[Federal Register Volume 59, Number 233 (Tuesday, December 6, 1994)]
[Unknown Section]
[Page 0]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 94-27912]
[[Page Unknown]]
[Federal Register: December 6, 1994]
_______________________________________________________________________
Part V
Department of Transportation
_______________________________________________________________________
Federal Aviation Administration
_______________________________________________________________________
14 CFR Part 107, et al.
Sensitive Security Information; Proposed Rule
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
14 CFR Parts 107, 108, 109, 129, 191
[Docket No. 27965; Notice No. 94-32]
RIN 2120-AF49
Sensitive Security Information
AGENCY: Federal Aviation Administration (FAA), Department of
Transportation (DOT).
ACTION: Notice of Proposed Rulemaking (NPRM).
-----------------------------------------------------------------------
SUMMARY: The FAA proposes to strengthen the rules protecting
information from release to unauthorized persons. The current rules
fail to: Require individuals to protect security sensitive information
that is in their control; and specify all sensitive security
information that should be protected from public disclosure. This
proposed rule would specify all sensitive security information that
must be protected and would require air carriers, airport operators,
indirect air carriers, foreign air carriers, and individuals to be
responsible for protecting it from disclosure to unauthorized persons.
DATES: Comments must be received on or before February 6, 1995.
ADDRESSES: Comments on this notice may be delivered or mailed, in
triplicate, to the Federal Aviation Administration, Office of the Chief
Counsel, Attention: Rules Docket (AGC-200), Docket No. 27965, 800
Independence Avenue, SW., Room 915G, Washington, DC 20591. Comments
submitted must be marked: ``Docket No. 27965.'' Comments may be
inspected in Room 915G between 8:30 a.m. and 5 p.m. on weekdays, except
Federal holidays.
FOR FURTHER INFORMATION CONTACT: Eugene Cunningham or Don Cotton,
Office of Civil Aviation Security Policy and Planning, Federal Aviation
Administration, 800 Independence Avenue, SW., Washington, DC 20591;
telephone (202) 267-8701.
SUPPLEMENTARY INFORMATION:
Comments Invited
Interested persons are invited to participate in the rulemaking by
submitting such written data, views, or arguments as they may desire.
Comments relating to environmental, energy, federalism, or
international trade impacts that might result from adopting the
proposals in this notice are also invited. Comments must include the
regulatory docket or notice number and be submitted in triplicate to
the address above. All comments received, as well as a report
summarizing each substantive public contact with FAA personnel on this
rulemaking, will be filed in the docket. The docket is available for
public inspection both before and after the comment closing date.
All comments received on or before the closing date will be
considered by the Administrator before taking action on this proposed
rulemaking. Late-filed comments will be considered to the extent
practicable. The proposals contained in this notice may be changed in
light of the comments received.
Commenters wishing the FAA to acknowledge receipt of their comments
submitted in response to this notice must submit a pre-addressed,
stamped postcard with those comments on which the following statement
is made: ``Comments to Docket No. 27965.'' The postcard will be date-
stamped by the FAA and returned to the commenter.
Availability of NPRM
Any person may obtain a copy of this NPRM by submitting a request
to the Federal Aviation Administration, Office of Public Affairs,
Attention: Public Inquiry Center (APA-200), 800 Independence Avenue,
SW., Washington, DC 20591, or by calling (202) 267-3484. Requests must
include the notice or docket number.
Persons interested in being placed on a mailing list for future
rulemaking actions should request a copy of Advisory Circular 11-2A,
Notice of Proposed Rulemaking Distribution System, which describes the
application procedure.
Background
The Security Regulatory Scheme
Sections 315 and 316 of the Federal Aviation Act of 1958, as
amended (FAAct) (49 U.S.C. app. 1356, 1357), require the FAA to
prescribe rules, as needed, to protect persons and property aboard
aircraft against acts of criminal violence and aircraft piracy, and to
prescribe rules for screening passengers for weapons. To carry out the
provisions of the FAAct, the FAA has adopted rules requiring airport
operators, air carriers, indirect air carriers, and foreign air
carriers to carry out various duties for civil aviation security. Part
107 of the Federal Aviation Regulations (FAR) (14 CFR part 107) applies
to certain airport operators; part 108 (14 CFR part 108) governs
certain air carriers. Part 109 (14 CFR part 109) applies to indirect
air carriers, such as freight forwarders, who engage indirectly in air
transportation of property. Part 129 (14 CFR part 129) applies to the
operation of foreign air carriers within the United States.
Parts 107, 108, 109, and 129 contain general requirements for
promoting civil aviation security. Each airport operator, air carrier,
indirect air carrier, and foreign air carrier covered by these parts
also has a security program that is approved or accepted by the
Administrator, containing information that specifies how airport
operators and air carriers perform their regulatory and statutory
responsibilities. The security programs are available only to persons
with the need to know, as described more fully below.
Each air carrier's security program is a comprehensive document
that details the full range of security procedures and countermeasures
that air carriers are required to perform under Sec. 108.5 of the FAR.
This program includes procedures for: (1) screening of passengers,
carry-on baggage, checked baggage, and cargo; (2) using screening
devices (such as X-ray systems and metal detectors); (3) controlling
access to aircraft and air carrier facilities; (4) reporting and
responding to bomb threats, hijackings, and weapons discovered during
screening; (5) reporting and protecting bomb threat information; (6)
identifying special procedures required at airports with special
security needs; and (7) training and testing standards for crewmembers
and security personnel.
The airport security program is a comprehensive document that
details the full range of security procedures and countermeasures that
airport operators are required to perform under Sec. 107.3. Most
programs include the: (1) Description of the air operations area (AOA),
each area on or adjacent to the airport that affects the security of
the AOA, and air carrier exclusive areas; (2) procedures to control
access to the AOA; (3) alternate security procedures for use in
emergency and other unusual conditions; and (4) law enforcement support
training and record maintenance programs in furtherance of part 107.
Programs for some airports include a description of the law enforcement
support training program and the system for maintaining records.
The indirect air carrier security program covers security
procedures for cargo that is accepted for transport on air carrier
aircraft. In general, it requires indirect air carriers to carry out
security procedures for handling cargo that will be carried on air
carrier aircraft.
Foreign air carrier's security programs provide security procedures
for foreign air carriers while operating to and from the United States,
which is a counterpart to the procedures required under part 108.
Security programs of individual companies largely are based on
standard security programs and amendments developed by the FAA and
industry. As new threats are identified, and as improved
countermeasures are developed, the FAA develops standard means to
respond to the threats and improve security.
Other sources of information and countermeasures are in Security
Directives and Information Circulars, described in Sec. 108.18. They
address threats to civil aviation security and countermeasures to
respond to those threats. In addition, there is information concerning
various security devices, such as metal detectors and X-ray machines,
that is sensitive.
The Need to Protect Security Information
The FAA has, over the years, adopted security procedures to respond
to the growing threat to civil aviation. The trend has been towards a
more sophisticated and dangerous threat.
Until 1984, hijackings of U.S. air carriers primarily were
conducted by single individuals who were asylum seekers, expatriates
desiring to return to Cuba, mentally disturbed persons, or single
individuals who were carrying out their criminal acts for personal
motives. Beginning in 1985, however, there were a series of
sophisticated hijackings and attempted hijackings of airliners of U.S.
registry. These hijackings were conducted by relatively well-organized
teams of trained individuals with political motives primarily connected
to international affairs in the Middle East. The June 1985 hijacking of
TWA 847 and intelligence reporting in subsequent years clearly
indicated that U.S. air carriers were facing a higher level and type of
threat. Similar incidents that occurred over the next few years
routinely involved murder and extended hostage takings.
The change in the hijacking threat faced by U.S. air carriers was
accompanied by increasingly sophisticated and deadly sabotage attacks
against civil aviation. These attacks also were perpetrated by well-
organized international terrorist groups with, in some cases, nation
states also involved as supporters and facilitators, if not direct
participants. These groups and countries repeatedly attempted to
collect information concerning extant security countermeasures and to
devise methods of attack to bypass or defeat those countermeasures.
With the 1985 terrorist attacks on the airport terminals in Rome
and Vienna and the December 1988 explosion and crash of Pan American
World Airways [Pan Am] Flight 103 in Lockerbie, Scotland, the FAA,
along with the world civil aviation community, recognized that an
entirely new phase of terrorism had opened. In response, the FAA issued
new, detailed, amendments to the air carrier standard security program
to counter the threat to U.S. carriers at foreign airports. The FAA
also developed new procedures to decrease the vulnerability of airports
to terrorist attacks. These procedures, both foreign and domestic, went
into both the air carrier and airport security programs.
Because of the increasing sophistication of those who may pose a
threat to civil aviation, it is increasingly important that information
regarding the manner in which the FAA, the airport operators, and the
air carriers may seek to guard against criminal threats be protected.
The unauthorized disclosure of sensitive aviation security information
could assist in the development of techniques to counter those
measures.
The FAA is mindful of the public's legitimate interest in how the
FAA operates and how it regulates the aviation industry. The FAA has a
corresponding responsibility to prevent undue disclosure of information
that could compromise public safety if it falls into the wrong hands.
The proposals in this notice have been carefully considered to cover
only information that could reasonably be anticipated to be damaging to
the security of the traveling public if given to unauthorized persons.
Security programs are absolutely essential mechanisms through which
the FAA regulates the air carriers' and airports' detailed obligations
with respect to ensuring civil aviation security. Much of the
effectiveness of the programs depends on strictly limiting access to
such information to those persons who have a need to know. Unauthorized
disclosure of the specific provisions of the air carrier and airport
security programs or other aviation security information would allow
potential attackers of civil aviation to devise methods to circumvent
or otherwise defeat the security provisions. It would also discount the
deterrent effect inherently provided in prohibiting disclosure of
security measures that may or may not be in place.
There are sophisticated criminal elements who actively seek
information on what seemingly are minor security points, with a view to
accumulating a larger picture of the entire security program.
Therefore, it is imperative that the entire security program be
protected. Similarly, it is critical to protect the information
contained in Security Directives and Information Circulars. These
documents contain detailed information on threats that the FAA has
identified, and the measures to counter those threats. The unauthorized
release of that information could compromise those countermeasures. In
addition, particular information regarding FAA approved security
devices, such as metal detectors, should also be protected to the
extent possible.
Current Protection of Security Information
Currently, the FAA, airport operators, air carriers, indirect air
carriers, and foreign air carriers are required to restrict the
availability of information contained in security programs to those
with a need to know, and to refer requests for such information to the
FAA. These requirements are in Secs. 107.3(e), 108.7(c) (4) and (5),
109.3(c), and foreign air carrier security programs. In addition,
Sec. 108.18(c)(1) specifically requires air carriers to restrict the
availability of Security Directives and Information Circulars, and the
information contained therein, to persons with a need to know. However,
individuals who work for or perform activities in support of the air
carriers are not required to protect the information, except for
Security Directives and Information Circulars. Part 191 allows the FAA
to withhold certain requested information, such as a request under the
Freedom of Information Act (FOIA) (5 U.S.C. 552) or in litigation. Part
191 currently applies only to the FAA. Section 191.3 identifies
specific information, such as security programs and hijacker profiles,
that the FAA withholds. Section 191.5 provides generally that the FAA
prohibits disclosure of information when release would constitute an
unwarranted invasion of privacy, reveal trade secrets or privileged or
confidential information, or be detrimental to the safety of persons
traveling in air transportation or in intrastate air transportation.
However, it does not cover all of the potential sources of sensitive
security information that should be covered.
Civil aviation security information protected under the Federal
Aviation Regulations is different from National Security Information
governed by Executive Order 12356 and related orders, statutes, and
rules. The Executive Order provides for classifying information as Top
Secret, Secret, and Confidential, and covers a wide range of
information affecting the national security. All persons with access to
such information must have an appropriate security clearance, and there
may be a criminal penalty for misuse of the information. While there is
some ``classified'' civil aviation security information, these proposed
rules are not directed to the handling of all classified information.
The FAA proposes to improve the protection of sensitive security
information by amending parts 107, 108, 129 and 191 as described more
fully below.
Part By Part Discussion of the Proposed Rule
The FAA currently is reformulating the authority citations of all
parts in accordance with the recodification enacted in Public Law 103-
272 on July 5, 1994. This process is not complete. Accordingly, the
authority citations in this proposed rule are those in the current
rules.
Part 191
Part 191 sets forth the rules that allow the FAA to withhold
information from public disclosure. The FAA proposes to amend and
reorganize part 191 as follows:
Sec. 191.1. The FAA proposes to expand part 191 to apply not only
to the FAA, but also to air carriers, airport operators, indirect air
carriers, foreign air carriers, and individuals. As discussed below,
parts 107, 108, 109, and 129 still would contain some requirements
regarding the protection of information, but part 191 would be the
primary rule for withholding information from unauthorized public
disclosure.
Section 191.1(a) would be amended to conform to the current
statute. In 1976, the FAA promulgated part 191 to implement the Air
Transportation Act of 1974, Pub. L. 93-366. Section 316(d)(2) of the
FAAct provides, in part, that the Administrator shall prescribe
regulations to ``prohibit disclosure of any information obtained or
developed in the conduct of research and development activities'' if
the disclosure meets certain conditions. This section is a major basis
for the current rules in part 191 on withholding information from
unauthorized disclosure.
In 1990, section 316(d)(2) was amended to provide that the
Administrator shall adopt rules to prohibit disclosure of ``any
information obtained in the conduct of security or research and
development activities * * *.'' Section 9121 of the Aviation Safety and
Capacity Expansion Act of 1990 (Pub. L. 101-508) (emphasis added). The
FAA proposes to amend Sec. 191.1(a), to protect information obtained
during the course of specified security activities.
The FAA also proposes to remove from the title of part 191
reference to the 1974 Act, to avoid any implication that it is the only
source of statutory authority for the part.
Section 191.1(b) now defines ``record,'' in part, as
``documentary'' material. The FAA proposes to delete the word
``documentary.'' The FAA intends to address all methods of preserving
information, including computer records. This would avoid any
misunderstanding over whether such records were ``documentary.''
Part 191 now refers to the ``Director of Civil Aviation Security''
as the official who makes the determination on behalf of the
Administrator to withhold information. Following a reorganization, the
FAA official who makes such determinations now is the Assistant
Administrator for Civil Aviation Security. The FAA proposes to amend
part 191 accordingly. In addition, the Deputy Assistant Administrator
for Civil Aviation Security, and any individual formally designated to
act in the capacity of the Assistant Administrator or the Deputy, would
have authority to make such determinations.
We also propose to state in more detail the extent to which the
Assistant Administrator may further delegate the authority to make
these decisions. For decisions involving information and records
described in Sec. 191.7(a) through (i), we propose to permit delegation
below the Assistant Administrator level. The information that is
described in (a) through (i) is well-defined, and decisions on release
or withholding of the information involves relatively objective
judgments.
Section 191.7(j) provides a ``catch all'' basis for determining
that other information is sensitive security information. A decision to
release or withhold information under Sec. 191.7(j) requires a careful
evaluation of, on the one hand, the need to provide the highest level
of security to the traveling public by preventing sensitive security
information from falling into the wrong hands, and on the other hand,
an awareness of the public's strong interest in obtaining information
about security in air transportation. These decisions require a careful
evaluation of security threats as well as important policies of the
agency. Therefore, the FAA proposes that such decisions be made by high
policy-level officials, and not below the Assistant Administrator and
Deputy Assistant Administrator level. The Assistant Administrator is
responsible for carrying out the agency's civil aviation security
program, and reports directly to the Administrator.
Sec. 191.3. Section 191.3 would continue to state generally that
the FAA withholds certain information, but would be clarified to state
that part 191 applies, notwithstanding FOIA and other disclosure
statutes. For instance, the FAA may adopt certain security rules
affecting air carriers and airports without disclosing the rules to
unauthorized persons.
The FAA proposes to move the provisions currently in Sec. 191.5
that describe the circumstances under which the FAA prohibits
disclosure of information to Sec. 191.3(b).
Sec. 191.5. Section 191.5 would contain the requirements that apply
to persons other than the FAA. Such persons include air carriers,
airport operators, indirect air carriers, and foreign air carriers, and
individuals employed by, or contracted by, air carriers, airport
operators, indirect air carriers, and foreign air carriers. This
section is intended to be very inclusive.
A difficult aspect of protecting sensitive security information is
that a large number of persons must be aware of at least portions of
the information in order to carry out their duties. These include
pilots, flight attendants, ticket agents, screeners, baggage handlers,
and law enforcement officers. Frequently, some of these people are not
direct employees of the air carrier or airport operator, but they do
carry out duties for or on behalf of the air carrier or airport
operator. For instance, in many cases, screeners and law enforcement
officers are not directly employed by air carriers or airport
operators, but do have important security responsibilities to carry
out. This section is intended to cover all such persons who have access
to sensitive security information. It should be emphasized, however,
that airports and air carriers would continue to have the
responsibility they now have to protect sensitive security information.
If sensitive security information is released to unauthorized persons,
depending upon the circumstances, the FAA may hold the airport or air
carrier, as well as the individual, accountable.
Section 191.5(a) would state the general requirement that
disclosure of and access to sensitive security information shall be
restricted to persons with a ``need to know.'' Section 191.5(b) would
define ``need to know'' as the requirement to have knowledge of or
access to the information to carry out FAA-approved or directed
aviation security duties. Of course, in the case of foreign air
carriers that are owned or operated, or closely regulated, by the
foreign government, various officials in that government have a ``need
to know.''
In most cases, the air carrier or airport operator has the
discretion to decide who in its organization has a need to know
sensitive security information. There are times, however, when
information is so sensitive that extra measures should be taken to
protect it from release to those without a ``need to know.'' The rule
would, therefore, provide that for some specific information the
Assistant Administrator may make a finding that only specific persons,
or classes of persons, have an operational need to know.
Section 191.5(c) would require that, if sensitive security
information is released to unauthorized persons, the FAA must be
notified. This will permit the FAA to evaluate the risk presented by
the release of the information, and to take whatever action may be
needed to mitigate that risk.
Section 191.5(d) alerts persons that violations may result in a
civil penalty or other action by the FAA. Under the FAAct, the FAA may
take a broad range of enforcement action for violation of the
regulations. The FAA anticipates that civil penalty action will be
considered for a violation of part 191, as it is for violations of
parts 107 and 108. However, the FAA may seek any enforcement action
deemed appropriate based on individual circumstances of the case.
Further, the FAA may take action to mitigate or correct the risk posed
by the violation. Such actions may include requiring air carriers or
airport operators to change their procedures for protecting security
information, or change the security procedures in place that may have
been compromised by unauthorized release of the information.
Sec. 191.7. Proposed 191.7 would incorporate and expand current
Sec. 191.3, which describes information that is protected from public
disclosure. There is information not specifically mentioned in
Sec. 191.3 that should be protected. The FAA now withholds such
information from public disclosure based on findings under Sec. 191.5
that disclosure would be detrimental to the safety of persons traveling
in air transportation or intrastate air transportation. Those findings
are set forth in written denials of FOIA requests for such information,
and in Declarations submitted to judges to seek protection of
information in litigation cases. To better inform the public of the
information prohibited from unauthorized release, the FAA proposes to
add this information to Sec. 191.7, as described below:
Section 191.7(a) would retain the current requirements to protect
any approved or standard security program for an air carrier, indirect
air carrier, airport operator, or foreign air carrier, and that portion
of the security program of the United States Postal Service that
relates to security of parcel mail to be transported by air. The FAA
proposes to expand this provision to include any comments,
instructions, or implementing guidance pertaining to these security
programs. Generally, these materials reveal some or all of the
sensitive information and must be protected the same as the security
programs themselves.
Paragraph (b) would be revised to include any comments,
instructions, or implementing guidance pertaining to Security
Directives and Information Circulars.
Paragraph (c) would list any profile used in any security screening
process, including persons, baggage, or cargo. Section 191.3(b) (1) and
(2) currently cover any hijacker profile and profile used in baggage
screening. This proposal makes that provision general to cover profiles
for screening persons, because there are systems in place to protect
against terrorists and others who might seek to commit criminal
violence, not just hijackers. It would also cover profiles for cargo.
Like baggage, cargo is a potential tool for criminal violence that the
security rules cover.
Paragraph (d) would include any security contingency plan and
comments, instructions, or implementing guidance pertaining thereto.
These plans, when adopted, become part of the security program and are
already covered by rules governing security programs. They are included
in Sec. 191.7 for emphasis.
The FAA proposes to delete the provisions currently in
Sec. 191.3(b)(6), pertaining to the technical specifications for
devices for protection against, or detection of, cargo theft, from the
rule. Such devices are not directly used to meet the requirements for
civil aviation security under the FAA regulations. Any devices that
serve a dual function of protecting cargo and security are protected
under other provisions in this section.
Paragraph (e) would cover the technical specifications of any
device used for the detection of any explosive, incendiary, or deadly
or dangerous weapon. It is essentially the same as current
Sec. 191.3(b)(5), except that the current rule is worded ``explosive or
incendiary device or weapon.'' The proposed rule would use the same
wording that is in Sec. 108.9(a), which contains the requirements for
air carriers to screen passengers and property for such items.
Paragraph (f) would address the specifications for objects used to
test screening equipment, and equipment parameters, and paragraph (g)
would address any security communications equipment and procedures.
Knowledge of the devices used to perform various security functions
could lead to a plan to defeat those devices. Accordingly, details of
such devices should be protected.
Paragraph (h) would address any information pertaining to: (1)
Threats of any criminal acts directed against air transportation; and
(2) the details of an alleged violation of parts 107, 108, 109, or 129,
and any information that could reasonably lead to the disclosure of
such details, i.e., the airport name, the location of the gate or
access point; the air carrier, indirect air carrier, or foreign air
carrier. Paragraph (h) would apply only to the release of information
by the FAA. There is less risk of harm from the casual disclosure of
this information by individuals.
Paragraph (i) would include any draft, proposed, or recommended
change to sensitive security information or records. The FAA frequently
issues proposed revisions for sensitive security documents to air
carriers and airport operators and requests comments on the proposals.
These proposals contain sensitive security information that also should
be protected.
Paragraph (j) would include any other information that the
Administrator determines should not be disclosed under the criteria in
Sec. 191.3(b). While we have attempted to anticipate all sources of
information that should be protected from unauthorized disclosure,
additional information may be discovered in the future. As with the
current rule, this paragraph would allow the Administrator to determine
whether other information should be considered to be sensitive security
information.
Parts 107, 108, 109, and 129
The FAA proposes to make changes to the specific parts that apply
to airport operators, air carriers, indirect air carriers, and foreign
air carriers, to correspond to the proposed changes to part 191. Parts
107, 108, 109, and 129 require these organizations to protect security
information as required in part 191, and would require them to direct
requests for such information to the administrator. These parts would
be redundant with the proposed changes to part 191. These organizations
currently refer to their specific parts of the FAR for security
requirements. Including a cross-reference to part 191 in parts 107,
108, 109, and 129, alerts organization to the new requirements, and
makes it clear that part 191 is part of their security duties.
Economic Evaluation
This section summarizes the regulatory evaluation prepared by the
FAA. The regulatory evaluation provides more detailed discussion of the
potential economic consequences of this proposal.
Executive Order 12866, dated September 30, 1993, directs Federal
agencies to promulgate new regulations or modify existing regulations
only if benefits to society for each regulatory change outweigh
potential costs. The order also requires the preparation of an economic
analysis of all ``significant regulatory actions'' except those
responding to emergency situations or other narrowly-defined
exigencies.
The FAA has determined that this proposed rule is not a
``significant regulatory action'' as defined by Executive Order 12866
(Regulatory Planning and Review). A synopsis of the costs and benefits
associated with this rule are summarized below. (A more detailed
discussion is contained in the full regulatory evaluation placed in the
docket for this proposed rule.)
Costs and Benefits
This proposed rule would help protect persons and property at
airports and aboard aircraft against terrorist and other criminal acts
by strengthening the rules protecting sensitive security information
from being released to unauthorized persons. It would require the
affected entities to be responsible for safeguarding this security
information from unauthorized disclosure. The accidental divulgence of
such material could lead, directly or indirectly, to injuries, the loss
of life, and/or the loss of an aircraft.
These rules could be implemented at no cost. Given the lack of cost
and given the potential benefits of avoided fatalities and injuries,
the FAA finds this proposed rule to be cost beneficial.
International Trade Impact Statement
In accordance with the Office of Management and Budget memorandum
dated March 1983, federal agencies engaged in rulemaking activities are
required to assess the effects of regulatory changes on international
trade. The FAA finds that this proposed rule would not have an adverse
impact on trade opportunities for either U.S. firms doing business
overseas or foreign firms doing business in the United States. The
proposed rule would impose no costs on both domestic and foreign air
carriers, so neither would have a trade advantage over the other.
Initial Regulatory Flexibility Determination
The Regulatory Flexibility Act of 1980 (RFA) was enacted by
Congress to ensure that small entities are not unnecessarily burdened
by government regulations. The RFA requires agencies to review rules
that may have a ``significant economic impact on a substantial number
of small entities.'' There is no cost associated with this proposed
rule; therefore, this proposal does not have a significant economic
impact on a substantial number of small entities.
Federalism Impact
This proposal will not have a substantial direct effect on the
States, on the relationship between the national government and the
States, or on the distribution of power and responsibilities among the
various levels of government. Therefore, in accordance with Executive
Order 12612, it is determined that this proposal does not have
sufficient federalism implications to warrant preparation of a
Federalism Assessment.
Paperwork Reduction Act
In accordance with the Paperwork Reduction Act of 1980 (Pub. L. 96-
511), there are no requirements for information collection associated
with this proposed rule.
Conclusion
For the reasons discussed above, and based on the findings in the
initial Regulatory Flexibility Determination and the International
Trade Impact Statement, the FAA certifies that this proposed regulation
will not have a significant economic impact, positive or negative, on a
substantial number of small entities under the criteria of the
Regulatory Flexibility Act. This proposal is not considered a
``significant regulatory action'' under Executive Order 12866 and is
not considered significant under Department of Transportation
Regulatory Policies and Procedures (44 FR 11034; February 26, 1979).
List of Subjects
14 CFR Part 107
Airports, Arms and munitions, Federal Aviation Administration, Law
enforcement officers, Reporting and recordkeeping requirements,
Security measures.
14 CFR Part 108
Air carriers, Aircraft, Airmen, Airports, Arms and munitions,
Explosives, Federal Aviation Administration, Law enforcement officers,
Reporting and recordkeeping requirements, Security measures.
14 CFR Part 109
Air carriers, Aircraft, Federal Aviation Administration, Freight
forwarders, Security measures.
14 CFR Part 129
Air carriers, Aircraft, Aviation safety, Federal Aviation
Administration, Reporting and recordkeeping requirements, Security
measures, Smoking.
14 CFR Part 191
Air transportation, Federal Aviation Administration,
Telecommunications.
The Proposed Amendments
Accordingly, the Federal Aviation Administration proposes to amend
parts 107, 108, 109, 129, and 191 (14 CFR parts 107, 108, 109, 129, and
191), as follows:
PART 107--AIRPORT SECURITY
1. The authority citation for part 107 continues to read as
follows:
Authority: 49 U.S.C. App. 1354, 1356, 1357, 1358, and 1421; 49
U.S.C. 106(g); Sec. 101, et seq., Pub. L. 101-604, 104 Stat. 3066.
2. Section 107.3 is amended by revising paragraph (e) to read as
follows:
Sec. 107.3 Security program.
* * * * *
(e) Each airport operator shall--
(1) Restrict the distribution, disclosure, and availability of
sensitive security information, as defined in part 191 of this chapter,
to persons with a need to know; and
(2) Refer requests for security sensitive information by other
persons to the Assistant Administrator for Civil Aviation Security.
* * * * *
PART 108--AIRPLANE OPERATOR SECURITY
3. The authority citation for part 108 continues to read as
follows:
Authority: 49 U.S.C. App. 1354, 1356, 1357, 1421, 1424, and
1511; 49 U.S.C. 106(g); Sec. 101 et seq., Pub. L. 101-604, 104 Stat.
3066.
4. Section 108.7 is amended by revising paragraphs (c)(4) and
(c)(5) to read as follows:
Sec. 108.7 Security program: Form, content, and availability.
* * * * *
(c) * * *
(4) Restrict the distribution, disclosure, and availability of
sensitive security information, as defined in part 191 of this chapter,
to persons with a need to know; and
(5) Refer requests for a sensitive security information by other
persons to the Assistant Administrator for Civil Aviation Security.
PART 109--INDIRECT AIR CARRIER SECURITY
5. The authority citation for part 109 continues to read as
follows:
Authority: Secs. 313(a), 316, 601, 1005, Federal Aviation Act of
1958 (49 U.S.C. 1354(a), 1357, 1421, and 1485; and sec. 6(c),
Department of Transportation Act (49 U.S.C. 1655(c)).
6. Section 109.3 is amended by revising paragraph (c) to read as
follows:
Sec. 109.3 Security program.
* * * * *
(c) Each indirect air carrier shall--
(1) Restrict the distribution, disclosure, and availability of
sensitive security information, as defined in part 191 of this chapter,
to persons with a need to know; and
(2) Refer requests for sensitive security information by other
persons to the Assistant Administrator for Civil Aviation Security.
PART 129--OPERATIONS: FOREIGN AIR CARRIERS AND FOREIGN OPERATORS OF
U.S.-REGISTERED AIRCRAFT ENGAGED IN COMMON CARRIAGE
7. The authority citation for part 129 continues to read as
follows:
Authority: 49 U.S.C. app. 1346, 1354(a), 1356, 1357, 1421, 1502,
1511 and 1522; 49 U.S.C. 106(g) (revised Pub. L. 97-449, January 12,
1983).
8. Part 129 is amended by adding a new Sec. 129.31 to read as
follows:
Sec. 129.31 Airplane security.
Each foreign air carrier required to adopt and use a security
program pursuant to Sec. 129.25(b) shall--
(a) Restrict the distribution, disclosure, and availability of
sensitive security information, as defined in part 191 of this chapter,
to persons with a need to know; and
(b) Refer requests for sensitive security information by other
persons to the Assistant Administrator for Civil Aviation Security.
9. Part 191 is revised to read as follows:
PART 191--PROTECTION OF SENSITIVE SECURITY INFORMATION
Sec.
191.1 Applicability and definitions.
191.3 Records and information withheld by the Federal Aviation
Administration.
191.5 Prohibition on release of sensitive security information.
191.7 Sensitive security information.
Authority: Secs. 313(a), 316(d)(2), 601, Federal Aviation Act of
1958 (49 U.S.C. 1354(a), 1357(d)(2), 1421); sec. 6(c), Department of
Transportation Act (49 U.S.C. 1655(c)).
Sec. 191.1 Applicability and definitions.
(a) This part governs the release, by the Federal Aviation
Administration and by other persons, of records and information that
has been obtained or developed during security activities or research
and development activities.
(b) For purposes of this part, ``record'' includes any writing,
drawing, map, tape, film, photograph, or other means by which
information is preserved.
(c) The authority of the Administrator under this part is also
exercised by the Assistant Administrator for Civil Aviation Security
and the Deputy Assistant Administrator for Civil Aviation Security, and
any individual formally designated to act in their capacity. For
matters involving the release or withholding of information and records
containing information described in Sec. 191.7(a) through (i), the
authority may be further delegated. For matters involving the release
or withholding of information and records containing information
described in Sec. 191.7(j), the authority may not be further delegated.
Sec. 191.3 Records and information withheld by the Federal Aviation
Administration.
(a) Except as provided in paragraph (c) of this section, and
notwithstanding 5 U.S.C. 552 or other laws, the records and information
described in paragraph (b) of this section are not available for public
inspection or copying, nor is information contained in those records
released to the public.
(b) The Administrator prohibits disclosure of information developed
in the conduct of security or research and development activities under
49 U.S.C. App. Chapter 20, Subchapter III, if, in the opinion of the
Administrator, the disclosure of such information would:
(1) Constitute an unwarranted invasion of privacy (including, but
not limited to, information contained in any personnel, medical, or
similar file);
(2) Reveal trade secrets or privileged or confidential information
obtained from any person; or
(3) Be detrimental to the safety of persons traveling in air
transportation.
(c) If a record contains information that the Administrator
determines cannot be disclosed under this part, but also contains
information that can be disclosed, the latter information, on proper
FOIA request, will be provided for public inspection and copying.
However, if it is impractical to redact the requested information from
the document, the entire document will be withheld from public
disclosure.
Sec. 191.5 Prohibition on release of sensitive security information.
(a) Each airport operator, air carrier, indirect air carrier,
foreign air carrier, and each individual employed by, contracted to, or
acting for an airport operator, air carrier, indirect air carrier, or
foreign air carrier shall restrict disclosure of and access to
sensitive security information to persons with a need to know, and
shall refer requests from other persons for such information to the
Administrator.
(b) A person has a need to know sensitive security information when
the information is necessary to carry out FAA-approved or directed
aviation security duties. For some specific information, the
Administrator may specify which persons, or classes of persons, have a
need to know.
(c) When sensitive security information is released to unauthorized
persons, any air carrier, airport operator, indirect air carrier,
foreign air carrier, or individual with knowledge of the release shall
inform the Administrator.
(d) Violation of this section is grounds for a civil penalty or
other enforcement or corrective action by the FAA.
Sec. 191.7 Sensitive security information.
Except as otherwise provided in writing by the Administrator, the
following information and records containing such information
constitute sensitive information:
(a) Any approved or standard security program for an air carrier,
foreign air carrier, indirect air carrier, or airport operator, and
that portion of the security program of the United States Postal
Service that relates to security of parcel mail to be transported by
air; and any comments, instructions, or implementing guidance
pertaining thereto.
(b) Security Directives, Information Circulars, and any comments,
instructions, or implementing guidance pertaining thereto.
(c) Any profile used in any security screening process, including
for persons, baggage, or cargo.
(d) Any security contingency plan or information and any comments,
instructions, or implementing guidance pertaining thereto.
(e) Technical specifications of any device used for the detection
of any explosive, incendiary, or deadly or dangerous weapon.
(f) Technical specifications of objects used to test screening
equipment and equipment parameters.
(g) Technical specifications of any security communications
equipment and procedures.
(h) As to the release of information by the FAA only:
(1) Any information pertaining to threats of any criminal acts
directed against air transportation.
(2) The details of an alleged violation of parts 107, 108, 109, or
129 of this chapter, including the airport name, the location of the
gate or access point; the air carrier, indirect air carrier, or foreign
air carrier, and any information that could reasonably lead to the
disclosure of such details.
(i) Any draft, proposed, or recommended change to the information
and records identified in this part.
(j) Any other information, the disclosure of which the
Administrator has prohibited under the criteria in Sec. 191.3(b).
Issued in Washington, DC, November 4, 1994.
Bruce R. Butterworth,
Director, Office of Civil Aviation Security Policy and Planning.
[FR Doc. 94-27912 Filed 12-5-94; 8:45 am]
BILLING CODE 4910-13-M
