[Federal Register Volume 76, Number 107 (Friday, June 3, 2011)]
[Notices]
[Pages 32258-32265]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2011-13757]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
[Docket No. FAA-2011-0183]
Access to Aircraft Situation Display (ASDI) and National Airspace
System Status Information (NASSI)
AGENCY: Federal Aviation Administration (FAA), DOT.
ACTION: Notice of modification to the FAA/Subscriber Memorandum of
Agreement (MOA).
-----------------------------------------------------------------------
SUMMARY: The FAA has decided that it is in the best interests of the
United States Government and the general public to modify Section 9 of
the June 1, 2006 MOA for Industry Access to Aircraft Situation Display
(ASDI) and National Airspace System Status Information (NASSI) data,
between the FAA and Direct Subscribers to ASDI and NASSI data-feeds. In
recognition of the fact that the Privacy Act does not protect general
aviation operators and on-demand air charter aircraft operating under
14 CFR part 135 (``on-demand aircraft'') from public knowledge of their
flight information, the FAA will require Direct Subscribers (as a
condition of signing the MOA) and Indirect Subscribers (as a condition
of signing agreements with Direct Subscribers) to block from ASDI and
NASSI data-feeds available to the public any general aviation aircraft
or on-demand aircraft the registration number for which a Certified
Security Concern has been provided to the FAA by electronic mail at
CertifiedSecurityConcern@faa.gov or by regular mail at FAA Certified
Security Concern, ATO System Operations Services; Room 1002, 800
Independence Avenue, SW., Washington, DC 20591. The FAA will no longer
accommodate any ASDI- or NASSI-related security or privacy requests,
except such Certified Security Concern.
DATES: A Certified Security Concern will be due within July 5, 2011.
The MOA amendment will be effective August 2, 2011.
FOR FURTHER INFORMATION CONTACT: Mr. Barry Davis by telephone at (540)
422-4650 or by electronic mail at barry.davis@faa.gov.
SUPPLEMENTARY INFORMATION: The navigational facilities and services in
the national airspace system (NAS)--including the air traffic
controllers, radar- and satellite-based systems, air traffic control
towers and centers, and the like--are funded through the Airport and
Airway Trust Fund and the taxpayer-supported general fund,
[[Page 32259]]
administered by the FAA. The aviation industry, when operating under
instrument flight rules (IFR), must provide flight-tracking data to the
FAA, which the FAA uses for traffic flow management purposes.
In 1997, the FAA began to make air traffic flow management data
available to the aviation and other industries through its Enhanced
Traffic Management System (ETMS) Hubsite. The data consists of near
real time position and other relevant flight data for every civil IFR
aircraft receiving radar services within the NAS. The data is called
aircraft situation display to industry (ASDI) and is filtered to
exclude military and sensitive operations such as Presidential flights,
drug interdiction flights, and other law enforcement and military
efforts. The ASDI data-feed includes position (latitude and longitude)
of aircraft, the aircraft's call sign, airspeed, altitude, heading, and
flight plan information including origination and destination airports.
14 CFR 91.169. The information allows tracking of individual flights
through the conclusion of each flight.
In 1998, the FAA released selective data elements of the national
airspace system status information (NASSI) to industry to enhance the
benefits to the ASDI data; which increases the dispatching flexibility
for airlines enabling them to more efficiently manage their aircraft
and crew and other operational resources. The NASSI data includes
information on the status of airport runway visual range and special
use airspace data as well as the status of other NAS components. At
this time, the FAA granted access to the ASDI and NASSI data to
Subscribers through a memorandum of agreement (MOA), which set forth
the rights and responsibilities of the FAA and Direct Subscribers of
the ASDI/NASSI data.
The publicly available ASDI hubsite, however, does not display
complete information, due primarily to concerns of the National
Business Aviation Association (NBAA) to limit public knowledge of
flight paths of general aviation aircraft. In 1997, the NBAA began
working with the FAA and ASDI Subscribers to develop a system to
protect the personal privacy, as well as the security, of the NBAA
members. This effort has culminated in a system under which general
aviation aircraft owners or operators and on-demand aircraft have the
ability to ``block'' aircraft identification information from the ASDI
data feed at two levels, one at the FAA source (the FAA ETMS Hubsite)
and a second via the FAA's agreement regarding the data displayed by
ASDI Direct Subscribers. In these two ways, the publicly available Web
sites either do not receive or filter from display certain general
aviation corporate and other aircraft.
Under the ``block'' system between the NBAA and the FAA, the NBAA
submits monthly to the FAA an updated list of aircraft to be blocked at
the FAA source of the ASDI data feed. The FAA Block List consists of
the aircraft registration numbers of those owners who want their
aircraft to be blocked completely from distribution to Subscribers.
This FAA Block List will filter all flight data information, which the
FAA will not distribute to any Subscriber.
In contrast, under the ``block'' system between the aircraft owners
and Direct Subscribers, the aircraft owners have filled out a Block
Aircraft Registration Request (BARR) form, which the NBAA circulates
monthly to all known Direct Subscribers. The BARR List contains
aircraft call signs that owners wish to have blocked from public
distribution. The FAA does not use or manage the list but section nine
of the MOA has required Direct Subscribers to honor such requests.
In 2000, Congress directed the FAA to require that ASDI Direct
Subscribers demonstrate the capability to selectively block the display
of any data related to any identified aircraft registration number and
agree to selective blocking upon the Administrator's request. 49 U.S.C.
44103, note (Pub. L. 106-181, Apr. 5, 2000, Sec. 729, Aircraft
Situational Display Data (ASDD)). The Aircraft Situational Display Data
provision reads:
(a) In general.--A memorandum of agreement between the
Administrator and any person that directly obtains aircraft situational
display data from the Federal Aviation Administration shall require
that--
(1) The person demonstrate to the satisfaction of the Administrator
that the person is capable of selectively blocking the display of any
aircraft-situation-display-to-industry derived data related to any
identified aircraft registration number; and
(2) The person agree to block selectively the aircraft registration
numbers of any aircraft owner or operator upon the Administration's
request.
(b) Existing memoranda to be conformed.--Not later than 30 days
after the date of the enactment of this Act, the Administrator shall
conform any memoranda of agreement, in effect on such date of
enactment, between the Federal Aviation Administration and a person
under which that person obtains aircraft situational display data to
incorporate the requirements of subsection (a).
Section nine of a 2006 MOA between the FAA and Direct Subscribers
addresses the 2000 legislative directive.\1\ Under this section, the
FAA states that it accommodates industry initiatives that collect
requests from general aviation aircraft owners to exclude their
aircraft from ASDI data feeds available to the public, either in near
real-time or in recorded (historical) format. The FAA further requires
Direct Subscribers and Indirect Subscribers to respect the privacy and
security interests of the general aviation aircraft owners or operators
when developing or marketing ASDI or NASSI-based products. Due to these
arrangements between the FAA, the general aviation aircraft operators,
and the Direct and Indirect Subscribers, the public currently does not
have access to concrete information about a large number of users of
the NAS.
---------------------------------------------------------------------------
\1\ Section nine of the MOA provides:
The ASDI and NASSI data includes the near realtime position and
other flight data associated with civil instrument fight rules (IFR)
aircraft. While commercial operators conduct business according to a
published listing of service and schedule, general aviation
operators do not. It is possible that public knowledge of the flight
information of general aviation operators could compromise the
privacy and/or security of individuals. The protection of such
information is not covered under the Privacy Act (5 U.S.C. 552a),
and the cost of developing and operating the technical mechanisms
required to manage that information exceeds available FAA resources.
The FAA recognizes that certain industry initiatives exist to
collect requests from aircraft owners to exclude their aircraft from
ASDI data feeds available to the public, either in near real time or
in recorded (historical) format. The FAA accommodates these
initiatives to the extent they support and respect these privacy and
security interests. All Direct Subscribers (as a condition of
signing this MOA) and Indirect Subscribers (as a condition of
signing agreements with Direct Subscribers) are asked to consider
and respect these privacy and security interests when developing
and/or marketing ASDI and/or NASSI-based products. If the FAA
determines that any Direct and/or Indirect Subscribers develop and/
or market products that violate this provision, the FAA's rights
under Section 15 [Termination of this Agreement] shall apply.
The MOA further defines a Direct Subscriber as an entity that
receives the ASDI/NASSI data directly from the FAA ETMS Hubsite; an
Indirect Subscriber is an entity that receives the ASDI/NASSI data
from a Direct Subscriber or another Indirect Subscriber.
---------------------------------------------------------------------------
Today's change to FAA policy and the MOA will disclose the aircraft
on the ASDI (time-delayed) Web site unless the general aviation owner
or operator, or on-demand aircraft, submits to the FAA a Certified
Security Concern. A Certified Security Concern would be based on either
(a) the facts and circumstances establishing a Valid Security Concern
(i.e., a verifiable threat to person, property or company, including a
threat of death, kidnapping or serious bodily
[[Page 32260]]
harm against an individual, a recent history of violent terrorist
activity in the geographic area in which the transportation is
provided, or a threat against a company); or (b) the general aviation
aircraft owner or operator satisfying the requirement for a bona fide
business-oriented security concern under Treasury Regulation 1.132-
5(m), ``Employer-provided transportation for security concerns,'' 26
CFR 1.132-5(m). A generalized security concern or privacy interest no
longer will suffice to block the aircraft from the ASDI data feed.
Absent appropriate certification, the ASDI data feed will disclose
aircraft and flight specific information. It is important to note that
this information does not disclose the identity of the occupants of the
aircraft or the business or other purpose of the flight.
Under section 7.1.8 of the MOA, the FAA is authorized, and has the
sole right, with timely notification, to modify the MOA if it is in the
best interests of the United States Government or the general public.
As explained more fully below, the FAA finds that the modification of
the MOA conforms to the Federal Open Government Act, complies with
Executive Branch policies and directives, makes Federal Government
information more open, transparent and accessible to the public, and
carries out the DOT Open Government Directive promoting proactive
release of DOT data. The aircraft registration numbers of blocked
aircraft and the associated flight plans are already releasable under
the Freedom of Information Act (FOIA) and are not protected personal
information under the Privacy Act. An agency may change its policies
when in the public interest and is not compelled to retain outdated
policies. Accordingly, the MOA modification is in the best interests of
the Government and the public.
Consistency With Aircraft Situational Display Data (ASDD) Law
The NBAA and the National Air Transportation Association (NATA)
state that the change to the MOA is not consistent with the ASDD
provision, 49 U.S.C. 44103 note. Congress's intent behind the
``selectivity'' portion of this provision, according to NBAA and NATA,
was to authorize privacy on behalf of a general aviation aircraft owner
and to give the FAA merely a secondary role of facilitating the
blocking at an aircraft owner's request. The NATA states that the
requirement for an ASDI Subscriber to demonstrate a capability to
``selectively block'' data was intended to authorize the aircraft
owner--not the FAA--to select the data to be blocked. The NBAA believes
the ASDD provision was both intended to reinforce the existing BARR
program and to ensure that the FAA continued its practice of honoring
all blocking requests. They both contend that the FAA lacks discretion
to determine which aircraft owners/operators are eligible for blocking
and which requests it will forward to ASDI Subscribers.
The FAA disagrees with the respective associations' contentions
that today's proposal is inconsistent with the ASDD provision. The text
of the ASDD provision (see above) contains two features--(1) that the
Subscriber is capable of ``selectively blocking'' aircraft tail numbers
from the ASDI and (2) that the Subscriber will selectively block such
data ``upon the [FAA] Administration's request.'' The provision affords
the FAA discretion in determining the circumstances under which it may
``request'' the selective blocking of the data. There is nothing in the
ASDD provision that impairs the FAA's ability to deny requests to block
data and to display ASDI-data.
Indeed, the ASDD provision does not direct the FAA to honor any or
all requests of an aircraft owner. Rather, the FAA is authorized to
make the request in circumstances it determines to be in the public
interest. Therefore, the FAA may convey the request to the Subscriber
on its own initiative or in response to a request made by an aircraft
owner. In the latter circumstance, the FAA may look behind the reason
for the aircraft owner's request to selectively block aircraft data. As
explained further below, for reasons of transparency and in support of
the Administration's Open Government efforts, the FAA has determined
that requests for selective blocking should be honored only upon
receipt of a Certified Security Concern.
Justification for Change in Policy
Several commentators, including the NBAA, NATA, General Aviation
Manufacturers Association (GAMA), Sprint United Management Company,
Global Business Travel Association (GBTA), McAfee & Taft P.C. (a law
firm), and Patton Boggs LLP (a law firm), state that the FAA did not
articulate a justification for the proposed change to the MOA and did
not explain the findings underlying its conclusion that the change is
in the best interest of the Government and the public. As explained
below, today's change is justified by disclosure and openness
requirements set forth in Federal law, executive branch directives and
policies, and court decisions.
The Openness Promotes Effectiveness in our National Government Act
of 2007 (the Open Government Act or the Act), Public Law 110-174 (Dec.
31, 2007), promotes openness in Government and enhances the Freedom of
Information Act (FOIA) statute (5 U.S.C. 552) by requiring Federal
agencies to be more transparent in their responses to FOIA requests. In
particular, the Act strengthens FOIA ``to promote accessibility,
accountability, and openness in Government,'' finding:
The American people firmly believe that our system of
government must itself be governed by a presumption of openness;
FOIA establishes a ``strong presumption in favor of
disclosure;''
``Disclosure, not secrecy, is the dominant objective'' of
FOIA; and
Congress should ensure that the Government ``remains open
and accessible to the American people and is always based not upon the
`need to know' but upon the fundamental `right to know.''' 5 U.S.C. 552
note.
The Open Government Act underlines Congress' heightened interest in
a Federal agency's responsiveness to, and compliance with, FOIA
requests and disclosures, respectively. This Congressional support of
openness and disclosure of agency records and information informs the
FAA's decision to change its policy to one of presumed disclosure of
the ASDI data-feed to the public.
Similarly, the Presidential Memorandum on Transparency and Open
Government (January 21, 2009), the Presidential Memorandum on the
Freedom of Information Act (January 21, 2009), an Office of Management
and Budget (OMB) Open Government Directive (December 8, 2009), a U.S.
Dept. of Justice Attorney General FOIA Memorandum (March 19, 2009), and
a DOT Open Government Plan (2010-2015) require transparency in, and
disclosure of, Government information. http://www.dot.gov/open/plan.
In particular, the Presidential Open Government Memorandum
announced the Obama Administration's commitment to ``creating an
unprecedented level of openness in Government'' and ``establish[ing] a
system of transparency, public participation, and collaboration.'' It
directed departments and agencies to put information about their
operations [and decisions] online and make it ``readily available to
the public.'' The OMB Open Government Directive, which implemented the
Presidential Memorandum, states that, with respect to information ``the
presumption shall be in favor of openness'' in order ``to
[[Page 32261]]
increase accountability, promote informed participation by the public,
and create economic opportunity.'' The Presidential FOIA Memorandum
instructs Federal agencies, including the FAA, that FOIA should be
administered with a ``clear presumption: in the face of doubt, openness
prevails.'' It further provides:
The Government should not keep information confidential merely
because public officials might be embarrassed by disclosure, because
errors and failures might be revealed, or because of speculative or
abstract fears. (italics supplied)
The Attorney General FOIA Memorandum reinforces the principle that
openness is the Government's default position for FOIA issues, directs
an agency not to withhold information simply because it may do so
legally, and encourages agencies to post information online in advance
of FOIA requests. The DOT Open Government Plan requires the Department
to be ``even more transparent, participatory, and collaborative'' and
to release data ``proactively'' making it available online.
Under these Executive Branch policies and directives, the FAA
cannot retain the default position of concealing information about
general aviation aircraft flights on public ASDI data-feeds simply
because of generalized privacy or security concerns. Rather, the FAA's
default position must be one of openness. Accordingly, the FAA has
determined that only a Certified Security Concern would justify
nondisclosure of general aviation aircraft, or on-demand aircraft,
flights.
The change in the MOA, to display general aviation aircraft, and
on-demand aircraft, on the ASDI and NASSI data-feed websites in the
absence of a Certified Security Concern, is in the best interests of
the Government and the public. The NBAA says this change is not
necessary because the FAA has disclosed no complaints from the public
about the lack of ASDI or NAASI information or abuse of the BARR
program by private aircraft. But complaints by the public are not pre-
conditions to providing information to the public. Rather, Government
disclosure of information it collects is an integral part of a
constitutional democracy and informed public. By proactively disclosing
information, the FAA is forestalling complaints about lack of access to
Government-provided information and about potential abuse by private
aircraft owners or operators of any aircraft blocking programs. As
Congress recognized in its findings to the Open Government Act of 2007
(Pub. L. 110-175, Dec. 31, 2007; 5 U.S.C. 552 note), ``our
constitutional democracy, our system of self-government, and our
commitment to popular sovereignty depends upon the consent of the
governed; such consent is not meaningful unless it is informed
consent.'' 5 U.S.C. 552 note, Sec. 2(1)(A)-(B).
Additionally, two recent and significant court decisions inform the
FAA's decision regarding whether general aviation aircraft, or on-
demand aircraft, identities should be kept private. The first, Federal
Communications Commission (FCC) v. AT&T, Inc., 131 S. Ct. 1177 (2011),
affirmed the FCC's finding that FOIA Exemption 7 does not protect a
business' privacy because the term ``personal privacy'' does not extend
to corporations. The second, National Business Aviation Association
(NBAA) v. Federal Aviation Administration, 686 F. Supp. 2d 80 (D.D.C.
2010), affirmed the FAA's decision to release the list of NBAA members'
aircraft registration numbers, because they were not protected under
FOIA Exemption 4 as ``commercial'' information; nor were they protected
under Exemption 6, which does not reach the privacy interests of
businesses or corporations.
These intervening developments--by Congress, the Executive Branch,
and the courts--caused us to reconsider whether it is in the best
interest of the Government and the public to exclude from public view
general aviation aircraft flight displays in the absence of a Certified
Security Concern. As set forth above, given the strong public interest
in openness and disclosure, we find that it is not.
Rationale for Certified Security Concern Requirement
The Open Government initiatives described above, however, do not
mandate that Federal agencies disclose information on a carte blanche
basis. See OMB Open Government Directive at 2 (``the presumption [with
respect to Government information] shall be in favor of openness (to
the extent permitted by law and subject to valid privacy,
confidentiality, security or other restrictions))'' (italics supplied);
Attorney General's FOIA Memorandum at 1 (``disclosure obligation under
the FOIA is not absolute. The Act provides exemptions to protect, for
example, national security, personal privacy, privileged records, and
law enforcement interests''); DOT Open Government Plan version 1.2,
Overview (DOT will ``increase agency transparency and accountability by
* * * continuing to release DOT data in a timely manner by proactively
making it available online in consistent, open formats, while assuring
accuracy and protecting privacy, security, and confidentiality''). The
FAA carefully considered whether the privacy and security concerns for
blocking the general aviation aircraft and on-demand aircraft from ASDI
data-feeds were ``valid'' under the OMB Open Government Directive and
thereby subject to protection and non-disclosure.
The Presidential FOIA Memorandum is instructive in defining the
term ``valid'' for purposes of withholding aircraft identification
numbers from disclosure on ASDI/NASSI data feed. It instructs Federal
agencies not to keep information confidential based on potential
embarrassment or ``speculative or abstract fears.''
In applying the ``validity'' standard to an FAA request to
selectively block aircraft identification numbers on ASDI/NASSI data-
feed, it is logical to utilize the Treasury Regulation governing
``Employer-provided transportation for security concerns.'' That
regulation contains two features that make it applicable to these
circumstances. First, it specifically applies to air transportation,
expressly referring to ``flights on the employer's aircraft'' (26 CFR
1.132-5(m)(1), (2)(iii)) and to ``employer-provided aircraft,'' (26 CFR
1.132-5(m)(4)). Second, it acknowledges concrete, non-speculative, non-
generalized reasons for a security concern justifying use of corporate
aircraft for personal flights. These reasons include as an ``overall
security program,'' factors such as a threat of death or kidnapping of
or serious bodily harm to the employee, or a recent history of violent
terrorist activity in the geographic area in which the transportation
is provided. 26 CFR 1.132-5(m)(2).
The NBAA, NATA, McAfee & Taft P.C., Patton Boggs LLP, Peregrine
Jet, LLC, Sprint United Management Company, and others comment that the
Certified Security Concern requirement establishes an unjustifiably
high bar and creates a test that the FAA lacks the ability to
administer. We disagree. The new test is justified as complying with
the Open Government policies and directives. As discussed above, a
generalized, non-specific security concern would not constitute a
``valid'' concern under the Executive Branch directives. Moreover, the
FAA, in most cases, anticipates relying on good-faith certifications.
Today's change to the MOA also comports with the NBAA FOIA decision
as it relates to security concerns posed by the release of flight data.
There, the court found it ``highly unlikely'' that the
[[Page 32262]]
FOIA release of the aircraft registration numbers would impact the
security of aircraft or aircraft passengers. 686 F. Supp.2d at 87. The
court stated that the public would receive only registration numbers,
would not receive any other identifying or associated narrative, and
the after-the-fact FOIA disclosure would not permit investigation of
real-time location data. Likewise, the types of disclosures facilitated
by today's amendment to the MOA are unlikely to impact the security of
aircraft or aircraft passengers. The public ASDI/NASSI data-feed is not
in real-time. Nevertheless, those aircraft owners or operators
demonstrating Certified Security Concerns may have their aircraft
identification withheld from public view.
The NBAA and MEDEX Global Solutions also question whether a U.S.
Department of Homeland Security (DHS) Transportation Security
Administration (TSA) Advisory-Security Information for Aircraft Owner/
Operators & Airport Managers (April 20, 2006)--should qualify as a
Valid Security Concern and a basis for non-disclosure. The TSA Advisory
references an Arabic web forum message explaining how to identify
private American jets and urging Muslims to destroy all such aircraft.
This Advisory is generalized and, without more information or data,
would not constitute an individualized threat to particular general
aviation aircraft to satisfy the requirements of a ``valid'' security
concern.
Application of Certified Security Concern to Corporate Aircraft
Occupants and to On-Demand Air Charters
The NATA and others comment that the Certified Security Concern
standard is too narrow and suggest that, at a minimum, it not only
apply to an employee but extend to persons such as corporate directors,
guests, and key shareholders who are authorized to use corporate
aircraft. NATA also suggests that the Certified Security Concern cover
on-demand air charters, operating under 14 CFR part 135, which
currently participate in the FAA Block program to prevent unwanted
tracking of the clientele they serve.
The FAA clarifies that the Certified Security Concern does extend
to the security of the aircraft passengers who may not be employees of
the aircraft owner or operator. Therefore, assuming a Valid Security
Concern exists for corporate directors, guests and/or key shareholders,
a Valid Security Concern may be provided to the FAA by a general
aviation aircraft owner or operator who carries such passengers. If the
FAA has sufficient advance notice of the Valid Security Concern, the
FAA will block the aircraft data. The FAA does not intend the scope of
the Valid Security Concern to be limited solely to the security of the
aircraft owner's key employees.
The FAA will accommodate a Valid Security Concern for certain
passengers on an on-demand aircraft, assuming a certification is
submitted and the FAA has sufficient advance notice, which is a minimum
of thirty days, to block the aircraft data. The request would also need
to specify the period of time during which a Valid Security Concern
will exist regarding the security of the aircraft or aircraft
passengers.
Privacy Concerns
Many commenters, individuals and those representing a wide spectrum
of industry, including Altria Client Services, ConocoPhillips, Devon
Energy Corporation, Federal Express Corporation, GAMA, Gaylord
Entertainment Company, Jim Wilson & Associates, LLC (a real estate
development company), the NBAA, NATA, Proctor & Gamble Company, and
Sprint United Management Company, claimed that the FAA is improperly
ignoring the privacy and/or business concerns of the corporate aircraft
owners, key employees, shareholders, executives, and/or passengers and
occupants of other general aviation or on-demand charter aircraft. The
FAA finds that these concerns previously were rejected in the context
of FOIA Exemption 4 (5 U.S.C. 552(b)(4)) (pertaining to ``commercial''
information), FOIA Exemption 6 (5 U.S.C. 552(b)(6)) (pertaining to
``personnel files'' and ``personal privacy''); and FOIA Exemption 7(C)
(5 U.S.C. 552(b)(7)(C)) (pertaining to ``personal privacy'' rights).
Courts rejected the privacy concerns raised by commenters in the
analogous FOIA context and FAA does not find that they have identified
a material basis to treat the FAA's release of time-delayed NAS data
differently.
The FOIA Exemption 4 and 6 issues were addressed in the NBAA case,
a ``reverse'' FOIA case. There, a Federal district court granted the
FAA's summary judgment motion that general aviation aircraft
registration numbers are releasable. The court found that general
aviation aircraft registration numbers are not protected ``commercial''
information (under FOIA Exemption 4) when released as historical ASDI
website data, that FOIA Exemption 4 does not protect personal
information, and that FOIA Exemption 6 does not protect the privacy
interests of businesses or corporations.
FOIA Exemption 4 protects from disclosure ``trade secrets and
commercial or financial information obtained from a person and
privileged or confidential.'' 5 U.S.C. 552(b)(4). The court affirmed
the FAA's finding that the registration numbers were not protected as
``commercial'' under Exemption 4, because the registration numbers do
not provide commercial information. Although the NBAA argued in that
case that the ASDI data release could result in public knowledge of
``sensitive negotiations, likely business transactions or future
movement of senior company leadership possibly jeopardizing their
security as well as proprietary business information,'' the court found
the public would not be able to determine the identity of the
occupants, discover the business purpose of the flight, track the
flight in real-time, or discern the reasons the aircraft owner had for
blocking the information. 686 F. Supp. 2d at 86-87. Rather, with
further inquiry and using the registration numbers, the public could
find only the name of the owner who sought to block the information
disclosure, the make and model of the aircraft, and flight data,
without any narrative.
After finding that the registration numbers did not constitute
commercial information within the meaning of FOIA Exemption 4, the
court addressed NBAA's contention that that data should be protected
under privacy and security interests because its release would
compromise the privacy and security of the aircraft and their ``high
profile'' occupants. As to the privacy interest, the court found that
``personal privacy'' concerns of general aviation aircraft occupants
are not a relevant concern under Exemption 4, because that exemption
covers ``confidential commercial information.'' 686 F.Supp.2d at 87.
Turning to Exemption 6, which exempts from public disclosure
``personnel and medical files and similar files the disclosure of which
would constitute a clearly unwarranted invasion of personal privacy,''
the court found it does not provide a basis for protecting asserted
privacy interests of general aviation aircraft owners or operators. It
held that FOIA Exemption 6 ``does not extend to * * * businesses or
corporations.'' Id. See also FCC, 131 S. Ct. at 1184 (``[W]e have
regularly referred to [Exemption 6] as involving an individual's right
to privacy.'')
With regard to Exemption 7, the Supreme Court in FCC v. AT&T
recently decided that a corporation has no
[[Page 32263]]
``personal privacy'' rights under that provision. Exemption 7(C)
protects from disclosure ``records or information compiled for law
enforcement purposes, but only to the extent that [their] production *
* * could reasonably be expected to constitute an unwarranted invasion
of personal privacy.'' 5 U.S.C. 552(b)(7)(C). Thus, the Court rejected
the notion that a corporation may claim a privacy interest in
protecting information that would ``embarrass'' it. 131 S. Ct. at 1181.
The Court explained that, as a matter of tort common law, the concept
of ``personal privacy'' did not apply to corporations. Id. at 1183-84.
Many of the commenters, particularly NBAA, NATA and McAfee & Taft,
state that disclosure of the aircraft identification numbers on the
ASDI/NASSI data-feeds constitutes an unwarranted invasion of privacy of
aircraft owners and operators. They believe that disclosure is a threat
to the competitiveness of U.S. companies, because it may enable
interested persons to track potential business transactions or
mergers.As stated in Section 9 of the MOA, the Privacy Act (5 U.S.C.
552a) does not protect the ASDI Web site information:
The protection of such information [flight information of
general aviation operators] is not covered under the Privacy Act (5
U.S.C. 552a), and the cost of developing and operating the technical
mechanisms required to manage that information exceeds available FAA
resources.
Aircraft registration information (including aircraft type, current
status and ownership of aircraft, registration number, etc.) is in a
System of Records protected by the Privacy Act. (See System Notice for
Privacy Act Record System, DOT/FAA 801, Aircraft Registration System;
65 FR 19,518 (Apr. 11, 2000). As stated in the System Notice, however,
one of the routine uses of this information is to ``[m]ake aircraft
registration data available to the public.'' Id.
Moreover, some commenters, including the NBAA and McAfee & Taft
P.C., claim that disclosure of general aviation aircraft on the ASDI/
NAASI database would unlawfully allow the tracking of aircraft, in
violation of the Fourth Amendment's protection against unreasonable
searches and seizures and would amount to a type of ``warrantless
government surveillance.'' The Fourth Amendment protections against
unreasonable searches and seizures, however, are not applicable to the
ASDI/NAASI database. The FAA is not tracking aircraft in the context of
enforcing criminal statutes; rather it tracks aircraft operating under
IFR, for safety purposes and to manage the efficient use of the
navigable airspace. Therefore, any concerns about warrantless
surveillance are not relevant to the ASDI/NAASI database disclosure.\2\
---------------------------------------------------------------------------
\2\ The NBAA refers to a ``search and seizure case,'' United
States v. Maynard, 615 F.3d 544 (D.C. Cir. 2010), holding that the
police may not use a GPS device to track a suspect for a prolonged
period. This decision is in the minority and does not supersede the
holding in United States v. Knotts, 460 U.S. 276 (1983) that ``[a]
person traveling in an automobile on public thoroughfares has no
reasonable expectation of privacy in his movements from one place to
another.'' 460 U.S. at 281.
---------------------------------------------------------------------------
The commenters further contend that the FAA is required by privacy
expectations to continue to block general aviation and on-demand
aircraft. They point to various Federal statutes through which Congress
has directed state and Federal agencies to protect individuals' privacy
interests.\3\ The NATA states that, because the privacy interests of
aircraft owners are similar to those of automobile owners, the FAA
should adapt the protections in Drivers Privacy Protection Act of 1994
to general aviation aircraft owners and operators.
---------------------------------------------------------------------------
\3\ The NBAA, for example, cites to a collection of statutes
(the Telemarketing and Consumer Fraud and Abuse Prevention Act; the
Telephone Consumer Protection Act of 1991; the Internal Revenue
Service confidentiality requirements in 26 U.S.C. 6103; the Family
Educational Rights and Privacy Act; the Health Insurance Portability
and Accountability Act; the Fair Credit Reporting Act; the
Children's Online Privacy Protection Act; the Telephone Consumer
Protection Act; the Electronic Communications Privacy Act; the Cable
Communications Policy Act; the Video Privacy Protection Act; the
Gramm-Leach Bliley (Financial Services Modernization Act); the
Controlling the Assault of Non-Solicited Pornography and Marketing
Act; the Health Information Technology for Economic and Clinical
Health Act) and FTC/Department of Commerce Internet Policy Task
Force reports and proposed legislation in the area of privacy, as
examples that the FAA should follow.
---------------------------------------------------------------------------
The FAA notes that the Federal statutes and policies on privacy
referred to by the NBAA and the NATA pertain to other Federal and State
agencies and interests and not to the FAA's ASDI/NASSI database
program. The FAA may not adopt, for purposes of finding ``valid''
privacy concerns on the part of aircraft owners or operators or their
passengers, the statutes that are applicable in other situations simply
because Congress has seen fit to authorize certain Federal agencies or
States to regulate and enforce specific privacy protections. The
Executive Branch policies authorize a Federal agency to withhold from
disclosure only information that is supported by ``valid'' privacy or
security concerns.
Administrative Processes
The NBAA also asserts that the Notice did not comply with
administrative procedures.\4\ The FAA, however, need not comply with
the Administrative Procedure Act (APA), 5 U.S.C. 551 et seq., to effect
changes to the MOA, because it simply is modifying an agreement it has
entered into with Subscribers to access FAA data under the FAA's
procurement authority, 49 U.S.C. 106(l)(6), which is independent of the
APA. The MOA change is designed to improve the FAA's management of its
data to enhance transparency and openness to the public. The FAA is
taking this action after evaluating the public interest, and the action
is in full accordance with the agency's public interest
responsibilities on behalf of Open Government and transparency.
---------------------------------------------------------------------------
\4\ The NBAA states that the Notice needs to conform to
Executive Order 12866, 64 Federal Register, Part VIII (Oct. 4,
1993), ``Regulatory Planning and Review,'' which requires an
identification of the problem the agency intends to address. EO
12866 is not, by its terms, applicable here, because the Notice
merely amends a voluntary Memorandum of Agreement between the FAA
and Subscribers to an FAA-provided data-feed. Even if the Executive
Order applied, the Notice identifies the problem it intends to
address--that is, to improve the transparency and openness on the
FAA ASDI- and NASSI data-feeds to the public, in compliance with the
Executive Branch Open Government directives and policies.
---------------------------------------------------------------------------
Additionally, the Executive Orders do not create any enforceable
substantive or procedural right against the United States.\5\
Consequently, the procedures and Executive Orders cited by NBAA are not
controlling in this situation. As stated in section 4 of MOA, the FAA's
authority to enter into it ``is governed by'' 49 U.S.C. 106(l)(6). That
statutory provision states that:
---------------------------------------------------------------------------
\5\ Id., EO 12866; see also, Executive Order 13563, Sec. 7(d),
``General Provisions,'' 76 FR 3,821 (Jan. 21, 2011), ``Improving
Regulation and Regulatory Review.''
The [FAA] Administrator is authorized to enter into and perform
such contracts, leases, cooperative agreements, or other
transactions, as may be necessary to carry out the functions of the
Administrator and the Administration [FAA]. The Administrator may
enter into such contracts, leases, cooperative agreements, and other
transactions with any * * * person, firm, association, corporation,
or educational institution, on such terms and conditions as the
---------------------------------------------------------------------------
Administrator may consider appropriate.
Amending section 9 of the MOA as proposed is merely a change to the MOA
``terms and conditions'' that the Administrator deems appropriate,
consistent with the change procedure set forth in the MOA. The MOA is
not an FAA rule, and amendment of the MOA does not, in itself, require
the FAA to adhere to the rulemaking process set forth in the APA.
Nevertheless, this amendment to the MOA is arguably a change to FAA
[[Page 32264]]
policy that affects members of the public, and, the FAA has accordingly
complied and is fully complying with the APA for purposes of adequately
informing the public of the proposed change and providing them with
sufficient time to comment. For example, the Notice provided the
statement of the basis and purpose of the proposed change--that of the
best interest of the Government and of providing public knowledge of
information about aircraft that has been judicially determined, not to
be protected as commercial or privacy-protected information. As
described above, disclosure of the information is also justified by the
Open Government Act and Open Government Presidential directives and
executive orders and policies.
The NBAA states that DOT Order 2100.5 (1980), pertaining to
streamlining regulations, requires the FAA's Notice to be clear, based
on necessity, consider alternatives, and not impose unnecessary
burdens. The DOT Order, however, is not legally binding; it serves for
internal guidance and procedural purposes only, without creating any
requirements. Moreover, the FAA Notice clearly and adequately states
the proposed change in the MOA and the basis for the change. It
proposed, for comment, an alternative to the current, broad exclusion
from ASDI/NASSI data-feed for general aviation aircraft owner and
operators. The comments reflected the parties' understanding of the
proposed change, the reasons for the change, and suggested alternatives
to the proposed change. Accordingly, the FAA provided adequate notice
for informed comment. The 30 day comment period was sufficient and
complied, to the extent applicable, with the APA. The FAA received no
requests for further time within which to accept comments.
The NBAA also asserts that the Notice did not discuss or analyze
the costs and benefits associated with the new restrictions, under
Executive Orders 12866 and 13563. However, the Notice does not
constitute a regulation subject to a cost/benefit analysis. Rather, it
is at most merely a change in policy regarding how and when the FAA
will release public information. Further, even if the Notice was
subject to cost/benefit analysis, the commenters did not submit data,
information, or statistics on costs, if any, that they might assert to
be associated with the Notice. In any event, the costs associated with
compliance with a Certified Security Concern already have been
undertaken by corporations or businesses to comply with the Treasury
regulation and, for companies or individuals that are concerned about
security threats, the costs to ascertain and verify such threats would
have inherent benefits to those concerned. The benefits to disclose, in
the ASDI/NASSI data-feed, those aircraft without Certified Security
Concerns, would inure to the public in the form of more transparency
and openness as to the use by general aviation aircraft of the
Federally-subsidized airports and airways.
Modified Section 9 of the MOA
Accordingly, section 9 of the MOA is hereby modified as follows:
9. Security Interests
The ASDI and NASSI data includes the near real time position and
other flight data associated with civil instrument flight rules (IFR)
aircraft. While commercial operators conduct business according to a
published listing of service and schedule, general aviation operators
and on-demand air charter aircraft operating under 14 CFR part 135
(``on-demand aircraft'') do not. It is possible that public knowledge
of the ASDI and NASSI data of certain general aviation and on-demand
aircraft operators could compromise the security of individuals or
property. General aviation aircraft identification numbers must be
excluded from public ASDI and NASSI data-feeds in the event a general
aviation aircraft owner or operator provides the FAA, at least
annually, a written certification (a ``Certified Security Concern'')
that (a) the facts and circumstances establish a Valid Security Concern
regarding the security of the owner's or operator's aircraft or
aircraft passengers; or (b) the general aviation aircraft owner or
operator satisfies the requirements for a bona fide business-oriented
security concern under Treasury Regulation 1.132-5(m). On-demand
aircraft identification numbers must be excluded from public ASDI and
NASSI data-feeds in the event an on-demand aircraft operator provides
the FAA, with a minimum of thirty days' advance notice and
specification of the period of time during which a Valid Security
Concern will exist with respect to that aircraft, a written
certification that the facts and circumstances establish a Valid
Security Concern regarding the security of the aircraft or aircraft
passengers. The FAA will provide the Direct Subscribers, on a monthly
basis, a list of the aircraft covered by a Certified Security Concern.
A Valid Security Concern is a verifiable threat to person, property
or company, including a threat of death, kidnapping or serious bodily
harm against an individual, a recent history of violent terrorist
activity in the geographic area in which the transportation is
provided, or a threat against a company. The FAA will no longer
accommodate any ASDI- or NASSI- related security or privacy requests,
except such Certified Security Concern. All Direct Subscribers (as a
condition of signing this MOA) and Indirect Subscribers (as a condition
of signing agreements with Direct Subscribers) must block any general
aviation aircraft, and on-demand aircraft, registration numbers
included on the FAA-provided list of aircraft covered by a Certified
Security Concern. If the FAA determines that any Direct or Indirect
Subscriber develops or markets products that violate this provision,
the FAA's rights under Section 15 shall apply.
Conclusion
For the reasons set forth above, effective 60 days from the date of
this Notice, the FAA will no longer accommodate requests to bar the
release of aircraft flight tracking data unless an aircraft owner or
operator provides a Certified Security Concern, as defined in this
Notice. Absent a Certified Security Concern by a general aviation
aircraft owner or operator (and absent a Valid Security Concern by an
on-demand aircraft), the FAA will disclose aircraft on its ASDI and
NASSI websites and will not request that Subscribers exclude those
aircraft on the public (time-delayed) ASDI- and NASSI data-feeds. The
information to be disclosed on the ASDI/NASSI data-feeds would include
the aircraft position, call sign, airspeed, heading and flight plan as
well as status of airport runway visual range, special use airspace
data and status of other NAS components. The FAA will maintain the
current system of blocking the release of aircraft tracking data until
the effective date of the Notice.
To be blocked from the ASDI/NASSI data-feeds, any general aviation
aircraft owner or operator covered by a Certified Security Concern must
submit such concern within 30 days from the date of this Notice and at
least annually thereafter to the FAA by electronic mail at
CertifiedSecurityConcern@faa.gov or by regular mail at FAA Certified
Security Concern; ATO System Operations Services; Room 1002; 800
Independence Avenue, SW.; Washington, DC 20591. An on-demand aircraft
covered by a Valid Security Concern must similarly submit such concern
on a minimum of 30 days' notice and specify the period of time during
which such a security concern will exist with respect to the aircraft
or
[[Page 32265]]
aircraft passengers. Any such submission must specify whether such
request is to block the aircraft identification number prior to the
FAA's release of the data-feed, or to block the aircraft identification
number from release by the Direct Subscribers. Should a specific
request not be made, the FAA will block the identification number prior
to its release of the data-feed.
The FAA will contact each Direct Subscriber to execute a revised
MOA, incorporating the modified section nine, within 60 days of this
Notice.
Issued in Washington, DC, on May 27, 2011.
Marc L. Warren,
Acting Chief Counsel, Federal Aviation Administration.
[FR Doc. 2011-13757 Filed 6-2-11; 8:45 am]
BILLING CODE 4910-13-P