Federal Register: January 7, 2005 (Volume 70, Number 5) Rules and Regulations Page 1379-1382 ======================================================================= ----------------------------------------------------------------------- DEPARTMENT OF TRANSPORTATION Office of the Secretary of Transportation 49 CFR Part 15 RIN 2105-AD33 DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration 49 CFR Part 1520 [Docket No. TSA-2003-15569; Amendment No. 1520-2] RIN 1652-AA08 Protection of Sensitive Security Information; Technical Amendment AGENCY: Office of the Secretary of Transportation (OST), Department of Transportation, and Transportation Security Administration (TSA), Department of Homeland Security. ACTION: Technical amendment. ----------------------------------------------------------------------- SUMMARY: OST and TSA are revising their regulations governing the protection of sensitive security information (SSI) to remove an unintended limitation on parties that have a need to know such information. Specifically, this rule removes the limiting words ``aviation or maritime'' from 49 CFR 15.11 and 49 CFR 1520.11 in order to clearly permit the sharing of vulnerability assessments and other documents properly designated as SSI with covered persons who meet the need to know requirements regardless of mode of transportation. DATES: Effective January 7, 2005. FOR FURTHER INFORMATION CONTACT: For questions on 49 CFR part 15: Astrid Lopez-Goldberg, Senior Attorney, Office of the Chief Counsel, Research and Special Programs Administration, Department of Transportation, Washington, DC 20590; e-mail: Astrid.Lopez-Goldberg@rspa.dot.gov, telephone: (202) 366-4400. [[Page 1380]] For questions on 49 CFR part 1520: David Graceson, Acting Director, Aviation Operations Litigation Support & Special Activities Staff, TSA- 7, Transportation Security Administration, 601 South 12th Street, Arlington, VA 22202-4220; e-mail: David.Graceson@dhs.gov, telephone: (571) 227-2277. SUPPLEMENTARY INFORMATION: Availability of Final Rule You can get an electronic copy using the Internet by-- (1) Searching the Department of Transportation's electronic Docket Management System (DMS) Web page (http://dms.dot.gov/search). Use Docket No. TSA-2003-15569; (2) Accessing the Government Printing Office's Web page at http://www.access.gpo.gov/su_docs/aces/aces140.html; or (3) Visiting TSA's Law and Policy Web page at http://www.tsa.dot.gov/public/index.jsp. In addition, copies are available by writing or calling the individuals in the FOR FURTHER INFORMATION CONTACT section. Make sure to identify the docket number of this rulemaking. Background On May 18, 2004, TSA and OST published an interim final rule (IFR) on the protection of sensitive security information (SSI) in the Federal Register (69 FR 28066). The preamble to that rule provided a full description of the statutory and regulatory background for the SSI program. As explained there, the original SSI program provided for the protection of SSI involved in aviation programs. However, the Aviation and Transportation Security Act (ATSA) (Pub. L. 107-71), enacted two months after the terrorist attacks of September 11, 2001, amended the statutory authority underlying the aviation SSI program to mandate coverage of appropriate security information in all modes of transportation. By deleting ``air'' as a limiting word before ``transportation,'' in ATSA, Congress enlarged its specific direction to issue protective regulations to encompass all modes of transportation. While the general focus of TSA's 2002 regulation to implement ATSA remained on aviation programs, TSA's regulation also provided for the protection of vulnerability assessments and certain other SSI (including information concerning threats against transportation) regardless of mode of transportation.\1\ Later in 2002, in the Homeland Security Act (Pub. L. 107-296) that created the Department of Homeland Security (DHS), Congress: (1) transferred TSA's authority to issue SSI regulations to DHS, and (2) directed the Secretary of Transportation to also prescribe SSI regulations. Also in 2002, the Maritime Transportation Security Act (Pub. L. 107-295), which established a new framework for maritime security, became law and called for the preparation of many security-related documents that would need SSI protection. --------------------------------------------------------------------------- \1\ 67 FR 8351, Feb. 22, 2002. The TSA SSI regulation is codified at 49 CFR part 1520. --------------------------------------------------------------------------- The May 2004 IFR consisted of virtually identical TSA and OST rules to implement Congressional direction that both agencies issue SSI regulations. The IFR expanded the 2002 regulatory framework governing information generally related to aviation security to also cover information related to security in maritime transportation. This expansion was the main theme of the IFR. However, the IFR also continued the TSA 2002 regulation's coverage for vulnerability assessments and, with some changes, certain other SSI for all modes. For example, the TSA 2002 regulation coverage of ``Information concerning threats against transportation'' was not limited by mode of transportation. The May 2004 IFR continued that coverage for ``Threat information'' regardless of the mode of transportation. Technical Amendment SSI rules limit the disclosure of vulnerability assessments and other SSI to persons with a ``need to know.'' The TSA 2002 regulation contained no modal-specific limits in its need-to-know provision (49 CFR 1520.5(b) (2002)). However, consistent with the May 2004 IFR's focus on adding provisions for the maritime industry to existing, mostly aviation-related, provisions, the IFR added a restriction of ``aviation or maritime'' at several locations in the need-to-know section. (Under the regulation, Federal employees and persons acting in the performance of a contract with or grant from DHS or DOT are not subject to this restriction.) This led to unintended situations. For example, transportation entities in land modes that transport hazardous materials are required by 49 CFR subpart I to perform vulnerability assessments (see 49 CFR 172.802--assessment of possible transportation security risks for shipments of the hazardous materials listed in Sec. 172.800 and appropriate measures to address the assessed risks), but the SSI regulation literally provides that, unless they were acting in the performance of a contract with or grant from DHS or DOT, they may share these assessments only with entities in the aviation or maritime industries, because the language of the regulation defines only these entities as having a ``need to know.'' More than one commenter to the docket on the May 2004 IFR brought this issue to our attention. In light of the well-justified concern about the vulnerability of all transportation modes to terrorist activities, and the crucial need to share information to ``connect the dots'' to forestall future attacks, DOT and DHS believe that this is a technical problem that must be fixed. By removing the limiting words ``aviation or maritime'' from 49 CFR 15.11 and 1520.11, we correct this mistake and restore the original intent of this aspect of the SSI rule--to share vulnerability assessments and threat information with entities in all transportation modes that need the information to help forestall future attacks. TSA and OST received many useful, constructive comments on the May 2004 IFR. We plan to publish in the Federal Register a rulemaking document responding to comments related to subjects other than this need to know issue. Regulatory Analyses and Notices Good Cause for Immediate Adoption TSA and OST are issuing this technical amendment without prior notice and opportunity for comment pursuant to the authority under section 4(a) of the Administrative Procedure Act (APA) (5 U.S.C. 553(b)). This provision allows an agency to issue a regulatory action without notice and opportunity for comment when the agency for good cause finds that notice and comment procedures are ``impracticable, unnecessary or contrary to the public interest.'' As noted previously, it is essential to fix this problem in the SSI regulation immediately, lest the unintended restriction in the regulation inhibit the exchange of vital security-related information. In addition, the technical amendment will relieve a restriction on regulated parties. For these reasons, TSA and OST have determined that prior notice and an opportunity for comment would be impracticable, unnecessary, and contrary to the public interest. This same rationale provides good cause to make the technical amendment effective immediately upon publication. [[Page 1381]] Paperwork Reduction Act The Paperwork Reduction Act of 1995 (44 U.S.C. 3507(d)) requires consideration of the impact of paperwork and other information collection burdens imposed on the public. TSA and OST have determined that there are no new information collection requirements associated with this technical amendment. As protection provided by the Paperwork Reduction Act, as amended, an agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid Office of Management and Budget (OMB) control number. Executive Order 12886 and DOT Regulatory Policies and Procedures Executive Order 12866 (58 FR 51735, October 4, 1993), provides for making determinations whether a regulatory action is ``significant'' and therefore subject to Office of Management and Budget (OMB) review and to the requirements of the Executive Order. This is a nonsignificant regulatory action under Executive Order 12866. The technical amendment will not add any requirements or burdens on any party. It simply relieves a restriction that would prevent transportation entities from sharing certain information with those who need to know, regardless of mode. This will enhance security by allowing TSA and OST to share vital security information with regulated parties. For the same reasons, this regulatory action is nonsignificant under the Department of Transportation's Regulatory Policies and Procedures. Regulatory Flexibility Act Assessment Pursuant to the Regulatory Flexibility Act (5 U.S.C. 601 et seq., as amended by the Small Business Regulatory Enforcement Fairness Act (SBREFA) of 1996), an agency is required to prepare and make available a regulatory flexibility analysis that describes the effect of the regulatory action on small entities (i.e., small businesses, small organizations, and small governmental jurisdictions). Because good cause exists for issuing this regulation as a final technical amendment, no regulatory flexibility analysis is required. However, because this technical amendment will not impose any costs on any entities, including small entities, we have determined and certify that this regulatory action does not have a significant economic impact on a substantial number of small entities. Trade Impact Assessment The Trade Agreement Act of 1979 prohibits Federal agencies from engaging in any standards or related activities that create unnecessary obstacles to the foreign commerce of the United States. Legitimate domestic objectives, such as safety and security, are not considered unnecessary obstacles. The Act also requires consideration of international standards and, where appropriate, that they be the basis for U.S. standards. We have assessed the potential effect of this regulatory action and determined that it will have no effect on any trade-sensitive activity and will not constitute a barrier to international trade. Unfunded Mandates Reform Act Assessment The Unfunded Mandates Reform Act of 1995 is intended, among other things, to curb the practice of imposing unfunded Federal mandates on State, local, and tribal governments. Title II of the Act requires each Federal agency to prepare a written statement assessing the effects of any Federal mandate in a proposed or final agency rule that may result in a $100 million or more expenditure (adjusted annually for inflation) in any one year by State, local, and tribal governments, in the aggregate, or by the private sector; such a mandate is deemed to be a ``significant regulatory action.'' This regulatory action does not contain such a mandate. The requirements of Title II of the Act, therefore, do not apply and a statement has not been prepared under the Act. Executive Order 13132 (Federalism) This regulatory action has been analyzed under the principles and criteria of Executive Order 13132, Federalism. We have determined that it would not have a substantial direct effect on the States, on the relationship between the National Government and the States, or on the distribution of power and responsibilities among the various levels of government. Therefore, this regulatory action does not have federalism implications. Environmental Analysis This action has been reviewed for purposes of the National Environmental Policy Act of 1969 (NEPA) (42 U.S.C. 4321-4347), and we have determined that it will not have a significant effect on the human environment. Energy Impact The energy impact of this technical amendment has been assessed in accordance with the Energy Policy and Conservation Act (EPCA), Public Law 94-163, as amended (42 U.S.C. 6362). We have determined that this technical amendment is not a major regulatory action under the provisions of the EPCA. Small Entity Inquiries The Small Business Regulatory Enforcement Fairness Act (SBREFA) of 1996 requires an agency to comply with small entity requests for information and advice about compliance with statutes and regulations within the agency's jurisdiction. Any small entity that has a question regarding this document may contact the individuals listed in FOR FURTHER INFORMATION CONTACT for information. You can get further information regarding SBREFA on the Small Business Administration's Web page at http://www.sba.gov/advo/laws/law_lib.html. List of Subjects 49 CFR Part 15 Air carriers, Aircraft, Airports, Maritime carriers, Reporting and recordkeeping requirements, Security measures, Vessels, Vulnerability assessments. 49 CFR Part 1520 Air carriers, Aircraft, Airports, Maritime carriers, Reporting and recordkeeping requirements, Security measures, Vessels, Vulnerability assessments. Department of Transportation Office of the Secretary of Transportation 0 For the reasons stated in the preamble, the Department of Transportation amends title 49, Code of Federal Regulations, by amending part 15 as follows: PART 15--PROTECTION OF SENSITIVE SECURITY INFORMATION 0 1. The authority citation for part 15 continues to read as follows: Authority: 49 U.S.C. 40119. Sec. 15.11 [Amended] 0 2. In Sec. 15.11(a), remove the words ``aviation or maritime'' wherever those words appear. [[Page 1382]] Issued in Washington, DC, on January 4, 2005. Norman Y. Mineta, Secretary of Transportation. Department of Homeland Security Transportation Security Administration 49 CFR Chapter XII 0 For the reasons stated in the preamble, the Transportation Security Administration amends chapter XII of title 49, Code of Federal Regulations, by amending part 1520 as follows: PART 1520--PROTECTION OF SENSITIVE SECURITY INFORMATION 0 1. The authority citation for part 1520 continues to read as follows: Authority: 46 U.S.C. 70102-70106, 70117; 49 U.S.C. 114, 40113, 44901-44907, 44913-44914, 44916-44918, 44935-44936, 44942, 46105. Sec. 1520.11 [Amended] 0 2. In Sec. 1520.11(a), remove the words ``aviation or maritime'' wherever those words appear. Issued in Arlington, Virginia, on January 4, 2005. David M. Stone, Assistant Secretary of Homeland Security (Transportation Security Administration). [FR Doc. 05-366 Filed 1-6-05; 8:45 am] BILLING CODE 4910-62-P