-government, and our commitment to popular sovereignty depends upon the consent of the governed; such consent is not meaningful unless it is informed consent.” 5 U.S.C. 552 note, § 2(1)(A)-(B).

Additionally, two recent and significant court decisions inform the FAA's decision regarding whether general aviation aircraft, or on-demand aircraft, identities should be kept private. The first, Federal Communications Commission (FCC) v. AT&T, Inc., 131 S. Ct. 1177 (2011), affirmed the FCC's finding that FOIA Exemption 7 does not protect a business' privacy because the term “personal privacy” does not extend to corporations. The second, National Business Aviation Association (NBAA) v. Federal Aviation Administration, 686 F. Supp. 2d 80 (D.D.C. 2010), affirmed the FAA's decision to release the list of NBAA members' aircraft registration numbers, because they were not protected under FOIA Exemption 4 as “commercial” information; nor were they protected under Exemption 6, which does not reach the privacy interests of businesses or corporations.

These intervening developments—by Congress, the Executive Branch, and the courts—caused us to reconsider whether it is in the best interest of the Government and the public to exclude from public view general aviation aircraft flight displays in the absence of a Certified Security Concern. As set forth above, given the strong public interest in openness and disclosure, we find that it is not.

Rationale for Certified Security Concern Requirement

The Open Government initiatives described above, however, do not mandate that Federal agencies disclose information on a carte blanche basis. See OMB Open Government Directive at 2 (“the presumption [with respect to Government information] shall be in favor of openness (to the extent permitted by law and subject to valid privacy, confidentiality, security or other restrictions))” (italics supplied); Attorney General's FOIA Memorandum at 1 (“disclosure obligation under the FOIA is not absolute. The Act provides exemptions to protect, for example, national security, personal privacy, privileged records, and law enforcement interests”); DOT Open Government Plan version 1.2, Overview (DOT will “increase agency transparency and accountability by * * * continuing to release DOT data in a timely manner by proactively making it available online in consistent, open formats, while assuring accuracy and protecting privacy, security, and confidentiality”). The FAA carefully considered whether the privacy and security concerns for blocking the general aviation aircraft and on-demand aircraft from ASDI data-feeds were “valid” under the OMB Open Government Directive and thereby subject to protection and non-disclosure.

The Presidential FOIA Memorandum is instructive in defining the term “valid” for purposes of withholding aircraft identification numbers from disclosure on ASDI/NASSI data feed. It instructs Federal agencies not to keep information confidential based on potential embarrassment or “speculative or abstract fears.”

In applying the “validity” standard to an FAA request to selectively block aircraft identification numbers on ASDI/NASSI data-feed, it is logical to utilize the Treasury Regulation governing “Employer-provided transportation for security concerns.” That regulation contains two features that make it applicable to these circumstances. First, it specifically applies to air transportation, expressly referring to “flights on the employer's aircraft” (26 CFR 1.132-5(m)(1), (2)(iii)) and to “employer-provided aircraft,” (26 CFR 1.132-5(m)(4)). Second, it acknowledges concrete, non-speculative, non-generalized reasons for a security concern justifying use of corporate aircraft for personal flights. These reasons include as an “overall security program,” factors such as a threat of death or kidnapping of or serious bodily harm to the employee, or a recent history of violent terrorist activity in the geographic area in which the transportation is provided. 26 CFR 1.132-5(m)(2).

The NBAA, NATA, McAfee & Taft P.C., Patton Boggs LLP, Peregrine Jet, LLC, Sprint United Management Company, and others comment that the Certified Security Concern requirement establishes an unjustifiably high bar and creates a test that the FAA lacks the ability to administer. We disagree. The new test is justified as complying with the Open Government policies and directives. As discussed above, a generalized, non-specific security concern would not constitute a “valid” concern under the Executive Branch directives. Moreover, the FAA, in most cases, anticipates relying on good-faith certifications.

Today's change to the MOA also comports with the NBAA FOIA decision as it relates to security concerns posed by the release of flight data. There, the court found it “highly unlikely” that the Start Printed Page 32262FOIA release of the aircraft registration numbers would impact the security of aircraft or aircraft passengers. 686 F. Supp.2d at 87. The court stated that the public would receive only registration numbers, would not receive any other identifying or associated narrative, and the after-the-fact FOIA disclosure would not permit investigation of real-time location data. Likewise, the types of disclosures facilitated by today's amendment to the MOA are unlikely to impact the security of aircraft or aircraft passengers. The public ASDI/NASSI data-feed is not in real-time. Nevertheless, those aircraft owners or operators demonstrating Certified Security Concerns may have their aircraft identification withheld from public view.

The NBAA and MEDEX Global Solutions also question whether a U.S. Department of Homeland Security (DHS) Transportation Security Administration (TSA) Advisory-Security Information for Aircraft Owner/Operators & Airport Managers (April 20, 2006)—should qualify as a Valid Security Concern and a basis for non-disclosure. The TSA Advisory references an Arabic web forum message explaining how to identify private American jets and urging Muslims to destroy all such aircraft. This Advisory is generalized and, without more information or data, would not constitute an individualized threat to particular general aviation aircraft to satisfy the requirements of a “valid” security concern.

Application of Certified Security Concern to Corporate Aircraft Occupants and to On-Demand Air Charters

The NATA and others comment that the Certified Security Concern standard is too narrow and suggest that, at a minimum, it not only apply to an employee but extend to persons such as corporate directors, guests, and key shareholders who are authorized to use corporate aircraft. NATA also suggests that the Certified Security Concern cover on-demand air charters, operating under 14 CFR part 135, which currently participate in the FAA Block program to prevent unwanted tracking of the clientele they serve.

The FAA clarifies that the Certified Security Concern does extend to the security of the aircraft passengers who may not be employees of the aircraft owner or operator. Therefore, assuming a Valid Security Concern exists for corporate directors, guests and/or key shareholders, a Valid Security Concern may be provided to the FAA by a general aviation aircraft owner or operator who carries such passengers. If the FAA has sufficient advance notice of the Valid Security Concern, the FAA will block the aircraft data. The FAA does not intend the scope of the Valid Security Concern to be limited solely to the security of the aircraft owner's key employees.

The FAA will accommodate a Valid Security Concern for certain passengers on an on-demand aircraft, assuming a certification is submitted and the FAA has sufficient advance notice, which is a minimum of thirty days, to block the aircraft data. The request would also need to specify the period of time during which a Valid Security Concern will exist regarding the security of the aircraft or aircraft passengers.

Privacy Concerns

Many commenters, individuals and those representing a wide spectrum of industry, including Altria Client Services, ConocoPhillips, Devon Energy Corporation, Federal Express Corporation, GAMA, Gaylord Entertainment Company, Jim Wilson & Associates, LLC (a real estate development company), the NBAA, NATA, Proctor & Gamble Company, and Sprint United Management Company, claimed that the FAA is improperly ignoring the privacy and/or business concerns of the corporate aircraft owners, key employees, shareholders, executives, and/or passengers and occupants of other general aviation or on-demand charter aircraft. The FAA finds that these concerns previously were rejected in the context of FOIA Exemption 4 (5 U.S.C. 552(b)(4)) (pertaining to “commercial” information), FOIA Exemption 6 (5 U.S.C. 552(b)(6)) (pertaining to “personnel files” and “personal privacy”); and FOIA Exemption 7(C) (5 U.S.C. 552(b)(7)(C)) (pertaining to “personal privacy” rights). Courts rejected the privacy concerns raised by commenters in the analogous FOIA context and FAA does not find that they have identified a material basis to treat the FAA's release of time-delayed NAS data differently.

The FOIA Exemption 4 and 6 issues were addressed in the NBAA case, a “reverse” FOIA case. There, a Federal district court granted the FAA's summary judgment motion that general aviation aircraft registration numbers are releasable. The court found that general aviation aircraft registration numbers are not protected “commercial” information (under FOIA Exemption 4) when released as historical ASDI website data, that FOIA Exemption 4 does not protect personal information, and that FOIA Exemption 6 does not protect the privacy interests of businesses or corporations.

FOIA Exemption 4 protects from disclosure “trade secrets and commercial or financial information obtained from a person and privileged or confidential.” 5 U.S.C. 552(b)(4). The court affirmed the FAA's finding that the registration numbers were not protected as “commercial” under Exemption 4, because the registration numbers do not provide commercial information. Although the NBAA argued in that case that the ASDI data release could result in public knowledge of “sensitive negotiations, likely business transactions or future movement of senior company leadership possibly jeopardizing their security as well as proprietary business information,” the court found the public would not be able to determine the identity of the occupants, discover the business purpose of the flight, track the flight in real-time, or discern the reasons the aircraft owner had for blocking the information. 686 F. Supp. 2d at 86-87. Rather, with further inquiry and using the registration numbers, the public could find only the name of the owner who sought to block the information disclosure, the make and model of the aircraft, and flight data, without any narrative.

After finding that the registration numbers did not constitute commercial information within the meaning of FOIA Exemption 4, the court addressed NBAA's contention that that data should be protected under privacy and security interests because its release would compromise the privacy and security of the aircraft and their “high profile” occupants. As to the privacy interest, the court found that “personal privacy” concerns of general aviation aircraft occupants are not a relevant concern under Exemption 4, because that exemption covers “confidential commercial information.” 686 F.Supp.2d at 87.

Turning to Exemption 6, which exempts from public disclosure “personnel and medical files and similar files the disclosure of which would constitute a clearly unwarranted invasion of personal privacy,” the court found it does not provide a basis for protecting asserted privacy interests of general aviation aircraft owners or operators. It held that FOIA Exemption 6 “does not extend to * * * businesses or corporations.” Id. See also FCC, 131 S. Ct. at 1184 (“[W]e have regularly referred to [Exemption 6] as involving an individual's right to privacy.”)

With regard to Exemption 7, the Supreme Court in FCC v. AT&T recently decided that a corporation has no Start Printed Page 32263“personal privacy” rights under that provision. Exemption 7(C) protects from disclosure “records or information compiled for law enforcement purposes, but only to the extent that [their] production * * * could reasonably be expected to constitute an unwarranted invasion of personal privacy.” 5 U.S.C. 552(b)(7)(C). Thus, the Court rejected the notion that a corporation may claim a privacy interest in protecting information that would “embarrass” it. 131 S. Ct. at 1181. The Court explained that, as a matter of tort common law, the concept of “personal privacy” did not apply to corporations. Id. at 1183-84.

Many of the commenters, particularly NBAA, NATA and McAfee & Taft, state that disclosure of the aircraft identification numbers on the ASDI/NASSI data-feeds constitutes an unwarranted invasion of privacy of aircraft owners and operators. They believe that disclosure is a threat to the competitiveness of U.S. companies, because it may enable interested persons to track potential business transactions or mergers.As stated in Section 9 of the MOA, the Privacy Act (5 U.S.C. 552a) does not protect the ASDI Web site information:

The protection of such information [flight information of general aviation operators] is not covered under the Privacy Act (5 U.S.C. 552a), and the cost of developing and operating the technical mechanisms required to manage that information exceeds available FAA resources.

Aircraft registration information (including aircraft type, current status and ownership of aircraft, registration number, etc.) is in a System of Records protected by the Privacy Act. (See System Notice for Privacy Act Record System, DOT/FAA 801, Aircraft Registration System; 65 FR 19,518 (Apr. 11, 2000). As stated in the System Notice, however, one of the routine uses of this information is to “[m]ake aircraft registration data available to the public.” Id.

Moreover, some commenters, including the NBAA and McAfee & Taft P.C., claim that disclosure of general aviation aircraft on the ASDI/NAASI database would unlawfully allow the tracking of aircraft, in violation of the Fourth Amendment's protection against unreasonable searches and seizures and would amount to a type of “warrantless government surveillance.” The Fourth Amendment protections against unreasonable searches and seizures, however, are not applicable to the ASDI/NAASI database. The FAA is not tracking aircraft in the context of enforcing criminal statutes; rather it tracks aircraft operating under IFR, for safety purposes and to manage the efficient use of the navigable airspace. Therefore, any concerns about warrantless surveillance are not relevant to the ASDI/NAASI database disclosure.^[2]

The commenters further contend that the FAA is required by privacy expectations to continue to block general aviation and on-demand aircraft. They point to various Federal statutes through which Congress has directed state and Federal agencies to protect individuals' privacy interests.^[3] The NATA states that, because the privacy interests of aircraft owners are similar to those of automobile owners, the FAA should adapt the protections in Drivers Privacy Protection Act of 1994 to general aviation aircraft owners and operators.

The FAA notes that the Federal statutes and policies on privacy referred to by the NBAA and the NATA pertain to other Federal and State agencies and interests and not to the FAA's ASDI/NASSI database program. The FAA may not adopt, for purposes of finding “valid” privacy concerns on the part of aircraft owners or operators or their passengers, the statutes that are applicable in other situations simply because Congress has seen fit to authorize certain Federal agencies or States to regulate and enforce specific privacy protections. The Executive Branch policies authorize a Federal agency to withhold from disclosure only information that is supported by “valid” privacy or security concerns.

Administrative Processes

The NBAA also asserts that the Notice did not comply with administrative procedures.^[4] The FAA, however, need not comply with the Administrative Procedure Act (APA), 5 U.S.C. 551 et seq., to effect changes to the MOA, because it simply is modifying an agreement it has entered into with Subscribers to access FAA data under the FAA's procurement authority, 49 U.S.C. 106(l)(6), which is independent of the APA. The MOA change is designed to improve the FAA's management of its data to enhance transparency and openness to the public. The FAA is taking this action after evaluating the public interest, and the action is in full accordance with the agency's public interest responsibilities on behalf of Open Government and transparency.

Additionally, the Executive Orders do not create any enforceable substantive or procedural right against the United States.^[5] Consequently, the procedures and Executive Orders cited by NBAA are not controlling in this situation. As stated in section 4 of MOA, the FAA's authority to enter into it “is governed by” 49 U.S.C. 106(l)(6). That statutory provision states that:

The [FAA] Administrator is authorized to enter into and perform such contracts, leases, cooperative agreements, or other transactions, as may be necessary to carry out the functions of the Administrator and the Administration [FAA]. The Administrator may enter into such contracts, leases, cooperative agreements, and other transactions with any * * * person, firm, association, corporation, or educational institution, on such terms and conditions as the Administrator may consider appropriate.

Amending section 9 of the MOA as proposed is merely a change to the MOA “terms and conditions” that the Administrator deems appropriate, consistent with the change procedure set forth in the MOA. The MOA is not an FAA rule, and amendment of the MOA does not, in itself, require the FAA to adhere to the rulemaking process set forth in the APA.

Nevertheless, this amendment to the MOA is arguably a change to FAA Start Printed Page 32264policy that affects members of the public, and, the FAA has accordingly complied and is fully complying with the APA for purposes of adequately informing the public of the proposed change and providing them with sufficient time to comment. For example, the Notice provided the statement of the basis and purpose of the proposed change—that of the best interest of the Government and of providing public knowledge of information about aircraft that has been judicially determined, not to be protected as commercial or privacy-protected information. As described above, disclosure of the information is also justified by the Open Government Act and Open Government Presidential directives and executive orders and policies.

The NBAA states that DOT Order 2100.5 (1980), pertaining to streamlining regulations, requires the FAA's Notice to be clear, based on necessity, consider alternatives, and not impose unnecessary burdens. The DOT Order, however, is not legally binding; it serves for internal guidance and procedural purposes only, without creating any requirements. Moreover, the FAA Notice clearly and adequately states the proposed change in the MOA and the basis for the change. It proposed, for comment, an alternative to the current, broad exclusion from ASDI/NASSI data-feed for general aviation aircraft owner and operators. The comments reflected the parties' understanding of the proposed change, the reasons for the change, and suggested alternatives to the proposed change. Accordingly, the FAA provided adequate notice for informed comment. The 30 day comment period was sufficient and complied, to the extent applicable, with the APA. The FAA received no requests for further time within which to accept comments.

The NBAA also asserts that the Notice did not discuss or analyze the costs and benefits associated with the new restrictions, under Executive Orders 12866 and 13563. However, the Notice does not constitute a regulation subject to a cost/benefit analysis. Rather, it is at most merely a change in policy regarding how and when the FAA will release public information. Further, even if the Notice was subject to cost/benefit analysis, the commenters did not submit data, information, or statistics on costs, if any, that they might assert to be associated with the Notice. In any event, the costs associated with compliance with a Certified Security Concern already have been undertaken by corporations or businesses to comply with the Treasury regulation and, for companies or individuals that are concerned about security threats, the costs to ascertain and verify such threats would have inherent benefits to those concerned. The benefits to disclose, in the ASDI/NASSI data-feed, those aircraft without Certified Security Concerns, would inure to the public in the form of more transparency and openness as to the use by general aviation aircraft of the Federally-subsidized airports and airways.

Modified Section 9 of the MOA

Accordingly, section 9 of the MOA is hereby modified as follows:

9. Security Interests

The ASDI and NASSI data includes the near real time position and other flight data associated with civil instrument flight rules (IFR) aircraft. While commercial operators conduct business according to a published listing of service and schedule, general aviation operators and on-demand air charter aircraft operating under 14 CFR part 135 (“on-demand aircraft”) do not. It is possible that public knowledge of the ASDI and NASSI data of certain general aviation and on-demand aircraft operators could compromise the security of individuals or property. General aviation aircraft identification numbers must be excluded from public ASDI and NASSI data-feeds in the event a general aviation aircraft owner or operator provides the FAA, at least annually, a written certification (a “Certified Security Concern”) that (a) the facts and circumstances establish a Valid Security Concern regarding the security of the owner's or operator's aircraft or aircraft passengers; or (b) the general aviation aircraft owner or operator satisfies the requirements for a bona fide business-oriented security concern under Treasury Regulation 1.132-5(m). On-demand aircraft identification numbers must be excluded from public ASDI and NASSI data-feeds in the event an on-demand aircraft operator provides the FAA, with a minimum of thirty days' advance notice and specification of the period of time during which a Valid Security Concern will exist with respect to that aircraft, a written certification that the facts and circumstances establish a Valid Security Concern regarding the security of the aircraft or aircraft passengers. The FAA will provide the Direct Subscribers, on a monthly basis, a list of the aircraft covered by a Certified Security Concern.

A Valid Security Concern is a verifiable threat to person, property or company, including a threat of death, kidnapping or serious bodily harm against an individual, a recent history of violent terrorist activity in the geographic area in which the transportation is provided, or a threat against a company. The FAA will no longer accommodate any ASDI- or NASSI- related security or privacy requests, except such Certified Security Concern. All Direct Subscribers (as a condition of signing this MOA) and Indirect Subscribers (as a condition of signing agreements with Direct Subscribers) must block any general aviation aircraft, and on-demand aircraft, registration numbers included on the FAA-provided list of aircraft covered by a Certified Security Concern. If the FAA determines that any Direct or Indirect Subscriber develops or markets products that violate this provision, the FAA's rights under Section 15 shall apply.

Conclusion

For the reasons set forth above, effective 60 days from the date of this Notice, the FAA will no longer accommodate requests to bar the release of aircraft flight tracking data unless an aircraft owner or operator provides a Certified Security Concern, as defined in this Notice. Absent a Certified Security Concern by a general aviation aircraft owner or operator (and absent a Valid Security Concern by an on-demand aircraft), the FAA will disclose aircraft on its ASDI and NASSI websites and will not request that Subscribers exclude those aircraft on the public (time-delayed) ASDI- and NASSI data-feeds. The information to be disclosed on the ASDI/NASSI data-feeds would include the aircraft position, call sign, airspeed, heading and flight plan as well as status of airport runway visual range, special use airspace data and status of other NAS components. The FAA will maintain the current system of blocking the release of aircraft tracking data until the effective date of the Notice.

To be blocked from the ASDI/NASSI data-feeds, any general aviation aircraft owner or operator covered by a Certified Security Concern must submit such concern within 30 days from the date of this Notice and at least annually thereafter to the FAA by electronic mail at CertifiedSecurityConcern@faa.gov or by regular mail at FAA Certified Security Concern; ATO System Operations Services; Room 1002; 800 Independence Avenue, SW.; Washington, DC 20591. An on-demand aircraft covered by a Valid Security Concern must similarly submit such concern on a minimum of 30 days' notice and specify the period of time during which such a security concern will exist with respect to the aircraft or Start Printed Page 32265aircraft passengers. Any such submission must specify whether such request is to block the aircraft identification number prior to the FAA's release of the data-feed, or to block the aircraft identification number from release by the Direct Subscribers. Should a specific request not be made, the FAA will block the identification number prior to its release of the data-feed.

The FAA will contact each Direct Subscriber to execute a revised MOA, incorporating the modified section nine, within 60 days of this Notice.

Footnotes