[Federal Register Volume 76, Number 107 (Friday, June 3, 2011)]
[Notices]
[Pages 32258-32265]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2011-13757]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Federal Aviation Administration

[Docket No. FAA-2011-0183]


Access to Aircraft Situation Display (ASDI) and National Airspace 
System Status Information (NASSI)

AGENCY: Federal Aviation Administration (FAA), DOT.

ACTION: Notice of modification to the FAA/Subscriber Memorandum of 
Agreement (MOA).

-----------------------------------------------------------------------

SUMMARY: The FAA has decided that it is in the best interests of the 
United States Government and the general public to modify Section 9 of 
the June 1, 2006 MOA for Industry Access to Aircraft Situation Display 
(ASDI) and National Airspace System Status Information (NASSI) data, 
between the FAA and Direct Subscribers to ASDI and NASSI data-feeds. In 
recognition of the fact that the Privacy Act does not protect general 
aviation operators and on-demand air charter aircraft operating under 
14 CFR part 135 (``on-demand aircraft'') from public knowledge of their 
flight information, the FAA will require Direct Subscribers (as a 
condition of signing the MOA) and Indirect Subscribers (as a condition 
of signing agreements with Direct Subscribers) to block from ASDI and 
NASSI data-feeds available to the public any general aviation aircraft 
or on-demand aircraft the registration number for which a Certified 
Security Concern has been provided to the FAA by electronic mail at 
[email protected] or by regular mail at FAA Certified 
Security Concern, ATO System Operations Services; Room 1002, 800 
Independence Avenue, SW., Washington, DC 20591. The FAA will no longer 
accommodate any ASDI- or NASSI-related security or privacy requests, 
except such Certified Security Concern.

DATES: A Certified Security Concern will be due within July 5, 2011. 
The MOA amendment will be effective August 2, 2011.

FOR FURTHER INFORMATION CONTACT: Mr. Barry Davis by telephone at (540) 
422-4650 or by electronic mail at [email protected].

SUPPLEMENTARY INFORMATION: The navigational facilities and services in 
the national airspace system (NAS)--including the air traffic 
controllers, radar- and satellite-based systems, air traffic control 
towers and centers, and the like--are funded through the Airport and 
Airway Trust Fund and the taxpayer-supported general fund,

[[Page 32259]]

administered by the FAA. The aviation industry, when operating under 
instrument flight rules (IFR), must provide flight-tracking data to the 
FAA, which the FAA uses for traffic flow management purposes.
    In 1997, the FAA began to make air traffic flow management data 
available to the aviation and other industries through its Enhanced 
Traffic Management System (ETMS) Hubsite. The data consists of near 
real time position and other relevant flight data for every civil IFR 
aircraft receiving radar services within the NAS. The data is called 
aircraft situation display to industry (ASDI) and is filtered to 
exclude military and sensitive operations such as Presidential flights, 
drug interdiction flights, and other law enforcement and military 
efforts. The ASDI data-feed includes position (latitude and longitude) 
of aircraft, the aircraft's call sign, airspeed, altitude, heading, and 
flight plan information including origination and destination airports. 
14 CFR 91.169. The information allows tracking of individual flights 
through the conclusion of each flight.
    In 1998, the FAA released selective data elements of the national 
airspace system status information (NASSI) to industry to enhance the 
benefits to the ASDI data; which increases the dispatching flexibility 
for airlines enabling them to more efficiently manage their aircraft 
and crew and other operational resources. The NASSI data includes 
information on the status of airport runway visual range and special 
use airspace data as well as the status of other NAS components. At 
this time, the FAA granted access to the ASDI and NASSI data to 
Subscribers through a memorandum of agreement (MOA), which set forth 
the rights and responsibilities of the FAA and Direct Subscribers of 
the ASDI/NASSI data.
    The publicly available ASDI hubsite, however, does not display 
complete information, due primarily to concerns of the National 
Business Aviation Association (NBAA) to limit public knowledge of 
flight paths of general aviation aircraft. In 1997, the NBAA began 
working with the FAA and ASDI Subscribers to develop a system to 
protect the personal privacy, as well as the security, of the NBAA 
members. This effort has culminated in a system under which general 
aviation aircraft owners or operators and on-demand aircraft have the 
ability to ``block'' aircraft identification information from the ASDI 
data feed at two levels, one at the FAA source (the FAA ETMS Hubsite) 
and a second via the FAA's agreement regarding the data displayed by 
ASDI Direct Subscribers. In these two ways, the publicly available Web 
sites either do not receive or filter from display certain general 
aviation corporate and other aircraft.
    Under the ``block'' system between the NBAA and the FAA, the NBAA 
submits monthly to the FAA an updated list of aircraft to be blocked at 
the FAA source of the ASDI data feed. The FAA Block List consists of 
the aircraft registration numbers of those owners who want their 
aircraft to be blocked completely from distribution to Subscribers. 
This FAA Block List will filter all flight data information, which the 
FAA will not distribute to any Subscriber.
    In contrast, under the ``block'' system between the aircraft owners 
and Direct Subscribers, the aircraft owners have filled out a Block 
Aircraft Registration Request (BARR) form, which the NBAA circulates 
monthly to all known Direct Subscribers. The BARR List contains 
aircraft call signs that owners wish to have blocked from public 
distribution. The FAA does not use or manage the list but section nine 
of the MOA has required Direct Subscribers to honor such requests.
    In 2000, Congress directed the FAA to require that ASDI Direct 
Subscribers demonstrate the capability to selectively block the display 
of any data related to any identified aircraft registration number and 
agree to selective blocking upon the Administrator's request. 49 U.S.C. 
44103, note (Pub. L. 106-181, Apr. 5, 2000, Sec.  729, Aircraft 
Situational Display Data (ASDD)). The Aircraft Situational Display Data 
provision reads:
    (a) In general.--A memorandum of agreement between the 
Administrator and any person that directly obtains aircraft situational 
display data from the Federal Aviation Administration shall require 
that--
    (1) The person demonstrate to the satisfaction of the Administrator 
that the person is capable of selectively blocking the display of any 
aircraft-situation-display-to-industry derived data related to any 
identified aircraft registration number; and
    (2) The person agree to block selectively the aircraft registration 
numbers of any aircraft owner or operator upon the Administration's 
request.
    (b) Existing memoranda to be conformed.--Not later than 30 days 
after the date of the enactment of this Act, the Administrator shall 
conform any memoranda of agreement, in effect on such date of 
enactment, between the Federal Aviation Administration and a person 
under which that person obtains aircraft situational display data to 
incorporate the requirements of subsection (a).
    Section nine of a 2006 MOA between the FAA and Direct Subscribers 
addresses the 2000 legislative directive.\1\ Under this section, the 
FAA states that it accommodates industry initiatives that collect 
requests from general aviation aircraft owners to exclude their 
aircraft from ASDI data feeds available to the public, either in near 
real-time or in recorded (historical) format. The FAA further requires 
Direct Subscribers and Indirect Subscribers to respect the privacy and 
security interests of the general aviation aircraft owners or operators 
when developing or marketing ASDI or NASSI-based products. Due to these 
arrangements between the FAA, the general aviation aircraft operators, 
and the Direct and Indirect Subscribers, the public currently does not 
have access to concrete information about a large number of users of 
the NAS.
---------------------------------------------------------------------------

    \1\ Section nine of the MOA provides:
    The ASDI and NASSI data includes the near realtime position and 
other flight data associated with civil instrument fight rules (IFR) 
aircraft. While commercial operators conduct business according to a 
published listing of service and schedule, general aviation 
operators do not. It is possible that public knowledge of the flight 
information of general aviation operators could compromise the 
privacy and/or security of individuals. The protection of such 
information is not covered under the Privacy Act (5 U.S.C. 552a), 
and the cost of developing and operating the technical mechanisms 
required to manage that information exceeds available FAA resources. 
The FAA recognizes that certain industry initiatives exist to 
collect requests from aircraft owners to exclude their aircraft from 
ASDI data feeds available to the public, either in near real time or 
in recorded (historical) format. The FAA accommodates these 
initiatives to the extent they support and respect these privacy and 
security interests. All Direct Subscribers (as a condition of 
signing this MOA) and Indirect Subscribers (as a condition of 
signing agreements with Direct Subscribers) are asked to consider 
and respect these privacy and security interests when developing 
and/or marketing ASDI and/or NASSI-based products. If the FAA 
determines that any Direct and/or Indirect Subscribers develop and/
or market products that violate this provision, the FAA's rights 
under Section 15 [Termination of this Agreement] shall apply.
    The MOA further defines a Direct Subscriber as an entity that 
receives the ASDI/NASSI data directly from the FAA ETMS Hubsite; an 
Indirect Subscriber is an entity that receives the ASDI/NASSI data 
from a Direct Subscriber or another Indirect Subscriber.
---------------------------------------------------------------------------

    Today's change to FAA policy and the MOA will disclose the aircraft 
on the ASDI (time-delayed) Web site unless the general aviation owner 
or operator, or on-demand aircraft, submits to the FAA a Certified 
Security Concern. A Certified Security Concern would be based on either 
(a) the facts and circumstances establishing a Valid Security Concern 
(i.e., a verifiable threat to person, property or company, including a 
threat of death, kidnapping or serious bodily

[[Page 32260]]

harm against an individual, a recent history of violent terrorist 
activity in the geographic area in which the transportation is 
provided, or a threat against a company); or (b) the general aviation 
aircraft owner or operator satisfying the requirement for a bona fide 
business-oriented security concern under Treasury Regulation 1.132-
5(m), ``Employer-provided transportation for security concerns,'' 26 
CFR 1.132-5(m). A generalized security concern or privacy interest no 
longer will suffice to block the aircraft from the ASDI data feed. 
Absent appropriate certification, the ASDI data feed will disclose 
aircraft and flight specific information. It is important to note that 
this information does not disclose the identity of the occupants of the 
aircraft or the business or other purpose of the flight.
    Under section 7.1.8 of the MOA, the FAA is authorized, and has the 
sole right, with timely notification, to modify the MOA if it is in the 
best interests of the United States Government or the general public. 
As explained more fully below, the FAA finds that the modification of 
the MOA conforms to the Federal Open Government Act, complies with 
Executive Branch policies and directives, makes Federal Government 
information more open, transparent and accessible to the public, and 
carries out the DOT Open Government Directive promoting proactive 
release of DOT data. The aircraft registration numbers of blocked 
aircraft and the associated flight plans are already releasable under 
the Freedom of Information Act (FOIA) and are not protected personal 
information under the Privacy Act. An agency may change its policies 
when in the public interest and is not compelled to retain outdated 
policies. Accordingly, the MOA modification is in the best interests of 
the Government and the public.

Consistency With Aircraft Situational Display Data (ASDD) Law

    The NBAA and the National Air Transportation Association (NATA) 
state that the change to the MOA is not consistent with the ASDD 
provision, 49 U.S.C. 44103 note. Congress's intent behind the 
``selectivity'' portion of this provision, according to NBAA and NATA, 
was to authorize privacy on behalf of a general aviation aircraft owner 
and to give the FAA merely a secondary role of facilitating the 
blocking at an aircraft owner's request. The NATA states that the 
requirement for an ASDI Subscriber to demonstrate a capability to 
``selectively block'' data was intended to authorize the aircraft 
owner--not the FAA--to select the data to be blocked. The NBAA believes 
the ASDD provision was both intended to reinforce the existing BARR 
program and to ensure that the FAA continued its practice of honoring 
all blocking requests. They both contend that the FAA lacks discretion 
to determine which aircraft owners/operators are eligible for blocking 
and which requests it will forward to ASDI Subscribers.
    The FAA disagrees with the respective associations' contentions 
that today's proposal is inconsistent with the ASDD provision. The text 
of the ASDD provision (see above) contains two features--(1) that the 
Subscriber is capable of ``selectively blocking'' aircraft tail numbers 
from the ASDI and (2) that the Subscriber will selectively block such 
data ``upon the [FAA] Administration's request.'' The provision affords 
the FAA discretion in determining the circumstances under which it may 
``request'' the selective blocking of the data. There is nothing in the 
ASDD provision that impairs the FAA's ability to deny requests to block 
data and to display ASDI-data.
    Indeed, the ASDD provision does not direct the FAA to honor any or 
all requests of an aircraft owner. Rather, the FAA is authorized to 
make the request in circumstances it determines to be in the public 
interest. Therefore, the FAA may convey the request to the Subscriber 
on its own initiative or in response to a request made by an aircraft 
owner. In the latter circumstance, the FAA may look behind the reason 
for the aircraft owner's request to selectively block aircraft data. As 
explained further below, for reasons of transparency and in support of 
the Administration's Open Government efforts, the FAA has determined 
that requests for selective blocking should be honored only upon 
receipt of a Certified Security Concern.

Justification for Change in Policy

    Several commentators, including the NBAA, NATA, General Aviation 
Manufacturers Association (GAMA), Sprint United Management Company, 
Global Business Travel Association (GBTA), McAfee & Taft P.C. (a law 
firm), and Patton Boggs LLP (a law firm), state that the FAA did not 
articulate a justification for the proposed change to the MOA and did 
not explain the findings underlying its conclusion that the change is 
in the best interest of the Government and the public. As explained 
below, today's change is justified by disclosure and openness 
requirements set forth in Federal law, executive branch directives and 
policies, and court decisions.
    The Openness Promotes Effectiveness in our National Government Act 
of 2007 (the Open Government Act or the Act), Public Law 110-174 (Dec. 
31, 2007), promotes openness in Government and enhances the Freedom of 
Information Act (FOIA) statute (5 U.S.C. 552) by requiring Federal 
agencies to be more transparent in their responses to FOIA requests. In 
particular, the Act strengthens FOIA ``to promote accessibility, 
accountability, and openness in Government,'' finding:
     The American people firmly believe that our system of 
government must itself be governed by a presumption of openness;
     FOIA establishes a ``strong presumption in favor of 
disclosure;''
     ``Disclosure, not secrecy, is the dominant objective'' of 
FOIA; and
     Congress should ensure that the Government ``remains open 
and accessible to the American people and is always based not upon the 
`need to know' but upon the fundamental `right to know.''' 5 U.S.C. 552 
note.
    The Open Government Act underlines Congress' heightened interest in 
a Federal agency's responsiveness to, and compliance with, FOIA 
requests and disclosures, respectively. This Congressional support of 
openness and disclosure of agency records and information informs the 
FAA's decision to change its policy to one of presumed disclosure of 
the ASDI data-feed to the public.
    Similarly, the Presidential Memorandum on Transparency and Open 
Government (January 21, 2009), the Presidential Memorandum on the 
Freedom of Information Act (January 21, 2009), an Office of Management 
and Budget (OMB) Open Government Directive (December 8, 2009), a U.S. 
Dept. of Justice Attorney General FOIA Memorandum (March 19, 2009), and 
a DOT Open Government Plan (2010-2015) require transparency in, and 
disclosure of, Government information. http://www.dot.gov/open/plan.
    In particular, the Presidential Open Government Memorandum 
announced the Obama Administration's commitment to ``creating an 
unprecedented level of openness in Government'' and ``establish[ing] a 
system of transparency, public participation, and collaboration.'' It 
directed departments and agencies to put information about their 
operations [and decisions] online and make it ``readily available to 
the public.'' The OMB Open Government Directive, which implemented the 
Presidential Memorandum, states that, with respect to information ``the 
presumption shall be in favor of openness'' in order ``to

[[Page 32261]]

increase accountability, promote informed participation by the public, 
and create economic opportunity.'' The Presidential FOIA Memorandum 
instructs Federal agencies, including the FAA, that FOIA should be 
administered with a ``clear presumption: in the face of doubt, openness 
prevails.'' It further provides:

    The Government should not keep information confidential merely 
because public officials might be embarrassed by disclosure, because 
errors and failures might be revealed, or because of speculative or 
abstract fears. (italics supplied)

The Attorney General FOIA Memorandum reinforces the principle that 
openness is the Government's default position for FOIA issues, directs 
an agency not to withhold information simply because it may do so 
legally, and encourages agencies to post information online in advance 
of FOIA requests. The DOT Open Government Plan requires the Department 
to be ``even more transparent, participatory, and collaborative'' and 
to release data ``proactively'' making it available online.
    Under these Executive Branch policies and directives, the FAA 
cannot retain the default position of concealing information about 
general aviation aircraft flights on public ASDI data-feeds simply 
because of generalized privacy or security concerns. Rather, the FAA's 
default position must be one of openness. Accordingly, the FAA has 
determined that only a Certified Security Concern would justify 
nondisclosure of general aviation aircraft, or on-demand aircraft, 
flights.
    The change in the MOA, to display general aviation aircraft, and 
on-demand aircraft, on the ASDI and NASSI data-feed websites in the 
absence of a Certified Security Concern, is in the best interests of 
the Government and the public. The NBAA says this change is not 
necessary because the FAA has disclosed no complaints from the public 
about the lack of ASDI or NAASI information or abuse of the BARR 
program by private aircraft. But complaints by the public are not pre-
conditions to providing information to the public. Rather, Government 
disclosure of information it collects is an integral part of a 
constitutional democracy and informed public. By proactively disclosing 
information, the FAA is forestalling complaints about lack of access to 
Government-provided information and about potential abuse by private 
aircraft owners or operators of any aircraft blocking programs. As 
Congress recognized in its findings to the Open Government Act of 2007 
(Pub. L. 110-175, Dec. 31, 2007; 5 U.S.C. 552 note), ``our 
constitutional democracy, our system of self-government, and our 
commitment to popular sovereignty depends upon the consent of the 
governed; such consent is not meaningful unless it is informed 
consent.'' 5 U.S.C. 552 note, Sec.  2(1)(A)-(B).
    Additionally, two recent and significant court decisions inform the 
FAA's decision regarding whether general aviation aircraft, or on-
demand aircraft, identities should be kept private. The first, Federal 
Communications Commission (FCC) v. AT&T, Inc., 131 S. Ct. 1177 (2011), 
affirmed the FCC's finding that FOIA Exemption 7 does not protect a 
business' privacy because the term ``personal privacy'' does not extend 
to corporations. The second, National Business Aviation Association 
(NBAA) v. Federal Aviation Administration, 686 F. Supp. 2d 80 (D.D.C. 
2010), affirmed the FAA's decision to release the list of NBAA members' 
aircraft registration numbers, because they were not protected under 
FOIA Exemption 4 as ``commercial'' information; nor were they protected 
under Exemption 6, which does not reach the privacy interests of 
businesses or corporations.
    These intervening developments--by Congress, the Executive Branch, 
and the courts--caused us to reconsider whether it is in the best 
interest of the Government and the public to exclude from public view 
general aviation aircraft flight displays in the absence of a Certified 
Security Concern. As set forth above, given the strong public interest 
in openness and disclosure, we find that it is not.

Rationale for Certified Security Concern Requirement

    The Open Government initiatives described above, however, do not 
mandate that Federal agencies disclose information on a carte blanche 
basis. See OMB Open Government Directive at 2 (``the presumption [with 
respect to Government information] shall be in favor of openness (to 
the extent permitted by law and subject to valid privacy, 
confidentiality, security or other restrictions))'' (italics supplied); 
Attorney General's FOIA Memorandum at 1 (``disclosure obligation under 
the FOIA is not absolute. The Act provides exemptions to protect, for 
example, national security, personal privacy, privileged records, and 
law enforcement interests''); DOT Open Government Plan version 1.2, 
Overview (DOT will ``increase agency transparency and accountability by 
* * * continuing to release DOT data in a timely manner by proactively 
making it available online in consistent, open formats, while assuring 
accuracy and protecting privacy, security, and confidentiality''). The 
FAA carefully considered whether the privacy and security concerns for 
blocking the general aviation aircraft and on-demand aircraft from ASDI 
data-feeds were ``valid'' under the OMB Open Government Directive and 
thereby subject to protection and non-disclosure.
    The Presidential FOIA Memorandum is instructive in defining the 
term ``valid'' for purposes of withholding aircraft identification 
numbers from disclosure on ASDI/NASSI data feed. It instructs Federal 
agencies not to keep information confidential based on potential 
embarrassment or ``speculative or abstract fears.''
    In applying the ``validity'' standard to an FAA request to 
selectively block aircraft identification numbers on ASDI/NASSI data-
feed, it is logical to utilize the Treasury Regulation governing 
``Employer-provided transportation for security concerns.'' That 
regulation contains two features that make it applicable to these 
circumstances. First, it specifically applies to air transportation, 
expressly referring to ``flights on the employer's aircraft'' (26 CFR 
1.132-5(m)(1), (2)(iii)) and to ``employer-provided aircraft,'' (26 CFR 
1.132-5(m)(4)). Second, it acknowledges concrete, non-speculative, non-
generalized reasons for a security concern justifying use of corporate 
aircraft for personal flights. These reasons include as an ``overall 
security program,'' factors such as a threat of death or kidnapping of 
or serious bodily harm to the employee, or a recent history of violent 
terrorist activity in the geographic area in which the transportation 
is provided. 26 CFR 1.132-5(m)(2).
    The NBAA, NATA, McAfee & Taft P.C., Patton Boggs LLP, Peregrine 
Jet, LLC, Sprint United Management Company, and others comment that the 
Certified Security Concern requirement establishes an unjustifiably 
high bar and creates a test that the FAA lacks the ability to 
administer. We disagree. The new test is justified as complying with 
the Open Government policies and directives. As discussed above, a 
generalized, non-specific security concern would not constitute a 
``valid'' concern under the Executive Branch directives. Moreover, the 
FAA, in most cases, anticipates relying on good-faith certifications.
    Today's change to the MOA also comports with the NBAA FOIA decision 
as it relates to security concerns posed by the release of flight data. 
There, the court found it ``highly unlikely'' that the

[[Page 32262]]

FOIA release of the aircraft registration numbers would impact the 
security of aircraft or aircraft passengers. 686 F. Supp.2d at 87. The 
court stated that the public would receive only registration numbers, 
would not receive any other identifying or associated narrative, and 
the after-the-fact FOIA disclosure would not permit investigation of 
real-time location data. Likewise, the types of disclosures facilitated 
by today's amendment to the MOA are unlikely to impact the security of 
aircraft or aircraft passengers. The public ASDI/NASSI data-feed is not 
in real-time. Nevertheless, those aircraft owners or operators 
demonstrating Certified Security Concerns may have their aircraft 
identification withheld from public view.
    The NBAA and MEDEX Global Solutions also question whether a U.S. 
Department of Homeland Security (DHS) Transportation Security 
Administration (TSA) Advisory-Security Information for Aircraft Owner/
Operators & Airport Managers (April 20, 2006)--should qualify as a 
Valid Security Concern and a basis for non-disclosure. The TSA Advisory 
references an Arabic web forum message explaining how to identify 
private American jets and urging Muslims to destroy all such aircraft. 
This Advisory is generalized and, without more information or data, 
would not constitute an individualized threat to particular general 
aviation aircraft to satisfy the requirements of a ``valid'' security 
concern.

Application of Certified Security Concern to Corporate Aircraft 
Occupants and to On-Demand Air Charters

    The NATA and others comment that the Certified Security Concern 
standard is too narrow and suggest that, at a minimum, it not only 
apply to an employee but extend to persons such as corporate directors, 
guests, and key shareholders who are authorized to use corporate 
aircraft. NATA also suggests that the Certified Security Concern cover 
on-demand air charters, operating under 14 CFR part 135, which 
currently participate in the FAA Block program to prevent unwanted 
tracking of the clientele they serve.
    The FAA clarifies that the Certified Security Concern does extend 
to the security of the aircraft passengers who may not be employees of 
the aircraft owner or operator. Therefore, assuming a Valid Security 
Concern exists for corporate directors, guests and/or key shareholders, 
a Valid Security Concern may be provided to the FAA by a general 
aviation aircraft owner or operator who carries such passengers. If the 
FAA has sufficient advance notice of the Valid Security Concern, the 
FAA will block the aircraft data. The FAA does not intend the scope of 
the Valid Security Concern to be limited solely to the security of the 
aircraft owner's key employees.
    The FAA will accommodate a Valid Security Concern for certain 
passengers on an on-demand aircraft, assuming a certification is 
submitted and the FAA has sufficient advance notice, which is a minimum 
of thirty days, to block the aircraft data. The request would also need 
to specify the period of time during which a Valid Security Concern 
will exist regarding the security of the aircraft or aircraft 
passengers.

Privacy Concerns

    Many commenters, individuals and those representing a wide spectrum 
of industry, including Altria Client Services, ConocoPhillips, Devon 
Energy Corporation, Federal Express Corporation, GAMA, Gaylord 
Entertainment Company, Jim Wilson & Associates, LLC (a real estate 
development company), the NBAA, NATA, Proctor & Gamble Company, and 
Sprint United Management Company, claimed that the FAA is improperly 
ignoring the privacy and/or business concerns of the corporate aircraft 
owners, key employees, shareholders, executives, and/or passengers and 
occupants of other general aviation or on-demand charter aircraft. The 
FAA finds that these concerns previously were rejected in the context 
of FOIA Exemption 4 (5 U.S.C. 552(b)(4)) (pertaining to ``commercial'' 
information), FOIA Exemption 6 (5 U.S.C. 552(b)(6)) (pertaining to 
``personnel files'' and ``personal privacy''); and FOIA Exemption 7(C) 
(5 U.S.C. 552(b)(7)(C)) (pertaining to ``personal privacy'' rights). 
Courts rejected the privacy concerns raised by commenters in the 
analogous FOIA context and FAA does not find that they have identified 
a material basis to treat the FAA's release of time-delayed NAS data 
differently.
    The FOIA Exemption 4 and 6 issues were addressed in the NBAA case, 
a ``reverse'' FOIA case. There, a Federal district court granted the 
FAA's summary judgment motion that general aviation aircraft 
registration numbers are releasable. The court found that general 
aviation aircraft registration numbers are not protected ``commercial'' 
information (under FOIA Exemption 4) when released as historical ASDI 
website data, that FOIA Exemption 4 does not protect personal 
information, and that FOIA Exemption 6 does not protect the privacy 
interests of businesses or corporations.
    FOIA Exemption 4 protects from disclosure ``trade secrets and 
commercial or financial information obtained from a person and 
privileged or confidential.'' 5 U.S.C. 552(b)(4). The court affirmed 
the FAA's finding that the registration numbers were not protected as 
``commercial'' under Exemption 4, because the registration numbers do 
not provide commercial information. Although the NBAA argued in that 
case that the ASDI data release could result in public knowledge of 
``sensitive negotiations, likely business transactions or future 
movement of senior company leadership possibly jeopardizing their 
security as well as proprietary business information,'' the court found 
the public would not be able to determine the identity of the 
occupants, discover the business purpose of the flight, track the 
flight in real-time, or discern the reasons the aircraft owner had for 
blocking the information. 686 F. Supp. 2d at 86-87. Rather, with 
further inquiry and using the registration numbers, the public could 
find only the name of the owner who sought to block the information 
disclosure, the make and model of the aircraft, and flight data, 
without any narrative.
    After finding that the registration numbers did not constitute 
commercial information within the meaning of FOIA Exemption 4, the 
court addressed NBAA's contention that that data should be protected 
under privacy and security interests because its release would 
compromise the privacy and security of the aircraft and their ``high 
profile'' occupants. As to the privacy interest, the court found that 
``personal privacy'' concerns of general aviation aircraft occupants 
are not a relevant concern under Exemption 4, because that exemption 
covers ``confidential commercial information.'' 686 F.Supp.2d at 87.
    Turning to Exemption 6, which exempts from public disclosure 
``personnel and medical files and similar files the disclosure of which 
would constitute a clearly unwarranted invasion of personal privacy,'' 
the court found it does not provide a basis for protecting asserted 
privacy interests of general aviation aircraft owners or operators. It 
held that FOIA Exemption 6 ``does not extend to * * * businesses or 
corporations.'' Id. See also FCC, 131 S. Ct. at 1184 (``[W]e have 
regularly referred to [Exemption 6] as involving an individual's right 
to privacy.'')
    With regard to Exemption 7, the Supreme Court in FCC v. AT&T 
recently decided that a corporation has no

[[Page 32263]]

``personal privacy'' rights under that provision. Exemption 7(C) 
protects from disclosure ``records or information compiled for law 
enforcement purposes, but only to the extent that [their] production * 
* * could reasonably be expected to constitute an unwarranted invasion 
of personal privacy.'' 5 U.S.C. 552(b)(7)(C). Thus, the Court rejected 
the notion that a corporation may claim a privacy interest in 
protecting information that would ``embarrass'' it. 131 S. Ct. at 1181. 
The Court explained that, as a matter of tort common law, the concept 
of ``personal privacy'' did not apply to corporations. Id. at 1183-84.
    Many of the commenters, particularly NBAA, NATA and McAfee & Taft, 
state that disclosure of the aircraft identification numbers on the 
ASDI/NASSI data-feeds constitutes an unwarranted invasion of privacy of 
aircraft owners and operators. They believe that disclosure is a threat 
to the competitiveness of U.S. companies, because it may enable 
interested persons to track potential business transactions or 
mergers.As stated in Section 9 of the MOA, the Privacy Act (5 U.S.C. 
552a) does not protect the ASDI Web site information:

    The protection of such information [flight information of 
general aviation operators] is not covered under the Privacy Act (5 
U.S.C. 552a), and the cost of developing and operating the technical 
mechanisms required to manage that information exceeds available FAA 
resources.

Aircraft registration information (including aircraft type, current 
status and ownership of aircraft, registration number, etc.) is in a 
System of Records protected by the Privacy Act. (See System Notice for 
Privacy Act Record System, DOT/FAA 801, Aircraft Registration System; 
65 FR 19,518 (Apr. 11, 2000). As stated in the System Notice, however, 
one of the routine uses of this information is to ``[m]ake aircraft 
registration data available to the public.'' Id.
    Moreover, some commenters, including the NBAA and McAfee & Taft 
P.C., claim that disclosure of general aviation aircraft on the ASDI/
NAASI database would unlawfully allow the tracking of aircraft, in 
violation of the Fourth Amendment's protection against unreasonable 
searches and seizures and would amount to a type of ``warrantless 
government surveillance.'' The Fourth Amendment protections against 
unreasonable searches and seizures, however, are not applicable to the 
ASDI/NAASI database. The FAA is not tracking aircraft in the context of 
enforcing criminal statutes; rather it tracks aircraft operating under 
IFR, for safety purposes and to manage the efficient use of the 
navigable airspace. Therefore, any concerns about warrantless 
surveillance are not relevant to the ASDI/NAASI database disclosure.\2\
---------------------------------------------------------------------------

    \2\ The NBAA refers to a ``search and seizure case,'' United 
States v. Maynard, 615 F.3d 544 (D.C. Cir. 2010), holding that the 
police may not use a GPS device to track a suspect for a prolonged 
period. This decision is in the minority and does not supersede the 
holding in United States v. Knotts, 460 U.S. 276 (1983) that ``[a] 
person traveling in an automobile on public thoroughfares has no 
reasonable expectation of privacy in his movements from one place to 
another.'' 460 U.S. at 281.
---------------------------------------------------------------------------

    The commenters further contend that the FAA is required by privacy 
expectations to continue to block general aviation and on-demand 
aircraft. They point to various Federal statutes through which Congress 
has directed state and Federal agencies to protect individuals' privacy 
interests.\3\ The NATA states that, because the privacy interests of 
aircraft owners are similar to those of automobile owners, the FAA 
should adapt the protections in Drivers Privacy Protection Act of 1994 
to general aviation aircraft owners and operators.
---------------------------------------------------------------------------

    \3\ The NBAA, for example, cites to a collection of statutes 
(the Telemarketing and Consumer Fraud and Abuse Prevention Act; the 
Telephone Consumer Protection Act of 1991; the Internal Revenue 
Service confidentiality requirements in 26 U.S.C. 6103; the Family 
Educational Rights and Privacy Act; the Health Insurance Portability 
and Accountability Act; the Fair Credit Reporting Act; the 
Children's Online Privacy Protection Act; the Telephone Consumer 
Protection Act; the Electronic Communications Privacy Act; the Cable 
Communications Policy Act; the Video Privacy Protection Act; the 
Gramm-Leach Bliley (Financial Services Modernization Act); the 
Controlling the Assault of Non-Solicited Pornography and Marketing 
Act; the Health Information Technology for Economic and Clinical 
Health Act) and FTC/Department of Commerce Internet Policy Task 
Force reports and proposed legislation in the area of privacy, as 
examples that the FAA should follow.
---------------------------------------------------------------------------

    The FAA notes that the Federal statutes and policies on privacy 
referred to by the NBAA and the NATA pertain to other Federal and State 
agencies and interests and not to the FAA's ASDI/NASSI database 
program. The FAA may not adopt, for purposes of finding ``valid'' 
privacy concerns on the part of aircraft owners or operators or their 
passengers, the statutes that are applicable in other situations simply 
because Congress has seen fit to authorize certain Federal agencies or 
States to regulate and enforce specific privacy protections. The 
Executive Branch policies authorize a Federal agency to withhold from 
disclosure only information that is supported by ``valid'' privacy or 
security concerns.

Administrative Processes

    The NBAA also asserts that the Notice did not comply with 
administrative procedures.\4\ The FAA, however, need not comply with 
the Administrative Procedure Act (APA), 5 U.S.C. 551 et seq., to effect 
changes to the MOA, because it simply is modifying an agreement it has 
entered into with Subscribers to access FAA data under the FAA's 
procurement authority, 49 U.S.C. 106(l)(6), which is independent of the 
APA. The MOA change is designed to improve the FAA's management of its 
data to enhance transparency and openness to the public. The FAA is 
taking this action after evaluating the public interest, and the action 
is in full accordance with the agency's public interest 
responsibilities on behalf of Open Government and transparency.
---------------------------------------------------------------------------

    \4\ The NBAA states that the Notice needs to conform to 
Executive Order 12866, 64 Federal Register, Part VIII (Oct. 4, 
1993), ``Regulatory Planning and Review,'' which requires an 
identification of the problem the agency intends to address. EO 
12866 is not, by its terms, applicable here, because the Notice 
merely amends a voluntary Memorandum of Agreement between the FAA 
and Subscribers to an FAA-provided data-feed. Even if the Executive 
Order applied, the Notice identifies the problem it intends to 
address--that is, to improve the transparency and openness on the 
FAA ASDI- and NASSI data-feeds to the public, in compliance with the 
Executive Branch Open Government directives and policies.
---------------------------------------------------------------------------

    Additionally, the Executive Orders do not create any enforceable 
substantive or procedural right against the United States.\5\ 
Consequently, the procedures and Executive Orders cited by NBAA are not 
controlling in this situation. As stated in section 4 of MOA, the FAA's 
authority to enter into it ``is governed by'' 49 U.S.C. 106(l)(6). That 
statutory provision states that:
---------------------------------------------------------------------------

    \5\ Id., EO 12866; see also, Executive Order 13563, Sec. 7(d), 
``General Provisions,'' 76 FR 3,821 (Jan. 21, 2011), ``Improving 
Regulation and Regulatory Review.''

    The [FAA] Administrator is authorized to enter into and perform 
such contracts, leases, cooperative agreements, or other 
transactions, as may be necessary to carry out the functions of the 
Administrator and the Administration [FAA]. The Administrator may 
enter into such contracts, leases, cooperative agreements, and other 
transactions with any * * * person, firm, association, corporation, 
or educational institution, on such terms and conditions as the 
---------------------------------------------------------------------------
Administrator may consider appropriate.

Amending section 9 of the MOA as proposed is merely a change to the MOA 
``terms and conditions'' that the Administrator deems appropriate, 
consistent with the change procedure set forth in the MOA. The MOA is 
not an FAA rule, and amendment of the MOA does not, in itself, require 
the FAA to adhere to the rulemaking process set forth in the APA.
    Nevertheless, this amendment to the MOA is arguably a change to FAA

[[Page 32264]]

policy that affects members of the public, and, the FAA has accordingly 
complied and is fully complying with the APA for purposes of adequately 
informing the public of the proposed change and providing them with 
sufficient time to comment. For example, the Notice provided the 
statement of the basis and purpose of the proposed change--that of the 
best interest of the Government and of providing public knowledge of 
information about aircraft that has been judicially determined, not to 
be protected as commercial or privacy-protected information. As 
described above, disclosure of the information is also justified by the 
Open Government Act and Open Government Presidential directives and 
executive orders and policies.
    The NBAA states that DOT Order 2100.5 (1980), pertaining to 
streamlining regulations, requires the FAA's Notice to be clear, based 
on necessity, consider alternatives, and not impose unnecessary 
burdens. The DOT Order, however, is not legally binding; it serves for 
internal guidance and procedural purposes only, without creating any 
requirements. Moreover, the FAA Notice clearly and adequately states 
the proposed change in the MOA and the basis for the change. It 
proposed, for comment, an alternative to the current, broad exclusion 
from ASDI/NASSI data-feed for general aviation aircraft owner and 
operators. The comments reflected the parties' understanding of the 
proposed change, the reasons for the change, and suggested alternatives 
to the proposed change. Accordingly, the FAA provided adequate notice 
for informed comment. The 30 day comment period was sufficient and 
complied, to the extent applicable, with the APA. The FAA received no 
requests for further time within which to accept comments.
    The NBAA also asserts that the Notice did not discuss or analyze 
the costs and benefits associated with the new restrictions, under 
Executive Orders 12866 and 13563. However, the Notice does not 
constitute a regulation subject to a cost/benefit analysis. Rather, it 
is at most merely a change in policy regarding how and when the FAA 
will release public information. Further, even if the Notice was 
subject to cost/benefit analysis, the commenters did not submit data, 
information, or statistics on costs, if any, that they might assert to 
be associated with the Notice. In any event, the costs associated with 
compliance with a Certified Security Concern already have been 
undertaken by corporations or businesses to comply with the Treasury 
regulation and, for companies or individuals that are concerned about 
security threats, the costs to ascertain and verify such threats would 
have inherent benefits to those concerned. The benefits to disclose, in 
the ASDI/NASSI data-feed, those aircraft without Certified Security 
Concerns, would inure to the public in the form of more transparency 
and openness as to the use by general aviation aircraft of the 
Federally-subsidized airports and airways.

Modified Section 9 of the MOA

    Accordingly, section 9 of the MOA is hereby modified as follows:

9. Security Interests

    The ASDI and NASSI data includes the near real time position and 
other flight data associated with civil instrument flight rules (IFR) 
aircraft. While commercial operators conduct business according to a 
published listing of service and schedule, general aviation operators 
and on-demand air charter aircraft operating under 14 CFR part 135 
(``on-demand aircraft'') do not. It is possible that public knowledge 
of the ASDI and NASSI data of certain general aviation and on-demand 
aircraft operators could compromise the security of individuals or 
property. General aviation aircraft identification numbers must be 
excluded from public ASDI and NASSI data-feeds in the event a general 
aviation aircraft owner or operator provides the FAA, at least 
annually, a written certification (a ``Certified Security Concern'') 
that (a) the facts and circumstances establish a Valid Security Concern 
regarding the security of the owner's or operator's aircraft or 
aircraft passengers; or (b) the general aviation aircraft owner or 
operator satisfies the requirements for a bona fide business-oriented 
security concern under Treasury Regulation 1.132-5(m). On-demand 
aircraft identification numbers must be excluded from public ASDI and 
NASSI data-feeds in the event an on-demand aircraft operator provides 
the FAA, with a minimum of thirty days' advance notice and 
specification of the period of time during which a Valid Security 
Concern will exist with respect to that aircraft, a written 
certification that the facts and circumstances establish a Valid 
Security Concern regarding the security of the aircraft or aircraft 
passengers. The FAA will provide the Direct Subscribers, on a monthly 
basis, a list of the aircraft covered by a Certified Security Concern.
    A Valid Security Concern is a verifiable threat to person, property 
or company, including a threat of death, kidnapping or serious bodily 
harm against an individual, a recent history of violent terrorist 
activity in the geographic area in which the transportation is 
provided, or a threat against a company. The FAA will no longer 
accommodate any ASDI- or NASSI- related security or privacy requests, 
except such Certified Security Concern. All Direct Subscribers (as a 
condition of signing this MOA) and Indirect Subscribers (as a condition 
of signing agreements with Direct Subscribers) must block any general 
aviation aircraft, and on-demand aircraft, registration numbers 
included on the FAA-provided list of aircraft covered by a Certified 
Security Concern. If the FAA determines that any Direct or Indirect 
Subscriber develops or markets products that violate this provision, 
the FAA's rights under Section 15 shall apply.

Conclusion

    For the reasons set forth above, effective 60 days from the date of 
this Notice, the FAA will no longer accommodate requests to bar the 
release of aircraft flight tracking data unless an aircraft owner or 
operator provides a Certified Security Concern, as defined in this 
Notice. Absent a Certified Security Concern by a general aviation 
aircraft owner or operator (and absent a Valid Security Concern by an 
on-demand aircraft), the FAA will disclose aircraft on its ASDI and 
NASSI websites and will not request that Subscribers exclude those 
aircraft on the public (time-delayed) ASDI- and NASSI data-feeds. The 
information to be disclosed on the ASDI/NASSI data-feeds would include 
the aircraft position, call sign, airspeed, heading and flight plan as 
well as status of airport runway visual range, special use airspace 
data and status of other NAS components. The FAA will maintain the 
current system of blocking the release of aircraft tracking data until 
the effective date of the Notice.
    To be blocked from the ASDI/NASSI data-feeds, any general aviation 
aircraft owner or operator covered by a Certified Security Concern must 
submit such concern within 30 days from the date of this Notice and at 
least annually thereafter to the FAA by electronic mail at 
[email protected] or by regular mail at FAA Certified 
Security Concern; ATO System Operations Services; Room 1002; 800 
Independence Avenue, SW.; Washington, DC 20591. An on-demand aircraft 
covered by a Valid Security Concern must similarly submit such concern 
on a minimum of 30 days' notice and specify the period of time during 
which such a security concern will exist with respect to the aircraft 
or

[[Page 32265]]

aircraft passengers. Any such submission must specify whether such 
request is to block the aircraft identification number prior to the 
FAA's release of the data-feed, or to block the aircraft identification 
number from release by the Direct Subscribers. Should a specific 
request not be made, the FAA will block the identification number prior 
to its release of the data-feed.
    The FAA will contact each Direct Subscriber to execute a revised 
MOA, incorporating the modified section nine, within 60 days of this 
Notice.

    Issued in Washington, DC, on May 27, 2011.
Marc L. Warren,
Acting Chief Counsel, Federal Aviation Administration.
[FR Doc. 2011-13757 Filed 6-2-11; 8:45 am]
BILLING CODE 4910-13-P