September 21, 2005
The Honorable Kip Hawley
Assistant Secretary of Homeland Security for
Transportation Security Administration
601 South 12th Street
Arlington, VA 22202–4220
Dear Assistant Secretary Hawley:
The Dangerous Goods Advisory Council (DGAC) is an international, non-profit, educational organization dedicated to the promotion
of the safe transportation of hazardous materials/dangerous goods. In accordance with 49 CFR 1520.5(c), we are writing to request
your determination that hazardous materials security plans, prepared in compliance with DOT regulations in 49 CFR 172.800 to .804,
do not constitute Security Sensitive Information (SSI) as defined in 49 CFR Part 1520.
The Protection of Security Sensitive Information (SSI) Interim Final Regulation issued jointly by David Stone, then Acting
Transportation Security Administrator, and Norman Mineta, Secretary of Transportation, on May 18, 2004 (Federal Register Vol.
69, No. 96 pages 28066 to 28086) and the technical amendment issued on January 7, 2005 (Federal Register Vol. 70, No. 5 pages
1379 to 1382) have created considerable confusion within the hazardous materials (hazmat) transportation industry. In particular,
there is uncertainty regarding the applicability of the SSI requirements to security plans prepared in accordance with the DOT
Hazardous Materials Regulations (HMR).
The HMR require that certain hazmat shippers and carriers prepare security plans (hereafter referred to as “hazmat security plans”).
The regulations have broad applicability, covering an estimated 50,000 entities including shippers such as chemical companies and
hazmat carriers. A hazmat security plan must include “an assessment of possible transportation security risks” and must include
appropriate measures to reduce assessed risks relating to personnel, unauthorized access while shipments are being prepared and
enroute transportation.
Based on (1) our evaluation of the legal authority for the SSI regulations, (2) the discussion of the regulations in the IFR
preamble, (3) the regulatory text and (4) practical considerations, we do not believe the SSI regulations were intended to apply
to hazmat security plans unless they are in some way related to aviation or marine activities.
While TSA has issued joint regulations on SSI with DOT, the authorities to regulate SSI have differing applicabilities. While not
questioning that some hazmat security plans may become subject to SSI requirements because of their relationship with certain
activities, we question whether the authorities for SSI regulations permit their general applicability to all hazmat security plans.
Irrespective of the preamble statement that SSI authority extends to all transportation activities, we believe DOT’s authority to
regulate SSI, derived from section 49 USC 40119(b), is limited to aviation related material. Our basis for this opinion is:
- 49 USC 40119(b) is in Title 49, Subtitle VII entitled Aviation Programs;
- The law only gives the Administrator of the Federal Aviation Administration (FAA) the authority to grant exemptions to the SSI
regulations (see 49 USC 40109(b)); and
- The FAA is the only modal administration with authority to enforce the SSI regulations (see 49 USC 46106).
We also question whether TSA authority extends to coverage of all hazmat security plans. TSA’s authority stems from 49 USC 114(s)
and directs TSA to issue regulations on the “disclosure of information obtained or developed in carrying out security under the
authority of the Aviation and Transportation Security Act (ATSA, Public Law 107-71) or under chapter 449 of this title…”. Hazmat
security plan regulations have been issued under authority of 49 USC Chapter 51, not under the authority of the ATSA or Chapter
449 of 49 USC (Aviation Security). In conclusion, we find that based on our reading of the law neither DOT nor TSA authority appears
to generally extend to hazmat security plans.
Our reading of the preamble to the May 18, 2004 IFR supports our opinion that SSI requirements were not intended to cover hazmat
security plans generally. The preamble includes many statements similar to one in the summary stating, “TSA is revising its regulation
governing the protection of sensitive information (SSI) in order to protect the confidentiality of maritime security measures adopted
under the U.S. Coast Guard’s regulations, published on October 22, 2003, implementing the Maritime Transportation Security Act (MTSA)
and other activities related to port and maritime security.…. Currently, the SSI regulation applies primarily to information related
to aviation security. Airlines, airports and others operating in civil aviation are required to limit access to this information to
those personnel who need it to carry out their security functions.” The preamble statement, “….rail operators, commuter authorities,
pipeline operators and other operators of transportation facilities may be covered persons if they are required by the Coast Guard to
have a security plan.” would suggest hazmat security plans could only be subject to the SSI regulations if they were somehow related
to maritime activities. Further, the IFR preamble states, “for the most part, information that is SSI is created by TSA or the Coast
Guard or is required to be submitted to TSA, the Coast Guard, or another part of the Federal Government, such as DOT.” This is not
true of hazmat security plans which are prepared by hazmat shippers or carriers and are not submitted to TSA or DOT.
The regulatory text itself suggests that it was not intended to apply to hazmat security plans. For example, 49 CFR 1520.5(b) lists
the information that constitutes SSI. Of the sixteen items listed, hazmat security plans could only be construed as constituting SSI
on the basis of 49 CFR 1520.5(b)(5), Vulnerability Assessments. However, we note that virtually all of the other items constituting
SSI are related to air or marine transport. We believe that possible inclusion of hazmat security plans under this provision was
unintentional and due to the similarity of maritime and hazmat security plan requirements.
Hazmat security plan requirements apply to a large number of shippers and carriers many of whom are small business entities. For
the most part, plans are general in nature and would provide little to no benefit to someone contemplating a terrorist attack.
Their possible simplicity is exemplified by the Pipeline and Hazardous Materials Safety Administration (PHMSA) example security plan,
including an assessment of possible security risks, for farmers, ranchers and agricultural production facilities posted on the PHMSA
website; and the lack of any indication of the applicability of SSI requirements to these plans suggests that DOT does not consider
all hazmat security plans subject to SSI requirements. Hazmat shippers and carriers have been sensitized to the need to provide
increased security through the hazmat security plan requirements. The application of additional document management requirements
imposed by the SSI requirements does not significantly enhance security and is in our opinion an unnecessary burden. We recognize
that there are instances when hazmat security plans are provided to DOT or TSA where it is essential that these documents are protected
from becoming publicly available through a FOIA request. Rail security plans covering transport of hazardous materials through
Washington, DC are examples of such plans. However, in these specific instances, plans could be protected on the basis of TSA authority
to protect information used to carry out TSA’s responsibilities for providing security under the ATSA.
DGAC appreciates your consideration of this matter and requests that TSA issue a letter clarifying that hazmat security plans are not
generally subject to the SSI requirements.
A copy of a similar letter relating to 49 CFR Part 15 addressed to Secretary Mineta is attached for your information.
Sincerely,
Alan I. Roberts
President
Cc: Norman Mineta, Secretary of Transportation
