[Federal Register Volume 70, Number 5 (Friday, January 7, 2005)]
[Rules and Regulations]
[Pages 1379-1382]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 05-366]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Office of the Secretary of Transportation

49 CFR Part 15

RIN 2105-AD33

DEPARTMENT OF HOMELAND SECURITY

Transportation Security Administration

49 CFR Part 1520

[Docket No. TSA-2003-15569; Amendment No. 1520-2]
RIN 1652-AA08


Protection of Sensitive Security Information; Technical Amendment

AGENCY: Office of the Secretary of Transportation (OST), Department of 
Transportation, and Transportation Security Administration (TSA), 
Department of Homeland Security.

ACTION: Technical amendment.

-----------------------------------------------------------------------

SUMMARY: OST and TSA are revising their regulations governing the 
protection of sensitive security information (SSI) to remove an 
unintended limitation on parties that have a need to know such 
information. Specifically, this rule removes the limiting words 
``aviation or maritime'' from 49 CFR 15.11 and 49 CFR 1520.11 in order 
to clearly permit the sharing of vulnerability assessments and other 
documents properly designated as SSI with covered persons who meet the 
need to know requirements regardless of mode of transportation.

DATES: Effective January 7, 2005.

FOR FURTHER INFORMATION CONTACT: For questions on 49 CFR part 15: 
Astrid Lopez-Goldberg, Senior Attorney, Office of the Chief Counsel, 
Research and Special Programs Administration, Department of 
Transportation, Washington, DC 20590; e-mail: [email protected], telephone: (202) 366-4400.

[[Page 1380]]

    For questions on 49 CFR part 1520: David Graceson, Acting Director, 
Aviation Operations Litigation Support & Special Activities Staff, TSA-
7, Transportation Security Administration, 601 South 12th Street, 
Arlington, VA 22202-4220; e-mail: [email protected], telephone: 
(571) 227-2277.

SUPPLEMENTARY INFORMATION:

Availability of Final Rule

    You can get an electronic copy using the Internet by--
    (1) Searching the Department of Transportation's electronic Docket 
Management System (DMS) Web page (http://dms.dot.gov/search). Use 
Docket No. TSA-2003-15569;
    (2) Accessing the Government Printing Office's Web page at http://www.access.gpo.gov/su_docs/aces/aces140.html; or
    (3) Visiting TSA's Law and Policy Web page at http://www.tsa.dot.gov/public/index.jsp.
    In addition, copies are available by writing or calling the 
individuals in the FOR FURTHER INFORMATION CONTACT section. Make sure 
to identify the docket number of this rulemaking.

Background

    On May 18, 2004, TSA and OST published an interim final rule (IFR) 
on the protection of sensitive security information (SSI) in the 
Federal Register (69 FR 28066). The preamble to that rule provided a 
full description of the statutory and regulatory background for the SSI 
program. As explained there, the original SSI program provided for the 
protection of SSI involved in aviation programs. However, the Aviation 
and Transportation Security Act (ATSA) (Pub. L. 107-71), enacted two 
months after the terrorist attacks of September 11, 2001, amended the 
statutory authority underlying the aviation SSI program to mandate 
coverage of appropriate security information in all modes of 
transportation. By deleting ``air'' as a limiting word before 
``transportation,'' in ATSA, Congress enlarged its specific direction 
to issue protective regulations to encompass all modes of 
transportation.
    While the general focus of TSA's 2002 regulation to implement ATSA 
remained on aviation programs, TSA's regulation also provided for the 
protection of vulnerability assessments and certain other SSI 
(including information concerning threats against transportation) 
regardless of mode of transportation.\1\ Later in 2002, in the Homeland 
Security Act (Pub. L. 107-296) that created the Department of Homeland 
Security (DHS), Congress: (1) transferred TSA's authority to issue SSI 
regulations to DHS, and (2) directed the Secretary of Transportation to 
also prescribe SSI regulations. Also in 2002, the Maritime 
Transportation Security Act (Pub. L. 107-295), which established a new 
framework for maritime security, became law and called for the 
preparation of many security-related documents that would need SSI 
protection.
---------------------------------------------------------------------------

    \1\ 67 FR 8351, Feb. 22, 2002. The TSA SSI regulation is 
codified at 49 CFR part 1520.
---------------------------------------------------------------------------

    The May 2004 IFR consisted of virtually identical TSA and OST rules 
to implement Congressional direction that both agencies issue SSI 
regulations. The IFR expanded the 2002 regulatory framework governing 
information generally related to aviation security to also cover 
information related to security in maritime transportation. This 
expansion was the main theme of the IFR. However, the IFR also 
continued the TSA 2002 regulation's coverage for vulnerability 
assessments and, with some changes, certain other SSI for all modes. 
For example, the TSA 2002 regulation coverage of ``Information 
concerning threats against transportation'' was not limited by mode of 
transportation. The May 2004 IFR continued that coverage for ``Threat 
information'' regardless of the mode of transportation.

Technical Amendment

    SSI rules limit the disclosure of vulnerability assessments and 
other SSI to persons with a ``need to know.'' The TSA 2002 regulation 
contained no modal-specific limits in its need-to-know provision (49 
CFR 1520.5(b) (2002)). However, consistent with the May 2004 IFR's 
focus on adding provisions for the maritime industry to existing, 
mostly aviation-related, provisions, the IFR added a restriction of 
``aviation or maritime'' at several locations in the need-to-know 
section. (Under the regulation, Federal employees and persons acting in 
the performance of a contract with or grant from DHS or DOT are not 
subject to this restriction.) This led to unintended situations. For 
example, transportation entities in land modes that transport hazardous 
materials are required by 49 CFR subpart I to perform vulnerability 
assessments (see 49 CFR 172.802--assessment of possible transportation 
security risks for shipments of the hazardous materials listed in Sec.  
172.800 and appropriate measures to address the assessed risks), but 
the SSI regulation literally provides that, unless they were acting in 
the performance of a contract with or grant from DHS or DOT, they may 
share these assessments only with entities in the aviation or maritime 
industries, because the language of the regulation defines only these 
entities as having a ``need to know.''
    More than one commenter to the docket on the May 2004 IFR brought 
this issue to our attention. In light of the well-justified concern 
about the vulnerability of all transportation modes to terrorist 
activities, and the crucial need to share information to ``connect the 
dots'' to forestall future attacks, DOT and DHS believe that this is a 
technical problem that must be fixed. By removing the limiting words 
``aviation or maritime'' from 49 CFR 15.11 and 1520.11, we correct this 
mistake and restore the original intent of this aspect of the SSI 
rule--to share vulnerability assessments and threat information with 
entities in all transportation modes that need the information to help 
forestall future attacks.
    TSA and OST received many useful, constructive comments on the May 
2004 IFR. We plan to publish in the Federal Register a rulemaking 
document responding to comments related to subjects other than this 
need to know issue.

Regulatory Analyses and Notices

Good Cause for Immediate Adoption

    TSA and OST are issuing this technical amendment without prior 
notice and opportunity for comment pursuant to the authority under 
section 4(a) of the Administrative Procedure Act (APA) (5 U.S.C. 
553(b)). This provision allows an agency to issue a regulatory action 
without notice and opportunity for comment when the agency for good 
cause finds that notice and comment procedures are ``impracticable, 
unnecessary or contrary to the public interest.''
    As noted previously, it is essential to fix this problem in the SSI 
regulation immediately, lest the unintended restriction in the 
regulation inhibit the exchange of vital security-related information. 
In addition, the technical amendment will relieve a restriction on 
regulated parties. For these reasons, TSA and OST have determined that 
prior notice and an opportunity for comment would be impracticable, 
unnecessary, and contrary to the public interest. This same rationale 
provides good cause to make the technical amendment effective 
immediately upon publication.

[[Page 1381]]

Paperwork Reduction Act

    The Paperwork Reduction Act of 1995 (44 U.S.C. 3507(d)) requires 
consideration of the impact of paperwork and other information 
collection burdens imposed on the public. TSA and OST have determined 
that there are no new information collection requirements associated 
with this technical amendment.
    As protection provided by the Paperwork Reduction Act, as amended, 
an agency may not conduct or sponsor, and a person is not required to 
respond to, a collection of information unless it displays a currently 
valid Office of Management and Budget (OMB) control number.

Executive Order 12886 and DOT Regulatory Policies and Procedures

    Executive Order 12866 (58 FR 51735, October 4, 1993), provides for 
making determinations whether a regulatory action is ``significant'' 
and therefore subject to Office of Management and Budget (OMB) review 
and to the requirements of the Executive Order. This is a 
nonsignificant regulatory action under Executive Order 12866. The 
technical amendment will not add any requirements or burdens on any 
party. It simply relieves a restriction that would prevent 
transportation entities from sharing certain information with those who 
need to know, regardless of mode. This will enhance security by 
allowing TSA and OST to share vital security information with regulated 
parties. For the same reasons, this regulatory action is nonsignificant 
under the Department of Transportation's Regulatory Policies and 
Procedures.

Regulatory Flexibility Act Assessment

    Pursuant to the Regulatory Flexibility Act (5 U.S.C. 601 et seq., 
as amended by the Small Business Regulatory Enforcement Fairness Act 
(SBREFA) of 1996), an agency is required to prepare and make available 
a regulatory flexibility analysis that describes the effect of the 
regulatory action on small entities (i.e., small businesses, small 
organizations, and small governmental jurisdictions). Because good 
cause exists for issuing this regulation as a final technical 
amendment, no regulatory flexibility analysis is required. However, 
because this technical amendment will not impose any costs on any 
entities, including small entities, we have determined and certify that 
this regulatory action does not have a significant economic impact on a 
substantial number of small entities.

Trade Impact Assessment

    The Trade Agreement Act of 1979 prohibits Federal agencies from 
engaging in any standards or related activities that create unnecessary 
obstacles to the foreign commerce of the United States. Legitimate 
domestic objectives, such as safety and security, are not considered 
unnecessary obstacles. The Act also requires consideration of 
international standards and, where appropriate, that they be the basis 
for U.S. standards. We have assessed the potential effect of this 
regulatory action and determined that it will have no effect on any 
trade-sensitive activity and will not constitute a barrier to 
international trade.

Unfunded Mandates Reform Act Assessment

    The Unfunded Mandates Reform Act of 1995 is intended, among other 
things, to curb the practice of imposing unfunded Federal mandates on 
State, local, and tribal governments. Title II of the Act requires each 
Federal agency to prepare a written statement assessing the effects of 
any Federal mandate in a proposed or final agency rule that may result 
in a $100 million or more expenditure (adjusted annually for inflation) 
in any one year by State, local, and tribal governments, in the 
aggregate, or by the private sector; such a mandate is deemed to be a 
``significant regulatory action.''
    This regulatory action does not contain such a mandate. The 
requirements of Title II of the Act, therefore, do not apply and a 
statement has not been prepared under the Act.

Executive Order 13132 (Federalism)

    This regulatory action has been analyzed under the principles and 
criteria of Executive Order 13132, Federalism. We have determined that 
it would not have a substantial direct effect on the States, on the 
relationship between the National Government and the States, or on the 
distribution of power and responsibilities among the various levels of 
government. Therefore, this regulatory action does not have federalism 
implications.

Environmental Analysis

    This action has been reviewed for purposes of the National 
Environmental Policy Act of 1969 (NEPA) (42 U.S.C. 4321-4347), and we 
have determined that it will not have a significant effect on the human 
environment.

Energy Impact

    The energy impact of this technical amendment has been assessed in 
accordance with the Energy Policy and Conservation Act (EPCA), Public 
Law 94-163, as amended (42 U.S.C. 6362). We have determined that this 
technical amendment is not a major regulatory action under the 
provisions of the EPCA.

Small Entity Inquiries

    The Small Business Regulatory Enforcement Fairness Act (SBREFA) of 
1996 requires an agency to comply with small entity requests for 
information and advice about compliance with statutes and regulations 
within the agency's jurisdiction. Any small entity that has a question 
regarding this document may contact the individuals listed in FOR 
FURTHER INFORMATION CONTACT for information. You can get further 
information regarding SBREFA on the Small Business Administration's Web 
page at http://www.sba.gov/advo/laws/law_lib.html.

List of Subjects

49 CFR Part 15

    Air carriers, Aircraft, Airports, Maritime carriers, Reporting and 
recordkeeping requirements, Security measures, Vessels, Vulnerability 
assessments.

49 CFR Part 1520

    Air carriers, Aircraft, Airports, Maritime carriers, Reporting and 
recordkeeping requirements, Security measures, Vessels, Vulnerability 
assessments.

Department of Transportation

Office of the Secretary of Transportation

0
For the reasons stated in the preamble, the Department of 
Transportation amends title 49, Code of Federal Regulations, by 
amending part 15 as follows:

PART 15--PROTECTION OF SENSITIVE SECURITY INFORMATION

0
1. The authority citation for part 15 continues to read as follows:

    Authority: 49 U.S.C. 40119.


Sec.  15.11  [Amended]

0
2. In Sec.  15.11(a), remove the words ``aviation or maritime'' 
wherever those words appear.


[[Page 1382]]


    Issued in Washington, DC, on January 4, 2005.
Norman Y. Mineta,
Secretary of Transportation.

Department of Homeland Security

Transportation Security Administration

49 CFR Chapter XII

0
For the reasons stated in the preamble, the Transportation Security 
Administration amends chapter XII of title 49, Code of Federal 
Regulations, by amending part 1520 as follows:

PART 1520--PROTECTION OF SENSITIVE SECURITY INFORMATION

0
1. The authority citation for part 1520 continues to read as follows:

    Authority: 46 U.S.C. 70102-70106, 70117; 49 U.S.C. 114, 40113, 
44901-44907, 44913-44914, 44916-44918, 44935-44936, 44942, 46105.


Sec.  1520.11  [Amended]

0
2. In Sec.  1520.11(a), remove the words ``aviation or maritime'' 
wherever those words appear.

    Issued in Arlington, Virginia, on January 4, 2005.
David M. Stone,
Assistant Secretary of Homeland Security (Transportation Security 
Administration).
[FR Doc. 05-366 Filed 1-6-05; 8:45 am]
BILLING CODE 4910-62-P