Reporting of Security Issues

Federal Register: August 26, 2009 (Volume 74, Number 164)

Proposed Rules

Page 43088-43092

From the Federal Register Online via GPO Access [wais.access.gpo.gov]

DOCID:fr26au09-16

DEPARTMENT OF HOMELAND SECURITY

Transportation Security Administration 49 CFR Part 1503

Docket No. TSA-2009-0014

RIN 1652-AA66

Reporting of Security Issues

AGENCY: Transportation Security Administration, DHS.

ACTION: Notice of proposed rulemaking (NPRM).

SUMMARY: The Transportation Security Administration (TSA) proposes to add new procedures by which members of the public could report to TSA a problem, deficiency, or vulnerability regarding transportation security, including the security of aviation, maritime, railroad, motor carrier vehicle, or pipeline transportation, or any mode of public transportation, such as mass transit, in accordance with the

Implementing Recommendations of the 9/11 Commission Act of 2007 (9/11

Act).

DATES: Submit comments by October 26, 2009.

ADDRESSES: You may submit comments, identified by the TSA docket number to this rulemaking, to the Federal Docket Management System (FDMS), a government-wide, electronic docket management system, using any one of the following methods:

Electronically: You may submit comments through the Federal eRulemaking portal at http://www.regulations.gov. Follow the online instructions for submitting comments.

Mail, In Person, or Fax: Address, hand-deliver, or fax your written comments to the Docket Management Facility, U.S. Department of

Transportation, 1200 New Jersey Avenue, SE., West Building Ground

Floor, Room W12-140, Washington, DC 20590-0001; Fax 202-493-2251. The

Department of Transportation (DOT), which maintains and processes TSA's official regulatory dockets, will scan the submission and post it to

FDMS.

See SUPPLEMENTARY INFORMATION for format and other information about comment submissions.

FOR FURTHER INFORMATION CONTACT: Sarah Tauber, Office of Chief Counsel,

TSA-2, Transportation Security Administration, 601 South 12th Street,

Arlington, VA 20598-6002; telephone (571) 227-3964; facsimile (571) 227-1380; e-mail sarah.tauber@dhs.gov.

SUPPLEMENTARY INFORMATION:

Comments Invited

TSA invites interested persons to participate in this rulemaking by submitting written comments, data, or views. TSA also invites comments relating to the economic, environmental, energy, or federalism impacts that might result from this rulemaking action. See ADDRESSES above for information on where to submit comments.

With each comment, please identify the docket number at the beginning of your comments. TSA encourages

Page 43089

commenters to provide their names and addresses. The most helpful comments reference a specific portion of the rulemaking, explain the reason for any recommended change, and include supporting data. The public may submit comments and material electronically, in person, by mail, or fax as provided under ADDRESSES, but please submit your comments and material by only one means. If you submit comments by mail or delivery, submit them in an unbound format, no larger than 8.5 by 11 inches, suitable for copying and electronic filing.

If you want TSA to acknowledge receipt of comments submitted by mail, include with your comments a self-addressed, stamped postcard on which the docket number appears. We will stamp the date on the postcard and mail it to you.

TSA will file in the public docket all comments received by TSA, except for comments containing confidential information and sensitive security information (SSI).\1\ TSA will consider all comments received on or before the closing date for comments and will consider comments filed late to the extent practicable. The docket is available for public inspection before and after the comment closing date.

\1\ ``Sensitive Security Information'' or ``SSI'' is information obtained or developed in the conduct of security activities, the disclosure of which would constitute an unwarranted invasion of privacy, reveal trade secrets or privileged or confidential information, or be detrimental to the security of transportation.

The protection of SSI is governed by 49 CFR part 1520.

Handling of Confidential or Proprietary Information and Sensitive

Security Information (SSI) Submitted in Public Comments

Do not submit comments that include trade secrets, confidential commercial or financial information, or SSI to the public regulatory docket. Please submit such comments separately from other comments on the rulemaking. Comments containing this type of information should be appropriately marked as containing such information and submitted by mail to the address listed in the FOR FURTHER INFORMATION CONTACT section.

TSA will not place comments containing SSI in the public docket and will handle them in accordance with applicable safeguards and restrictions on access. TSA will hold documents containing SSI, confidential business information, or trade secrets in a separate file to which the public does not have access, and place a note in the public docket that TSA has received such materials from the commenter.

However, if TSA determines that portions of these comments may be made publicly available, TSA may include a redacted version of the comment in the public docket. If TSA receives a request to examine or copy information that is not in the public docket, TSA will treat it as any other request under the Freedom of Information Act (FOIA) (5 U.S.C. 552) and the Department of Homeland Security's (DHS') FOIA regulation found in 6 CFR part 5.

Reviewing Comments in the Docket

Please be aware that anyone is able to search the electronic form of all comments received into any of our dockets by the name of the individual submitting the comment (or signing the comment, if submitted on behalf of an association, business, labor union, etc.). You may review the applicable Privacy Act Statement published in the Federal

Register on April 11, 2000 (65 FR 19477), or you may visit http://

DocketInfo.dot.gov.

You may review TSA's electronic public docket on the Internet at http://www.regulations.gov. In addition, DOT's Docket Management

Facility provides a physical facility, staff, equipment, and assistance to the public. To obtain assistance or to review comments in TSA's public docket, you may visit this facility between 9 a.m. to 5 p.m.,

Monday through Friday, excluding legal holidays, or call (202) 366- 9826. This docket operations facility is located in the West Building

Ground Floor, Room W12-140 at 1200 New Jersey Avenue, SE., Washington,

DC 20590.

Availability of Rulemaking Document

You can get an electronic copy using the Internet by--

(1) Searching the electronic Federal Docket Management System

(FDMS) Web page at http://www.regulations.gov;

(2) Accessing the Government Printing Office's Web page at http:// www.gpoaccess.gov/fr/index.html; or

(3) Visiting TSA's Security Regulations Web page at http:// www.tsa.gov and accessing the link for ``Research Center'' at the top of the page.

In addition, copies are available by writing or calling the individual in the FOR FURTHER INFORMATION CONTACT section. Make sure to identify the docket number of this rulemaking.

Summary of the Rule

Congress required that the Secretary of Homeland Security establish, by regulation and including a proposed rule, a process by which any person may submit a report to the Secretary regarding public transportation, railroad, or motor carrier vehicle security problems, deficiencies, or vulnerabilities.\2\ The proposed rule would, if promulgated in final form, establish a process by which reports could be submitted, either by U.S. mail, electronic mail, or telephone.

\2\ See Implementing Recommendations of the 9/11 Commission Act of 2007, Public Law 110-53, 121 Stat. 266 (August 3, 2007), sections 1413(i), 1521(i) (codified at 49 U.S.C. 20109(j)), and 1536(i)

(codified at 49 U.S.C. 31105(i)). This rule would, but for the requirements of Public Law 110-53, be a rule of agency procedure that is excepted from the advance notice and public comment provisions of the Administrative Procedure Act, 5 U.S.C. 553(b)(B).

This reporting mechanism is not intended for issues of immediate or emergency security or safety concern. Immediate or emergency security or safety concerns should be reported to the local emergency services operator by telephoning 911.

Waste, fraud, and abuse in TSA programs should be reported to the

Department of Homeland Security Inspector General: (800) 323-8603, or

DHSOIGHOTLINE@dhs.gov.

TSA proposes to designate in paragraph (a) of the final rule addresses and a telephone number that any person may use to report to

TSA a problem, deficiency, or vulnerability regarding transportation security, including the security of aviation, maritime, railroad, motor carrier vehicle, or pipeline transportation, or any mode of public transportation, such as mass transit. TSA will include in the final rule the precise addresses (physical and electronic) for reporting. TSA has included in this NPRM the enumeration of the addresses that will be used and the actual addresses to the extent that they are fixed addresses that are not subject to change. Proposed paragraphs (b) and

(c) provide that if the report identifies the person making the report,

TSA will acknowledge receipt of the report. TSA will review and consider the information provided in the report and take appropriate steps to address any problems, deficiencies, or vulnerabilities identified.

Proposed paragraph (d) makes clear that a report made voluntarily under proposed Sec. 1503.1 would not satisfy any separate legal obligation of any individual to report information to TSA or any other

Government agency under any other law. For example, TSA regulations and

TSA-approved airport and aircraft operator security programs require certain reports to TSA. See 49 CFR 1542.307(b)(3) and 1544.304(d).

Operators must comply with those provisions regardless of whether a report has been submitted through the new part 1503 procedures.

Page 43090

The 9/11 Act calls for a process to report security matters regarding public transit, railroad, or motor carrier vehicle transportation.\3\ TSA proposes to expand the scope of this provision beyond that required by the statute. The proposed rule provides a single point of contact for reporting transportation security problems, deficiencies, or vulnerabilities in any mode in any mode of transportation. The security benefits of receiving these reports would apply to other modes of transportation as well as to those enumerated in the statute. The broad language of the regulation would encourage members of the public to submit reports for all modes. If warranted,

TSA would act to reduce security vulnerabilities that these reports bring to TSA's attention. Separately from this rulemaking, TSA is in the process of developing a program to confer monetary or other recognition on individuals who provide valuable information to TSA about criminal acts or other violations relating to transportation security.

\3\ Implementing Recommendations of the 9/11 Commission Act of 2007, Public Law 110-53, 121 Stat. 266 (August 3, 2007), sections 1413(i), 1521(i) (codified at 49 U.S.C. 20109(j)), and 1536(i)

(codified at 49 U.S.C. 31105(i)).

Paperwork Reduction Act

The Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3501 et seq.) requires that TSA consider the impact of paperwork and other information collection burdens imposed on the public and, under the provisions of 44 U.S.C. 3507(d), obtain approval from the Office of

Management and Budget (OMB) for each collection of information it conducts, sponsors, or requires through regulations. As protection provided by the Paperwork Reduction Act, as amended, an agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. TSA has determined that there are no current or new information collection requirements associated with this proposed rule.

Economic Impact Analyses

Regulatory Evaluation Summary

Changes to Federal regulations must undergo several economic analyses. First, Executive Order 12866, Regulatory Planning and Review

(58 FR 51735, October 4, 1993), directs each Federal agency to propose or adopt a regulation only upon a reasoned determination that the benefits of the intended regulation justify its costs. Second, the

Regulatory Flexibility Act of 1980 (5 U.S.C. 601 et seq., as amended by the Small Business Regulatory Enforcement Fairness Act (SBREFA) of 1996) requires agencies to analyze the economic impact of regulatory changes on small entities. Third, the Trade Agreements Act (19 U.S.C. 2531-2533) prohibits agencies from setting standards that create unnecessary obstacles to the foreign commerce of the United States.

Fourth, the Unfunded Mandates Reform Act of 1995 (2 U.S.C. 1531-1538) requires agencies to prepare a written assessment of the costs, benefits, and other effects of proposed or final rules that include a

Federal mandate likely to result in the expenditure by State, local, or

Tribal governments, in the aggregate, or by the private sector, of $100 million or more annually (adjusted for inflation).

Executive Order 12866 Assessment

In conducting these analyses, TSA has determined: 1. This rulemaking is not a ``significant regulatory action'' as defined in the Executive Order. The Office of Management and Budget agrees with this conclusion. 2. This rulemaking would not have a significant economic impact on a substantial number of small entities. 3. This rulemaking would not constitute a barrier to international trade. 4. This rulemaking does not impose an unfunded mandate on State, local, or Tribal governments, or on the private sector.

The bases for these conclusions are summarized below.

Costs

This proposed rule would enhance the public's ability to report to

TSA--via e-mail, regular mail, or telephone--security concerns with aviation, maritime, railroad, motor vehicle, pipeline, or public transportation. TSA and the public would incur costs in the operation of this enhanced reporting system.

TSA currently provides the public with two ways to communicate security concerns through logging onto the TSA Web site (http:// www.tsa.gov): (1) By clicking on the ``Contact Us'' link at the top of the home page, clicking on the ``Security Issues'' link, scrolling down to the heading ``Security Violations and Concerns,'' and filling out and submitting an online form describing the security-related issue; or

(2) by clicking on the ``Contact Us'' link at the top of the home page, clicking on the ``Security Issues'' link, and scrolling down to the heading ``Security Violations and Concerns,'' where a toll-free telephone number and e-mail address for the TSA Contact Center are provided. With the implementation of this rule, TSA plans to move the security-related contact information to a more prominent position on the home page to facilitate reporting. This analysis of costs and benefits assumes that TSA will proceed in that manner. After considering public comments and reviewing internal procedures, however,

TSA may implement this rule differently.

There is no accurate method for gauging how many additional e-mail messages, telephone calls, and letters reporting transportation- security concerns the new placement of the contact number and address could generate. Consequently, estimating an accurate cost to the public of voluntarily reporting security concerns to TSA is difficult.

Nonetheless, one can use fiscal year (FY) 2008 TSA Contact Center data to cost out potential scenarios. For this analysis, it has been projected that the rule will double the number of security-related telephone calls and e-mail messages TSA received in FY 2008.

In FY 2008, the Contact Center fielded 3,241 security-related telephone calls. According to Contact Center statistics, the average security-related call lasts four minutes. If one projects that the public will place an additional 3,241 calls as a result of the rule, then the public will spend 12,964 minutes (3,241 calls at about 4 minutes per call) on the telephone with TSA. At $29.24 per hour (TSA assumes that most of the communications it will receive will be from air travelers),\4\ the total annual cost to the public for the additional telephone calls will be $6,318 ($29.24 per hour x 12,964 minutes/60 minutes per hour).

\4\ This cost is the FAA's value of time for air travelers, adjusted for inflation. Go to the following Web site for the FAA's

Value of Time: http://www.faa.gov/regulations%5Fpolicies/ policy%5Fguidance/benefit%5Fcost/. Next, click on Data Files (zip), and then click on 1-1.xls. This FAA table provides a ``Recommended

Hourly Value of Travel Time Savings'' of $23.30 (2000 dollars) for personal travel by air carrier. The $23.30 is then converted to 2008 dollars by multiplying it times 1.255, the amount by which the

Consumer Price Index for Urban Wage Earners and Clerical Workers

(CPI-W) rose between 2000 and 2008 (212.038/168.892). The annual value for 2008 (212.038) was calculated by summing the values for

Quarters 1-3 and dividing the total by 3. Here is the source of the

CPI-W numbers: http://www.ssa.gov/OACT/STATS/avgcpi.html.

To estimate the cost of contacting TSA electronically, this analysis used other data collected by the Contact Center as a starting point. In FY 2008 the Center received 2,544 security-related e-mail messages from customers who logged onto the TSA Web site,

Page 43091

clicked on the ``Contact Us/Security Issues/Security Violations and

Concerns'' links described above, filled out the Web form, and submitted it. If one assumes that TSA will receive an additional 2,544 e-mail messages as a result of this rule and that the average e-mail message will require fifteen minutes to prepare, one can modify the value-of-time formula used to calculate the FY 2008 cost of security- related telephonic reports to TSA to estimate the cost to the public of e-mailing its concerns: 2,544 e-mail messages x 15/60 hours per e-mail message x $29.24 per hour = $18,597.

The proposed rule would also allow the public to report security concerns by regular mail. If one projects that this rule will generate 1,000 letters and that it takes the average letter writer 30 minutes to write and mail a report, the value of the public's time for this exercise would equate to $14,620 (1,000 letters x 30/60 hour per letter x $29.24 per hour). When the cost of postage is included (1,000 letters x $.42 per stamp = $420), using regular mail to report transportation security concerns to TSA would cost the public $15,040.

The projected cost of the three modes of communication--$6,318 for telephone calls, $18,597 for e-mail, and $15,040 for regular mail--is

$39,955. The public would assume this direct cost voluntarily; the cost is not imposed by this rule.

In addition to this direct cost to the public, TSA would incur expenses in handling the increased volume of reports. Although it is not feasible to accurately establish the number of additional telephonic and e-mail reports the new placement of the contact number and address will generate, the Transportation Security Operations

Center (TSOC) plans to hire six full time equivalent (FTE) contract watch officers (at an overall cost of $127,000 per year for each officer) to handle the increased volume.\5\ The incremental annual labor costs in administering these telephonic and e-mail reports would total $762,000 (6 x $127,000). TSA estimates that the toll-free telephone line would cost approximately $25 per month for the analog line charge and one cent per minute for line usage. If one projects that the rule will generate 3,241 additional telephone calls per year, the cost of the toll-free telephone line amounts to $430 ((3,241 calls x 4 minutes x $.01 per minute) + (12 months x $25)). Taken together, the estimated labor costs ($762,000) and telephone-line costs ($430) yield a total annual cost to TSA of $762,430.\6\ Because TSA would not expect to hire additional personnel to handle any increase in security- related letters received via regular mail, no additional mail- administration costs are anticipated.

\5\ This estimate of six FTEs may turn out to be high; the actual number will depend on how many reports TSOC receives, their complexity, and the percentage that require follow-up actions.

\6\ TSOC will incur no incremental costs for training because in-house training has already been funded. There also will be no additional expenses for space, computers, and telephones; existing equipment at TSOC will be used to handle the expected increase in telephonic and e-mail reporting.

Benefits

This rulemaking provides the following benefits: 1. It expands the public's ability to report problems, deficiencies, and vulnerabilities regarding transportation security. 2. It reminds the public that TSA wants to receive these reports. 3. It gives the public a simple method of alerting TSA to transportation security concerns that may otherwise have been overlooked. It is quite possible that reports from the public could prevent a national security problem that otherwise would have gone unaddressed.

Regulatory Flexibility Act Assessment

The Regulatory Flexibility Act (RFA) of 1980 requires that agencies perform a review to determine whether a proposed or final rule will have a significant economic impact on a substantial number of small entities. If the determination is that it will, the agency must prepare a regulatory flexibility analysis as described in the RFA. For purposes of the RFA, small entities include small businesses, not-for-profit organizations, and small governmental jurisdictions per section 601(6) of the RFA. Individuals and States are not included in the definition of a small entity.

This proposed rule enhances the public's ability to report security concerns voluntarily to TSA. TSA and the public will incur some costs in the operation of this enhanced reporting system. As stated previously, the public would voluntarily assume the direct cost of reporting problems and deficiencies to TSA; the cost is not imposed by this rule. TSA certifies that this rulemaking would not have a significant economic impact on a substantial number of small entities.

International Trade Impact Assessment

The Trade Agreement Act of 1979 prohibits Federal agencies from establishing any standards or engaging in related activities that create unnecessary obstacles to the foreign commerce of the United

States. Legitimate domestic objectives, such as safety, are not considered unnecessary obstacles. The statute also requires consideration of international standards and, where appropriate, that they be the basis for U.S. standards. TSA has assessed the potential effect of this rulemaking and has determined that it will impose the same costs on domestic and international entities and thus have a neutral trade impact.

Unfunded Mandates Assessment

The Unfunded Mandates Reform Act of 1995 is intended, among other things, to curb the practice of imposing unfunded Federal mandates on

State, local, and Tribal governments. Title II of the Act requires each

Federal agency to prepare a written statement assessing the effects of any Federal mandate in a proposed or final agency rule that may result in a $100 million or more expenditure (adjusted annually for inflation) in any one year by State, local, and Tribal governments, in the aggregate, or by the private sector; such a mandate is deemed to be a

``significant regulatory action.''

This rulemaking does not contain such a mandate. The requirements of Title II of the Act, therefore, do not apply and TSA has not prepared a statement under the Act.

Executive Order 13132, Federalism

TSA has analyzed this proposed rule under the principles and criteria of Executive Order 13132, Federalism. We determined that this action would not have a substantial direct effect on the States, on the relationship between the National Government and the States, or on the distribution of power and responsibilities among the various levels of government, and therefore would not have federalism implications.

Environmental Analysis

TSA has reviewed this action for purposes of the National

Environmental Policy Act of 1969 (NEPA) (42 U.S.C. 4321-4347) and has determined that this action will not have a significant effect on the human environment.

Energy Impact Analysis

The energy impact of the notice has been assessed in accordance with the Energy Policy and Conservation Act (EPCA), Public Law 94-163, as amended (42 U.S.C. 6362). We have determined that this rulemaking is not a major regulatory action under the provisions of the EPCA.

Page 43092

List of Subjects in 49 CFR Part 1503

Administrative practice and procedure, Investigations, Law enforcement, Penalties, Transportation.

The Proposed Amendments

For the reasons set forth in the preamble, the Transportation

Security Administration proposes to amend part 1503 in chapter XII of title 49, Code of Federal Regulations as follows:

PART 1503--INVESTIGATIVE AND ENFORCEMENT PROCEDURES 1. The authority citation for part 1503 is revised to read as follows:

Authority: 6 U.S.C. 1142; 18 U.S.C. 6002; 28 U.S.C. 2461 (note); 49 U.S.C. 114, 20109, 31105, 40113-40114, 40119, 44901-44907, 46101- 46107, 46109-46110, 46301, 46305, 46311, 46313-46314. 2. Revise subpart A heading and Sec. 1503.1 to read as follows:

Subpart A--Reports by the Public of Security Problems,

Deficiencies, and Vulnerabilities

Sec. 1503.1 Submission of reports to TSA.

(a) Any person may report to TSA a problem, deficiency, or vulnerability regarding transportation security, including the security of aviation, maritime, railroad, motor carrier vehicle, or pipeline transportation, or any mode of public transportation, such as mass transit. Reports may be made to TSA at the following addresses:

(1) U.S. mail at Transportation Security Administration, TSA HQ,

TSA-XXX, 601 South 12th Street, Arlington, VA 20598-6002;

(2) By e-mail at XXX.dhs.gov; or

(3) By telephone at (XXX) XXX-XXXX.

(b) If a report submitted under this section identifies the person making the report, TSA will respond promptly to such person and acknowledge receipt of the report.

(c) TSA will review and consider the information provided in any report submitted under this section and take appropriate steps to address any problems, deficiencies, or vulnerabilities identified.

(d) Nothing in this section relieves a person of a separate obligation to report information to TSA under another provision of this title, a security program, or a security directive, or to another

Government agency under other law.

Issued in Arlington, Virginia, on August 20, 2009.

Keith Kauffman,

Acting Deputy Administrator.

FR Doc. E9-20551 Filed 8-25-09; 8:45 am

BILLING CODE 9110-05-P