[Federal Register: January 23, 2002 (Volume 67, Number 15)]
[Proposed Rules]
[Page 3129-3135]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF ENERGY
Federal Energy Regulatory Commission
18 CFR Part 388
[Docket Nos. RM02-4-000 and PL02-1-000]
Notice of Inquiry and Guidance for Filings in the Interim
January 16, 2002.
AGENCY: Federal Energy Regulatory Commission.
ACTION: Notice of Inquiry.
-----------------------------------------------------------------------
SUMMARY: The Federal Energy Regulatory Commission (Commission) is
considering whether to revise its rules to address public availability
of critical energy infrastructure information. The Commission issued a
policy statement in Docket No. PL02-1-000 on October 11, 2001 (66 FR
52917, October 18, 2001), removing from easy public access previously
public documents that detail the specifications of energy facilities
licensed or certificated by the Commission. The policy statement
directed requesters seeking this information to follow the Freedom of
Information Act procedures found at 18 CFR 388.108. This Notice of
Inquiry will assist the Commission in determining what changes, if any,
should be made to its regulations to restrict unfettered general public
access to critical energy infrastructure information, but still permit
those with a need for the information to obtain it in an efficient
manner.
EFFECTIVE DATES: Responses must be submitted on or before March 11,
2002. Requests for copies of the non-public appendix must be filed on
or before February 7, 2002.
ADDRESSES: Office of the Secretary, Federal Energy Regulatory
Commission, 888 First Street, NE., Washington, DC 20426.
FOR FURTHER INFORMATION CONTACT: Carol C. Johnson, Office of the
General Counsel, Federal Energy Regulatory Commission, 888 First
Street, NE., Washington, DC 20426, (202) 208-0457.
SUPPLEMENTARY INFORMATION:
I. Introduction
The Federal Energy Regulatory Commission is initiating an inquiry
into the appropriate treatment of previously public documents in the
aftermath of the September 11, 2001 terrorist attacks on the United
States of America. Accordingly, this Notice sets forth the Commission's
general views on how it intends to treat those documents, and asks
specific questions on the scope and implications of maintaining the
confidentiality of certain documents that previously had been made
public but removed from easy public access under the Policy Statement
issued in Docket No. PL02-1-000 on October 11, 2001 (Policy Statement).
See 97 FERC para. 61,030. The major matter that this Notice addresses
is the reconciliation of the Commission's regulatory responsibilities
under its enabling statutes and Federal environmental laws and the need
to protect the safety and well being of American citizens from attacks
on our nation's energy infrastructure.
By definition, this Notice does not propose any specific changes to
the Commission's regulations, but it does reflect what the Commission
may consider doing in the future. As an initial matter, the Commission
believes that the process under the Freedom of Information Act, 5
U.S.C. 552 (FOIA), which the Policy Statement established as the means
for requesting previously public documents in the short run, is not
well suited in the long run for handling most requests for this
critical energy infrastructure information (CEII).\1\ Therefore, the
questions posed in the Notice are premised on the Commission's
processing most CEII requests outside of the FOIA procedures. The
Commission also believes that the scope of the Policy Statement should
probably be maintained, viz., that limiting access to CEII should be
confined to certificated, licensed, or constructed projects. Put
another way, the Commission currently intends that information
contained in or related to proposed projects should be available as
before October 11, 2001. (Care would have to be taken to the extent the
information detailed existing facilities.) Otherwise, the
implementation of the environmental laws may be impeded or the
processing of certificate or license applications may be unduly
complicated. Nevertheless, the Notice asks specific questions as to the
correctness of this approach. The Commission emphasizes that its
intention here is to address how the public with a need for certain
documents obtains access to those documents, not whether they should
have access to them.
---------------------------------------------------------------------------
\1\ Assuming that much of the information identified as CEII
will be exempt from mandatory disclosure under FOIA, using FOIA as
the exclusive mechanism for determining release would mean that
people with a need for the information might be denied access to
exempt information. In any event, under FOIA, the agency may not
consider a requester's particular need for the information.
Moreover, once release is made to one requester under FOIA, release
is generally avaialble to all requesters, and if information is
released pursuant to FOIA, the agency may not restrict the
recipient's use or dissemination of that information. Therefore, if
the Commission wishes to make otherwise exempt information available
to a requester based on the requester's need for the information, or
wishes to limit the recipient's use and dissemination of the
information, it must do so outside of the confines of the FOIA.
---------------------------------------------------------------------------
As a separate matter, the Commission is using this opportunity to
provide guidance on making filings with the Commission to the companies
whose facilities could be the targets of terrorist attacks. Between now
and the effective date of a final decision in Docket No. RM02-4-000,
these companies may seek confidential treatment of filings or parts of
filings which in their opinion contain CEII. For this purpose, they are
directed to follow the procedures in 18 CFR 388.112, and also clearly
note "PL02-1" on the first page of the document.
II. Background
The September 11, 2001 terrorist attacks prompted the Commission to
issue a policy statement on October 11, 2001, in PL02-1-000, addressing
the treatment of previously public documents. See 97 FERC
para.61,030.\2\ The
[[Page 3130]]
Commission announced there that it would no longer make available to
the public through its Internet site, the Records and Information
Management System (RIMS), or the Public Reference Room, documents such
as oversized maps that detail the specifications of energy facilities
already licensed or certificated under Part I of the Federal Power Act,
16 U.S.C. 719a, et seq., and section 7 (c) of the Natural Gas Act, 15
U.S.C. 717f(c), respectively. Rather, anyone requesting such documents
was directed to follow the procedures set forth in 18 CFR 388.108
(Requests for Commission records not available through the Public
Reference Room (FOIA Requests)). The Policy Statement also instructed
staff to report back to the Commission within 90 days on the impact of
this newly announced policy on the agency's business. This Notice
reflects staff's report.
---------------------------------------------------------------------------
\2\ Shortly after the attacks, the Commission issued another
policy statement in Docket No. PL01-6-000, in which it provided
guidance to regulated companies regarding extraordinary expenditures
necessary to safeguard national energy supplies. See 96 FERC
para.61,299 (2001). The Commission recognized there that electric,
gas, and oil companies may need to adopt new procedures, update
existing procedures, and install facilities to further safeguard
their systems, and that these efforts might result in extraordinary
expenditures. The Commission assured these companies that it would
give its highest priority to processing any filing made for the
recovery of such expenditures.
---------------------------------------------------------------------------
The Commission was not alone in its reaction to protecting
sensitive information. The Associated Press reported on October 12,
2001, that "Federal agencies are scrutinizing their Web sites and
removing any information they believe terrorists might use to plot
attacks against the nation. Federal agencies have been reviewing their
sites in the wake of the terrorist attacks." The report referred to
action by the Nuclear Regulatory Commission, the Environmental
Protection Agency, the Centers for Disease Control and Prevention, and
the United States Department of Transportation Office of Pipeline
Safety. Along the same lines, the United States Department of Justice
pointed out a short time later:
In light of those events [of September 11, 2001], and the
possibilities for further terrorist activity in their aftermath,
federal agencies are concerned with the need to protect critical
systems, facilities, stockpiles, and other assets from security
breaches and harm--and in some instances from their potential use as
weapons of mass destruction in and of themselves. Such protection
efforts, of course, must at the same time include the protection of
any agency information that could enable someone to succeed in
causing the feared harm.
www.usdoj.gov/oip/foiapost/2001foiapost19.htm.\3\ Subsequently, in
early November, the Department of Energy Office of Environment,
Safety and Health blocked all access to environmental assessments
and environmental impact statements and related documents published
on the Department's National Environmental Policy Act Web site.
---------------------------------------------------------------------------
\3\ This statement accompanied the issuance of a FOIA memorandum
to the heads of all Federal departments and agencies from Attorney
General John Ashcroft on October 12, 2001. This memorandum
emphasized the Bush Adminstration's commitment to full compliance
with FOIA as an important means of maintaining an open and
accountable system of government. At the same time, it recognized
the importance of protecting the sensitive institutional,
commercial, and personal interests that can be implicated in
government records--such as the need to safeguard national security,
to maintain law enforcement effectiveness, to respect business
confidentiality, to protect internal agency deliberations, and to
preserve personal privacy.
---------------------------------------------------------------------------
Since September 11, 2001, our country fortunately has not
experienced any attacks as devastating as the ones experienced on
that day. On at least three occasions, however, the Attorney General
of the United States put the country on high alert because of
threatened terrorist attacks.\4\ The Federal Bureau of Investigation
has likewise warned oil and gas companies throughout the United
States and Canada to be on the highest alert. Under these
circumstances, the Commission finds that the concerns about threats
to the energy infrastructure over which it has regulatory
responsibilities still exist, and that the Commission must proceed
to examine its policy and any related regulations on making
information about that infrastructure available to the public. The
Commission emphasizes, however, that in no way is it proposing to
prevent or otherwise impede the public from having access to
information it needs in order to respond to applications and other
proposals from the regulated companies. This Notice is not intended
to address whether the public with such a need has access to certain
documents; rather, it is intended to address how the public with
such a need will have access to certain documents.
---------------------------------------------------------------------------
\4\ Since September 11, 2001, the United States government has
issued a total of four warnings--three official warnings and one
unofficial warning. On October 11, 2001, Attorney General John
Ashcroft issued the first official warning of possible attacks. He
again issued an official warning on October 29, 2001. On December 3,
2001, Tom Ridge, Director of Homeland Security, issued the third
official warning because Attorney General Ashcroft was out of town.
This third warning, which was to be in effect throughout the holiday
season, was extended on January 2, 2002 to last through March 11,
2002. As most relevant here, in late November 2001, Attorney General
Ashcroft warned of an uncorroborated report of a possible terrorist
threat against natural gas pipelines. Accordingly, the American
Petroleum Institute, the lead industry group coordinating with the
FBI and Energy Department on security matters, issued a warning to
oil and gas companies.
---------------------------------------------------------------------------
III. Implementation of Policy Statement
A brief overview of the Commission's experience since issuance
of the Policy Statement may help to understand the instant task
better, because this Notice is understandably informed by that
experience. To implement the policy, the Commission's staff first
disabled RIMS access to all oversized documents, which frequently
contain detailed infrastructure information and also removed them
from the Public Reference Room. Staff next identified and disabled
or denied access to other types of documents dealing with licensed
hydropower projects, certificated natural gas pipelines, and
electric transmission lines that appeared to include critical
infrastructure information. This effort, which was undertaken as
cautiously and methodically as possible, affected tens of thousands
of documents.
As of January 3, 2002, the treatment of previously public
documents as non-public generated twenty-five FOIA requests. Most of
these requests are pending, as the time for responding is still
running or has been tolled because the Commission sent letters to
the submitters of the information for their views on the
applicability of the FOIA exemptions. See CFR 385.112(d). In one
instance, however, the FOIA request was mooted, because the
Commission provided the document to the requester outside the FOIA
process. The requester was a pipeline applicant who sought a non-
published environmental assessment that was referenced in the order
issuing the applicant a certificate. As the applicant, the requester
was a unique member of the public, who had to have the environmental
assessment to decide whether to accept the certificate, and, if so,
how to comply with its terms. Moreover, a company whose facilities
were intended to be protected from terrorist attacks by the Policy
Statement could fairly be assumed to treat any sensitive information
contained in the environmental assessment in the same way that the
Commission would, that is, to protect it from getting into the hands
of terrorists. Therefore, the company's request was handled outside
the FOIA process.\5\
---------------------------------------------------------------------------
\5\ Two other FOIA requests were likewise mooted. One involved a
request from a law firm representing a regulated company, which no
longer had a particular map filed previously by its client. This
request was handled outside of FOIA as it concerned a request from a
company for its own material. The other request was made by an
intervener in a certificate proceeding. In this case, the pipeline
applicant provided the information directly to the requester.
---------------------------------------------------------------------------
As a separate matter, since the issuance of the Policy
Statement, the Commission has also entertained a request from a
company to remove what in its view was critical infrastructure
information which had not been removed from public access as part of
the staff's efforts to implement the policy on previously public
documents. Williston Basin Interstate Pipeline Company filed revised
tariff sheets on November 30, 2001, to remove the system maps from
its tariff, and requested a waiver of 18 CFR 154.106 to do so.\6\
The Commission denied Williston Basin's specific proposal as
unnecessary because it construed the proposal as a request for
confidential treatment of those particular sheets in its tariff, and
granted that request. See Williston Basin Interstate Pipeline
Company, 97 FERC para. 61,369 (2001). The Commission reasoned that
this action would allow it to have the information needed to fulfill
its regulatory obligations, while at the same time satisfying
Williston Basin's desire
[[Page 3131]]
to keep the maps out of the public domain for safety purposes. Id.
at __, slip op. at 2. The Commission further took into account that
customers or prospective customers of Williston Basin will be able
to obtain a copy of the map directly from the pipeline company. Id.
---------------------------------------------------------------------------
\6\ Section 154.106 requires each natural gas pipeline to
display a system map in its tariff and to update its maps annually
to reflect any major changes in facilities.
---------------------------------------------------------------------------
IV. Questions for Response
A. Legal Authority to Protect CEII
To reiterate, the Commission's goal is not to alter in any way
the public's right to access documents that they need to participate
in a meaningful way in Commission proceedings. For this reason, for
example, the proposed location of new gas pipeline facilities would
not be restricted from public access or involvement. Likewise, the
Commission does not want to prevent the general public, including
the press, from accessing information to understand better how the
Commission operates. The Commission must balance these goals against
legitimate concerns about the integrity of the nation's energy
infrastructure. For this purpose, the Commission believes it is
necessary to devise procedures for the public to access CEII. To do
so, the Commission starts with the premise that any information it
collects will generally be publicly available. That is consistent
with the scheme of its enabling statutes, which are grounded in
public participation in reviewing companies' rates and terms and
conditions of service and in processing their certificate and
license applications. See, e.g., section 4(c) of the Natural Gas
Act, 15 U.S.C. 717c; section 205 of the Federal Power Act, 16 U.S.C.
824d. Nonetheless, the Commission's enabling statutes do not appear
to prohibit the Commission from devising procedures to control the
public's access to CEII. On the other hand, the Commission's
regulations or policies may foreclose such procedures to the extent
they require certain CEII to be made public and foreclose their
being treated confidentially.
For example, there may be an anomaly in the Commission's
maintaining the confidentiality of CEII, such as oversized, detailed
system maps (which show not only the proposed facilities, but their
relationship to existing facilities), but still requiring companies
to maintain a public file of all relevant documents at a suitable
location or locations outside of FERC. See 18 CFR 157.10. Similarly,
the Commission requires pipeline applicants to make a good faith
effort to place materials in a location that provides maximum
accessibility to the public, and to make available complete copies
of their applications in accessible central locations in each county
throughout the project area, either in paper or electronic format,
within three business days of the date a filing is issued a docket
number. See 18 CFR 157.10(b)(2) and (c).
Under these circumstances, as a threshold matter, the Commission
must decide whether any of its current regulations or policies need
to be revised in order to implement changes in the way the public
accesses CEII.\7\ To assist this inquiry, the Commission is
attaching to this Notice, as a non-public appendix, a list of
previously public documents, which are likely candidates for
consideration as CEII.\8\ The Commission requests that respondents
distinguish as much as possible in their answers between the legal
implications for proposed projects versus operational projects. See
B.4. below.
---------------------------------------------------------------------------
\7\ As separate matter, the Commission is aware of at least six
pieces of legislation that have been introduced in the First Session
of the 107th Congress, including S. 1407, S. 1456, S. 1529, S. 1534,
H.R. 1292, and H.R. 1158. The Commission does not believe, however,
that it needs a change in its legislative mandate to proceed with
this Notice. That is not to stay, of course, that it would not
welcome guidance from the Congress on these matters.
\8\ The procedures to obtain a copy of the non-public appendix
are set forth at the end of this Notice in the section entitled
"Document Availability."
---------------------------------------------------------------------------
Against this backdrop, the Commission seeks responses to the
following questions:
1. Are there statutory impediments to protecting CEII under the
following:
a. Natural Gas Act, 15 U.S.C. 717, et seq.;
b. Federal Power Act, 16 U.S.C. 791a, et seq.;
c. FERC's other enabling statutes;
d. National Environmental Policy Act, 42 U.S.C. 4321-4370d; or
e. Substantive environmental laws?
2. Are there regulatory impediments to protecting CEII?
a. What changes, if any, are required to the Commission's own
regulations to enable it to protect CEII adequately?
b. What changes, if any, are required to the Commission's
regulations to enable regulated entities to protect CEII?
c. Are there non-FERC regulations that impair the Commission's
or the regulated companies' ability to protect CEII adequately?
d. Do Order Nos. 608 \9\ and 609 \10\ create any impediment if
the Commission defines CEII to include only information regarding
licensed or certificated projects?
---------------------------------------------------------------------------
\9\ "Collaborative Procedures for Energy Facility
Applications," Order No. 608, 64 FR 51209 (September 22, 1999);
FERC Statutes and Regulations, Regulations Preambles July 1996--
December 2000, para. 31,080 (September 15, 1999), order on reh'g,
Order No. 608-A, 65 FR 65752 (November 2, 2000); FERC Statutes and
Regulations, Regulations Preambles July 1996-December 2000, para.
31,110 (October 27, 2000).
\10\ "Landowner Notification, Expanded Categorical Exclusions,
and Other Environmental Filing Requirements," Order No. 609, 64 FR
57374 (October 25, 1999), FERC Statutes and Regulations, Regulations
Preambles July 1996-December 2000, para. 31,082 (October 13, 1999),
order on reh'g, Order No. 609-A, 65 FR 15234 (March 22, 2000), FERC
Statutes and Regulations, Regulations Preambles July 1996-December
2000, para. 31,095 (March 16, 2000).
---------------------------------------------------------------------------
B. Definition of Critical Energy Infrastructure Information (CEII)
A major issue throughout the past three months has been
identifying information that warrants protection in light of the
September 11 events. After the issuance of the Policy Statement, the
Commission removed from ready public access documents "that detail
the specifications of energy facilities licensed or certificated
under part I of the Federal Power Act * * * and section 7(c) of the
Natural Gas Act. * * *" Since that time, the Commission has
recognized that there may be additional information that warrants
protection as well, for instance, information relating to the
transmission of electricity. The Commission must develop a workable
definition of CEII that is broad enough to encompass information
useful to would-be terrorists in planning a terrorist attack,
without removing from the public domain information that poses
little to no risk. The definition will guide submitters of
information and Commission staff reviewing such submissions in
determining whether or not the information should be freely
available to the general public.
Below is a list of questions that may assist the Commission in
devising a consistent method of identifying CEII.
1. What are the primary considerations that the Commission
should use to determine which information should be protected?
Should the Commission only protect information relating to certain
critical components of the infrastructure? If so, how does it
identify such components? If information is removed only for those
identified facilities, will that highlight critical facilities for
would-be terrorists?
2. Should CEII include all information related to locations of
existing facilities? Does the scale of the map make a difference?
Should the Commission protect location information only where a map
provides exact location of facilities (e.g., longitude and latitude,
or map coordinates)? What if the information is otherwise publicly
available from another source, e.g., a commercial map?
3. Aside from location, what additional types of information may
warrant protection (i.e., removal from existing systems where
possible, or redaction from future filings)?
a. Diameter, throughput and pressure information relating to gas
pipelines?
b. System constraints for both gas and electric transmission
systems?
c. Supply lines to critical facilities (hospitals, military
installations, government facilities, etc.)?
d. Number of retail customers served by a particular portion of
the infrastructure?
e. Redundancy or lack of redundancy in the system?
f. Compressor station layouts and layouts of other above-ground
facilities?
g. Location of critical components, e.g. shut off valves?
h. Inundation information and other similar information that
details areas likely to be affected by a failure in the system?
i. Vulnerability/risk assessments and other information that may
provide insights into vulnerabilities in the infrastructure?
j. Emergency Action Plans or other documents detailing steps to
be taken in the event of an emergency involving a facility?
4. Should the restrictions be limited to existing projects or
should they be extended to proposed projects or extensions?
a. What are the legal impediments and practical difficulties
associated with extending the restrictions to pending projects?
b. How should the Commission handle hydropower relicensing
situations where there is a need for public participation, and
[[Page 3132]]
also a risk that an existing facility could be endangered by release
of certain information?
c. How should the Commission handle situations where documents
relating to a yet-to-be-approved project contain CEII relating to
existing facilities? Can those portions be removed and still permit
effective public participation in the process? Is there an effective
way to limit access to those with a need for the information?
d. If CEII related to proposed projects is not restricted during
the licensing/certificate stage, at what point in the process should
the information no longer be readily available to the public?
(1) Once the Commission issues the license/certificate?
(2) When a pipeline applicant accepts the certificate or when it
commences construction?
(3) When a hydropower licensee or exemptee commences
construction?
(4) After construction is completed, or any operational portion
is completed?
(5) When rehearing period or appeal period has run or all
rehearings or appeals have been decided?
C. Requester's Status and Need for the Information
At present, the Commission is considering an approach that would
strive to process most requests for CEII outside of the FOIA
process.\11\ As part of this approach, requesters may be subject to
different procedures and entitled to more or less information,
depending on their status and their need for the information. The
Commission has identified the following categories of potential
requesters: (1) Federal government entities, including Congress; (2)
state governments; (3) local governments; (4) Native American
Tribes; (5) submitters of CEII; (6) parties seeking CEII relating to
their own project or facility; (7) representatives of submitters or
parties seeking information relating to their client's own project
or facility; (8) interveners; (9) those who have sought, but have
not yet been granted, intervener status; (10) landowners and
landowner groups; (11) media representatives; (12) third-party
requesters who want the information for a business purpose such as
selling a product or service or advising clients of potential
business opportunities; and (13) members of the general public.
Below are some issues that must be considered if the Commission
adopts an approach that takes a requester's status and need into
account.
---------------------------------------------------------------------------
\11\ The Commission tentatively plans to add a new section to 18
CFR part 388, following the FOIA regulations.
---------------------------------------------------------------------------
1. Should Federal requesters have ready access to CEII? If a
Federal entity is given access where others involved in a case are
not, are there ex parte concerns?
2. Should submitters of information be entitled to ready access
to CEII regarding their own facilities? What about facility owners?
Should it matter whether the information was submitted by the entity
or created by the Commission?
3. Should interveners be afforded ready access to CEII? Should
persons who have filed motions to intervene that have not been
denied be granted the same access as interveners? If the Commission
denies access to these requesters, has it effectively denied them an
opportunity to participate in the matter? If the Commission grants
ready access to CEII to interveners, do its intervener rules at 18
CFR 385.214 need to be revised to require a greater demonstration of
interest than currently is required?
4. Should state governments be given ready access to CEII? There
is statutory authority for the Commission to share information with
state commissions in both the Natural Gas Act and the Federal Power
Act. If a state government is given access where others are not, are
there ex parte concerns?
5. Should affected landowners who have not intervened be granted
access to CEII? If so, should those landowners be defined using the
parameters found in existing regulations, such as 18 CFR
4.32(a)(3)(i)(A) and 157.6(d)(2)? If the current regulations contain
no obligation to keep the landowner lists updated, how can the
Commission later verify that a requester is still an affected
landowner since property can be bought and sold at any time? If the
Commission cannot craft a satisfactory method of verifying
landowners' status, should non-intervener landowners follow the FOIA
procedures in 18 CFR 388.108?
6. How should the Commission handle CEII requests from members
of the press since it is highly unlikely that members of the press
would be willing to abide by a non-disclosure agreement? If media
requests cannot be handled under alternative procedures, should
media representatives be directed to follow the FOIA procedures in
18 CFR 388.108?
7. How should the Commission treat other third party requesters
that want the information for business purposes, e.g., consulting
firms that may want the information to sell a product or service or
to advise clients on potential business opportunities? Under those
circumstances, the third party would be unlikely to enter into a
non-disclosure agreement. If this is the case, should they be
directed to follow the FOIA procedures in 18 CFR 388.108?
8. How should the Commission treat requests from a party in one
proceeding to obtain information filed at the Commission by someone
who is not a party in that particular proceeding?
D. Verification and Access Issues
If the Commission adopts a system where the identity of the
requester, the status of the requester, and the requester's need for
the information are relevant, the Commission must have a method of
verifying the identity and status of the requester. The Commission
currently uses an ID and password to verify the identify of filers
who make electronic filings using the Internet. It may be possible
to use a similar system to verify identities of requesters of CEII.
Another issue is whether the form of the request should be
relevant in deciding to grant or deny access to CEII. Internet
access seems to provide the broadest, easiest access to documents.
Written requests for documents to be mailed to a street address
provide an increased level of security because the recipient may be
traceable through the address. Similarly, requiring a requester to
appear in person at the Public Reference Room with identification
provides some level of security as well. Questions relating to
verification and access are listed below.
1. What type of system should the Commission use to verify that
a requester is who he or she purports to be? Options include, among
others, use of IDs and passwords, use of personal identification
numbers, and use of digital signatures.
2. How should the Commission verify that a particular individual
is authorized to request documents on behalf of an organization?
Should the organization provide a list of authorized individuals to
the Commission, perhaps as part of its intervention? Should the
Commission issue the entity an ID and password and leave it up to
the organization to determine which of its employees can have the
password?
3. Should the level of verification required depend on how the
requester is seeking to obtain the information? For example, should
a higher level of verification be required when someone is accessing
documents over the Internet than when they are filing a written
request for the documents?
4. If the Commission eliminated all Internet access to CEII,
would that be sufficient protection?
E. Non-disclosure Agreements and Limitations on Use of Information
One reason that the FOIA is not a useful vehicle for handling
requests for CEII is that it does not permit the Commission to place
any restrictions on the recipient's use or dissemination of the
information. The Commission believes that disclosure of CEII should
be restricted to those who have a legitimate need for the
information, and that recipients should be under an obligation to
protect the information from disclosure. The Commission is
considering the extent to which non-disclosure agreements and
agreements limiting the use of the CEII are appropriate, especially
where the requester has an existing obligation or interest in
protecting the CEII. In addition, the Commission is considering a
recipient's obligation to dispose of CEII once it is no longer
needed.
1. Should a facility applicant, owner, or operator be required
to sign a non-disclosure agreement in order to access CEII regarding
its own project, or is its interest in protecting the project
sufficient to ensure that it will safeguard the information and only
share it to the extent necessary?
2. Should representatives of facility owners, applicants, and
operators (contractors, insurers, etc.) be required to sign non-
disclosure agreements or use limitations as a prerequisite to
receiving CEII? Should the Commission rely on the owner, applicant
or operator to impose its own conditions on its representative's use
and dissemination of the information?
3. Is it preferable for the Commission to direct the requester
to negotiate with the submitter for the information wherever
possible, or does it make more sense for the Commission to control
the disclosure of the information?
[[Page 3133]]
4. Is it necessary to have another Federal agency representative
sign a non-disclosure agreement in order to access CEII, or does 44
U.S.C. 3510(b) afford adequate assurance that the information will
be handled appropriately? \12\ Is there a need to restrict a Federal
agency's ability to use CEII outside of the particular Commission
proceeding?
---------------------------------------------------------------------------
\12\ 44 U.S.C. 3510(b) states that when one Federal agency
receives information from another Federal agency, the employees of
the recipient agency are subject to all provisions of law relating
to unauthorized release of the information that apply to employees
of their own agency, as well as those of the agency that supplied
the information.
---------------------------------------------------------------------------
5. Should state or local agencies be required to sign non-
disclosure agreements as a prerequisite to receiving CEII? Is there
a need to restrict the state or local agency's ability to use CEII
outside of the particular Commission proceeding?
6. Should Native American Tribal representatives be required to
sign non-disclosure agreements as a prerequisite to receiving CEII?
Should Tribes' use of CEII be limited to the particular Commission
proceeding?
7. Should interveners and those who have sought intervener
status be required to sign non-disclosure agreements and use
limitations as a prerequisite to receiving CEII?
8. Will media representatives sign non-disclosure agreements and
use limitations? If not, should the Commission disseminate CEII to
media requesters?
9. Will third party requesters who are seeking the information
to sell a product or service or advise clients be willing to sign
non-disclosure agreements and use limitations? If not, should the
Commission disseminate CEII to such requesters?
F. Applicability of FOIA Exemptions
The Commission's intended approach on handling CEII is premised
on the belief that CEII is exempt from disclosure under the Freedom
of Information Act (FOIA), 5 U.S.C. 552, which gives any person the
right to obtain Commission records unless the records are protected
by an exemption or exclusion. Generally, records released to one
requester under the FOIA must be released to all. Additionally, as
discussed above, the FOIA does not allow restrictions to be placed
on the recipient's use or dissemination of information released
under the FOIA. The procedures contemplated above are intended to
provide a process whereby the Commission can, on a limited basis,
share otherwise exempt information with those with a legitimate need
for the information. The fact that information is exempt from
disclosure under FOIA usually will not prevent those with a need for
the information from getting it, perhaps with limitations on use and
disclosure of the information.
There are nine exemptions and three law enforcement record
exclusions under the FOIA.\13\ In order to protect CEII from
unlimited disclosure to anyone who requests it, the Commission must
determine that the information is entitled to an exemption or is
excluded from the FOIA. It is highly unlikely that an exclusion
would apply to CEII. Of the nine exemptions, the Commission believes
that the exemptions that are most likely to apply to CEII are
Exemptions 2, 4, and 7(F). Exemption 2 protects from disclosure,
documents "related solely to the internal personnel rules and
practices of an agency." 5 U.S.C. 552(b)(2). Attorney General John
Ashcroft's October 12, 2001 memorandum to heads of departments and
agencies states that "[a]ny agency assessment of, or statement
regarding, the vulnerability of such a critical asset should be
protected pursuant to Exemption 2," and continues that "a wide
range of information can be withheld under Exemption 2's
`circumvention' aspect." Exemption 4 covers "trade secrets and
commercial or financial information obtained from a person and
privileged or confidential." 5 U.S.C. 552(b)(4). Exemption 7(F)
exempts "records or information compiled for law enforcement
purposes, but only to the extent that the production of such law
enforcement records or information * * * could reasonably be
expected to endanger the life or physical safety of any
individual." 5 U.S.C. 552(b)(7)(F). Case law has recognized that
this may cover civil and administrative law enforcement as well as
criminal law enforcement. Below is a list of issues that relate to
the applicability of FOIA protection to CEII.
---------------------------------------------------------------------------
\13\ Records that fall under an exclusion are not considered
subject to FOIA, enabling an agency to state that there are no
documents responsive to the FOIA request.
---------------------------------------------------------------------------
1. What types of documents are likely to contain CEII that would
be exempt under Exemption 2?
2. Do regulated entities consider CEII to be exempt from
disclosure under FOIA Exemption 4 ("trade secrets and commercial or
financial information obtained from a person and privileged or
confidential")?
3. Can regulated entities articulate likely competitive harm
associated with the release of all or some categories of CEII?
4. If the Commission seeks to protect CEII as exempt from
disclosure to the general public under FOIA Exemption 4, will the
Trade Secrets Act, 18 U.S.C. 1905, limit the Commission's ability to
make disclosure to select groups (e.g. interveners) that agree to
limit use and dissemination of such information?
5. What types of documents containing CEII are compiled by the
Commission for law enforcement purposes that could reasonably be
expected to endanger the life or physical safety of individuals?
G. Submission of CEII to the Commission
The Commission must also determine what direction to give filers
on how to identify and submit CEII in future filings. The Commission
currently has provisions in 18 CFR 388.112 that specify hard copy
and electronic media filing requirements for information for which
privileged treatment is sought. At the present time, the Commission
is not accepting Internet filing of any documents that require
privileged or confidential treatment. See 18 CFR 385.2003(c)(3). We
assume that at the time the Commission is prepared to accept such
information over the Internet that CEII information will be included
as well.
Generally, the rules in 18 CFR 388.112 require a filer to submit
an unredacted, non-public version of a document as well as a
redacted, public version of the same document. The disadvantage to
the Commission of this approach is that it takes up more file or
disk space because there often is significant overlap between the
two documents. An alternative approach would be to permit filers to
submit any CEII portions of their document as a separate non-public
appendix or attachment to their public, non-redacted filing. This
approach may be workable where there are only a few portions of a
document that contain CEII, but seems less workable where CEII
appears throughout a document. In that case, trying to get the full
import of the document would be difficult because the reader would
have to continually switch between the public filing and the non-
public attachment.
1. Should filers submit CEII using the process in 18 CFR
388.112, i.e., submit a redacted public version and an unredacted
non-public version?
2. Should filers be permitted or required to submit CEII as a
separate non-public appendix or attachment to a public, non-redacted
filing?
3. Should the Commission leave it to the filer's discretion
which method to use to distinguish CEII from the public portions of
the document?
4. What are the burdens, if any, to filers to any of the various
approaches for segregating CEII from public information?
H. Challenges to CEII Status of a Document
Another issue is how to handle disputes with respect to the
determination of whether a document contains CEII. Under the
existing regulation at 18 CFR 388.112(d), a submitter is given an
opportunity to explain why the document is entitled to non-public
treatment. In the event that the Commission determines to release
some or all of the information for which privileged treatment is
sought, the submitter is notified prior to release as provided for
in 18 CFR 388.112(e).
1. Are the procedures in Sec. 388.112 effective for handling
challenges to the CEII status of a document?
2. If a FOIA request is filed pursuant to 18 CFR 388.108, should
the filer or submitter be given an opportunity to explain why the
document is entitled to non-public treatment as provided for in 18
CFR 388.112 (d)?
3. If the Commission disagrees with the submitter's claim that
the information is CEII, should the Commission provide notification
prior to release as provided for in 18 CFR 388.112(e)?
4. Is a different process called for where there is no FOIA
request filed, for instance where a Federal agency requests access
to the information? What should the process be?
5. Is a different process called for where the Commission on its
own initiative determines that the information is not entitled to
CEII status? What should the process be?
I. Ex Parte Issues
The Administrative Procedures Act and the Commission's Rule
2201, 18 CFR 385.2201, restrict the Commission's ability to transmit
or receive CEII off the record if it is relevant to the merits of a
contested on-the-record
[[Page 3134]]
proceeding pending before the Commission. As identified below,
issues may arise as to whether certain arrangements for sharing non-
public CEII violate the ex parte rules.
1. As long as the Commission is willing to provide CEII to all
participants who are willing to abide by use and disclosure
restrictions, is there any ex parte concern?
2. Is it possible to share CEII with some entities (Federal
agencies, for instance), and not share the same information with
others (interveners, for instance)? Are there situations where this
might be necessary? Should the entity receiving the information be
required to agree not to intervene or file comments in the docket,
thereby negating the possibility of the CEII being used to attempt
to influence the outcome in the matter?
V. Guidance for Filings in the Interim
As noted, the Commission is using this opportunity to provide
guidance to the companies whose facilities could be the targets of
terrorist attacks with respect to the approach they may use in
making filings with the Commission. Between now and the effective
date of a final decision in Docket No. RM02-4, these companies may
seek confidential treatment of filings or parts of filings which, in
their opinion, contain critical energy infrastructure information
(CEII). Granted, this Notice is intended to initiate the public
debate as to what CEII means for the purpose of the Commission's
regulatory responsibilities, so this guidance may seem to be jumping
ahead of that debate. But in the interim, the Commission believes
that the public will be better protected if companies whose existing
facilities and operations are potentially in harm's way have the
discretion to seek protection of information which, in their
opinion, could increase the risk for those facilities and
operations. For that purpose, companies are directed to follow the
procedures in 18 CFR 388.112, and also clearly note "PL02-1" on
the first page of the document.
The Commission recognizes that as a result of this guidance
companies may seek confidential treatment of documents or parts of
documents that would otherwise be readily available to all members
of the public, either as a matter of practice or as a matter of law
(specifically, a Commission regulation). Therefore, companies
seeking confidential treatment of documents or parts of documents
must include in their request for such treatment an explanation of
why they believe the information warrants confidential treatment (as
required by 18 CFR 385.112) and, if disclosure of the information is
otherwise required to be public by regulation, they must also seek a
waiver of the relevant regulation. Axiomatically, the Commission
cannot by this guidance amend, without notice and comment, any of
its regulations. As is the practice under 18 CFR 383.112, however,
the Commission will honor all requests for confidential treatment,
and make the information public only if someone else seeks the
information and the Commission finds that information does not fit
within an exemption under FOIA. Likewise, if the information would
otherwise be required to be public by regulation, the Commission
will maintain the non-public status of the information while it
considers the waiver request, and make the information public only
if it finds that a waiver is not warranted. Submitters are advised
that, at present, the Commission is not protecting information
related to proposed facilities prior to issuance of a certificate or
license.
VI. Public Comment Procedure
The Commission invites interested persons to submit written
responses on the matters and issues discussed in this Notice to be
adopted, including any related matters or alternative proposals that
respondents may wish to discuss. Responses are due March 11, 2002.
Responses may be filed either in paper format or electronically.
Those filing electronically do not need to make a paper filing.
To facilitate the Commission's review of the responses,
respondents are requested to identify each specific question to
which their response is directed and to correspond the responses to
the outline in the Notice. Additional issues the respondents wish to
raise should be identified separately. Respondents should double
space their responses.
Responses may be filed on paper or electronically via the
Internet. Those filing electronically do not need to make a paper
filing. For paper filings, the original and 14 copies of such
responses should be submitted to the Office of the Secretary,
Federal Energy Regulatory Commission, 888 First Street, NE.,
Washington DC 20426 and should refer to Docket Nos. RM02-4-000 and
PL02-1-000.
Documents filed electronically via the Internet must be prepared
in WordPerfect, MS Word, Portable Document Format, or ASCII format.
To file the document, access the Commission's Web site at
www.ferc.gov and click on "Make An E-Filing," and then follow the
instructions for each screen. First time users will have to
establish a user name and password. The Commission will send an
automatic acknowledgment to the sender's
e-Mail address upon receipt of comments. User assistance for
electronic filing is available at 202-208-0258 or by e-Mail to
efiling@ferc.fed.us. Responses should not be submitted to the e-Mail
address.
Any person who uses the non-public appendix to respond to the
questions in this Notice are directed to file two versions of the
responses, a redacted public version and a non-redacted non-public
version. The redacted version must exclude any reference to the
particulars of the appendix, and will be made available to the
public. The non-redacted version will be kept confidential. Persons
are further directed to note plainly on their responses:
"Redacted" and "Non-Redacted." Anyone referencing information
from the non-public appendix must make a paper filing; the
Commission currently is not accepting non-public (confidential,
privileged or protected) filings electronically via the Internet.
Public versions of responses will be placed in the Commission's
public files and will be available for inspection in the
Commission's Public Reference Room at 888 First Street, NE.,
Washington DC 20426, during regular business hours. Additionally,
all public versions of responses may be viewed, printed, or
downloaded remotely via the Internet through FERC's Homepage using
the RIMS link. User assistance for RIMS is available at 202-208-
2222, or by e-Mail to rimsmaster@ferc.fed.us.
VII. Document Availability
In addition to publishing the full text of this document
(without the non-public appendix) in the Federal Register, the
Commission also provides all interested persons an opportunity to
inspect or copy the contents of this document (without the non-
public appendix) during normal business hours in the Commission's
Public Reference Room at 888 First Street, NE., Room 2A, Washington,
DC 20426. (See below for the process to use to obtain a copy of the
non-public appendix.) Additionally, responses may be viewed and
printed remotely via the Internet through FERC's Home page (http://
www.ferc.gov) and in FERC's Public Reference Room during normal
business hours (8:30 a.m. to 5:00 p.m. Eastern time) at 888 First
Street, NE., Room 2A, Washington, DC 20426.
The Commission's Issuance Posting System (CIPS) provides access
to the texts of formal documents issued by the Commission from
November 14, 1994, to the present. CIPS can be accessed via Internet
through FERC's Home page (http://www.ferc.gov) using the CIPS link
or the Energy Information Online icon. Documents will be available
on CIPS in ASCII and Word Perfect 6.1. User assistance is available
at (202) 208-0874 or e-mail to cips.master@ferc.fed.us.
The document (without the non-public appendix) is also available
through the Commission's Records and Information Management System
(RIMS), an electronic storage and retrieval system of documents
submitted and issued by the Commission after November 16, 1981.
Documents from November 1995 to the present can be viewed and
printed. RIMS is available in the Public Reference Room or remotely
via the Internet through FERC's Home Page using the RIMS link or
Energy Information Online icon. User assistance is available at
(202) 208-2222, or by e-mail to rims.master@ferc.fed.us.
Finally the complete text of the document (without the non-
public appendix) on diskette in Word Perfect format may be purchased
from the Commission's copy contractor, RVJ International, Inc.,
which is located in the Public Reference Room at 888 First Street,
NE., Room 2A, Washington, DC 20426.
The non-public appendix will be available subject to request and
signing a non-disclosure statement. Specifically, any person who
wants a copy of the non-public appendix must file a request for the
appendix by February 7, 2002 with the Office of the Secretary. This
request must explain the person's interest in the proceeding. The
person wanting a copy of the non-public appendix must also sign a
non-disclosure statement, which will limit the use of the appendix
to responding to this Notice. Procedurally, the Office of the
Secretary will transmit all requests for the non-public appendix to
the Office of the General Counsel, General and Administrative Law,
which will process the requests
[[Page 3135]]
expeditiously to enable timely responses to this Notice.
By direction of the Commission.
Linwood A. Watson, Jr.,
Acting Secretary.
[FR Doc. 02-1614 Filed 1-22-02; 8:45 am]
BILLING CODE 6717-01-P
