[Federal Register: January 23, 2002 (Volume 67, Number 15)] [Proposed Rules] [Page 3129-3135] ======================================================================= ----------------------------------------------------------------------- DEPARTMENT OF ENERGY Federal Energy Regulatory Commission 18 CFR Part 388 [Docket Nos. RM02-4-000 and PL02-1-000] Notice of Inquiry and Guidance for Filings in the Interim January 16, 2002. AGENCY: Federal Energy Regulatory Commission. ACTION: Notice of Inquiry. ----------------------------------------------------------------------- SUMMARY: The Federal Energy Regulatory Commission (Commission) is considering whether to revise its rules to address public availability of critical energy infrastructure information. The Commission issued a policy statement in Docket No. PL02-1-000 on October 11, 2001 (66 FR 52917, October 18, 2001), removing from easy public access previously public documents that detail the specifications of energy facilities licensed or certificated by the Commission. The policy statement directed requesters seeking this information to follow the Freedom of Information Act procedures found at 18 CFR 388.108. This Notice of Inquiry will assist the Commission in determining what changes, if any, should be made to its regulations to restrict unfettered general public access to critical energy infrastructure information, but still permit those with a need for the information to obtain it in an efficient manner. EFFECTIVE DATES: Responses must be submitted on or before March 11, 2002. Requests for copies of the non-public appendix must be filed on or before February 7, 2002. ADDRESSES: Office of the Secretary, Federal Energy Regulatory Commission, 888 First Street, NE., Washington, DC 20426. FOR FURTHER INFORMATION CONTACT: Carol C. Johnson, Office of the General Counsel, Federal Energy Regulatory Commission, 888 First Street, NE., Washington, DC 20426, (202) 208-0457. SUPPLEMENTARY INFORMATION: I. Introduction The Federal Energy Regulatory Commission is initiating an inquiry into the appropriate treatment of previously public documents in the aftermath of the September 11, 2001 terrorist attacks on the United States of America. Accordingly, this Notice sets forth the Commission's general views on how it intends to treat those documents, and asks specific questions on the scope and implications of maintaining the confidentiality of certain documents that previously had been made public but removed from easy public access under the Policy Statement issued in Docket No. PL02-1-000 on October 11, 2001 (Policy Statement). See 97 FERC para. 61,030. The major matter that this Notice addresses is the reconciliation of the Commission's regulatory responsibilities under its enabling statutes and Federal environmental laws and the need to protect the safety and well being of American citizens from attacks on our nation's energy infrastructure. By definition, this Notice does not propose any specific changes to the Commission's regulations, but it does reflect what the Commission may consider doing in the future. As an initial matter, the Commission believes that the process under the Freedom of Information Act, 5 U.S.C. 552 (FOIA), which the Policy Statement established as the means for requesting previously public documents in the short run, is not well suited in the long run for handling most requests for this critical energy infrastructure information (CEII).\1\ Therefore, the questions posed in the Notice are premised on the Commission's processing most CEII requests outside of the FOIA procedures. The Commission also believes that the scope of the Policy Statement should probably be maintained, viz., that limiting access to CEII should be confined to certificated, licensed, or constructed projects. Put another way, the Commission currently intends that information contained in or related to proposed projects should be available as before October 11, 2001. (Care would have to be taken to the extent the information detailed existing facilities.) Otherwise, the implementation of the environmental laws may be impeded or the processing of certificate or license applications may be unduly complicated. Nevertheless, the Notice asks specific questions as to the correctness of this approach. The Commission emphasizes that its intention here is to address how the public with a need for certain documents obtains access to those documents, not whether they should have access to them. --------------------------------------------------------------------------- \1\ Assuming that much of the information identified as CEII will be exempt from mandatory disclosure under FOIA, using FOIA as the exclusive mechanism for determining release would mean that people with a need for the information might be denied access to exempt information. In any event, under FOIA, the agency may not consider a requester's particular need for the information. Moreover, once release is made to one requester under FOIA, release is generally avaialble to all requesters, and if information is released pursuant to FOIA, the agency may not restrict the recipient's use or dissemination of that information. Therefore, if the Commission wishes to make otherwise exempt information available to a requester based on the requester's need for the information, or wishes to limit the recipient's use and dissemination of the information, it must do so outside of the confines of the FOIA. --------------------------------------------------------------------------- As a separate matter, the Commission is using this opportunity to provide guidance on making filings with the Commission to the companies whose facilities could be the targets of terrorist attacks. Between now and the effective date of a final decision in Docket No. RM02-4-000, these companies may seek confidential treatment of filings or parts of filings which in their opinion contain CEII. For this purpose, they are directed to follow the procedures in 18 CFR 388.112, and also clearly note "PL02-1" on the first page of the document. II. Background The September 11, 2001 terrorist attacks prompted the Commission to issue a policy statement on October 11, 2001, in PL02-1-000, addressing the treatment of previously public documents. See 97 FERC para.61,030.\2\ The [[Page 3130]] Commission announced there that it would no longer make available to the public through its Internet site, the Records and Information Management System (RIMS), or the Public Reference Room, documents such as oversized maps that detail the specifications of energy facilities already licensed or certificated under Part I of the Federal Power Act, 16 U.S.C. 719a, et seq., and section 7 (c) of the Natural Gas Act, 15 U.S.C. 717f(c), respectively. Rather, anyone requesting such documents was directed to follow the procedures set forth in 18 CFR 388.108 (Requests for Commission records not available through the Public Reference Room (FOIA Requests)). The Policy Statement also instructed staff to report back to the Commission within 90 days on the impact of this newly announced policy on the agency's business. This Notice reflects staff's report. --------------------------------------------------------------------------- \2\ Shortly after the attacks, the Commission issued another policy statement in Docket No. PL01-6-000, in which it provided guidance to regulated companies regarding extraordinary expenditures necessary to safeguard national energy supplies. See 96 FERC para.61,299 (2001). The Commission recognized there that electric, gas, and oil companies may need to adopt new procedures, update existing procedures, and install facilities to further safeguard their systems, and that these efforts might result in extraordinary expenditures. The Commission assured these companies that it would give its highest priority to processing any filing made for the recovery of such expenditures. --------------------------------------------------------------------------- The Commission was not alone in its reaction to protecting sensitive information. The Associated Press reported on October 12, 2001, that "Federal agencies are scrutinizing their Web sites and removing any information they believe terrorists might use to plot attacks against the nation. Federal agencies have been reviewing their sites in the wake of the terrorist attacks." The report referred to action by the Nuclear Regulatory Commission, the Environmental Protection Agency, the Centers for Disease Control and Prevention, and the United States Department of Transportation Office of Pipeline Safety. Along the same lines, the United States Department of Justice pointed out a short time later: In light of those events [of September 11, 2001], and the possibilities for further terrorist activity in their aftermath, federal agencies are concerned with the need to protect critical systems, facilities, stockpiles, and other assets from security breaches and harm--and in some instances from their potential use as weapons of mass destruction in and of themselves. Such protection efforts, of course, must at the same time include the protection of any agency information that could enable someone to succeed in causing the feared harm. www.usdoj.gov/oip/foiapost/2001foiapost19.htm.\3\ Subsequently, in early November, the Department of Energy Office of Environment, Safety and Health blocked all access to environmental assessments and environmental impact statements and related documents published on the Department's National Environmental Policy Act Web site. --------------------------------------------------------------------------- \3\ This statement accompanied the issuance of a FOIA memorandum to the heads of all Federal departments and agencies from Attorney General John Ashcroft on October 12, 2001. This memorandum emphasized the Bush Adminstration's commitment to full compliance with FOIA as an important means of maintaining an open and accountable system of government. At the same time, it recognized the importance of protecting the sensitive institutional, commercial, and personal interests that can be implicated in government records--such as the need to safeguard national security, to maintain law enforcement effectiveness, to respect business confidentiality, to protect internal agency deliberations, and to preserve personal privacy. --------------------------------------------------------------------------- Since September 11, 2001, our country fortunately has not experienced any attacks as devastating as the ones experienced on that day. On at least three occasions, however, the Attorney General of the United States put the country on high alert because of threatened terrorist attacks.\4\ The Federal Bureau of Investigation has likewise warned oil and gas companies throughout the United States and Canada to be on the highest alert. Under these circumstances, the Commission finds that the concerns about threats to the energy infrastructure over which it has regulatory responsibilities still exist, and that the Commission must proceed to examine its policy and any related regulations on making information about that infrastructure available to the public. The Commission emphasizes, however, that in no way is it proposing to prevent or otherwise impede the public from having access to information it needs in order to respond to applications and other proposals from the regulated companies. This Notice is not intended to address whether the public with such a need has access to certain documents; rather, it is intended to address how the public with such a need will have access to certain documents. --------------------------------------------------------------------------- \4\ Since September 11, 2001, the United States government has issued a total of four warnings--three official warnings and one unofficial warning. On October 11, 2001, Attorney General John Ashcroft issued the first official warning of possible attacks. He again issued an official warning on October 29, 2001. On December 3, 2001, Tom Ridge, Director of Homeland Security, issued the third official warning because Attorney General Ashcroft was out of town. This third warning, which was to be in effect throughout the holiday season, was extended on January 2, 2002 to last through March 11, 2002. As most relevant here, in late November 2001, Attorney General Ashcroft warned of an uncorroborated report of a possible terrorist threat against natural gas pipelines. Accordingly, the American Petroleum Institute, the lead industry group coordinating with the FBI and Energy Department on security matters, issued a warning to oil and gas companies. --------------------------------------------------------------------------- III. Implementation of Policy Statement A brief overview of the Commission's experience since issuance of the Policy Statement may help to understand the instant task better, because this Notice is understandably informed by that experience. To implement the policy, the Commission's staff first disabled RIMS access to all oversized documents, which frequently contain detailed infrastructure information and also removed them from the Public Reference Room. Staff next identified and disabled or denied access to other types of documents dealing with licensed hydropower projects, certificated natural gas pipelines, and electric transmission lines that appeared to include critical infrastructure information. This effort, which was undertaken as cautiously and methodically as possible, affected tens of thousands of documents. As of January 3, 2002, the treatment of previously public documents as non-public generated twenty-five FOIA requests. Most of these requests are pending, as the time for responding is still running or has been tolled because the Commission sent letters to the submitters of the information for their views on the applicability of the FOIA exemptions. See CFR 385.112(d). In one instance, however, the FOIA request was mooted, because the Commission provided the document to the requester outside the FOIA process. The requester was a pipeline applicant who sought a non- published environmental assessment that was referenced in the order issuing the applicant a certificate. As the applicant, the requester was a unique member of the public, who had to have the environmental assessment to decide whether to accept the certificate, and, if so, how to comply with its terms. Moreover, a company whose facilities were intended to be protected from terrorist attacks by the Policy Statement could fairly be assumed to treat any sensitive information contained in the environmental assessment in the same way that the Commission would, that is, to protect it from getting into the hands of terrorists. Therefore, the company's request was handled outside the FOIA process.\5\ --------------------------------------------------------------------------- \5\ Two other FOIA requests were likewise mooted. One involved a request from a law firm representing a regulated company, which no longer had a particular map filed previously by its client. This request was handled outside of FOIA as it concerned a request from a company for its own material. The other request was made by an intervener in a certificate proceeding. In this case, the pipeline applicant provided the information directly to the requester. --------------------------------------------------------------------------- As a separate matter, since the issuance of the Policy Statement, the Commission has also entertained a request from a company to remove what in its view was critical infrastructure information which had not been removed from public access as part of the staff's efforts to implement the policy on previously public documents. Williston Basin Interstate Pipeline Company filed revised tariff sheets on November 30, 2001, to remove the system maps from its tariff, and requested a waiver of 18 CFR 154.106 to do so.\6\ The Commission denied Williston Basin's specific proposal as unnecessary because it construed the proposal as a request for confidential treatment of those particular sheets in its tariff, and granted that request. See Williston Basin Interstate Pipeline Company, 97 FERC para. 61,369 (2001). The Commission reasoned that this action would allow it to have the information needed to fulfill its regulatory obligations, while at the same time satisfying Williston Basin's desire [[Page 3131]] to keep the maps out of the public domain for safety purposes. Id. at __, slip op. at 2. The Commission further took into account that customers or prospective customers of Williston Basin will be able to obtain a copy of the map directly from the pipeline company. Id. --------------------------------------------------------------------------- \6\ Section 154.106 requires each natural gas pipeline to display a system map in its tariff and to update its maps annually to reflect any major changes in facilities. --------------------------------------------------------------------------- IV. Questions for Response A. Legal Authority to Protect CEII To reiterate, the Commission's goal is not to alter in any way the public's right to access documents that they need to participate in a meaningful way in Commission proceedings. For this reason, for example, the proposed location of new gas pipeline facilities would not be restricted from public access or involvement. Likewise, the Commission does not want to prevent the general public, including the press, from accessing information to understand better how the Commission operates. The Commission must balance these goals against legitimate concerns about the integrity of the nation's energy infrastructure. For this purpose, the Commission believes it is necessary to devise procedures for the public to access CEII. To do so, the Commission starts with the premise that any information it collects will generally be publicly available. That is consistent with the scheme of its enabling statutes, which are grounded in public participation in reviewing companies' rates and terms and conditions of service and in processing their certificate and license applications. See, e.g., section 4(c) of the Natural Gas Act, 15 U.S.C. 717c; section 205 of the Federal Power Act, 16 U.S.C. 824d. Nonetheless, the Commission's enabling statutes do not appear to prohibit the Commission from devising procedures to control the public's access to CEII. On the other hand, the Commission's regulations or policies may foreclose such procedures to the extent they require certain CEII to be made public and foreclose their being treated confidentially. For example, there may be an anomaly in the Commission's maintaining the confidentiality of CEII, such as oversized, detailed system maps (which show not only the proposed facilities, but their relationship to existing facilities), but still requiring companies to maintain a public file of all relevant documents at a suitable location or locations outside of FERC. See 18 CFR 157.10. Similarly, the Commission requires pipeline applicants to make a good faith effort to place materials in a location that provides maximum accessibility to the public, and to make available complete copies of their applications in accessible central locations in each county throughout the project area, either in paper or electronic format, within three business days of the date a filing is issued a docket number. See 18 CFR 157.10(b)(2) and (c). Under these circumstances, as a threshold matter, the Commission must decide whether any of its current regulations or policies need to be revised in order to implement changes in the way the public accesses CEII.\7\ To assist this inquiry, the Commission is attaching to this Notice, as a non-public appendix, a list of previously public documents, which are likely candidates for consideration as CEII.\8\ The Commission requests that respondents distinguish as much as possible in their answers between the legal implications for proposed projects versus operational projects. See B.4. below. --------------------------------------------------------------------------- \7\ As separate matter, the Commission is aware of at least six pieces of legislation that have been introduced in the First Session of the 107th Congress, including S. 1407, S. 1456, S. 1529, S. 1534, H.R. 1292, and H.R. 1158. The Commission does not believe, however, that it needs a change in its legislative mandate to proceed with this Notice. That is not to stay, of course, that it would not welcome guidance from the Congress on these matters. \8\ The procedures to obtain a copy of the non-public appendix are set forth at the end of this Notice in the section entitled "Document Availability." --------------------------------------------------------------------------- Against this backdrop, the Commission seeks responses to the following questions: 1. Are there statutory impediments to protecting CEII under the following: a. Natural Gas Act, 15 U.S.C. 717, et seq.; b. Federal Power Act, 16 U.S.C. 791a, et seq.; c. FERC's other enabling statutes; d. National Environmental Policy Act, 42 U.S.C. 4321-4370d; or e. Substantive environmental laws? 2. Are there regulatory impediments to protecting CEII? a. What changes, if any, are required to the Commission's own regulations to enable it to protect CEII adequately? b. What changes, if any, are required to the Commission's regulations to enable regulated entities to protect CEII? c. Are there non-FERC regulations that impair the Commission's or the regulated companies' ability to protect CEII adequately? d. Do Order Nos. 608 \9\ and 609 \10\ create any impediment if the Commission defines CEII to include only information regarding licensed or certificated projects? --------------------------------------------------------------------------- \9\ "Collaborative Procedures for Energy Facility Applications," Order No. 608, 64 FR 51209 (September 22, 1999); FERC Statutes and Regulations, Regulations Preambles July 1996-- December 2000, para. 31,080 (September 15, 1999), order on reh'g, Order No. 608-A, 65 FR 65752 (November 2, 2000); FERC Statutes and Regulations, Regulations Preambles July 1996-December 2000, para. 31,110 (October 27, 2000). \10\ "Landowner Notification, Expanded Categorical Exclusions, and Other Environmental Filing Requirements," Order No. 609, 64 FR 57374 (October 25, 1999), FERC Statutes and Regulations, Regulations Preambles July 1996-December 2000, para. 31,082 (October 13, 1999), order on reh'g, Order No. 609-A, 65 FR 15234 (March 22, 2000), FERC Statutes and Regulations, Regulations Preambles July 1996-December 2000, para. 31,095 (March 16, 2000). --------------------------------------------------------------------------- B. Definition of Critical Energy Infrastructure Information (CEII) A major issue throughout the past three months has been identifying information that warrants protection in light of the September 11 events. After the issuance of the Policy Statement, the Commission removed from ready public access documents "that detail the specifications of energy facilities licensed or certificated under part I of the Federal Power Act * * * and section 7(c) of the Natural Gas Act. * * *" Since that time, the Commission has recognized that there may be additional information that warrants protection as well, for instance, information relating to the transmission of electricity. The Commission must develop a workable definition of CEII that is broad enough to encompass information useful to would-be terrorists in planning a terrorist attack, without removing from the public domain information that poses little to no risk. The definition will guide submitters of information and Commission staff reviewing such submissions in determining whether or not the information should be freely available to the general public. Below is a list of questions that may assist the Commission in devising a consistent method of identifying CEII. 1. What are the primary considerations that the Commission should use to determine which information should be protected? Should the Commission only protect information relating to certain critical components of the infrastructure? If so, how does it identify such components? If information is removed only for those identified facilities, will that highlight critical facilities for would-be terrorists? 2. Should CEII include all information related to locations of existing facilities? Does the scale of the map make a difference? Should the Commission protect location information only where a map provides exact location of facilities (e.g., longitude and latitude, or map coordinates)? What if the information is otherwise publicly available from another source, e.g., a commercial map? 3. Aside from location, what additional types of information may warrant protection (i.e., removal from existing systems where possible, or redaction from future filings)? a. Diameter, throughput and pressure information relating to gas pipelines? b. System constraints for both gas and electric transmission systems? c. Supply lines to critical facilities (hospitals, military installations, government facilities, etc.)? d. Number of retail customers served by a particular portion of the infrastructure? e. Redundancy or lack of redundancy in the system? f. Compressor station layouts and layouts of other above-ground facilities? g. Location of critical components, e.g. shut off valves? h. Inundation information and other similar information that details areas likely to be affected by a failure in the system? i. Vulnerability/risk assessments and other information that may provide insights into vulnerabilities in the infrastructure? j. Emergency Action Plans or other documents detailing steps to be taken in the event of an emergency involving a facility? 4. Should the restrictions be limited to existing projects or should they be extended to proposed projects or extensions? a. What are the legal impediments and practical difficulties associated with extending the restrictions to pending projects? b. How should the Commission handle hydropower relicensing situations where there is a need for public participation, and [[Page 3132]] also a risk that an existing facility could be endangered by release of certain information? c. How should the Commission handle situations where documents relating to a yet-to-be-approved project contain CEII relating to existing facilities? Can those portions be removed and still permit effective public participation in the process? Is there an effective way to limit access to those with a need for the information? d. If CEII related to proposed projects is not restricted during the licensing/certificate stage, at what point in the process should the information no longer be readily available to the public? (1) Once the Commission issues the license/certificate? (2) When a pipeline applicant accepts the certificate or when it commences construction? (3) When a hydropower licensee or exemptee commences construction? (4) After construction is completed, or any operational portion is completed? (5) When rehearing period or appeal period has run or all rehearings or appeals have been decided? C. Requester's Status and Need for the Information At present, the Commission is considering an approach that would strive to process most requests for CEII outside of the FOIA process.\11\ As part of this approach, requesters may be subject to different procedures and entitled to more or less information, depending on their status and their need for the information. The Commission has identified the following categories of potential requesters: (1) Federal government entities, including Congress; (2) state governments; (3) local governments; (4) Native American Tribes; (5) submitters of CEII; (6) parties seeking CEII relating to their own project or facility; (7) representatives of submitters or parties seeking information relating to their client's own project or facility; (8) interveners; (9) those who have sought, but have not yet been granted, intervener status; (10) landowners and landowner groups; (11) media representatives; (12) third-party requesters who want the information for a business purpose such as selling a product or service or advising clients of potential business opportunities; and (13) members of the general public. Below are some issues that must be considered if the Commission adopts an approach that takes a requester's status and need into account. --------------------------------------------------------------------------- \11\ The Commission tentatively plans to add a new section to 18 CFR part 388, following the FOIA regulations. --------------------------------------------------------------------------- 1. Should Federal requesters have ready access to CEII? If a Federal entity is given access where others involved in a case are not, are there ex parte concerns? 2. Should submitters of information be entitled to ready access to CEII regarding their own facilities? What about facility owners? Should it matter whether the information was submitted by the entity or created by the Commission? 3. Should interveners be afforded ready access to CEII? Should persons who have filed motions to intervene that have not been denied be granted the same access as interveners? If the Commission denies access to these requesters, has it effectively denied them an opportunity to participate in the matter? If the Commission grants ready access to CEII to interveners, do its intervener rules at 18 CFR 385.214 need to be revised to require a greater demonstration of interest than currently is required? 4. Should state governments be given ready access to CEII? There is statutory authority for the Commission to share information with state commissions in both the Natural Gas Act and the Federal Power Act. If a state government is given access where others are not, are there ex parte concerns? 5. Should affected landowners who have not intervened be granted access to CEII? If so, should those landowners be defined using the parameters found in existing regulations, such as 18 CFR 4.32(a)(3)(i)(A) and 157.6(d)(2)? If the current regulations contain no obligation to keep the landowner lists updated, how can the Commission later verify that a requester is still an affected landowner since property can be bought and sold at any time? If the Commission cannot craft a satisfactory method of verifying landowners' status, should non-intervener landowners follow the FOIA procedures in 18 CFR 388.108? 6. How should the Commission handle CEII requests from members of the press since it is highly unlikely that members of the press would be willing to abide by a non-disclosure agreement? If media requests cannot be handled under alternative procedures, should media representatives be directed to follow the FOIA procedures in 18 CFR 388.108? 7. How should the Commission treat other third party requesters that want the information for business purposes, e.g., consulting firms that may want the information to sell a product or service or to advise clients on potential business opportunities? Under those circumstances, the third party would be unlikely to enter into a non-disclosure agreement. If this is the case, should they be directed to follow the FOIA procedures in 18 CFR 388.108? 8. How should the Commission treat requests from a party in one proceeding to obtain information filed at the Commission by someone who is not a party in that particular proceeding? D. Verification and Access Issues If the Commission adopts a system where the identity of the requester, the status of the requester, and the requester's need for the information are relevant, the Commission must have a method of verifying the identity and status of the requester. The Commission currently uses an ID and password to verify the identify of filers who make electronic filings using the Internet. It may be possible to use a similar system to verify identities of requesters of CEII. Another issue is whether the form of the request should be relevant in deciding to grant or deny access to CEII. Internet access seems to provide the broadest, easiest access to documents. Written requests for documents to be mailed to a street address provide an increased level of security because the recipient may be traceable through the address. Similarly, requiring a requester to appear in person at the Public Reference Room with identification provides some level of security as well. Questions relating to verification and access are listed below. 1. What type of system should the Commission use to verify that a requester is who he or she purports to be? Options include, among others, use of IDs and passwords, use of personal identification numbers, and use of digital signatures. 2. How should the Commission verify that a particular individual is authorized to request documents on behalf of an organization? Should the organization provide a list of authorized individuals to the Commission, perhaps as part of its intervention? Should the Commission issue the entity an ID and password and leave it up to the organization to determine which of its employees can have the password? 3. Should the level of verification required depend on how the requester is seeking to obtain the information? For example, should a higher level of verification be required when someone is accessing documents over the Internet than when they are filing a written request for the documents? 4. If the Commission eliminated all Internet access to CEII, would that be sufficient protection? E. Non-disclosure Agreements and Limitations on Use of Information One reason that the FOIA is not a useful vehicle for handling requests for CEII is that it does not permit the Commission to place any restrictions on the recipient's use or dissemination of the information. The Commission believes that disclosure of CEII should be restricted to those who have a legitimate need for the information, and that recipients should be under an obligation to protect the information from disclosure. The Commission is considering the extent to which non-disclosure agreements and agreements limiting the use of the CEII are appropriate, especially where the requester has an existing obligation or interest in protecting the CEII. In addition, the Commission is considering a recipient's obligation to dispose of CEII once it is no longer needed. 1. Should a facility applicant, owner, or operator be required to sign a non-disclosure agreement in order to access CEII regarding its own project, or is its interest in protecting the project sufficient to ensure that it will safeguard the information and only share it to the extent necessary? 2. Should representatives of facility owners, applicants, and operators (contractors, insurers, etc.) be required to sign non- disclosure agreements or use limitations as a prerequisite to receiving CEII? Should the Commission rely on the owner, applicant or operator to impose its own conditions on its representative's use and dissemination of the information? 3. Is it preferable for the Commission to direct the requester to negotiate with the submitter for the information wherever possible, or does it make more sense for the Commission to control the disclosure of the information? [[Page 3133]] 4. Is it necessary to have another Federal agency representative sign a non-disclosure agreement in order to access CEII, or does 44 U.S.C. 3510(b) afford adequate assurance that the information will be handled appropriately? \12\ Is there a need to restrict a Federal agency's ability to use CEII outside of the particular Commission proceeding? --------------------------------------------------------------------------- \12\ 44 U.S.C. 3510(b) states that when one Federal agency receives information from another Federal agency, the employees of the recipient agency are subject to all provisions of law relating to unauthorized release of the information that apply to employees of their own agency, as well as those of the agency that supplied the information. --------------------------------------------------------------------------- 5. Should state or local agencies be required to sign non- disclosure agreements as a prerequisite to receiving CEII? Is there a need to restrict the state or local agency's ability to use CEII outside of the particular Commission proceeding? 6. Should Native American Tribal representatives be required to sign non-disclosure agreements as a prerequisite to receiving CEII? Should Tribes' use of CEII be limited to the particular Commission proceeding? 7. Should interveners and those who have sought intervener status be required to sign non-disclosure agreements and use limitations as a prerequisite to receiving CEII? 8. Will media representatives sign non-disclosure agreements and use limitations? If not, should the Commission disseminate CEII to media requesters? 9. Will third party requesters who are seeking the information to sell a product or service or advise clients be willing to sign non-disclosure agreements and use limitations? If not, should the Commission disseminate CEII to such requesters? F. Applicability of FOIA Exemptions The Commission's intended approach on handling CEII is premised on the belief that CEII is exempt from disclosure under the Freedom of Information Act (FOIA), 5 U.S.C. 552, which gives any person the right to obtain Commission records unless the records are protected by an exemption or exclusion. Generally, records released to one requester under the FOIA must be released to all. Additionally, as discussed above, the FOIA does not allow restrictions to be placed on the recipient's use or dissemination of information released under the FOIA. The procedures contemplated above are intended to provide a process whereby the Commission can, on a limited basis, share otherwise exempt information with those with a legitimate need for the information. The fact that information is exempt from disclosure under FOIA usually will not prevent those with a need for the information from getting it, perhaps with limitations on use and disclosure of the information. There are nine exemptions and three law enforcement record exclusions under the FOIA.\13\ In order to protect CEII from unlimited disclosure to anyone who requests it, the Commission must determine that the information is entitled to an exemption or is excluded from the FOIA. It is highly unlikely that an exclusion would apply to CEII. Of the nine exemptions, the Commission believes that the exemptions that are most likely to apply to CEII are Exemptions 2, 4, and 7(F). Exemption 2 protects from disclosure, documents "related solely to the internal personnel rules and practices of an agency." 5 U.S.C. 552(b)(2). Attorney General John Ashcroft's October 12, 2001 memorandum to heads of departments and agencies states that "[a]ny agency assessment of, or statement regarding, the vulnerability of such a critical asset should be protected pursuant to Exemption 2," and continues that "a wide range of information can be withheld under Exemption 2's `circumvention' aspect." Exemption 4 covers "trade secrets and commercial or financial information obtained from a person and privileged or confidential." 5 U.S.C. 552(b)(4). Exemption 7(F) exempts "records or information compiled for law enforcement purposes, but only to the extent that the production of such law enforcement records or information * * * could reasonably be expected to endanger the life or physical safety of any individual." 5 U.S.C. 552(b)(7)(F). Case law has recognized that this may cover civil and administrative law enforcement as well as criminal law enforcement. Below is a list of issues that relate to the applicability of FOIA protection to CEII. --------------------------------------------------------------------------- \13\ Records that fall under an exclusion are not considered subject to FOIA, enabling an agency to state that there are no documents responsive to the FOIA request. --------------------------------------------------------------------------- 1. What types of documents are likely to contain CEII that would be exempt under Exemption 2? 2. Do regulated entities consider CEII to be exempt from disclosure under FOIA Exemption 4 ("trade secrets and commercial or financial information obtained from a person and privileged or confidential")? 3. Can regulated entities articulate likely competitive harm associated with the release of all or some categories of CEII? 4. If the Commission seeks to protect CEII as exempt from disclosure to the general public under FOIA Exemption 4, will the Trade Secrets Act, 18 U.S.C. 1905, limit the Commission's ability to make disclosure to select groups (e.g. interveners) that agree to limit use and dissemination of such information? 5. What types of documents containing CEII are compiled by the Commission for law enforcement purposes that could reasonably be expected to endanger the life or physical safety of individuals? G. Submission of CEII to the Commission The Commission must also determine what direction to give filers on how to identify and submit CEII in future filings. The Commission currently has provisions in 18 CFR 388.112 that specify hard copy and electronic media filing requirements for information for which privileged treatment is sought. At the present time, the Commission is not accepting Internet filing of any documents that require privileged or confidential treatment. See 18 CFR 385.2003(c)(3). We assume that at the time the Commission is prepared to accept such information over the Internet that CEII information will be included as well. Generally, the rules in 18 CFR 388.112 require a filer to submit an unredacted, non-public version of a document as well as a redacted, public version of the same document. The disadvantage to the Commission of this approach is that it takes up more file or disk space because there often is significant overlap between the two documents. An alternative approach would be to permit filers to submit any CEII portions of their document as a separate non-public appendix or attachment to their public, non-redacted filing. This approach may be workable where there are only a few portions of a document that contain CEII, but seems less workable where CEII appears throughout a document. In that case, trying to get the full import of the document would be difficult because the reader would have to continually switch between the public filing and the non- public attachment. 1. Should filers submit CEII using the process in 18 CFR 388.112, i.e., submit a redacted public version and an unredacted non-public version? 2. Should filers be permitted or required to submit CEII as a separate non-public appendix or attachment to a public, non-redacted filing? 3. Should the Commission leave it to the filer's discretion which method to use to distinguish CEII from the public portions of the document? 4. What are the burdens, if any, to filers to any of the various approaches for segregating CEII from public information? H. Challenges to CEII Status of a Document Another issue is how to handle disputes with respect to the determination of whether a document contains CEII. Under the existing regulation at 18 CFR 388.112(d), a submitter is given an opportunity to explain why the document is entitled to non-public treatment. In the event that the Commission determines to release some or all of the information for which privileged treatment is sought, the submitter is notified prior to release as provided for in 18 CFR 388.112(e). 1. Are the procedures in Sec. 388.112 effective for handling challenges to the CEII status of a document? 2. If a FOIA request is filed pursuant to 18 CFR 388.108, should the filer or submitter be given an opportunity to explain why the document is entitled to non-public treatment as provided for in 18 CFR 388.112 (d)? 3. If the Commission disagrees with the submitter's claim that the information is CEII, should the Commission provide notification prior to release as provided for in 18 CFR 388.112(e)? 4. Is a different process called for where there is no FOIA request filed, for instance where a Federal agency requests access to the information? What should the process be? 5. Is a different process called for where the Commission on its own initiative determines that the information is not entitled to CEII status? What should the process be? I. Ex Parte Issues The Administrative Procedures Act and the Commission's Rule 2201, 18 CFR 385.2201, restrict the Commission's ability to transmit or receive CEII off the record if it is relevant to the merits of a contested on-the-record [[Page 3134]] proceeding pending before the Commission. As identified below, issues may arise as to whether certain arrangements for sharing non- public CEII violate the ex parte rules. 1. As long as the Commission is willing to provide CEII to all participants who are willing to abide by use and disclosure restrictions, is there any ex parte concern? 2. Is it possible to share CEII with some entities (Federal agencies, for instance), and not share the same information with others (interveners, for instance)? Are there situations where this might be necessary? Should the entity receiving the information be required to agree not to intervene or file comments in the docket, thereby negating the possibility of the CEII being used to attempt to influence the outcome in the matter? V. Guidance for Filings in the Interim As noted, the Commission is using this opportunity to provide guidance to the companies whose facilities could be the targets of terrorist attacks with respect to the approach they may use in making filings with the Commission. Between now and the effective date of a final decision in Docket No. RM02-4, these companies may seek confidential treatment of filings or parts of filings which, in their opinion, contain critical energy infrastructure information (CEII). Granted, this Notice is intended to initiate the public debate as to what CEII means for the purpose of the Commission's regulatory responsibilities, so this guidance may seem to be jumping ahead of that debate. But in the interim, the Commission believes that the public will be better protected if companies whose existing facilities and operations are potentially in harm's way have the discretion to seek protection of information which, in their opinion, could increase the risk for those facilities and operations. For that purpose, companies are directed to follow the procedures in 18 CFR 388.112, and also clearly note "PL02-1" on the first page of the document. The Commission recognizes that as a result of this guidance companies may seek confidential treatment of documents or parts of documents that would otherwise be readily available to all members of the public, either as a matter of practice or as a matter of law (specifically, a Commission regulation). Therefore, companies seeking confidential treatment of documents or parts of documents must include in their request for such treatment an explanation of why they believe the information warrants confidential treatment (as required by 18 CFR 385.112) and, if disclosure of the information is otherwise required to be public by regulation, they must also seek a waiver of the relevant regulation. Axiomatically, the Commission cannot by this guidance amend, without notice and comment, any of its regulations. As is the practice under 18 CFR 383.112, however, the Commission will honor all requests for confidential treatment, and make the information public only if someone else seeks the information and the Commission finds that information does not fit within an exemption under FOIA. Likewise, if the information would otherwise be required to be public by regulation, the Commission will maintain the non-public status of the information while it considers the waiver request, and make the information public only if it finds that a waiver is not warranted. Submitters are advised that, at present, the Commission is not protecting information related to proposed facilities prior to issuance of a certificate or license. VI. Public Comment Procedure The Commission invites interested persons to submit written responses on the matters and issues discussed in this Notice to be adopted, including any related matters or alternative proposals that respondents may wish to discuss. Responses are due March 11, 2002. Responses may be filed either in paper format or electronically. Those filing electronically do not need to make a paper filing. To facilitate the Commission's review of the responses, respondents are requested to identify each specific question to which their response is directed and to correspond the responses to the outline in the Notice. Additional issues the respondents wish to raise should be identified separately. Respondents should double space their responses. Responses may be filed on paper or electronically via the Internet. Those filing electronically do not need to make a paper filing. For paper filings, the original and 14 copies of such responses should be submitted to the Office of the Secretary, Federal Energy Regulatory Commission, 888 First Street, NE., Washington DC 20426 and should refer to Docket Nos. RM02-4-000 and PL02-1-000. Documents filed electronically via the Internet must be prepared in WordPerfect, MS Word, Portable Document Format, or ASCII format. To file the document, access the Commission's Web site at www.ferc.gov and click on "Make An E-Filing," and then follow the instructions for each screen. First time users will have to establish a user name and password. The Commission will send an automatic acknowledgment to the sender's e-Mail address upon receipt of comments. User assistance for electronic filing is available at 202-208-0258 or by e-Mail to efiling@ferc.fed.us. Responses should not be submitted to the e-Mail address. Any person who uses the non-public appendix to respond to the questions in this Notice are directed to file two versions of the responses, a redacted public version and a non-redacted non-public version. The redacted version must exclude any reference to the particulars of the appendix, and will be made available to the public. The non-redacted version will be kept confidential. Persons are further directed to note plainly on their responses: "Redacted" and "Non-Redacted." Anyone referencing information from the non-public appendix must make a paper filing; the Commission currently is not accepting non-public (confidential, privileged or protected) filings electronically via the Internet. Public versions of responses will be placed in the Commission's public files and will be available for inspection in the Commission's Public Reference Room at 888 First Street, NE., Washington DC 20426, during regular business hours. Additionally, all public versions of responses may be viewed, printed, or downloaded remotely via the Internet through FERC's Homepage using the RIMS link. User assistance for RIMS is available at 202-208- 2222, or by e-Mail to rimsmaster@ferc.fed.us. VII. Document Availability In addition to publishing the full text of this document (without the non-public appendix) in the Federal Register, the Commission also provides all interested persons an opportunity to inspect or copy the contents of this document (without the non- public appendix) during normal business hours in the Commission's Public Reference Room at 888 First Street, NE., Room 2A, Washington, DC 20426. (See below for the process to use to obtain a copy of the non-public appendix.) Additionally, responses may be viewed and printed remotely via the Internet through FERC's Home page (http:// www.ferc.gov) and in FERC's Public Reference Room during normal business hours (8:30 a.m. to 5:00 p.m. Eastern time) at 888 First Street, NE., Room 2A, Washington, DC 20426. The Commission's Issuance Posting System (CIPS) provides access to the texts of formal documents issued by the Commission from November 14, 1994, to the present. CIPS can be accessed via Internet through FERC's Home page (http://www.ferc.gov) using the CIPS link or the Energy Information Online icon. Documents will be available on CIPS in ASCII and Word Perfect 6.1. User assistance is available at (202) 208-0874 or e-mail to cips.master@ferc.fed.us. The document (without the non-public appendix) is also available through the Commission's Records and Information Management System (RIMS), an electronic storage and retrieval system of documents submitted and issued by the Commission after November 16, 1981. Documents from November 1995 to the present can be viewed and printed. RIMS is available in the Public Reference Room or remotely via the Internet through FERC's Home Page using the RIMS link or Energy Information Online icon. User assistance is available at (202) 208-2222, or by e-mail to rims.master@ferc.fed.us. Finally the complete text of the document (without the non- public appendix) on diskette in Word Perfect format may be purchased from the Commission's copy contractor, RVJ International, Inc., which is located in the Public Reference Room at 888 First Street, NE., Room 2A, Washington, DC 20426. The non-public appendix will be available subject to request and signing a non-disclosure statement. Specifically, any person who wants a copy of the non-public appendix must file a request for the appendix by February 7, 2002 with the Office of the Secretary. This request must explain the person's interest in the proceeding. The person wanting a copy of the non-public appendix must also sign a non-disclosure statement, which will limit the use of the appendix to responding to this Notice. Procedurally, the Office of the Secretary will transmit all requests for the non-public appendix to the Office of the General Counsel, General and Administrative Law, which will process the requests [[Page 3135]] expeditiously to enable timely responses to this Notice. By direction of the Commission. Linwood A. Watson, Jr., Acting Secretary. [FR Doc. 02-1614 Filed 1-22-02; 8:45 am] BILLING CODE 6717-01-P